Comments (7)
I've to admit that branch of the code is a mistery for me.
I was following the same code of DaoAuthenticationProvider but it's truth getPassword
is empty or is a hashed password so the return value won't be valid in any case.
So the question is How we can re authenticate an already logged user?
from fr3dldapbundle.
What is the return value of $token->getCredentials()
?
from fr3dldapbundle.
$token->getCredentials()
return the password filled by the user while the process of authentication starts (before redirect). I actually tried to replace $currentUser->getPassword()
by $token->getCredentials()
but no change. I my opinion the problem is deeper in the process.
When the User is authenticated, the condition ($currentUser instanceof UserInterface)
is true and the User is rebind from the informations returned by the token (aka getUser() and getCredentials()). The User returned by getCredentials() is free of password (by default, it's empty because it's overrided on hydrate method on LdapManager : the password is set to blank.
I tried to set the password on the instance User in checkAuthentication but no change too. Seems when the token is re-recreated the password is lost...
from fr3dldapbundle.
Here is the solution !
Change $currentUser->getPassword()
to $token->getCredentials()
in LdapAuthenticationProvider, and turn off the property erase_credentials in security.yml
.
The generated token keeps the password after login and the bind method is working correctly. I don't know if it's the really waited behaviour or just a bad way to resolve it.
I notice a strange thing btw, the Zend/Ldap driver is called twice, the first time is when the default connection defined in config.yml with username and password are used. The second one is when the bind method is directly called to authenticate User. In this case, I trace all the workflow to show up how it behaves : an Exception is correctly thrown (because username is filled, password is empty and AllowEmptyPassword is false) but in UserAuthenticationProvider the code below does not throw the Exception to the caller class (AuthenticationProviderManager) :
try {
$this->userChecker->checkPreAuth($user);
$this->checkAuthentication($user, $token);
$this->userChecker->checkPostAuth($user);
} catch (BadCredentialsException $e) {
if ($this->hideUserNotFoundExceptions) {
throw new BadCredentialsException('Bad credentials', 0, $e);
}
throw $e;
}
I don't know why and when the Exception is catched. This issue messed up my brain !
from fr3dldapbundle.
Do you want create a PR with the fix?
About the driver called twice:
a) The first one is the user provider part. (Symfony expects to provider a user object, so you can provide a user from bd but later authenticate against ldap)
b) The second is the user authentication.
from fr3dldapbundle.
I am not sure if the fix is correct, I gonna make new tests with fresh installation and chaining providers to be sure it does not bring regression.
from fr3dldapbundle.
The change will make a BC Break with objects retrieved from BD. But this have to be fixed as you proposed.
from fr3dldapbundle.
Related Issues (20)
- Drop Zend LDAP in favor of Symfony LDAP HOT 1
- Set user Role depending Ldap group membership HOT 2
- How to set "Username" and "Password" fields from config.yml in the login page HOT 1
- accountCanonicalForm does not appear to be appending correctly HOT 1
- Error when installing the bundle HOT 1
- Retrieve user's list from ldap HOT 1
- Sync mailaddress form ldap after login HOT 2
- override FR3DLdapBundle HOT 1
- Symfony authentication API HOT 1
- New Documentation for LDAP Bundle? HOT 1
- Building symfony container will error if Fosuserbundle is not installed. HOT 1
- Symfony 3.4 deprecation HOT 1
- LdapManager
- Usage of user's LDAP/AD password HOT 4
- Support of Symfony 3 HOT 2
- SECURITY: password logged when exception thrown HOT 1
- Fatal error on login with invalid credentials HOT 1
- v2.0 -> v3.0: handling of empty passwords has changed? HOT 5
- Try using fos_userbundle and fr3d_ldapbundle HOT 1
- Security Hole? Allows anonymous bind if no password submitted by frontend
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fr3dldapbundle.