Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit c1a964d

Browse filesBrowse files
committed
Allow to use ldap in a chain provider
1 parent b39fcef commit c1a964d
Copy full SHA for c1a964d

File tree

8 files changed

+266
-21
lines changed
Filter options

8 files changed

+266
-21
lines changed

‎src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php
+2-7Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@
1717
use Symfony\Component\Ldap\LdapInterface;
1818
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
1919
use Symfony\Component\Security\Core\Exception\LogicException;
20-
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
2120
use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\PasswordCredentials;
2221
use Symfony\Component\Security\Http\Authenticator\Passport\UserPassportInterface;
2322
use Symfony\Component\Security\Http\Event\CheckPassportEvent;
@@ -46,9 +45,6 @@ public function onCheckPassport(CheckPassportEvent $event)
4645

4746
/** @var LdapBadge $ldapBadge */
4847
$ldapBadge = $passport->getBadge(LdapBadge::class);
49-
if ($ldapBadge->isResolved()) {
50-
return;
51-
}
5248

5349
if (!$passport instanceof UserPassportInterface || !$passport->hasBadge(PasswordCredentials::class)) {
5450
throw new \LogicException(sprintf('LDAP authentication requires a passport containing a user and password credentials, authenticator "%s" does not fulfill these requirements.', \get_class($event->getAuthenticator())));
@@ -70,8 +66,8 @@ public function onCheckPassport(CheckPassportEvent $event)
7066
}
7167

7268
$user = $passport->getUser();
73-
if (!$user instanceof PasswordAuthenticatedUserInterface) {
74-
trigger_deprecation('symfony/ldap', '5.3', 'Not implementing the "%s" interface in class "%s" while using password-based authenticators is deprecated.', PasswordAuthenticatedUserInterface::class, get_debug_type($user));
69+
if (!$user instanceof LdapUser) {
70+
return;
7571
}
7672

7773
/** @var LdapInterface $ldap */
@@ -104,7 +100,6 @@ public function onCheckPassport(CheckPassportEvent $event)
104100
}
105101

106102
$passwordCredentials->markResolved();
107-
$ldapBadge->markResolved();
108103
}
109104

110105
public static function getSubscribedEvents(): array

‎src/Symfony/Component/Ldap/Security/LdapAuthenticator.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/LdapAuthenticator.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ public function supports(Request $request): ?bool
6060
public function authenticate(Request $request): Passport
6161
{
6262
$passport = $this->authenticator->authenticate($request);
63-
$passport->addBadge(new LdapBadge($this->ldapServiceId, $this->dnString, $this->searchDn, $this->searchPassword, $this->queryString));
63+
$passport->addBadge(new LdapBadge($this->ldapServiceId, $this->dnString, $this->searchDn, $this->searchPassword, $this->queryString, true));
6464

6565
return $passport;
6666
}

‎src/Symfony/Component/Ldap/Security/LdapBadge.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Security/LdapBadge.php
+8-2Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,20 +24,24 @@
2424
*/
2525
class LdapBadge implements BadgeInterface
2626
{
27-
private $resolved = false;
27+
private $resolved = true;
2828
private $ldapServiceId;
2929
private $dnString;
3030
private $searchDn;
3131
private $searchPassword;
3232
private $queryString;
3333

34-
public function __construct(string $ldapServiceId, string $dnString = '{username}', string $searchDn = '', string $searchPassword = '', string $queryString = null)
34+
public function __construct(string $ldapServiceId, string $dnString = '{user_identifier}', string $searchDn = '', string $searchPassword = '', string $queryString = null, $resolved = false)
3535
{
3636
$this->ldapServiceId = $ldapServiceId;
3737
$this->dnString = $dnString;
3838
$this->searchDn = $searchDn;
3939
$this->searchPassword = $searchPassword;
4040
$this->queryString = $queryString;
41+
$this->resolved = $resolved;
42+
if (false === $this->resolved) {
43+
trigger_deprecation('symfony/ldap', '5.4', 'Passing false as resolved initial value is deprecated, use true instead.');
44+
}
4145
}
4246

4347
public function getLdapServiceId(): string
@@ -67,6 +71,8 @@ public function getQueryString(): ?string
6771

6872
public function markResolved(): void
6973
{
74+
trigger_deprecation('symfony/ldap', '5.4', 'Calling %s is deprecated.', __METHOD__);
75+
7076
$this->resolved = true;
7177
}
7278

‎src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php
+20-10Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
use Symfony\Component\Ldap\LdapInterface;
2323
use Symfony\Component\Ldap\Security\CheckLdapCredentialsListener;
2424
use Symfony\Component\Ldap\Security\LdapBadge;
25+
use Symfony\Component\Ldap\Security\LdapUser;
2526
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
2627
use Symfony\Component\Security\Core\Exception\AuthenticationException;
2728
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
@@ -69,9 +70,10 @@ public static function provideShouldNotCheckPassport()
6970
yield [new TestAuthenticator(), new Passport(new UserBadge('test'), new PasswordCredentials('s3cret'))];
7071

7172
// ldap already resolved
72-
$badge = new LdapBadge('app.ldap');
73-
$badge->markResolved();
74-
yield [new TestAuthenticator(), new Passport(new UserBadge('test'), new PasswordCredentials('s3cret'), [$badge])];
73+
$ldapBadge = new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true);
74+
$userBadge = new UserBadge('test');
75+
$userBadge->setUserLoader(function () { return new InMemoryUser('test', 'pass', ['ROLE_USER']); });
76+
yield [new TestAuthenticator(), new Passport($userBadge, new PasswordCredentials('s3cret'), [$ldapBadge])];
7577
}
7678

7779
public function testPasswordCredentialsAlreadyResolvedThrowsException()
@@ -81,7 +83,7 @@ public function testPasswordCredentialsAlreadyResolvedThrowsException()
8183

8284
$badge = new PasswordCredentials('s3cret');
8385
$badge->markResolved();
84-
$passport = new Passport(new UserBadge('test'), $badge, [new LdapBadge('app.ldap')]);
86+
$passport = new Passport(new UserBadge('test'), $badge, [new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true)]);
8587

8688
$listener = $this->createListener();
8789
$listener->onCheckPassport(new CheckPassportEvent(new TestAuthenticator(), $passport));
@@ -93,7 +95,7 @@ public function testInvalidLdapServiceId()
9395
$this->expectExceptionMessage('Cannot check credentials using the "not_existing_ldap_service" ldap service, as such service is not found. Did you maybe forget to add the "ldap" service tag to this service?');
9496

9597
$listener = $this->createListener();
96-
$listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('not_existing_ldap_service')));
98+
$listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('not_existing_ldap_service', '{user_identifier}', '', '', null, true)));
9799
}
98100

99101
/**
@@ -115,7 +117,10 @@ public static function provideWrongPassportData()
115117
}
116118

117119
// no password credentials
118-
yield [new SelfValidatingPassport(new UserBadge('test'), [new LdapBadge('app.ldap')])];
120+
yield [new SelfValidatingPassport(
121+
new UserBadge('test'),
122+
[new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true)]
123+
)];
119124
}
120125

121126
/**
@@ -129,7 +134,7 @@ public function testLegacyWrongPassport()
129134
// no user passport
130135
$passport = $this->createMock(PassportInterface::class);
131136
$passport->expects($this->any())->method('hasBadge')->with(LdapBadge::class)->willReturn(true);
132-
$passport->expects($this->any())->method('getBadge')->with(LdapBadge::class)->willReturn(new LdapBadge('app.ldap'));
137+
$passport->expects($this->any())->method('getBadge')->with(LdapBadge::class)->willReturn(new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true));
133138

134139
$listener = $this->createListener();
135140
$listener->onCheckPassport(new CheckPassportEvent(new TestAuthenticator(), $passport));
@@ -156,6 +161,9 @@ public function testBindFailureShouldThrowAnException()
156161
$listener->onCheckPassport($this->createEvent());
157162
}
158163

164+
/**
165+
* @group legacy
166+
*/
159167
public function testQueryForDn()
160168
{
161169
$collection = new class([new Entry('')]) extends \ArrayObject implements CollectionInterface {
@@ -183,7 +191,7 @@ public function toArray(): array
183191
$this->ldap->expects($this->once())->method('query')->with('{username}', 'wouter_test')->willReturn($query);
184192

185193
$listener = $this->createListener();
186-
$listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', '{username}', 'elsa', 'test1234A$', '{username}_test')));
194+
$listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', '{username}', 'elsa', 'test1234A$', '{username}_test', true)));
187195
}
188196

189197
public function testEmptyQueryResultShouldThrowAnException()
@@ -211,14 +219,16 @@ public function testEmptyQueryResultShouldThrowAnException()
211219
$this->ldap->expects($this->once())->method('query')->willReturn($query);
212220

213221
$listener = $this->createListener();
214-
$listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', '{username}', 'elsa', 'test1234A$', '{username}_test')));
222+
$listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', '{username}', 'elsa', 'test1234A$', '{username}_test', true)));
215223
}
216224

217225
private function createEvent($password = 's3cr3t', $ldapBadge = null)
218226
{
227+
$ldapUser = new LdapUser(new Entry('cn=Wouter,dc=example,dc=com'), 'Wouter', null, ['ROLE_USER']);
228+
219229
return new CheckPassportEvent(
220230
new TestAuthenticator(),
221-
new Passport(new UserBadge('Wouter', function () { return new InMemoryUser('Wouter', null, ['ROLE_USER']); }), new PasswordCredentials($password), [$ldapBadge ?? new LdapBadge('app.ldap')])
231+
new Passport(new UserBadge('Wouter', function () use ($ldapUser) { return $ldapUser; }), new PasswordCredentials($password), [$ldapBadge ?? new LdapBadge('app.ldap', '{user_identifier}', '', '', null, true)])
222232
);
223233
}
224234

+42Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the Symfony package.
5+
*
6+
* (c) Fabien Potencier <fabien@symfony.com>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
namespace Security;
13+
14+
use PHPUnit\Framework\TestCase;
15+
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
16+
use Symfony\Component\Ldap\Security\LdapBadge;
17+
18+
final class LdapBadgeTest extends TestCase
19+
{
20+
use ExpectDeprecationTrait;
21+
22+
/**
23+
* @group legacy
24+
*/
25+
public function testDeprecationOnResolvedInitialValue()
26+
{
27+
$this->expectDeprecation('Since symfony/ldap 5.4: Passing false as resolved initial value is deprecated, use true instead.');
28+
29+
new LdapBadge('foo');
30+
}
31+
32+
/**
33+
* @group legacy
34+
*/
35+
public function testDeprecationOnMarkAsResolved()
36+
{
37+
$this->expectDeprecation('Since symfony/ldap 5.4: Calling Symfony\Component\Ldap\Security\LdapBadge::markResolved is deprecated.');
38+
39+
$sut = new LdapBadge('foo', '{user_identifier}', '', '', null, true);
40+
$sut->markResolved();
41+
}
42+
}

‎src/Symfony/Component/Ldap/composer.json

Copy file name to clipboardExpand all lines: src/Symfony/Component/Ldap/composer.json
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,8 @@
2323
"ext-ldap": "*"
2424
},
2525
"require-dev": {
26-
"symfony/security-core": "^5.3|^6.0"
26+
"symfony/security-core": "^5.3|^6.0",
27+
"symfony/security-http": "^5.4"
2728
},
2829
"conflict": {
2930
"symfony/options-resolver": "<4.4",

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.