Merge branch 'release/1.0.2'

CHANGELOG.md

@@ -1,3 +1,11 @@
+# v1.0.2
+## 11/16/2020
+
+1. [](#improved)
+    * Allow to login if LDAP user's DN contains double quotes [#18](https://github.com/trilbymedia/grav-plugin-login-ldap/pulls/18)
+    * Ignore authentication requests with empty username [#14](https://github.com/trilbymedia/grav-plugin-login-ldap/pulls/14)
+    * Better handling a null condition with `array_shift` [#8](https://github.com/trilbymedia/grav-plugin-login-ldap/pulls/8)
+
 # v1.0.1
 ## 06/11/2018
 

blueprints.yaml

@@ -1,5 +1,5 @@
 name: Login LDAP
-version: 1.0.1
+version: 1.0.2
 description: Allows for Grav user authentication against an LDAP Server such as OpenLDAP or ActiveDirectory
 icon: user-circle-o
 author:
@@ -13,7 +13,7 @@ docs: https://github.com/trilbymedia/grav-plugin-login-ldap/blob/develop/README.
 license: MIT
 
 dependencies:
-  - { name: login, version: '>=2.6.3' }
+  - { name: login, version: '>=3.0.0' }
 
 form:
   validation: strict

login-ldap.php

@@ -7,6 +7,7 @@
 use Grav\Plugin\Login\Events\UserLoginEvent;
 use Grav\Plugin\Login\Login;
 use Symfony\Component\Ldap\Ldap;
+use Symfony\Component\Ldap\LdapInterface;
 use Symfony\Component\Ldap\Exception\ConnectionException;
 use Symfony\Component\Yaml\Yaml;
 
@@ -69,6 +70,12 @@ public function onPluginsInitialized()
     public function userLoginAuthenticate(UserLoginEvent $event)
     {
         $credentials = $event->getCredentials();
+
+        // empty username -> ignore
+        if($credentials['username'] == ''){
+            $event->setStatus($event::AUTHENTICATION_FAILURE);
+            return;
+        }
 
         // Get Proper username
         $user_dn            = $this->config->get('plugins.login-ldap.user_dn');
@@ -171,7 +178,7 @@ public function userLoginAuthenticate(UserLoginEvent $event)
                 if ($group_dn) {
                     // retrieves all extra groups for user
                     $group_query = str_replace('[username]', $credentials['username'], $group_query);
-                    $group_query = str_replace('[dn]', $userdata['dn'], $group_query);
+                    $group_query = str_replace('[dn]', $ldap->escape($userdata['dn'], '', LdapInterface::ESCAPE_FILTER), $group_query);
                     $query = $ldap->query($group_dn, $group_query);
                     $groups = $query->execute()->toArray();
 
@@ -181,11 +188,16 @@ public function userLoginAuthenticate(UserLoginEvent $event)
 
                     foreach ($groups as $group) {
                         $attributes = $group->getAttributes();
-                        $user_group = array_shift($attributes[$group_indentifier]);
-                        $user_groups[] = $user_group;
-
-                        if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {
-                            $userdata['ldap']['groups'][] = $user_group;
+
+                        // make sure we have an array to read
+                        if ( !empty($attributes) && !empty($attributes[$group_indentifier]) && is_array($attributes[$group_indentifier]) )
+                        {
+                            $user_group = array_shift($attributes[$group_indentifier]);
+                            $user_groups[] = $user_group;
+
+                            if ($this->config->get('plugins.login-ldap.store_ldap_data', false)) {
+                                $userdata['ldap']['groups'][] = $user_group;
+                            }
                         }
                     }
                 }