Merge pull request #13 from samsonasik/fix-12

weierophinney · weierophinney · commit ae6806f7d9fc · 2018-01-16T08:58:28.000-06:00
Fixes #12 : use false result check at stmt->fetchObject() to handle username not found data ( auth failure )
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,28 @@
 
 All notable changes to this project will be documented in this file, in reverse chronological order by release.
 
+## 0.2.1 - TBD
+
+### Added
+
+- Nothing.
+
+### Changed
+
+- Nothing
+
+### Deprecated
+
+- Nothing.
+
+### Removed
+
+- Nothing.
+
+### Fixed
+
+- [#13](https://github.com/zendframework/zend-expressive-authentication/pull/13) fixes "Trying to get property of non-object" when no record found at PdoDatabase user repository.
+
 ## 0.2.0 - 2017-11-27
 
 ### Added
diff --git a/src/UserRepository/PdoDatabase.php b/src/UserRepository/PdoDatabase.php
@@ -49,13 +49,13 @@ public function authenticate(string $credential, string $password = null) : ?Use
 
         $stmt = $this->pdo->prepare($sql);
         $stmt->bindParam(':username', $credential);
+        $stmt->execute();
 
-        if (! $stmt->execute()) {
+        $result = $stmt->fetchObject();
+        if (! $result) {
             return null;
         }
 
-        $result = $stmt->fetchObject();
-
         return password_verify($password, $result->{$this->config['field']['password']})
             ? $this->generateUser($credential, $this->getRolesFromUser($credential))
             : null;
diff --git a/test/UserRepository/PdoDatabaseTest.php b/test/UserRepository/PdoDatabaseTest.php
@@ -36,7 +36,7 @@ public function testAuthenticate()
         $this->assertEquals('test', $user->getUsername());
     }
 
-    public function testAuthenticateInvalidUser()
+    public function testAuthenticateInvalidUserPassword()
     {
         $pdo = new PDO('sqlite:'. __DIR__ . '/../TestAssets/pdo.sqlite');
         $pdoDatabase = new PdoDatabase($pdo, [
@@ -51,6 +51,21 @@ public function testAuthenticateInvalidUser()
         $this->assertNull($user);
     }
 
+    public function testAuthenticateInvalidUsername()
+    {
+        $pdo = new PDO('sqlite:'. __DIR__ . '/../TestAssets/pdo.sqlite');
+        $pdoDatabase = new PdoDatabase($pdo, [
+            'table' => 'user',
+            'field' => [
+                'username' => 'username',
+                'password' => 'password'
+            ]
+        ]);
+
+        $user = $pdoDatabase->authenticate('invalidusername', 'password');
+        $this->assertNull($user);
+    }
+
     public function testAuthenticateWithRole()
     {
         $pdo = new PDO('sqlite:'. __DIR__ . '/../TestAssets/pdo_role.sqlite');
