Login/Register
Zend Framework 2 - Global check for authentication with ZFCUser
Asked Answered
Solved phpauthenticationzend-framework2zfcuser
M

5

13

I installed ZFCUser successfully. Now I wonder if there is a way to globally check for authentication.

As outlined in the wiki there are several ways to check for auth. They all work but do I have to put the check-if-clause really in every single action? All my sites should be only accessable when beeing logged in and if not, you should be rerouted to the login page.

Does anybody know if there's a central place where I can put this logic?

Mister answered 3/1, 2013 at 11:17 Comment(0)
I
26

To be honest, I don't think it is a good idea to block every page for a non-authenticated user. How would you access the login page?

That said, you must know the page being accessed, to make a whitelist of pages accessible for anonymous visitors. To start, I'd suggest to include the login page. You can check pages the easiest by using their route. So check the current matched route against the whitelist. If blocked, act upon. Otherwise, do nothing.

An example would be inside a Module.php from a module, for example your application:

namespace Application;

use Zend\Mvc\MvcEvent;
use Zend\Mvc\Router\RouteMatch;

class Module
{
    protected $whitelist = array('zfcuser/login');

    public function onBootstrap($e)
    {
        $app = $e->getApplication();
        $em  = $app->getEventManager();
        $sm  = $app->getServiceManager();

        $list = $this->whitelist;
        $auth = $sm->get('zfcuser_auth_service');

        $em->attach(MvcEvent::EVENT_ROUTE, function($e) use ($list, $auth) {
            $match = $e->getRouteMatch();

            // No route match, this is a 404
            if (!$match instanceof RouteMatch) {
                return;
            }

            // Route is whitelisted
            $name = $match->getMatchedRouteName();
            if (in_array($name, $list)) {
                return;
            }

            // User is authenticated
            if ($auth->hasIdentity()) {
                return;
            }

            // Redirect to the user login page, as an example
            $router   = $e->getRouter();
            $url      = $router->assemble(array(), array(
                'name' => 'zfcuser/login'
            ));

            $response = $e->getResponse();
            $response->getHeaders()->addHeaderLine('Location', $url);
            $response->setStatusCode(302);

            return $response;
        }, -100);
    }
}
Ianteen answered 3/1, 2013 at 11:35 Comment(7)
Mmm, not sure... I wrote this out of my head, so try to enable php errors and set the error level to -1 (meaning, all errors) and see what's getting wrong here. Perhaps the router cannot be found, but as far as I know the router is inside the $e from the onBootstrap and in the $e from the callback inside the route event. If not, try to grasp the router from the $e inside the onBoostrap() method and import it just like the $list and $auth.Ianteen
you need to alter new Response to $e->getResponse() then it works perfectly!Mister
Thanks for working that out. I updated my answer accordingly for future reference :)Ianteen
I have two questions about this. Only is need to put that code in one module.php for all modules? In my case i'm doing an ajax call to the server from login page to authenticate and i have to add to the whitelist the route "MyAction/procces"; Why? The code seems to work very well even with my custom authentication service (without ZFCUser)Concoct
If you have a new question, please hit the "Ask question" button at the top right of this site. Furthermore: yes this code runs on every call and you do not need to put it in every module class. If you need a more fine grained user/ACL mechanism, check out ZfcUser and BjyAuthorize. Only for very simple setups and illustration purposes above code is valid.Ianteen
I had to replace if (!$match instanceof RouteMatch) with if (!$match instanceof \Zend\Mvc\Router\Http\RouteMatch) and every thing works fine...Ruyter
my friend it take application slow because event listener , do you have a better way to doing it ?Strohbehn
S
0

On ZF 2.4.2 I do this in Module.php

class module {

protected $whitelist = array(
    'Application\Controller\Login'
);

public function onBootstrap(MvcEvent $e)
{

    $eventManager        = $e->getApplication()->getEventManager();
    $moduleRouteListener = new ModuleRouteListener();
    $moduleRouteListener->attach($eventManager);

    // add event
    $eventManager->attach('dispatch', array($this, 'checkLogin')); 

}

public function checkLogin($e)
{

    $auth   = $e->getApplication()->getServiceManager()->get("Zend\Authentication\AuthenticationService");
    $target = $e->getTarget();
    $match  = $e->getRouteMatch();

    $controller = $match->getParam('controller');

    if( !in_array($controller, $this->whitelist)){
        if( !$auth->hasIdentity() ){
            return $target->redirect()->toUrl('/login');
        }
    }

}

//other methods....
}
Skippie answered 25/5, 2015 at 19:33 Comment(0)
A
0

You can use ZF2 module BjyAuthorize to block/allow access to pages based on user roles such as guest, user etc using controller guard, route guard etc

Absent answered 23/6, 2015 at 12:21 Comment(0)
P
0

People,

Tip, dont forget the add the "use" to correct RouteMatch statement:

use Zend\Mvc\Router\Http\RouteMatch;

Here need this:

if (!$match instanceof RouteMatch)...

If you forget, the if above have inconstant

Purtenance answered 19/10, 2015 at 11:15 Comment(0)
F
-3

Another option might be to create your own abstract controller superclass and implement the onDispatch() method like this:

public function onDispatch(MvcEvent $e) 
{
    // check authentication here

    return parent::onDispatch($e);
}

You can implement a whitelist there too :).

Fanchon answered 7/1, 2013 at 15:21 Comment(1)
I may be wrong, but I think the method you mean is called onDispatch;Oligarch

© 2022 - 2024 — McMap. All rights reserved.