Throw exception on fetchDN, when no row exists

Instead of fetchDN, authentication now uses hasUser to check if the user exists before querying the password, to prevent the exception from messing up the whole authentication process
2014-06-23 13:57:41 +02:00 · 2014-06-23 13:57:41 +02:00 · 77a9dd1e6e
parent 4d42b4d2c4
commit 77a9dd1e6e
2 changed files with 22 additions and 14 deletions
--- a/library/Icinga/Authentication/Backend/LdapUserBackend.php
+++ b/library/Icinga/Authentication/Backend/LdapUserBackend.php
@ -127,10 +127,11 @@ class LdapUserBackend extends UserBackend
     *
     * @param   User    $user
     * @param   string  $password
-     * @param   boolean $healthCheck        Perform additional health checks to generate more useful
-     *                                          exceptions in case of a configuration or backend error
+     * @param   boolean $healthCheck        Perform additional health checks to generate more useful exceptions in case
+     *                                      of a configuration or backend error
     *
-     * @return  bool    True when the authentication was successful, false when the username or password was invalid
+     * @return  bool                        True when the authentication was successful, false when the username
+     *                                      or password was invalid
     * @throws  AuthenticationException     When an error occurred during authentication and authentication is not possible
     */
    public function authenticate(User $user, $password, $healthCheck = true)
@ -150,14 +151,15 @@ class LdapUserBackend extends UserBackend
                );
            }
        }
+        if (! $this->hasUser($user)) {
+            return false;
+        }
        try {
-            $userDn = $this->conn->fetchDN($this->createQuery($user->getUsername()));
-            if (!$userDn) {
-                // User does not exist
-                return false;
-            }
-            return $this->conn->testCredentials($userDn, $password);
-        } catch (Exception $e) {
+            return $this->conn->testCredentials(
+                $this->conn->fetchDN($this->createQuery($user->getUsername())),
+                $password
+            );
+        } catch (\Exception $e) {
            // Error during authentication of this specific user
            throw new AuthenticationException(
                sprintf(
--- a/library/Icinga/Protocol/Ldap/Connection.php
+++ b/library/Icinga/Protocol/Ldap/Connection.php
@ -223,16 +223,22 @@ class Connection
    /**
     * Fetch the distinguished name of the first result of the given query
     *
-     * @param       $query
-     * @param array $fields
+     * @param       $query   The query returning the result set
+     * @param array $fields  The fields to fetch
     *
-     * @return null|string   Returns the distinguished name, or false when the given query yields no results
+     * @return string        Returns the distinguished name, or false when the given query yields no results
+     * @throws \Exception    When the query result is empty and contains no DN to fetch
     */
    public function fetchDN($query, $fields = array())
    {
        $rows = $this->fetchAll($query, $fields);
        if (count($rows) !== 1) {
-            return null;
+            throw new \Exception(
+                sprintf(
+                    'Cannot fetch single DN for %s',
+                    $query
+                )
+            );
        }
        return key($rows);
    }