[Ldap] Fixing missing user_identifier forward compatibility in CheckLdapCredentialsListener

EXT - THERAGE Kevin · EXT - THERAGE Kevin · commit f5efe9a05b93 · 2022-06-29T14:51:17.000+02:00
diff --git a/src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php b/src/Symfony/Component/Ldap/Security/CheckLdapCredentialsListener.php
@@ -84,7 +84,7 @@ public function onCheckPassport(CheckPassportEvent $event)
                     throw new LogicException('Using the "query_string" config without using a "search_dn" and a "search_password" is not supported.');
                 }
                 $username = $ldap->escape($user->getUserIdentifier(), '', LdapInterface::ESCAPE_FILTER);
-                $query = str_replace('{username}', $username, $ldapBadge->getQueryString());
+                $query = str_replace('{user_identifier}', $username, $ldapBadge->getQueryString());
                 $result = $ldap->query($ldapBadge->getDnString(), $query)->execute();
                 if (1 !== $result->count()) {
                     throw new BadCredentialsException('The presented username is invalid.');
@@ -93,7 +93,7 @@ public function onCheckPassport(CheckPassportEvent $event)
                 $dn = $result[0]->getDn();
             } else {
                 $username = $ldap->escape($user->getUserIdentifier(), '', LdapInterface::ESCAPE_DN);
-                $dn = str_replace('{username}', $username, $ldapBadge->getDnString());
+                $dn = str_replace('{user_identifier}', $username, $ldapBadge->getDnString());
             }
 
             $ldap->bind($dn, $presentedPassword);
diff --git a/src/Symfony/Component/Ldap/Security/LdapAuthenticator.php b/src/Symfony/Component/Ldap/Security/LdapAuthenticator.php
@@ -42,7 +42,7 @@ class LdapAuthenticator implements AuthenticationEntryPointInterface, Interactiv
     private string $searchPassword;
     private string $queryString;
 
-    public function __construct(AuthenticatorInterface $authenticator, string $ldapServiceId, string $dnString = '{username}', string $searchDn = '', string $searchPassword = '', string $queryString = '')
+    public function __construct(AuthenticatorInterface $authenticator, string $ldapServiceId, string $dnString = '{user_identifier}', string $searchDn = '', string $searchPassword = '', string $queryString = '')
     {
         $this->authenticator = $authenticator;
         $this->ldapServiceId = $ldapServiceId;
diff --git a/src/Symfony/Component/Ldap/Security/LdapBadge.php b/src/Symfony/Component/Ldap/Security/LdapBadge.php
@@ -31,12 +31,20 @@ class LdapBadge implements BadgeInterface
     private string $searchPassword;
     private ?string $queryString;
 
-    public function __construct(string $ldapServiceId, string $dnString = '{username}', string $searchDn = '', string $searchPassword = '', string $queryString = null)
+    public function __construct(string $ldapServiceId, string $dnString = '{user_identifier}', string $searchDn = '', string $searchPassword = '', string $queryString = null)
     {
         $this->ldapServiceId = $ldapServiceId;
+        $dnString = str_replace('{username}', '{user_identifier}', $dnString, $replaceCount);
+        if ($replaceCount > 0) {
+            @trigger_error('Using {username} parameter in LDAP dn configuration is deprecated. Consider using {user_identifier} instead.', \E_USER_DEPRECATED);
+        }
         $this->dnString = $dnString;
         $this->searchDn = $searchDn;
         $this->searchPassword = $searchPassword;
+        $queryString = str_replace('{username}', '{user_identifier}', $queryString, $replaceCount);
+        if ($replaceCount > 0) {
+            @trigger_error('Using {username} parameter in LDAP query string configuration is deprecated. Consider using {user_identifier} instead.', \E_USER_DEPRECATED);
+        }
         $this->queryString = $queryString;
     }
 
diff --git a/src/Symfony/Component/Ldap/Security/LdapUserProvider.php b/src/Symfony/Component/Ldap/Security/LdapUserProvider.php
@@ -81,7 +81,7 @@ public function loadUserByIdentifier(string $identifier): UserInterface
         }
 
         $identifier = $this->ldap->escape($identifier, '', LdapInterface::ESCAPE_FILTER);
-        $query = str_replace(['{username}', '{user_identifier}'], $identifier, $this->defaultSearch);
+        $query = str_replace('{user_identifier}', $identifier, $this->defaultSearch);
         $search = $this->ldap->query($this->baseDn, $query, ['filter' => 0 == \count($this->extraFields) ? '*' : $this->extraFields]);
 
         $entries = $search->execute();
diff --git a/src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php b/src/Symfony/Component/Ldap/Tests/Security/CheckLdapCredentialsListenerTest.php
@@ -127,7 +127,10 @@ public function testBindFailureShouldThrowAnException()
         $listener->onCheckPassport($this->createEvent());
     }
 
-    public function testQueryForDn()
+    /**
+     * @dataProvider queryForDnProvider
+     */
+    public function testQueryForDn(string $dnString, string $queryString)
     {
         $collection = new class([new Entry('')]) extends \ArrayObject implements CollectionInterface {
             public function toArray(): array
@@ -145,10 +148,18 @@ public function toArray(): array
                 ['elsa', 'test1234A$']
             );
         $this->ldap->expects($this->any())->method('escape')->with('Wouter', '', LdapInterface::ESCAPE_FILTER)->willReturn('wouter');
-        $this->ldap->expects($this->once())->method('query')->with('{username}', 'wouter_test')->willReturn($query);
+        $this->ldap->expects($this->once())->method('query')->with('{user_identifier}', 'wouter_test')->willReturn($query);
 
         $listener = $this->createListener();
-        $listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', '{username}', 'elsa', 'test1234A$', '{username}_test')));
+        $listener->onCheckPassport($this->createEvent('s3cr3t', new LdapBadge('app.ldap', $dnString, 'elsa', 'test1234A$', $queryString)));
+    }
+
+    public function queryForDnProvider(): iterable
+    {
+        yield ['{username}', '{username}_test'];
+        yield ['{user_identifier}', '{username}_test'];
+        yield ['{username}', '{user_identifier}_test'];
+        yield ['{user_identifier}', '{user_identifier}_test'];
     }
 
     public function testEmptyQueryResultShouldThrowAnException()

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ class LdapAuthenticator implements AuthenticationEntryPointInterface, Interactiv`
`42`	`42`	`private string $searchPassword;`
`43`	`43`	`private string $queryString;`
`44`	`44`
`45`		`- public function __construct(AuthenticatorInterface $authenticator, string $ldapServiceId, string $dnString = '{username}', string $searchDn = '', string $searchPassword = '', string $queryString = '')`
	`45`	`+ public function __construct(AuthenticatorInterface $authenticator, string $ldapServiceId, string $dnString = '{user_identifier}', string $searchDn = '', string $searchPassword = '', string $queryString = '')`
`46`	`46`	`{`
`47`	`47`	`$this->authenticator = $authenticator;`
`48`	`48`	`$this->ldapServiceId = $ldapServiceId;`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ public function loadUserByIdentifier(string $identifier): UserInterface`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`$identifier = $this->ldap->escape($identifier, '', LdapInterface::ESCAPE_FILTER);`
`84`		`- $query = str_replace(['{username}', '{user_identifier}'], $identifier, $this->defaultSearch);`
	`84`	`+ $query = str_replace('{user_identifier}', $identifier, $this->defaultSearch);`
`85`	`85`	`$search = $this->ldap->query($this->baseDn, $query, ['filter' => 0 == \count($this->extraFields) ? '*' : $this->extraFields]);`
`86`	`86`
`87`	`87`	`$entries = $search->execute();`