From 8fc58cb988301b2b78002bd58bf1ad7e67436fe3 Mon Sep 17 00:00:00 2001
From: Wouter Haffmans <wouter@simply-life.net>
Date: Sun, 12 Feb 2017 01:08:58 +0100
Subject: [PATCH] [Security] fixes LDAP bind authentication using wrong
 username

This fixes that the LDAP bind authentication ignores the uid_key
configuration of the LDAP user provider. It will now use the username of
the User object instead of the token's username.
---
 .../LdapBindAuthenticationProvider.php        |  2 +-
 .../LdapBindAuthenticationProviderTest.php    | 25 +++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
index 5ebb09ab3dad4..ae1c6f84c1d8d 100644
--- a/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
+++ b/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
@@ -70,7 +70,7 @@ protected function retrieveUser($username, UsernamePasswordToken $token)
      */
     protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
     {
-        $username = $token->getUsername();
+        $username = $user->getUsername();
         $password = $token->getCredentials();
 
         if ('' === $password) {
diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php
index 9359f869f02f3..d6e6cfd291f06 100644
--- a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php
@@ -81,4 +81,29 @@ public function testRetrieveUser()
 
         $reflection->invoke($provider, 'foo', new UsernamePasswordToken('foo', 'bar', 'key'));
     }
+
+    public function testAuthenticateUser()
+    {
+        $userProvider = $this->getMockBuilder(UserProviderInterface::class)->getMock();
+        $ldap = $this->getMockBuilder(LdapInterface::class)->getMock();
+        $ldap
+            ->expects($this->any())
+            ->method('escape')
+            ->with('foo')
+            ->will($this->returnValue('foo'))
+        ;
+        $ldap
+            ->expects($this->once())
+            ->method('bind')
+            ->with('foo')
+        ;
+
+        $userChecker = $this->getMockBuilder(UserCheckerInterface::class)->getMock();
+        $provider = new LdapBindAuthenticationProvider($userProvider, $userChecker, 'key', $ldap);
+
+        $reflection = new \ReflectionMethod($provider, 'checkAuthentication');
+        $reflection->setAccessible(true);
+
+        $reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo@example.com', 'bar', 'key'));
+    }
 }