Added $omitAttribs argument to Zend_Auth_Adapter_Ldap::getAccountObject to allow attributes to be removed from the account object.

git-svn-id: http://framework.zend.com/svn/framework/standard/trunk@18875 44c647ce-9c0f-0410-b52a-842ac1e357ba

library/Zend/Auth/Adapter/Ldap.php

@@ -470,9 +470,10 @@ class Zend_Auth_Adapter_Ldap implements Zend_Auth_Adapter_Interface
      * Closes ZF-6813
      *
      * @param  array $returnAttribs
+     * @param  array $omitAttribs
      * @return stdClass|boolean
      */
-    public function getAccountObject(array $returnAttribs = array())
+    public function getAccountObject(array $returnAttribs = array(), array $omitAttribs = array())
     {
         if (!$this->_authenticatedDn) {
             return false;
@@ -480,8 +481,14 @@ class Zend_Auth_Adapter_Ldap implements Zend_Auth_Adapter_Interface
 
         $returnObject = new stdClass();
 
+        $omitAttribs = array_map('strtolower', $omitAttribs);
+
         $entry = $this->getLdap()->getEntry($this->_authenticatedDn, $returnAttribs, true);
         foreach ($entry as $attr => $value) {
+            if (in_array($attr, $omitAttribs)) {
+                // skip attributes marked to be omitted
+                continue;
+            }
             if (is_array($value)) {
                 $returnObject->$attr = (count($value) > 1) ? $value : $value[0];
             } else {

tests/Zend/Auth/Adapter/Ldap/OnlineTest.php

@@ -194,4 +194,33 @@ class Zend_Auth_Adapter_Ldap_OnlineTest extends PHPUnit_Framework_TestCase
         $this->assertType('stdClass', $account);
         $this->assertEquals(TESTS_ZEND_LDAP_ALT_DN, $account->dn);
     }
+
+    public function testAccountObjectRetrievalWithOmittedAttributes()
+    {
+        $adapter = new Zend_Auth_Adapter_Ldap(
+            array($this->_options),
+            TESTS_ZEND_LDAP_ALT_USERNAME,
+            TESTS_ZEND_LDAP_ALT_PASSWORD
+        );
+
+        $result = $adapter->authenticate();
+        $account = $adapter->getAccountObject(array(), array('userPassword'));
+
+        $this->assertType('stdClass', $account);
+        $this->assertFalse(isset($account->userpassword));
+    }
+
+    /**
+     * @group ZF-8230
+     */
+    public function testIfLdapAdapterIsBoundWithAuthenticatedCredentials()
+    {
+        $adapter = new Zend_Auth_Adapter_Ldap(
+            array($this->_options),
+            TESTS_ZEND_LDAP_ALT_USERNAME,
+            TESTS_ZEND_LDAP_ALT_PASSWORD
+        );
+
+        $result = $adapter->authenticate();
+    }
 }