Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed exception thrown when logging in as an LDAP user due to a direc… #34141

Closed
wants to merge 1 commit into from
Closed

Fixed exception thrown when logging in as an LDAP user due to a direc… #34141

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion apps/user_ldap/lib/User/User.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -664,11 +664,15 @@ public function handlePasswordExpiry($params) {
//retrieve relevant password policy attributes
$cacheKey = 'ppolicyAttributes' . $ppolicyDN;
$result = $this->connection->getFromCache($cacheKey);
if (is_null($result)) {
if (is_null($result) || !is_array($result) || empty($result[0]) || !is_array($result[0])) {
$result = $this->access->search('objectclass=*', $ppolicyDN, ['pwdgraceauthnlimit', 'pwdmaxage', 'pwdexpirewarning']);
$this->connection->writeToCache($cacheKey, $result);
}

if (is_null($result) || !is_array($result) || empty($result[0]) || !is_array($result[0])) {

Check failure

Code scanning / Psalm

TypeDoesNotContainNull

Type array<array-key, mixed> for $result is never null
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check is wrong. This variable being null as a result of the LDAP search is precisely the cause of the bug. A null check needs to happen here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you sure it is null and not false?
I’m pretty sure it can never be null.

Also, if you do not have ppolicy you should leave "Default password policy DN" empty and this code will never run.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello,

Just checked again on OC 25.0.2. $result is an empty array, which would be why my additional checks (is not an array, or 1st element unset, or 1st element is not an array) trap the problem before the 1st element of the (expected to be) array is accessed.

Check failure

Code scanning / Psalm

TypeDoesNotContainType

Type array<array-key, mixed> for $result is always array

Check failure

Code scanning / Psalm

TypeDoesNotContainNull

Cannot resolve types for $result - array<array-key, mixed> does not contain null

Check failure

Code scanning / Psalm

TypeDoesNotContainType

Type array<array-key, mixed> for $result is always array
return;//password policy attributes not found in directory
}

$pwdGraceAuthNLimit = array_key_exists('pwdgraceauthnlimit', $result[0]) ? $result[0]['pwdgraceauthnlimit'] : [];
$pwdMaxAge = array_key_exists('pwdmaxage', $result[0]) ? $result[0]['pwdmaxage'] : [];
$pwdExpireWarning = array_key_exists('pwdexpirewarning', $result[0]) ? $result[0]['pwdexpirewarning'] : [];
Expand Down