From e23b17934ccacf9a2c7afc80d2559f65a545132e Mon Sep 17 00:00:00 2001 From: ismail1432 Date: Sun, 18 Mar 2018 14:56:17 +0100 Subject: [PATCH 1/3] change condition on checkAuthentication --- .../Authentication/Provider/LdapBindAuthenticationProvider.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php index 9c07fd5a35697..f1be9060a59cd 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php @@ -84,7 +84,7 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke $username = $token->getUsername(); $password = $token->getCredentials(); - if ('' === $password) { + if (empty($password)) { throw new BadCredentialsException('The presented password must not be empty.'); } From fdb13622329767f11708df50b37724fc011b3581 Mon Sep 17 00:00:00 2001 From: Smaine Milianni Date: Mon, 19 Mar 2018 14:49:56 +0100 Subject: [PATCH 2/3] Correct PR after reviews I updated the source code following your advices and applied Nicolas code --- .../Authentication/Provider/LdapBindAuthenticationProvider.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php b/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php index f1be9060a59cd..aa2c4803f1a68 100644 --- a/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php +++ b/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php @@ -84,7 +84,7 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke $username = $token->getUsername(); $password = $token->getCredentials(); - if (empty($password)) { + if ('' === (string) $password) { throw new BadCredentialsException('The presented password must not be empty.'); } From 917a4b8f9d24694a707984edc30434b7181f0633 Mon Sep 17 00:00:00 2001 From: ismail1432 Date: Wed, 21 Mar 2018 22:26:10 +0100 Subject: [PATCH 3/3] add test null password LdapBindAythenticator --- .../LdapBindAuthenticationProviderTest.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php index d65e8e7cc52e4..19f92528060bd 100644 --- a/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php @@ -45,6 +45,23 @@ public function testEmptyPasswordShouldThrowAnException() $reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', '', 'key')); } + /** + * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException + * @expectedExceptionMessage The presented password must not be empty. + */ + public function testNullPasswordShouldThrowAnException() + { + $userProvider = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserProviderInterface')->getMock(); + $ldap = $this->getMockBuilder('Symfony\Component\Ldap\LdapClientInterface')->getMock(); + $userChecker = $this->getMockBuilder('Symfony\Component\Security\Core\User\UserCheckerInterface')->getMock(); + + $provider = new LdapBindAuthenticationProvider($userProvider, $userChecker, 'key', $ldap); + $reflection = new \ReflectionMethod($provider, 'checkAuthentication'); + $reflection->setAccessible(true); + + $reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', null, 'key')); + } + /** * @expectedException \Symfony\Component\Security\Core\Exception\BadCredentialsException * @expectedExceptionMessage The presented password is invalid.