From 35b45a2b8d81e60401c1409744c967b5ca551989 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Thu, 20 Feb 2025 13:06:49 +0000
Subject: [PATCH] LDAP: Fixed php type error when no cn provided for user

Changes default fallback for name to first DN part, otherwise the whole
DN, rather than leave as null which was causing a type error.

For #5443
---
 app/Access/LdapService.php |  8 ++++++--
 tests/Auth/LdapTest.php    | 20 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/app/Access/LdapService.php b/app/Access/LdapService.php
index e5037ad2f..0f456efc2 100644
--- a/app/Access/LdapService.php
+++ b/app/Access/LdapService.php
@@ -112,10 +112,14 @@ class LdapService
             return null;
         }
 
-        $userCn = $this->getUserResponseProperty($user, 'cn', null);
+        $nameDefault = $this->getUserResponseProperty($user, 'cn', null);
+        if (is_null($nameDefault)) {
+            $nameDefault = ldap_explode_dn($user['dn'], 1)[0] ?? $user['dn'];
+        }
+
         $formatted = [
             'uid'   => $this->getUserResponseProperty($user, $idAttr, $user['dn']),
-            'name'  => $this->getUserDisplayName($user, $displayNameAttrs, $userCn),
+            'name'  => $this->getUserDisplayName($user, $displayNameAttrs, $nameDefault),
             'dn'    => $user['dn'],
             'email' => $this->getUserResponseProperty($user, $emailAttr, null),
             'avatar' => $thumbnailAttr ? $this->getUserResponseProperty($user, $thumbnailAttr, null) : null,
diff --git a/tests/Auth/LdapTest.php b/tests/Auth/LdapTest.php
index 9a00c983a..d1f128a50 100644
--- a/tests/Auth/LdapTest.php
+++ b/tests/Auth/LdapTest.php
@@ -166,6 +166,26 @@ class LdapTest extends TestCase
         $this->assertDatabaseHas('users', ['email' => $this->mockUser->email, 'email_confirmed' => false, 'external_auth_id' => $ldapDn]);
     }
 
+    public function test_login_works_when_ldap_server_does_not_provide_a_cn_value()
+    {
+        $ldapDn = 'cn=test-user,dc=test' . config('services.ldap.base_dn');
+
+        $this->commonLdapMocks(1, 1, 1, 2, 1);
+        $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
+            ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
+            ->andReturn(['count' => 1, 0 => [
+                'dn'   => $ldapDn,
+                'mail' => [$this->mockUser->email],
+            ]]);
+
+        $resp = $this->mockUserLogin();
+        $resp->assertRedirect('/');
+        $this->assertDatabaseHas('users', [
+            'name' => 'test-user',
+            'email' => $this->mockUser->email,
+        ]);
+    }
+
     public function test_a_custom_uid_attribute_can_be_specified_and_is_used_properly()
     {
         config()->set(['services.ldap.id_attribute' => 'my_custom_id']);