Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Ldap] cast to string when checking empty passwords#26589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Closed
ismail1432 wants to merge3 commits intosymfony:masterfromismail1432:ldapBind-authentication-condition
Closed

[Ldap] cast to string when checking empty passwords#26589

ismail1432 wants to merge3 commits intosymfony:masterfromismail1432:ldapBind-authentication-condition

Conversation

@ismail1432
Copy link
Contributor

QA
Branch?master for features / 2.7 up to 4.0 for bug fixes
Bug fix?yes
New feature?no
BC breaks?no
Deprecations?no
Tests pass?yes
Fixed tickets#26525
LicenseMIT
Doc PRsymfony/symfony-docs#...

$password =$token->getCredentials();

if ('' ===$password) {
if (empty($password)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

We try to avoid usingempty in Symfony. Here, a password like0 would returntrue with empty, which is not what we want here.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Thanks for feedback, What about use theNotBlankValidator conditionif(empty($value) && '0' != $value)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I'd suggest to write this asif ('' === (string) $password) {

linaori and ismail1432 reacted with thumbs up emoji
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Thanks@nicolas-grekas I applied your code in the PR, Hope it's good

Copy link
Member

@nicolas-grekasnicolas-grekas left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

(to be merged on 2.8)

$password =$token->getCredentials();

if ('' ===$password) {
if (empty($password)) {

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I'd suggest to write this asif ('' === (string) $password) {

linaori and ismail1432 reacted with thumbs up emoji
@nicolas-grekasnicolas-grekas changed the titlechange condition on checkAuthentication[Ldap] change condition on checkAuthenticationMar 19, 2018
@nicolas-grekasnicolas-grekas changed the title[Ldap] change condition on checkAuthentication[Ldap] cast to string when checking empty passwordsMar 19, 2018
@nicolas-grekasnicolas-grekas added this to the2.8 milestoneMar 19, 2018
I updated the source code following your advices and applied Nicolas code
Copy link
Member

@nicolas-grekasnicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

(for 2.8)

@nicolas-grekas
Copy link
Member

@ismail1432 would you mind adding a test case please?

@ismail1432
Copy link
ContributorAuthor

@nicolas-grekas sorry for answer now, thistest is not enough ? To be honest I don't have enough experience in Security and Tests to go more far... Sorry.

@nicolas-grekas
Copy link
Member

@ismail1432
Copy link
ContributorAuthor

thanks for feedback, I add test withnull password and it works

@nicolas-grekas
Copy link
Member

Thank you@ismail1432.

nicolas-grekas added a commit that referenced this pull requestMar 22, 2018
…l1432)This PR was submitted for the master branch but it was squashed and merged into the 2.8 branch instead (closes#26589).Discussion----------[Ldap] cast to string when checking empty passwords| Q             | A| ------------- | ---| Branch?       | master for features / 2.7 up to 4.0 for bug fixes <!-- see below -->| Bug fix?      | yes| New feature?  | no <!-- don't forget to update src/**/CHANGELOG.md files -->| BC breaks?    | no     <!-- seehttps://symfony.com/bc -->| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->| Tests pass?   | yes    <!-- please add some, will be required by reviewers -->| Fixed tickets |#26525  <!-- #-prefixed issue number(s), if any -->| License       | MIT| Doc PR        | symfony/symfony-docs#... <!-- required for new features --><!--Quick fix condition that solved the issue.-->Commits-------f276989 [Ldap] cast to string when checking empty passwords
This was referencedApr 2, 2018
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@fabpotfabpotfabpot requested changes

@nicolas-grekasnicolas-grekasnicolas-grekas approved these changes

Assignees

No one assigned

Projects

None yet

Milestone

2.8

Development

Successfully merging this pull request may close these issues.

4 participants

@ismail1432@nicolas-grekas@fabpot@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp