bug #26589 [Ldap] cast to string when checking empty passwords (ismail1432)
This PR was submitted for the master branch but it was squashed and merged into the 2.8 branch instead (closes #26589).
Discussion
----------
[Ldap] cast to string when checking empty passwords
| Q | A
| ------------- | ---
| Branch? | master for features / 2.7 up to 4.0 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #26525 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Quick fix condition that solved the issue.
-->
Commits
-------
f276989
[Ldap] cast to string when checking empty passwords
This commit is contained in:
commit
2f5bd18d82
@ -71,7 +71,7 @@ class LdapBindAuthenticationProvider extends UserAuthenticationProvider
|
||||
$username = $token->getUsername();
|
||||
$password = $token->getCredentials();
|
||||
|
||||
if ('' === $password) {
|
||||
if ('' === (string) $password) {
|
||||
throw new BadCredentialsException('The presented password must not be empty.');
|
||||
}
|
||||
|
||||
|
@ -39,6 +39,23 @@ class LdapBindAuthenticationProviderTest extends TestCase
|
||||
$reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', '', 'key'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
|
||||
* @expectedExceptionMessage The presented password must not be empty.
|
||||
*/
|
||||
public function testNullPasswordShouldThrowAnException()
|
||||
{
|
||||
$userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock();
|
||||
$ldap = $this->getMockBuilder('Symfony\Component\Ldap\LdapClientInterface')->getMock();
|
||||
$userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
|
||||
|
||||
$provider = new LdapBindAuthenticationProvider($userProvider, $userChecker, 'key', $ldap);
|
||||
$reflection = new \ReflectionMethod($provider, 'checkAuthentication');
|
||||
$reflection->setAccessible(true);
|
||||
|
||||
$reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', null, 'key'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
|
||||
* @expectedExceptionMessage The presented password is invalid.
|
||||
|
Reference in New Issue
Block a user