Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 2f5bd18

Browse filesBrowse files
nicolas-grekasnicolas-grekas
committed
bug #26589 [Ldap] cast to string when checking empty passwords (ismail1432)
This PR was submitted for the master branch but it was squashed and merged into the 2.8 branch instead (closes #26589). Discussion ---------- [Ldap] cast to string when checking empty passwords | Q | A | ------------- | --- | Branch? | master for features / 2.7 up to 4.0 for bug fixes <!-- see below --> | Bug fix? | yes | New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files --> | BC breaks? | no <!-- see https://symfony.com/bc --> | Deprecations? | no <!-- don't forget to update UPGRADE-*.md files --> | Tests pass? | yes <!-- please add some, will be required by reviewers --> | Fixed tickets | #26525 <!-- #-prefixed issue number(s), if any --> | License | MIT | Doc PR | symfony/symfony-docs#... <!-- required for new features --> <!-- Quick fix condition that solved the issue. --> Commits ------- f276989 [Ldap] cast to string when checking empty passwords
2 parents 677d9aa + f276989 commit 2f5bd18
Copy full SHA for 2f5bd18

File tree

2 files changed

+18
-1
lines changed
Filter options

2 files changed

+18
-1
lines changed

‎src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
7171
$username = $token->getUsername();
7272
$password = $token->getCredentials();
7373

74-
if ('' === $password) {
74+
if ('' === (string) $password) {
7575
throw new BadCredentialsException('The presented password must not be empty.');
7676
}
7777

‎src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php
+17Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,23 @@ public function testEmptyPasswordShouldThrowAnException()
3939
$reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', '', 'key'));
4040
}
4141

42+
/**
43+
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
44+
* @expectedExceptionMessage The presented password must not be empty.
45+
*/
46+
public function testNullPasswordShouldThrowAnException()
47+
{
48+
$userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock();
49+
$ldap = $this->getMockBuilder('Symfony\Component\Ldap\LdapClientInterface')->getMock();
50+
$userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock();
51+
52+
$provider = new LdapBindAuthenticationProvider($userProvider, $userChecker, 'key', $ldap);
53+
$reflection = new \ReflectionMethod($provider, 'checkAuthentication');
54+
$reflection->setAccessible(true);
55+
56+
$reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', null, 'key'));
57+
}
58+
4259
/**
4360
* @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException
4461
* @expectedExceptionMessage The presented password is invalid.

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.