8000 [Security] make LdapBindAuthenticationProvider capable of searching for the DN by lsmith77 · Pull Request #21402 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Security] make LdapBindAuthenticationProvider capable of searching for the DN #21402

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 28, 2017
Merged

[Security] make LdapBindAuthenticationProvider capable of searching for the DN #21402

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a30191f
make LdapBindAuthenticationProvider capable of searching for the DN
lsmith77 Jan 25, 2017
a783e5c
Update HttpBasicLdapFactory
Jan 26, 2017
8ddd533
Merge pull request #1 from nietonfir/http_basic_ldap
lsmith77 Jan 26, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
make LdapBindAuthenticationProvider capable of searching for the DN
  • Loading branch information
@lsmith77
lsmith77 committed Jan 25, 2017
commit a30191f30a472b3451a81910b0603bdc746c87cb
7 changes: 6 additions & 1 deletion ...mfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ class FormLoginLdapFactory extends FormLoginFactory
protected function createAuthProvider(ContainerBuilder $container, $id, $config, $userProviderId)
{
$provider = 'security.authentication.provider.ldap_bind.'.$id;
$container
$definition = $container
->setDefinition($provider, new ChildDefinition('security.authentication.provider.ldap_bind'))
->replaceArgument(0, new Reference($userProviderId))
->replaceArgument(1, new Reference('security.user_checker.'.$id))
Expand All @@ -36,6 +36,10 @@ protected function createAuthProvider(ContainerBuilder $container, $id, $config,
->replaceArgument(4, $config['dn_string'])
;

if (!empty($config['query_string'])) {
$definition->addMethodCall('setQueryString', array($config['query_string']));
}

return $provider;
}

Expand All @@ -47,6 +51,7 @@ public function addConfiguration(NodeDefinition $node)
->children()
->scalarNode('service')->defaultValue('ldap')->end()
->scalarNode('dn_string')->defaultValue('{username}')->end()
->scalarNode('query_string')->end()
->end()
;
}
Expand Down
26 changes: 25 additions & 1 deletion ...ymfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ class LdapBindAuthenticationProvider extends UserAuthenticationProvider
private $userProvider;
private $ldap;
private $dnString;
private $queryString;

/**
* Constructor.
Expand All @@ -53,6 +54,16 @@ public function __construct(UserProviderInterface $userProvider, UserCheckerInte
$this->dnString = $dnString;
}

/**
* Set a query string to use in order to find a DN for the username.
*
* @param string $queryString
*/
public function setQueryString($queryString)
{
$this->queryString = $queryString;
}

/**
* {@inheritdoc}
*/
Expand All @@ -79,7 +90,20 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke

try {
$username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_DN);
$dn = str_replace('{username}', $username, $this->dnString);

if ($this->queryString) {
$query = str_replace('{username}', $username, $this->queryString);

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove newline.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

$query = $this->ldap->query($this->dnString, $query);
$result = $query->execute();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add newline after this one and merge this line with the previous one (no need to keep the query variable, as it is not used for anything but for running its execute() method.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

if (1 !== $result->count()) {
throw new BadCredentialsException('The presented username is invalid.');
}

$dn = $result[0]->getDn();
} else {
$dn = str_replace('{username}', $username, $this->dnString);
}

$this->ldap->bind($dn, $password);
} catch (ConnectionException $e) {
Expand Down
72 changes: 72 additions & 0 deletions ...ponent/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php
View file
Open in desktop
use Symfony\Component\Ldap\Entry;
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@
namespace Symfony\Component\Security\Core\Tests\Authentication\Provider;

use Symfony\Component\Ldap\LdapInterface;
use Symfony\Component\Ldap\Adapter\QueryInterface;
use Symfony\Component\Ldap\Adapter\CollectionInterface;
use Symfony\Component\Security\Core\Authentication\Provider\LdapBindAuthenticationProvider;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\Security\Core\User\User;
Expand Down Expand Up @@ -81,4 +84,73 @@ public function testRetrieveUser()

$reflection->invoke($provider, 'foo', new UsernamePasswordToken('foo', 'bar', 'key'));
}

public function testQueryForDn()
{
$userProvider = $this->getMockBuilder(UserProviderInterface::class)->getMock();

$collection = new \ArrayIterator(array(new Entry('')));

$query = $this->getMockBuilder(QueryInterface::class)->getMock();
$query
->expects($this->once())
->method('execute')
->will($this->returnValue($collection))
;

$ldap = $this->getMockBuilder(LdapInterface::class)->getMock();
$ldap
->expects($this->once())
->method('escape')
->with('foo', '')
->will($this->returnValue('foo'))
;
$ldap
->expects($this->once())
->method('query')
->with('{username}', 'foobar')
->will($this->returnValue($query))
;
$userChecker = $this->getMockBuilder(UserCheckerInterface::class)->getMock();

$provider = new LdapBindAuthenticationProvider($userProvider, $userChecker, 'key', $ldap);
$provider->setQueryString('{username}bar');
$reflection = new \ReflectionMethod($provider, 'checkAuthentication');
$reflection->setAccessible(true);

$reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', 'bar', 'key'));
}

/**
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
* @expectedExceptionMessage The presented username is invalid.
*/
public function testEmptyQueryResultShouldThrowAnException()
{
$userProvider = $this->getMockBuilder(UserProviderInterface::class)->getMock();

$collection = $this->getMockBuilder(CollectionInterface::class)->getMock();

$query = $this->getMockBuilder(QueryInterface::class)->getMock();
$query
->expects($this->once())
->method('execute')
->will($this->returnValue($collection))
;

$ldap = $this->getMockBuilder(LdapInterface::class)->getMock();
$ldap
->expects($this->once())
->method('query')
->will($this->returnValue($query))
;
$userChecker = $this->getMockBuilder(UserCheckerInterface::class)->getMock();

$provider = new LdapBindAuthenticationProvider($userProvider, $userChecker, 'key', $ldap);
$provider->setQueryString('{username}bar');
$reflection = new \ReflectionMethod($provider, 'checkAuthentication');
$reflection->setAccessible(true);

$reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', 'bar', 'key'));
}
}
0