security #18736 Fixed issue with blank password with Ldap (csarrazi)

This PR was merged into the 2.8 branch. Discussion ---------- Fixed issue with blank password with Ldap | Q | A | ------------- | --- | Branch? | 1.8 | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Commits ------- c7d9c62 Fixed issue with blank password with Ldap
symfony · May 9, 2016 · 6f48b4b · 6f48b4b
2 parents 6d20cee + c7d9c62
commit 6f48b4b
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/...ymfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php b/...ymfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php
@@ -73,6 +73,10 @@ protected function checkAuthentication(UserInterface $user, UsernamePasswordToke
         $username = $token->getUsername();
         $password = $token->getCredentials();
 
+        if ('' === $password) {
+            throw new BadCredentialsException('The presented password must not be empty.');
+        }
+
         try {
             $username = $this->ldap->escape($username, '', LDAP_ESCAPE_DN);
             $dn = str_replace('{username}', $username, $this->dnString);

diff --git a/...ponent/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php b/...ponent/Security/Core/Tests/Authentication/Provider/LdapBindAuthenticationProviderTest.php
@@ -21,6 +21,23 @@
  */
 class LdapBindAuthenticationProviderTest extends \PHPUnit_Framework_TestCase
 {
+    /**
+     * @expectedException        \Symfony\Component\Security\Core\Exception\BadCredentialsException
+     * @expectedExceptionMessage The presented password must not be empty.
+     */
+    public function testEmptyPasswordShouldThrowAnException()
+    {
+        $userProvider = $this->getMock('Symfony\Component\Security\Core\User\UserProviderInterface');
+        $ldap = $this->getMock('Symfony\Component\Ldap\LdapClientInterface');
+        $userChecker = $this->getMock('Symfony\Component\Security\Core\User\UserCheckerInterface');
+
+        $provider = new LdapBindAuthenticationProvider($userProvider, $userChecker, 'key', $ldap);
+        $reflection = new \ReflectionMethod($provider, 'checkAuthentication');
+        $reflection->setAccessible(true);
+
+        $reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', '', 'key'));
+    }
+
     /**
      * @expectedException        \Symfony\Component\Security\Core\Exception\BadCredentialsException
      * @expectedExceptionMessage The presented password is invalid.
@@ -40,7 +57,7 @@ public function testBindFailureShouldThrowAnException()
         $reflection = new \ReflectionMethod($provider, 'checkAuthentication');
         $reflection->setAccessible(true);
 
-        $reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', '', 'key'));
+        $reflection->invoke($provider, new User('foo', null), new UsernamePasswordToken('foo', 'bar', 'key'));
     }
 
     public function testRetrieveUser()