tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-28 00:04:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

DbUserBackend: Fix broken password hash fetch routine

Browse Source 
fixes #5343

(cherry picked from commit 1ddd04df506e48d023d47231dc50cc3e80d01606)
This commit is contained in:
Johannes Meyer 2025-03-26 16:23:19 +01:00
parent a5b152f467
commit 0e310cf72a
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
library/Icinga/Authentication/User/DbUserBackend.php
View File

@ -182,21 +182,25 @@ class DbUserBackend extends DbRepository implements UserBackendInterface, Inspec
// Since PostgreSQL version 9.0 the default value for bytea_output is 'hex' instead of 'escape'
$columns = ['password_hash' => new Zend_Db_Expr('ENCODE(password_hash, \'escape\')')];
} else {
$columns = ['password_hash'];
}
$nameColumn = 'user';
if ($this->ds->getDbType() === 'mysql') {
$username = strtolower($username);
$nameColumn = new Zend_Db_Expr('BINARY LOWER(name)');
// password_hash is intentionally not a valid query column,
// by wrapping it in an expression it is not validated
$columns = ['password_hash' => new Zend_Db_Expr('password_hash')];
}
$query = $this
->select()
->from('user', $columns)
->where($nameColumn, $username)
->where('active', true);
if ($this->ds->getDbType() === 'mysql') {
$username = strtolower($username);
$nameColumn = new Zend_Db_Expr('BINARY LOWER(name)');
$query->getQuery()->where($nameColumn, $username);
} else { // pgsql
$query->where('user', $username);
}
$statement = $this->ds->getDbAdapter()->prepare($query->getQuery()->getSelectQuery());
$statement->execute();
$statement->bindColumn(1, $lob, PDO::PARAM_LOB);