ZF-11002 - Issues - Zend Framework

ZF-11002: Omitted attributes get retrieved then forgotten

Issue Type:

Improvement

Created:

2011-01-27T08:38:54.000+0000

Last Updated:

2011-02-13T05:53:33.000+0000

Status:

Resolved

Fix version(s):

1.11.4 (03/Mar/11)

Reporter:

Claude Duvergier (cduv)

Assignee:

Stefan Gehrig (sgehrig)

Tags:

Zend_Auth_Adapter_Ldap

Related issues:

Attachments:

Description

The {{Zend_Auth_Adapter_Ldap::getAccountObject()}} method accepts a list parameters to return and a list of parameters to omit.

When {{$returnAttribs}} is an empty array(), all attributes are fetched ({{Zend_Ldap::getEntry()}} behavior), and then attributes are filtered using {{$omitAttribs}}.

But when {{$returnAttribs}} and {{$omitAttribs}} are not empty, elements of {{$returnAttribs}} should be filtered using {{$omitAttribs}} before calling ({{Zend_Ldap::getEntry()}}.

+Reproduce code:+


$auth = Zend_Auth::getInstance();
$ldapOptions = array(...); // place valid LDAP configuration options here
$authAdapter = new Zend_Auth_Adapter_Ldap($ldapOptions, 'theUserName', 'theSecretPassword');
$result = $auth->authenticate($authAdapter);
$authedUser = $authAdaptater->getAccountObject(array('dn', 'sn', 'uid', 'lastname', 'phonenumber'), array('jpegphoto', 'phonenumber'));

{{$authedUser}} will contains the following attributes: dn, sn, uid and lastname but during the execution, phonenumber has been fetched from LDAP server (for nothing).

+Fix proposal:+


public function getAccountObject(array $returnAttribs = array(), array $omitAttribs = array())
{
    if (!$this->_authenticatedDn) {
        return false;
    }
    
    $returnObject = new stdClass();
    
    $returnAttribs = array_map('strtolower', $returnAttribs ); //FIXED: desired attribute names are lowered too (for array_diff() to work)
    $omitAttribs = array_map('strtolower', $omitAttribs);
    
    $returnAttribs = array_diff($returnAttribs, $omitAttribs); //FIXED: $returnAttribs is filtered before LDAP fetching
    $entry = $this->getLdap()->getEntry($this->_authenticatedDn, $returnAttribs, true);
    foreach ($entry as $attr => $value) {
        if (in_array($attr, $omitAttribs)) {
            // skip attributes marked to be omitted
            continue;
        }
        if (is_array($value)) {
            $returnObject->$attr = (count($value) > 1) ? $value : $value[0];
        } else {
            $returnObject->$attr = $value;
        }
    }
    return $returnObject;
}

Comments

Posted by Stefan Gehrig (sgehrig) on 2011-02-01T10:40:18.000+0000

Will be fixed on short-notice... Thanks for the issue report.

Posted by Stefan Gehrig (sgehrig) on 2011-02-13T05:53:31.000+0000

Fixed in trunk (r23693) and in 1.11-release branch (r23694)