From 4a104e3a1b1a3f974669c5e532c1db0b0a0b1cd6 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Thu, 20 Mar 2025 16:34:30 +0100
Subject: [PATCH] Fix case sensitive authentication with postgres (#5338)

fixes #5223

(cherry picked from commit d86ede517fa9ca04cc9679aa66a429b4d6170f54)
---
 .../Icinga/Authentication/User/DbUserBackend.php | 16 +++++++++-------
 .../UserGroup/DbUserGroupBackend.php             |  2 +-
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/library/Icinga/Authentication/User/DbUserBackend.php b/library/Icinga/Authentication/User/DbUserBackend.php
index 0e8cc6a54..6cf56a844 100644
--- a/library/Icinga/Authentication/User/DbUserBackend.php
+++ b/library/Icinga/Authentication/User/DbUserBackend.php
@@ -11,6 +11,7 @@ use Icinga\Exception\AuthenticationException;
 use Icinga\Repository\DbRepository;
 use Icinga\User;
 use PDO;
+use Zend_Db_Expr;
 
 class DbUserBackend extends DbRepository implements UserBackendInterface, Inspectable
 {
@@ -179,23 +180,24 @@ class DbUserBackend extends DbRepository implements UserBackendInterface, Inspec
     {
         if ($this->ds->getDbType() === 'pgsql') {
             // Since PostgreSQL version 9.0 the default value for bytea_output is 'hex' instead of 'escape'
-            $columns = array('password_hash' => 'ENCODE(password_hash, \'escape\')');
+            $columns = ['password_hash' => new Zend_Db_Expr('ENCODE(password_hash, \'escape\')')];
         } else {
-            $columns = array('password_hash');
+            $columns = ['password_hash'];
         }
 
-        $nameColumn = 'name';
+        $nameColumn = 'user';
         if ($this->ds->getDbType() === 'mysql') {
             $username = strtolower($username);
-            $nameColumn = 'BINARY LOWER(name)';
+            $nameColumn = new Zend_Db_Expr('BINARY LOWER(name)');
         }
 
-        $query = $this->ds->select()
-            ->from($this->prependTablePrefix('user'), $columns)
+        $query = $this
+            ->select()
+            ->from('user', $columns)
             ->where($nameColumn, $username)
             ->where('active', true);
 
-        $statement = $this->ds->getDbAdapter()->prepare($query->getSelectQuery());
+        $statement = $this->ds->getDbAdapter()->prepare($query->getQuery()->getSelectQuery());
         $statement->execute();
         $statement->bindColumn(1, $lob, PDO::PARAM_LOB);
         $statement->fetch(PDO::FETCH_BOUND);
diff --git a/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php b/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
index 66db97fdb..b1bbcf520 100644
--- a/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
+++ b/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
@@ -204,7 +204,7 @@ class DbUserGroupBackend extends DbRepository implements Inspectable, UserGroupB
         $membershipQuery = $this
             ->select()
             ->from('group_membership', array('group_name'))
-            ->where('user_name', $user->getUsername());
+            ->where('user', $user->getUsername());
 
         $memberships = array();
         foreach ($membershipQuery as $membership) {