Merge branch 'hotfix/issue-#248-zero-password-login' - fixes #248 - d…

…iallows zero-password-login

src/DoctrineModule/Authentication/Adapter/ObjectRepository.php

@@ -175,7 +175,7 @@ protected function validateIdentity($identity)
             $credentialValue = call_user_func($callable, $identity, $credentialValue);
         }
 
-        if ($credentialValue !== true && $credentialValue != $documentCredential) {
+        if ($credentialValue !== true && $credentialValue !== $documentCredential) {
             $this->authenticationResultInfo['code'] = AuthenticationResult::FAILURE_CREDENTIAL_INVALID;
             $this->authenticationResultInfo['messages'][] = 'Supplied credential is invalid.';
 

tests/DoctrineModuleTest/Authentication/Adapter/ObjectRepositoryTest.php

@@ -280,4 +280,29 @@ public function testWillRefuseToAuthenticateWhenInvalidInstanceIsFound()
 
         $adapter->authenticate();
     }
+
+    public function testWillNotCastAuthCredentialValue()
+    {
+        $objectRepository = $this->getMock('Doctrine\Common\Persistence\ObjectRepository');
+        $adapter          = new ObjectRepositoryAdapter();
+        $entity           = new IdentityObject();
+
+        $entity->setPassword(0);
+        $adapter->setOptions(
+            array(
+                 'object_repository'   => $objectRepository,
+                 'credential_property' => 'password',
+                 'identity_property'   => 'username'
+            )
+        );
+        $adapter->setIdentity('a username');
+        $adapter->setCredential('00000');
+        $objectRepository
+            ->expects($this->once())
+            ->method('findOneBy')
+            ->with($this->equalTo(array('username' => 'a username')))
+            ->will($this->returnValue($entity));
+
+        $this->assertFalse($adapter->authenticate()->isValid());
+    }
 }