What is the best practice for user website/REST authentication in ZV MVC? How and where to put the code in the ZF framework? Can you provide me a code example?
I have a website and a REST server written in Zend Framework but no user session jet implemented.
THX!
Authentication is setup in the _initAutoload of the bootstrap file, e.g. like this:
if(Zend_Auth::getInstance()->hasIdentity()) {
Zend_Registry::set('role', Zend_Auth::getInstance()
->getStorage()->read()->role);
}else{
Zend_Registry::set('role', 'guests');
}
In case of a REST authentication you might need to authenticate by just passing the login parameters instead of logging in through a form.
So it might look like this in your AuthenticationController:
private function getAuthAdapter() {
$authAdapter = new Zend_Auth_Adapter_DbTable(
Zend_Db_Table::getDefaultAdapter());
$authAdapter->setTableName('users') // the db table where users are stored
->setIdentityColumn('email')
->setCredentialColumn('password')
->setCredentialTreatment('SHA1(CONCAT(?,salt))');
return $authAdapter;
}
public function logoutAction() {
Zend_Auth::getInstance()->clearIdentity();
$this->_redirect('index/index');
}
public function loginAction(){
if (Zend_Auth::getInstance()->hasIdentity()){
$this->_redirect('index/index');
}
if ($request->isPost()){
$username = $request->getPost('username');
$password = $request->getPost('password');
if ($username != "" && $password != "") {
$authAdapter = $this->getAuthAdapter ();
$authAdapter->setIdentity($username)
->setCredential($password);
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
if($result->isValid()){
$identity = $authAdapter->getResultRowObject();
$authStorage = $auth->getStorage();
$authStorage->write($identity);
$this->_redirect ( 'index/index' );
}
}
}
}
If you need more help on zend_auth and zend_acl you might have a look at this how to.
Related
I'm creating an intranet, therefore all users have account automatically created for them. They then go to a url to create their password. All that works great. I'm now trying to allow them to "attach" their Facebook account to their user account. This is where my troubles have started...
I've successfully gotten the user to authenticate properly after a facebook login with this
method in SecurityController
public function loginCheckFacebookAction()
{
$request = $this->getRequest();
$session = $request->getSession();
$response = new Response();
$sessionUser = $this->getUser();
$facebook = $this->get('facebook');
$fbUser = $facebook->getUser(); // facebook id
if ($fbUser) {
try {
$em = $this->getDoctrine()->getManager();
$repo = $em->getRepository("IntranetBundle:User");
$user = $repo->findUserByFBID($fbUser);
if($user){
$targetPath = $session->get("_target_path");
$firewall = "secured_area";
$roles = $user->getRoles();
$rolesArray = array();
foreach($roles as $role):
$rolesArray[] = $role->getRole();
endforeach;
$token = new UsernamePasswordToken($user, $user->getPassword(), $firewall, $rolesArray);
$event = new InteractiveLoginEvent($this->getRequest(), $token);
$this->get("event_dispatcher")->dispatch("security.interactive_login", $event);
$this->get('security.context')->setToken($token);
/*
If I uncomment out either of the following redirects
the redirect happens but the user is not authenticated properly
If I comment them out I'm just rendering my error template. The user
however, is authenticated properly.
*/
if(isset($targetPath)){
//return $this->redirect($targetPath);
} else {
//return $this->redirect($this->generateUrl("ssla_intranet_homepage"));
}
}
} catch (FacebookApiException $e) {
$user = null;
}
// I just render this template to be able to view debug bar.
//User is authenticated properly.
$pageParameters = $this->getPageParameters();
$pageParameters["page"] = "error";
$pageParameters["error"] = array();
$pageParameters["error"]["message"] = "Something went wrong with authentication";
return $this->render('IntranetBundle:Error:index.html.twig', $pageParameters);
}
Do I need to register a listener for all interactive_login events that then handles all post-login redirection rather than trying to redirect within the same method?
First project using Symfony, and this is killing me. Any thoughts?
By the way, I've looked into the FOSFacebookBundle, but wanted to be able to authenticate with a number of different methods, including doctrine, gmail, facebook, and twitter.
This is the most frustrating ever. It is nearly impossible to find errors when all you get is a white screen!!!
This code is used on other projects and it works fine there so syntactically, it is correct. But SOMETHING must be wrong in the configuration...
Here is the code:
protected function _process($values)
{
// Get our authentication adapter and check credentials
$adapter = $this->_getAuthAdapter();
$adapter->setIdentity($values['username']);
$adapter->setCredential($values['password']);
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($adapter);
if ($result->isValid()) {
$user = $adapter->getResultRowObject();
$auth->getStorage()->write($user);
return true;
}
return false;
}
protected function _getAuthAdapter()
{
$dbAdapter = Zend_Db_Table::getDefaultAdapter();
$authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter);
$authAdapter->setTableName('Users')
->setIdentityColumn('username')
->setCredentialColumn('password')
->setCredentialTreatment('md5(?)');
return $authAdapter;
}
This is in my auth controller and gets called after I set up the adapter, etc. If I put a die("foo"); right before the $result line, I see it. If I put it right after the $result line, I get a WSOD and the system stops. I know there is not enough here for anyone to debug my code but I was hoping someone else had had this problem and could give me a hint as to what to try to fix this??? I have double checked the database, the column names, etc. I need to know what kinds of things may make the line:
$result = $auth->authenticate($adapter);
result in a white screen of death??? Any ideas? I have all error display turned on in application.ini.
I am running Zend 1.11.12 on this server. Does that make a difference? The server where it is working is running is running 1.12.0-9
Thanks for any ideas you might have.
EDIT::: I added code for my _getAuthAdapter.
Enable the error reporting for your app. Set all error reporting to 1 in your configs/application.ini file -
phpSettings.display_startup_errors = 1
phpSettings.display_errors = 1
resources.frontController.params.displayExceptions = 1
Also, instead of returning true or false, try to print a message, or redirect to a different page to know.
Try a var_dump on the $adapter to see the resulting object.
I've never used Zend_Auth to authenticate. You should be able to do that with your adapter. (assuming your $adapter is an instance of Zend_Auth_Adapter_DbTable for example)
$adapter = $this->_getAuthAdapter();
// this will tell you if there's something wrong with your adapter
if (!($adapter instanceof Zend_Auth_Adapter_DbTable)) {
throw new Exception('invalid adapter');
}
$adapter->setIdentity($values['username']);
$adapter->setCredential($values['password']);
$result = $adapter->authenticate();
if ($result->isValid()) {
}
I tried like below,
public function loginAction() {
$this->_helper->layout->disableLayout();
$users = new Application_Model_DbTable_Admin();
$this->_redirector = $this->_helper->getHelper('Redirector');
$form = new Application_Form_LoginForm();
$this->view->form = $form;
if ($this->getRequest()->isPost()) {
if ($form->isValid($_POST)) {
$consumer = new Zend_OpenId_Consumer();
$username = $this->_request->getPost('username');
$password = $this->_request->getPost('password');
if ($username <> '' && $password <> '') {
$auth = Zend_Auth::getInstance();
$authAdapter = new Zend_Auth_Adapter_DbTable($users->getAdapter(), 'admin');
$authAdapter->setIdentityColumn('username')
->setCredentialColumn('password');
$authAdapter->setIdentity($username)
->setCredential(md5($password));
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
$storage = new Zend_Auth_Storage_Session();
$storage->write($authAdapter->getResultRowObject());
$this->_auth_user = $auth->getStorage()->read();
$this->_redirect('admin/index/');
}
else
$this->view->errorMessage = "Invalid username or password. Please try again.";
}
else
$this->view->errorMessage = "Username or password should not be empty!!!.";
}
}
}
If your Adapter doesn't work try it:
public function _getAuthAdapter() {
$authAdapter = new Zend_Auth_Adapter_DbTable(Zend_Db_Table::getDefaultAdapter());
$authAdapter->setTableName('table_name')
->setIdentityColumn('user_name')
->setCredentialColumn('password');
return $authAdapter;
}
And in application.ini
resources.db.isDefaultTableAdapter = true
I'm trying to script an authentication and login script and am quiet there.. I have a password 'password' saved in my database... it works with the password 'password' however should not work with 'password1!' or prefix or suffix two characters more.... IT shouldn't accept it... but if I enter something different (different string, or a few more characters), it gives me a proper error...
That is the only row in my database table... there are no duplicate entries..
Following is the code
public function validate_login($valuethrown) {
$username = $valuethrown['username'];
$email = $valuethrown['email'];
$password = $valuethrown['password'];
echo "Values thrown to the model are : $username, $email, $password";
$authAdapter = $this->getAuthAdaptor();
$authAdapter->setIdentity($email)
->setCredential(md5($password));
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
$data = $authAdapter->getResultRowObject(null,'password');
$auth->getStorage()->write($data);
$this->_redirect('home');
} else {
echo "</br>Wrong Password</br>";
}
//check login details
}
public function getAuthAdaptor() {
$authAdapter = new Zend_Auth_Adapter_DbTable(Zend_Db_Table::getDefaultAdapter());
$authAdapter->setTableName('users')
->setIdentityColumn('email')
->setCredentialColumn('password');
return $authAdapter;
}
HELP!!!!
According to Randomness will get you everywhere.
Ryan’s Blog
the action stack component of Zend Framework is un-needed and that a partial view can be combined with Zend_Acl and Zend_Auth for the purpose of authenticating and controlling resources.
I have not been able to find any suitable example on google about how its done. Will be glad is someone will be kind to show me how to implement this. Thanks
Here you go:
You could use the combination of Zend_Auth and Zend_Acl. To extend the other answers I give a short example of how you can manage authentication using zend framework:
First you need to setup a plugin to predispatch all requests and check if the client is allowed to access certain data. This plugin might look like this one:
class Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract {
private $_acl = null;
public function __construct(Zend_Acl $acl) {
$this->_acl = $acl;
}
public function preDispatch(Zend_Controller_Request_Abstract $request) {
//get request information
$module = $request->getModuleName ();
$resource = $request->getControllerName ();
$action = $request->getActionName ();
try {
if(!$this->_acl->isAllowed(Zend_Registry::get('role'),
$module . ':' . $resource, $action)){
$request->setControllerName ('authentication')
->setActionName ('login');
}
}catch(Zend_Acl_Exception $e) {
$request->setControllerName('index')->setActionName ('uups');
}
}
}
So every user type has certain permissions that you define in your acl library. On every request you check if the user is allowed to access a resource. If not you redirect to login page, else the preDispatch passes the user to the resource.
In Zend_Acl you define roles, resources and permission, that allow or deny access, e.g.:
class Model_LibraryAcl extends Zend_Acl {
public function __construct() {
$this->addRole(new Zend_Acl_Role('guests'));
$this->addRole(new Zend_Acl_Role('users'), 'guests');
$this->addRole(new Zend_Acl_Role('admins'), 'users');
$this->add(new Zend_Acl_Resource('default'))
->add(new Zend_Acl_Resource('default:authentication'), 'default')
->add(new Zend_Acl_Resource('default:index'), 'default')
->add(new Zend_Acl_Resource('default:error'), 'default');
$this->allow('guests', 'default:authentication', array('login'));
$this->allow('guests', 'default:error', 'error');
$this->allow('users', 'default:authentication', 'logout');
}
}
Then you have to setup acl and auth in your bootstrap file:
private $_acl = null;
protected function _initAutoload() {
//...your code
if (Zend_Auth::getInstance()->hasIdentity()){
Zend_Registry::set ('role',
Zend_Auth::getInstance()->getStorage()
->read()
->role);
}else{
Zend_Registry::set('role', 'guests');
}
$this->_acl = new Model_LibraryAcl ();
$fc = Zend_Controller_Front::getInstance ();
$fc->registerPlugin ( new Plugin_AccessCheck ( $this->_acl ) );
return $modelLoader;
}
Finally in your authentication controller you have to use a custom auth adapter and setup actions for login and logout:
public function logoutAction() {
Zend_Auth::getInstance ()->clearIdentity ();
$this->_redirect ( 'index/index' );
}
private function getAuthAdapter() {
$authAdapter = new Zend_Auth_Adapter_DbTable (
Zend_Db_Table::getDefaultAdapter ());
$authAdapter->setTableName('users')
->setIdentityColumn('email')
->setCredentialColumn ('password')
->setCredentialTreatment ('SHA1(CONCAT(?,salt))');
return $authAdapter;
}
In your login action you need to pass login data to the auth adapter which performs the authentication.
$authAdapter = $this->getAuthAdapter ();
$authAdapter->setIdentity ( $username )->setCredential ( $password );
$auth = Zend_Auth::getInstance ();
$result = $auth->authenticate ( $authAdapter );
if ($result->isValid ()) {
$identity = $authAdapter->getResultRowObject ();
if ($identity->approved == 'true') {
$authStorage = $auth->getStorage ();
$authStorage->write ( $identity );
$this->_redirect ( 'index/index' );
} else {
$this->_redirect ( 'authentication/login' );
}
And that's all. I recommend you this HOW TO on youtube on zend auth and zend acl.
You may find the following articles on Action Helpers useful, I recommend browsing the sites if any are new to you as they also have articles on implementing Zend_Auth:
Using Action Helpers To Implement Re-Usable Widgets by Matthew Weier O'Phinney
Introducing Action Helpers by Jon Lebensold
Using Action Helpers in Zend Framework by Rob Allen
ZF Reference Guide: Action Helpers Official Documentation
I'm having a difficult time understanding how Zend_Session_Namespace is integrated with Zend_Auth. I have this method I'm using as the action to Authenticate my login page-it is working correctly and redirecting to the /monthly view:
public function authAction(){
$request = $this->getRequest();
$registry = Zend_Registry::getInstance();
$auth = Zend_Auth::getInstance();
$DB = $registry['DB'];
$authAdapter = new Zend_Auth_Adapter_DbTable($DB);
$authAdapter->setTableName('users')
->setIdentityColumn('UserName')
->setCredentialColumn('Password');
// Set the input credential values
$uname = $request->getParam('UserName');
$paswd = $request->getParam('Password');
$authAdapter->setIdentity($uname);
$authAdapter->setCredential($paswd);
// Perform the authentication query, saving the result
$result = $auth->authenticate($authAdapter);
// TRYING TO SET THE NAMESPACE
$this->session = new Zend_Session_Namspace('UserName');
if($result->isValid()){
$data = $authAdapter->getResultRowObject(null,'password');
$auth->getStorage()->write($data);
$this->_redirect('/monthly');
}else{
$this->_redirect('/login');
}
}
But I need to be able to store UserName as a Zend_session and call it from monthly controller. I'm not doing things right because I just get a blank screen when I try and do this:
public function indexAction()
{
$this->view->userName = Zend_Session_Namespace('UserName');
}
With the lines:
$data = $authAdapter->getResultRowObject(null,'password');
$auth->getStorage()->write($data);
You're writing all the user's information, except the password, which is OK. Where ever you need to access the logged in user's details, you can do something like (updated as per your comment):
public function indexAction() {
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity()) {
$userData = $auth->getIdentity();
$this->view->user = $userData;
}
}
in the view file (index.phtml) just: echo $this->user->firstname
That's it. If one day you decide to change the storage for Zend_Auth from session, to, for example, database, this piece of code will still work.
Youre not useing the correct namespace. Zend_Auth use the Zend_Auth namespace. The namespace is the structure, not the key for a value. so your session looks something like this:
Array('Zend_Auth' => array ('UserName' => 'myname')
Well thats not accurate exactly because you havent stored the user name unless youve provided for this directly in your adapter. youll need to do something like:
$auth->getStorage()->UserName = 'myusername';
Then you can access with $authData = new Zend_Session_Namespace('Zend_Auth'); $username = $authData->UserName;.
Take a closer look at how the Zend_Auth_Adapter_Db works.
This is my approach and it s working nice:
1-i start by defining an init function in the bootstrap
protected function _initSession()
{
$UserSession = new Zend_Session_Namespace('UserSession');
$UserSession->setExpirationSeconds(/* you may fix a limit */);
Zend_Registry::set('UserSession', $UserSession);
}
/* in the Login action,after correct username & pwd */
// Create session
$UserSession = Zend_Registry::get('UserSession');
// Get the user from database or just from fields
//you have to make sure that the psswd is encrypted use MD5 for example..
$db = Zend_Db_Table::getDefaultAdapter();
$user = $db->fetchRow("SELECT * FROM user_table WHERE user_email = '".$user_email."'");
//then you assign to $user to $UserSession variable :
$UserSession->user = $user;
//finaly don't forget to unset session variable in the Logout action ...