Fix documentation and code style in the LdapUserBackend

library/Icinga/Authentication/Backend/LdapUserBackend.php

@@ -5,6 +5,7 @@ namespace Icinga\Authentication\Backend;
 
 use Icinga\User;
 use Icinga\Authentication\UserBackend;
+use Icinga\Protocol\Ldap\Query;
 use Icinga\Protocol\Ldap\Connection;
 use Icinga\Exception\AuthenticationException;
 use Icinga\Protocol\Ldap\Exception as LdapException;
@@ -15,7 +16,7 @@ class LdapUserBackend extends UserBackend
      * Connection to the LDAP server
      *
      * @var Connection
-     **/
+     */
     protected $conn;
 
     protected $baseDn;
@@ -36,7 +37,9 @@ class LdapUserBackend extends UserBackend
     }
 
     /**
-     * @return \Icinga\Protocol\Ldap\Query
+     * Create a query to select all usernames
+     *
+     * @return  Query
      */
     protected function selectUsers()
     {
@@ -49,15 +52,15 @@ class LdapUserBackend extends UserBackend
     }
 
     /**
-     * Create query
+     * Create a query filtered by the given username
      *
      * @param   string  $username
      *
-     * @return  \Icinga\Protocol\Ldap\Query
-     **/
+     * @return  Query
+     */
     protected function selectUser($username)
     {
-        return $this->selectUsers()->where(
+        return $this->selectUsers()->setUsePagedResults(false)->where(
             $this->userNameAttribute,
             str_replace('*', '', $username)
         );
@@ -68,7 +71,7 @@ class LdapUserBackend extends UserBackend
      *
      * Try to bind to the backend and query all available users to check if:
      * <ul>
-     *  <li>User connection credentials are correct and the bind is possible</li>
+     *  <li>Connection credentials are correct and the bind is possible</li>
      *  <li>At least one user exists</li>
      *  <li>The specified userClass has the property specified by userNameAttribute</li>
      * </ul>
@@ -78,13 +81,12 @@ class LdapUserBackend extends UserBackend
     public function assertAuthenticationPossible()
     {
         try {
-            $q = $this->conn->select()->setBase($this->baseDn)->from($this->userClass);
-            $result = $q->fetchRow();
+            $result = $this->selectUsers()->fetchRow();
         } catch (LdapException $e) {
             throw new AuthenticationException('Connection not possible.', $e);
         }
 
-        if (! isset($result)) {
+        if ($result === null) {
             throw new AuthenticationException(
                 'No objects with objectClass="%s" in DN="%s" found.',
                 $this->userClass,
@@ -139,17 +141,16 @@ class LdapUserBackend extends UserBackend
     }
 
     /**
-     * Test whether the given user exists
+     * Return whether the given user exists
      *
      * @param   User    $user
      *
      * @return  bool
-     * @throws  AuthenticationException
      */
     public function hasUser(User $user)
     {
         $username = $user->getUsername();
-        $entry = $this->conn->fetchOne($this->selectUser($username));
+        $entry = $this->selectUser($username)->fetchOne();
 
         if (is_array($entry)) {
             return in_array(strtolower($username), array_map('strtolower', $entry));
@@ -159,16 +160,15 @@ class LdapUserBackend extends UserBackend
     }
 
     /**
-     * Authenticate the given user and return true on success, false on failure and null on error
+     * Return whether the given user credentials are valid
      *
      * @param   User    $user
      * @param   string  $password
-     * @param   boolean $healthCheck        Perform additional health checks to generate more useful exceptions in case
-     *                                      of a configuration or backend error
+     * @param   boolean $healthCheck        Assert that authentication is possible at all
      *
-     * @return  bool                        True when the authentication was successful, false when the username
-     *                                      or password was invalid
-     * @throws  AuthenticationException     When an error occurred during authentication and authentication is not possible
+     * @return  bool
+     *
+     * @throws  AuthenticationException     In case an error occured or the health check has failed
      */
     public function authenticate(User $user, $password, $healthCheck = true)
     {
@@ -176,7 +176,6 @@ class LdapUserBackend extends UserBackend
             try {
                 $this->assertAuthenticationPossible();
             } catch (AuthenticationException $e) {
-                // Authentication not possible
                 throw new AuthenticationException(
                     'Authentication against backend "%s" not possible.',
                     $this->getName(),
@@ -184,24 +183,27 @@ class LdapUserBackend extends UserBackend
                 );
             }
         }
+
         if (! $this->hasUser($user)) {
             return false;
         }
+
         try {
             $userDn = $this->conn->fetchDN($this->selectUser($user->getUsername()));
             $authenticated = $this->conn->testCredentials(
                 $userDn,
                 $password
             );
+
             if ($authenticated) {
                 $groups = $this->getGroups($userDn);
                 if ($groups !== null) {
                     $user->setGroups($groups);
                 }
             }
+
             return $authenticated;
         } catch (LdapException $e) {
-            // Error during authentication of this specific user
             throw new AuthenticationException(
                 'Failed to authenticate user "%s" against backend "%s". An exception was thrown:',
                 $user->getUsername(),
@@ -238,6 +240,7 @@ class LdapUserBackend extends UserBackend
                 $users[] = $row->{$this->userNameAttribute};
             }
         }
+
         return $users;
     }
 }