[#25180] - [4.0] SQL Error when logging in with the LDAP plugin
- Closed
- 13 Jun 2019
- Medium
- Build: staging
- # 25180
Steps to reproduce the issue
- Enable and configure the LDAP plugin
- Attempt to login to the administrator
Expected result
The login would be successful if parameters are met.
Actual result
A SQL Exception is thrown (Unknown column 'Array' in 'where clause')
System information (as much as possible)
- Ubuntu 18.04
- PHP 7.2.19
- Nginx 1.14.0
- Joomla 4.0.0-alpha10-dev
Additional comments
I encountered this when I was testing one of my third party LDAP plugins. I had a similar issue with it, and noticed that the $user array that is being passed to onUserLogin provides the username as an array with a single key, as well as some other entries such as email and name. The $user['username'] value is eventually used on line 392 of the Joomla User Plugin when it is passed to UserHelper::getUserId, where it is passed.
Upon further investigation, it appears this may be the desired effect of the LDAP Symfony package that is being used, but I'm not sure it fits in with what we need for Joomla. The getAttribute function from the Entry class in that package states:
As LDAP can return multiple values for a single attribute, this value is returned as an array.
Should we adjust the LDAP Joomla plugin to convert these arrays to a string? I'm assuming Joomla wouldn't be able to handle multiple entries for username, email, etc.
joomla-cms-bot
- | Labels |
Added:
?
|
||
| Labels |
Added:
J4 Issue
|
||
I can. I had originally downloaded the zip from the Nightly Builds link the README points to. Is there a better way for me to ensure I'm using the nightly build?
I wanted to make sure for Nightly as i guesse you use "Joomla 4.0.0-alpha10-dev". Now i see Alpha is 9, so its too early for me to think - sorry.
can a Developer of Bug Squad Team please comment?
| Status | New | ⇒ | Information Required |
it seems unrelated to core
I was testing one of my third party LDAP plugins.
hard to say something
That was perhaps an unnecessary part for me to add to the issue. This issue happens with just the core LDAP plugin enabled, regardless of whether my plugin is installed or not.
If we now get an array we have to adapt the joomla ldap plugin. if you can write a PR and a test please do so.
I think it should be enough for a first step to change these 3 lines
https://github.com/joomla/joomla-cms/blob/4.0-dev/plugins/authentication/ldap/ldap.php#L180-L182
from
$response->username = $entry->getAttribute($ldap_uid);
$response->email = $entry->getAttribute($ldap_email);
$response->fullname = $entry->getAttribute($ldap_fullname) ?: $credentials['username'];
to
$response->username = $entry->getAttribute($ldap_uid)[0];
$response->email = $entry->getAttribute($ldap_email)[0];
$response->fullname = $entry->getAttribute($ldap_fullname)[0] ?: $credentials['username'];
@mbabker What do you think about the above? Would that be safe?
Symfony ldap doku for v 3.4 says the getAttribute function returns an array:
https://github.com/symfony/symfony/blob/3.4/src/Symfony/Component/Ldap/Entry.php#L58
And a bit below for the setAttribute you can also see that an element of the attributes list is an array.
Regarding test: No idea how to do that.
@travisrisner You want to make a pull request (PR)? If not, we can find someone else, or I will try.
As long as key 0 always has the data you're looking for then sure.
Hmm, not sure. Have to check what happens if getAttribute does not find the attribute. It might need some health checks maybe (isset, issarray and whatever else).
Null is returned if nothing found.
isset then.
TBH, the LDAP plugin would be a good thing for someone on the automated testing team to work on architecture to make sure stays tested since it is such a niche feature. Bonus, both the Symfony repo and the deprecated Joomla Framework repo have the setup to build and seed an LDAP server, someone just needs to copy it into their array of Docker images and run a system test pass with Joomla configured to support LDAP authentication.
Thats far beyond my knowledge, that testing thing.
I did the PR, but am unsure at the moment on how to write the test. I am researching that, but if it's something someone from a specific team needs to handle that's fine.
| Status | Information Required | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-06-13 04:28:29 |
| Closed_By | ⇒ | franz-wohlkoenig |
@mbabker I've addressed your comment above to the JBS team to include that into our requirements specifications for the testing platform based on what was once started in GSOC 2017. I hope it will go the right way and someone will care about it.
Can you please test using the Nightly Build?