From 97ee29eb377b573d7ea86ee844012aa5ca212ec6 Mon Sep 17 00:00:00 2001
From: Miguel Pereira <miguelsalespereira@gmail.com>
Date: Mon, 19 Nov 2018 10:55:56 +0100
Subject: [PATCH 1/4] Update login-ldap.php

In some rare occasions, the ldap setup can return null when reading the $attributes[$group_indentifier].

By checking that it isn't empty before shifting the array, we prevent the following error:

* array_shift expected parameter to be array, null given
---
 login-ldap.php | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/login-ldap.php b/login-ldap.php
index 6578bf3..4ea70e4 100644
--- a/login-ldap.php
+++ b/login-ldap.php
@@ -181,11 +181,16 @@ class LoginLDAPPlugin extends Plugin
 
                     foreach ($groups as $group) {
                         $attributes = $group->getAttributes();
-                        $user_group = array_shift($attributes[$group_indentifier]);
-                        $user_groups[] = $user_group;
+                        
+                        // make sure we have an array to read
+                        if ( !empty($attributes) && !empty($attributes[$group_indentifier]) && is_array($attributes[$group_indentifier]) )
+                        {
+                            $user_group = array_shift($attributes[$group_indentifier]);
+                            $user_groups[] = $user_group;
 
-                        if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {
-                            $userdata['ldap']['groups'][] = $user_group;
+                            if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {
+                                $userdata['ldap']['groups'][] = $user_group;
+                            }
                         }
                     }
                 }

From d667a1b3d916566f52dbfdb21f8082083f35e45d Mon Sep 17 00:00:00 2001
From: chhemme <christopher.hemme@live.de>
Date: Mon, 23 Mar 2020 16:43:09 +0100
Subject: [PATCH 2/4] Ignore authentication requests with empty username

When using login-ldap with the admin panel I get an LDAP exception because the query is invalid. It looks like the plugin sends an empty login request when loading the admin login page. This causes an invalid query.
---
 login-ldap.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/login-ldap.php b/login-ldap.php
index 4ea70e4..70aef6a 100644
--- a/login-ldap.php
+++ b/login-ldap.php
@@ -69,6 +69,12 @@ class LoginLDAPPlugin extends Plugin
     public function userLoginAuthenticate(UserLoginEvent $event)
     {
         $credentials = $event->getCredentials();
+        
+        // empty username -> ignore
+        if($credentials['username'] == ''){
+            $event->setStatus($event::AUTHENTICATION_FAILURE);
+            return;
+        }
 
         // Get Proper username
         $user_dn            = $this->config->get('plugins.login-ldap.user_dn');

From 7dc154b5038e2fd8fd7fc2a31f5eaf854cde2ab1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vilius=20=C5=A0umskas?= <vilius@sumskas.eu>
Date: Sun, 8 Nov 2020 17:15:15 +0200
Subject: [PATCH 3/4] Allow to login if LDAP user's DN contains double quotes

Patch fixes an issue where LDAP users with double quotes or other special characters in their DN could not login if a group filter is set.
---
 login-ldap.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/login-ldap.php b/login-ldap.php
index 70aef6a..5ade99e 100644
--- a/login-ldap.php
+++ b/login-ldap.php
@@ -7,6 +7,7 @@ use Grav\Common\Utils;
 use Grav\Plugin\Login\Events\UserLoginEvent;
 use Grav\Plugin\Login\Login;
 use Symfony\Component\Ldap\Ldap;
+use Symfony\Component\Ldap\LdapInterface;
 use Symfony\Component\Ldap\Exception\ConnectionException;
 use Symfony\Component\Yaml\Yaml;
 
@@ -177,7 +178,7 @@ class LoginLDAPPlugin extends Plugin
                 if ($group_dn) {
                     // retrieves all extra groups for user
                     $group_query = str_replace('[username]', $credentials['username'], $group_query);
-                    $group_query = str_replace('[dn]', $userdata['dn'], $group_query);
+                    $group_query = str_replace('[dn]', $ldap->escape($userdata['dn'], '', LdapInterface::ESCAPE_FILTER), $group_query);
                     $query = $ldap->query($group_dn, $group_query);
                     $groups = $query->execute()->toArray();
 

From 255c44093d4f90516fd5adf73bfa397e66899ba6 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Mon, 16 Nov 2020 10:44:50 -0700
Subject: [PATCH 4/4] prepare for release

---
 CHANGELOG.md    | 8 ++++++++
 blueprints.yaml | 4 ++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 20dc1ba..6d3fa18 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.0.2
+## 11/16/2020
+
+1. [](#improved)
+    * Allow to login if LDAP user's DN contains double quotes [#18](https://github.com/trilbymedia/grav-plugin-login-ldap/pulls/18)
+    * Ignore authentication requests with empty username [#14](https://github.com/trilbymedia/grav-plugin-login-ldap/pulls/14)
+    * Better handling a null condition with `array_shift` [#8](https://github.com/trilbymedia/grav-plugin-login-ldap/pulls/8)
+
 # v1.0.1
 ## 06/11/2018
 
diff --git a/blueprints.yaml b/blueprints.yaml
index 1c41bc8..4141bf9 100644
--- a/blueprints.yaml
+++ b/blueprints.yaml
@@ -1,5 +1,5 @@
 name: Login LDAP
-version: 1.0.1
+version: 1.0.2
 description: Allows for Grav user authentication against an LDAP Server such as OpenLDAP or ActiveDirectory
 icon: user-circle-o
 author:
@@ -13,7 +13,7 @@ docs: https://github.com/trilbymedia/grav-plugin-login-ldap/blob/develop/README.
 license: MIT
 
 dependencies:
-  - { name: login, version: '>=2.6.3' }
+  - { name: login, version: '>=3.0.0' }
 
 form:
   validation: strict