Zend Framework

Zend_Auth_Adapter_DbTable does not honor the case folder of the underlying database

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Minor Minor
  • Resolution: Fixed
  • Affects Version/s: 1.5.1
  • Fix Version/s: 1.9.3
  • Component/s: Zend_Auth
  • Labels:
    None
  • Fix Version Priority:
    Should Have

Description

(Note: I only picked Zend_Auth because Zend_Auth_Adapter_DbTable is not available.)

When using the Zend_Auth_Adapter_DbTable to authenticate against a database in which I was using Zend_Db::CASE_FOLDING => Zend_Db::CASE_UPPER I found that the authentication would fail stating that the "zend_auth_credential_match" was an invalid index. In order to fix the issue I had to modify three lines in the source to using the DB method to use the requested case folding.

In Zend_Auth_Adapter_DbTable.php

Here is my new modified version of _authenticateValidateResult:

protected function _authenticateValidateResult($resultIdentity)
    {
        if ($resultIdentity[$this->_zendDb->foldCase('zend_auth_credential_match')] != '1') {
            $this->_authenticateResultInfo['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
            $this->_authenticateResultInfo['messages'][] = 'Supplied credential is invalid.';
            return $this->_authenticateCreateAuthResult();
        }

        unset($resultIdentity[$this->_zendDb->foldCase('zend_auth_credential_match')]);
        $this->_resultRow = $resultIdentity;

        $this->_authenticateResultInfo['code'] = Zend_Auth_Result::SUCCESS;
        $this->_authenticateResultInfo['messages'][] = 'Authentication successful.';
        return $this->_authenticateCreateAuthResult();
    }

Also here is a new _authenticateCreateSelect method:

protected function _authenticateCreateSelect()
    {
        // build credential expression
        if (empty($this->_credentialTreatment) || (strpos($this->_credentialTreatment, "?") === false)) {
            $this->_credentialTreatment = '?';
        }

        $credentialExpression = new Zend_Db_Expr(
            '(CASE WHEN ' . 
            $this->_zendDb->quoteInto(
                $this->_zendDb->quoteIdentifier($this->_credentialColumn, true)
                . ' = ' . $this->_credentialTreatment, $this->_credential
                )
            . ' THEN 1 ELSE 0 END) AS '
            . $this->_zendDb->quoteIdentifier($this->_zendDb->foldCase('zend_auth_credential_match'))
            );

        // get select
        $dbSelect = $this->_zendDb->select();
        $dbSelect->from($this->_tableName, array('*', $credentialExpression))
                 ->where($this->_zendDb->quoteIdentifier($this->_identityColumn, true) . ' = ?', $this->_identity);

        return $dbSelect;
    }

All I have really done is used the _zendDb->foldCase method to properly case the inserted "zend_auth_credential_match" key.

Thanks,

Mike

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Wil Sinclair added a comment -

Please evaluate and categorize as necessary.

Show
Wil Sinclair added a comment - Please evaluate and categorize as necessary.
Hide
Permalink
Toni Wenzel added a comment -

I've the same problem. Please fix as soon as possible.

Show
Toni Wenzel added a comment - I've the same problem. Please fix as soon as possible.
Hide
Permalink
Matthew Weier O'Phinney added a comment -

Assigning to Ralph.

Show
Matthew Weier O'Phinney added a comment - Assigning to Ralph.
Hide
Permalink
Luiz Fernando Furtado added a comment -

It's affect the use of Zend_Auth_Adapter_DbTable with Firebird. Interbase and Oracle OCI.

Show
Luiz Fernando Furtado added a comment - It's affect the use of Zend_Auth_Adapter_DbTable with Firebird. Interbase and Oracle OCI.
Hide
Permalink
Ralph Schindler added a comment -

Fixed in 1.9 in 18066 and in trunk at 18065

Show
Ralph Schindler added a comment - Fixed in 1.9 in 18066 and in trunk at 18065

People

Vote (2)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.