how to Use zend_auth as a plugin

Question

I'm working on my first user login in Zend Framework, but I'm a little confused with Zend_Auth. All the articles I read about it use it directly in the controller. But to me, it makes more sense, to work as a plugin What do you guys think?

Answer 1

You can use it as a plugin, the only downside is that if you initialize the plugin in your bootstrap, then the plugin will be executed for every controller and action, since it would have to run before your controller.

You could extend Zend_Auth and add extra methods to set up the auth adapter and manage the storage, and then you can just call Your_Custom_Auth::getInstance() to get the auth instance and then you can check for auth in the preDispatcth() part of your controllers that need auth.

This way you can easily work with zend_auth in multiple places with less code

<?php

class My_User_Authenticator extends Zend_Auth
{
    protected function __construct()
    {}

    protected function __clone()
    {}

    public static function getInstance()
    {
        if (null === self::$_instance) {
            self::$_instance = new self();
        }

        return self::$_instance;
    }

    // example using zend_db_adapter_dbtable and mysql
    public static function getAdapter($username, $password)
    {
        $db = Zend_Controller_Front::getInstance()
                                     ->getParam('bootstrap')
                                     ->getResource('db');

        $authAdapter = new Zend_Auth_Adapter_DbTable($db,
                                                     'accounts',
                                                     'username',
                                                     'password');

        $authAdapter->setIdentity($username)
                    ->setCredential($password)
                    ->setCredentialTreatment(
                        'SHA1(?)'
                    );

        return $authAdapter;
    }

    public static function updateStorage($storageObject)
    {
        self::$_instance->getStorage()->write($storageObject);
    }
}


// in your controllers that should be fully protected, or specific actions
// you could put this in your controller's preDispatch() method
if (My_User_Authenticator::getInstance()->hasIdentity() == false) {
    // forward to login action
}


// to log someone in
$auth = My_User_Authenticator::getInstance();

$result = $auth->authenticate(
    My_User_Authenticator::getAdapter(
        $form->getValue('username'),
        $form->getValue('password'))
);

if ($result->isValid()) {
    $storage = new My_Session_Object();
    $storage->username = $form->getValue('username');
    // this object should hold the info about the logged in user, e.g. account details
    My_User_Authenticator::getInstance()->updateStorage($storage); // session now has identity of $storage
    // forward to page
} else {
    // invalid user or pass
}

Hope that helps.

Answer 2

"Plugin" in ZF doesn't only mean "front controller plugin", also Action helpers, view helpers...

ZF guru Matthew Weier O'Phinney wrote an excellent article about creating action helpers, and guess what ?..

He illustrates it with an Auth widget !

http://weierophinney.net/matthew/archives/246-Using-Action-Helpers-To-Implement-Re-Usable-Widgets.html

don't forget to read the articles comments, as a lot of interesting Q&A are handled there