Merge branch 'release/1.0.2'

2020-11-16 10:44:57 -07:00
parent ae335956c2 255c44093d
commit a347daad79
3 changed files with 27 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+# v1.0.2
+## 11/16/2020
+
+1. [](#improved)
+    * Allow to login if LDAP user's DN contains double quotes [#18](https://github.com/trilbymedia/grav-plugin-login-ldap/pulls/18)
+    * Ignore authentication requests with empty username [#14](https://github.com/trilbymedia/grav-plugin-login-ldap/pulls/14)
+    * Better handling a null condition with `array_shift` [#8](https://github.com/trilbymedia/grav-plugin-login-ldap/pulls/8)
+
 # v1.0.1
 ## 06/11/2018

--- a/blueprints.yaml
+++ b/blueprints.yaml
@@ -1,5 +1,5 @@
 name: Login LDAP
-version: 1.0.1
+version: 1.0.2
 description: Allows for Grav user authentication against an LDAP Server such as OpenLDAP or ActiveDirectory
 icon: user-circle-o
 author:
@@ -13,7 +13,7 @@ docs: https://github.com/trilbymedia/grav-plugin-login-ldap/blob/develop/README.
 license: MIT

 dependencies:
-  - { name: login, version: '>=2.6.3' }
+  - { name: login, version: '>=3.0.0' }

 form:
  validation: strict
--- a/login-ldap.php
+++ b/login-ldap.php
@@ -7,6 +7,7 @@ use Grav\Common\Utils;
 use Grav\Plugin\Login\Events\UserLoginEvent;
 use Grav\Plugin\Login\Login;
 use Symfony\Component\Ldap\Ldap;
+use Symfony\Component\Ldap\LdapInterface;
 use Symfony\Component\Ldap\Exception\ConnectionException;
 use Symfony\Component\Yaml\Yaml;

@@ -70,6 +71,12 @@ class LoginLDAPPlugin extends Plugin
    {
        $credentials = $event->getCredentials();
        
+        // empty username -> ignore
+        if($credentials['username'] == ''){
+            $event->setStatus($event::AUTHENTICATION_FAILURE);
+            return;
+        }
+
        // Get Proper username
        $user_dn            = $this->config->get('plugins.login-ldap.user_dn');
        $search_dn          = $this->config->get('plugins.login-ldap.search_dn');
@@ -171,7 +178,7 @@ class LoginLDAPPlugin extends Plugin
                if ($group_dn) {
                    // retrieves all extra groups for user
                    $group_query = str_replace('[username]', $credentials['username'], $group_query);
-                    $group_query = str_replace('[dn]', $userdata['dn'], $group_query);
+                    $group_query = str_replace('[dn]', $ldap->escape($userdata['dn'], '', LdapInterface::ESCAPE_FILTER), $group_query);
                    $query = $ldap->query($group_dn, $group_query);
                    $groups = $query->execute()->toArray();

@@ -181,6 +188,10 @@ class LoginLDAPPlugin extends Plugin

                    foreach ($groups as $group) {
                        $attributes = $group->getAttributes();
+                        
+                        // make sure we have an array to read
+                        if ( !empty($attributes) && !empty($attributes[$group_indentifier]) && is_array($attributes[$group_indentifier]) )
+                        {
                            $user_group = array_shift($attributes[$group_indentifier]);
                            $user_groups[] = $user_group;

@@ -189,6 +200,7 @@ class LoginLDAPPlugin extends Plugin
                            }
                        }
                    }
+                }

                // Merge the LDAP user data with Grav user
                $grav_user->merge($userdata);