Issues

ZF-3068: Zend_Auth_Adapter_DbTable does not honor the case folder of the underlying database

Issue Type: Bug Created: 2008-04-08T07:23:44.000+0000 Last Updated: 2009-09-10T11:50:30.000+0000 Status: Resolved Fix version(s): - 1.9.3 (22/Sep/09)

Reporter: Mike Coakley (mcoakley) Assignee: Ralph Schindler (ralph) Tags: - Zend_Auth

Related issues: Attachments:

Description

(Note: I only picked Zend_Auth because Zend_Auth_Adapter_DbTable is not available.)

When using the Zend_Auth_Adapter_DbTable to authenticate against a database in which I was using Zend_Db::CASE_FOLDING => Zend_Db::CASE_UPPER I found that the authentication would fail stating that the "zend_auth_credential_match" was an invalid index. In order to fix the issue I had to modify three lines in the source to using the DB method to use the requested case folding.

In Zend_Auth_Adapter_DbTable.php

Here is my new modified version of _authenticateValidateResult:

<pre class="highlight">
    protected function _authenticateValidateResult($resultIdentity)
    {
        if ($resultIdentity[$this->_zendDb->foldCase('zend_auth_credential_match')] != '1') {
            $this->_authenticateResultInfo['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
            $this->_authenticateResultInfo['messages'][] = 'Supplied credential is invalid.';
            return $this->_authenticateCreateAuthResult();
        }

        unset($resultIdentity[$this->_zendDb->foldCase('zend_auth_credential_match')]);
        $this->_resultRow = $resultIdentity;

        $this->_authenticateResultInfo['code'] = Zend_Auth_Result::SUCCESS;
        $this->_authenticateResultInfo['messages'][] = 'Authentication successful.';
        return $this->_authenticateCreateAuthResult();
    }

Also here is a new _authenticateCreateSelect method:

<pre class="highlight">
    protected function _authenticateCreateSelect()
    {
        // build credential expression
        if (empty($this->_credentialTreatment) || (strpos($this->_credentialTreatment, "?") === false)) {
            $this->_credentialTreatment = '?';
        }

        $credentialExpression = new Zend_Db_Expr(
            '(CASE WHEN ' . 
            $this->_zendDb->quoteInto(
                $this->_zendDb->quoteIdentifier($this->_credentialColumn, true)
                . ' = ' . $this->_credentialTreatment, $this->_credential
                )
            . ' THEN 1 ELSE 0 END) AS '
            . $this->_zendDb->quoteIdentifier($this->_zendDb->foldCase('zend_auth_credential_match'))
            );

        // get select
        $dbSelect = $this->_zendDb->select();
        $dbSelect->from($this->_tableName, array('*', $credentialExpression))
                 ->where($this->_zendDb->quoteIdentifier($this->_identityColumn, true) . ' = ?', $this->_identity);

        return $dbSelect;
    }

All I have really done is used the _zendDb->foldCase method to properly case the inserted "zend_auth_credential_match" key.

Thanks,

Mike

Comments

Posted by Wil Sinclair (wil) on 2008-04-18T13:29:28.000+0000

Please evaluate and categorize as necessary.

Posted by Toni Wenzel (twenzel) on 2009-01-17T11:23:35.000+0000

I've the same problem. Please fix as soon as possible.

Posted by Matthew Weier O'Phinney (matthew) on 2009-01-17T12:33:54.000+0000

Assigning to Ralph.

Posted by Luiz Fernando Furtado (kgbfernando) on 2009-09-03T08:32:25.000+0000

It's affect the use of Zend_Auth_Adapter_DbTable with Firebird. Interbase and Oracle OCI.

Posted by Ralph Schindler (ralph) on 2009-09-10T11:50:26.000+0000

Fixed in 1.9 in 18066 and in trunk at 18065

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts