tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 15:54:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix case sensitive authentication with postgres (#5338)

Browse Source 
fixes #5223
This commit is contained in:
Johannes Meyer 2025-03-20 16:34:30 +01:00 committed by GitHub
commit d86ede517f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
library/Icinga/Authentication/User/DbUserBackend.php
View File

@ -11,6 +11,7 @@ use Icinga\Exception\AuthenticationException;
use Icinga\Repository\DbRepository; use Icinga\Repository\DbRepository;
use Icinga\User; use Icinga\User;
use PDO; use PDO;
use Zend_Db_Expr;
class DbUserBackend extends DbRepository implements UserBackendInterface, Inspectable class DbUserBackend extends DbRepository implements UserBackendInterface, Inspectable
{ {
@ -179,23 +180,24 @@ class DbUserBackend extends DbRepository implements UserBackendInterface, Inspec
{ {
if ($this->ds->getDbType() === 'pgsql') { if ($this->ds->getDbType() === 'pgsql') {
// Since PostgreSQL version 9.0 the default value for bytea_output is 'hex' instead of 'escape' // Since PostgreSQL version 9.0 the default value for bytea_output is 'hex' instead of 'escape'
$columns = array('password_hash' => 'ENCODE(password_hash, \'escape\')'); $columns = ['password_hash' => new Zend_Db_Expr('ENCODE(password_hash, \'escape\')')];
} else { } else {
$columns = array('password_hash'); $columns = ['password_hash'];
} }
$nameColumn = 'name'; $nameColumn = 'user';
if ($this->ds->getDbType() === 'mysql') { if ($this->ds->getDbType() === 'mysql') {
$username = strtolower($username); $username = strtolower($username);
$nameColumn = 'BINARY LOWER(name)'; $nameColumn = new Zend_Db_Expr('BINARY LOWER(name)');
} }
$query = $this->ds->select() $query = $this
->from($this->prependTablePrefix('user'), $columns) ->select()
->from('user', $columns)
->where($nameColumn, $username) ->where($nameColumn, $username)
->where('active', true); ->where('active', true);
$statement = $this->ds->getDbAdapter()->prepare($query->getSelectQuery()); $statement = $this->ds->getDbAdapter()->prepare($query->getQuery()->getSelectQuery());
$statement->execute(); $statement->execute();
$statement->bindColumn(1, $lob, PDO::PARAM_LOB); $statement->bindColumn(1, $lob, PDO::PARAM_LOB);
$statement->fetch(PDO::FETCH_BOUND); $statement->fetch(PDO::FETCH_BOUND);

2
library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
View File

@ -204,7 +204,7 @@ class DbUserGroupBackend extends DbRepository implements Inspectable, UserGroupB
$membershipQuery = $this $membershipQuery = $this
->select() ->select()
->from('group_membership', array('group_name')) ->from('group_membership', array('group_name'))
->where('user_name', $user->getUsername()); ->where('user', $user->getUsername());
$memberships = array(); $memberships = array();
foreach ($membershipQuery as $membership) { foreach ($membershipQuery as $membership) {