ZF-3068: Zend_Auth_Adapter_DbTable does not honor the case folder of the underlying database

Description

(Note: I only picked Zend_Auth because Zend_Auth_Adapter_DbTable is not available.)

When using the Zend_Auth_Adapter_DbTable to authenticate against a database in which I was using Zend_Db::CASE_FOLDING => Zend_Db::CASE_UPPER I found that the authentication would fail stating that the "zend_auth_credential_match" was an invalid index. In order to fix the issue I had to modify three lines in the source to using the DB method to use the requested case folding.

In Zend_Auth_Adapter_DbTable.php

Here is my new modified version of _authenticateValidateResult:


    protected function _authenticateValidateResult($resultIdentity)
    {
        if ($resultIdentity[$this->_zendDb->foldCase('zend_auth_credential_match')] != '1') {
            $this->_authenticateResultInfo['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
            $this->_authenticateResultInfo['messages'][] = 'Supplied credential is invalid.';
            return $this->_authenticateCreateAuthResult();
        }

        unset($resultIdentity[$this->_zendDb->foldCase('zend_auth_credential_match')]);
        $this->_resultRow = $resultIdentity;

        $this->_authenticateResultInfo['code'] = Zend_Auth_Result::SUCCESS;
        $this->_authenticateResultInfo['messages'][] = 'Authentication successful.';
        return $this->_authenticateCreateAuthResult();
    }

Also here is a new _authenticateCreateSelect method:


    protected function _authenticateCreateSelect()
    {
        // build credential expression
        if (empty($this->_credentialTreatment) || (strpos($this->_credentialTreatment, "?") === false)) {
            $this->_credentialTreatment = '?';
        }

        $credentialExpression = new Zend_Db_Expr(
            '(CASE WHEN ' . 
            $this->_zendDb->quoteInto(
                $this->_zendDb->quoteIdentifier($this->_credentialColumn, true)
                . ' = ' . $this->_credentialTreatment, $this->_credential
                )
            . ' THEN 1 ELSE 0 END) AS '
            . $this->_zendDb->quoteIdentifier($this->_zendDb->foldCase('zend_auth_credential_match'))
            );

        // get select
        $dbSelect = $this->_zendDb->select();
        $dbSelect->from($this->_tableName, array('*', $credentialExpression))
                 ->where($this->_zendDb->quoteIdentifier($this->_identityColumn, true) . ' = ?', $this->_identity);

        return $dbSelect;
    }

All I have really done is used the _zendDb->foldCase method to properly case the inserted "zend_auth_credential_match" key.

Thanks,

Mike

Comments

Please evaluate and categorize as necessary.

I've the same problem. Please fix as soon as possible.

Assigning to Ralph.

It's affect the use of Zend_Auth_Adapter_DbTable with Firebird. Interbase and Oracle OCI.

Fixed in 1.9 in 18066 and in trunk at 18065