From 0e310cf72a9a97bcf403ec0c762279f793687f3c Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Wed, 26 Mar 2025 16:23:19 +0100 Subject: [PATCH] DbUserBackend: Fix broken password hash fetch routine fixes #5343 (cherry picked from commit 1ddd04df506e48d023d47231dc50cc3e80d01606) --- .../Authentication/User/DbUserBackend.php | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/library/Icinga/Authentication/User/DbUserBackend.php b/library/Icinga/Authentication/User/DbUserBackend.php index 6cf56a844..4b37b51f2 100644 --- a/library/Icinga/Authentication/User/DbUserBackend.php +++ b/library/Icinga/Authentication/User/DbUserBackend.php @@ -182,21 +182,25 @@ class DbUserBackend extends DbRepository implements UserBackendInterface, Inspec // Since PostgreSQL version 9.0 the default value for bytea_output is 'hex' instead of 'escape' $columns = ['password_hash' => new Zend_Db_Expr('ENCODE(password_hash, \'escape\')')]; } else { - $columns = ['password_hash']; - } - - $nameColumn = 'user'; - if ($this->ds->getDbType() === 'mysql') { - $username = strtolower($username); - $nameColumn = new Zend_Db_Expr('BINARY LOWER(name)'); + // password_hash is intentionally not a valid query column, + // by wrapping it in an expression it is not validated + $columns = ['password_hash' => new Zend_Db_Expr('password_hash')]; } $query = $this ->select() ->from('user', $columns) - ->where($nameColumn, $username) ->where('active', true); + if ($this->ds->getDbType() === 'mysql') { + $username = strtolower($username); + $nameColumn = new Zend_Db_Expr('BINARY LOWER(name)'); + + $query->getQuery()->where($nameColumn, $username); + } else { // pgsql + $query->where('user', $username); + } + $statement = $this->ds->getDbAdapter()->prepare($query->getQuery()->getSelectQuery()); $statement->execute(); $statement->bindColumn(1, $lob, PDO::PARAM_LOB);