/** * Performs an authentication attempt * * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed * @return Zend_Auth_Result */ public function authenticate() { // get existing or new session $session = $this->getSession(); // see if the session object has been implemented as a resource yet, // if not it is becase the user hasn't logged in yet. To log in, a // session resource must be created by using a post request to it require_once 'models/Handler/Session.php'; $sessionHandler = new Default_Model_Handler_Session($session); if (null === $sessionHandler->get(array('id' => 1))) { // no session resource yet, create one as an anonymous/default user $sessionHandler->post(array()); // this gets them in into the system, at which point if the user // is in fact themselves posting to the session resource with their // credentials, this created session will be forgotten and they // will continue on as their proper identity } require_once 'Zend/Auth/Result.php'; return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $session->identity); }
public function preDispatch() { $this->_startTime = microtime(true); // use plain text error reporting ini_set('html_errors', 0); // login procedure // can handler digest or basic authentication but won't send // WWW-Authenticate header challenging clients to use those. // Instead will have the client as a anonymous user ('default') unless // they authenticate with basic, digest or create a session // get the Authorization header for checking header based authentication // methods such as basic and digest $headerAuthType = strtolower(strstr(strstr($this->getRequest()->getHeader('Authorization'), 'Authorization: '), ' ', true)); // set up auth adapter, check if basic, or digest are appropriate, if // not use session based if ('basic' == $headerAuthType) { // start up basic auth if requested $config = array( 'accept_schemes' => 'basic', 'realm' => 'App', 'digest_domains' => '/', 'nonce_timeout' => 3600, ); $authAdapter = new Zend_Auth_Adapter_Http($config); $basicResolver = new Rest_Auth_Adapter_Http_Resolver_RestDb('basic'); $authAdapter->setBasicResolver($basicResolver); $authAdapter->setRequest($this->getRequest()); $authAdapter->setResponse($this->getResponse()); } elseif ('digest' == $headerAuthType) { // start up digest auth if requested $config = array( 'accept_schemes' => 'digest', 'realm' => 'App', 'digest_domains' => '/', 'nonce_timeout' => 3600, ); $authAdapter = new Zend_Auth_Adapter_Http($config); $digestResolver = new Rest_Auth_Adapter_Http_Resolver_RestDb('digest'); $authAdapter->setDigestResolver($digestResolver); $authAdapter->setRequest($this->getRequest()); $authAdapter->setResponse($this->getResponse()); } else { // use session authentication, note that session authentication will // never result in inValid because if a session doesn't exist, a // session for a default user will be created // note: session credentials are set up by posting to a session // resource $authAdapter = new Rest_Auth_Adapter_RestSessionDb(); } require_once 'Zend/Auth.php'; $result = Zend_Auth::getInstance()->authenticate($authAdapter); // if a client has invalid credentials with a basic or digest // authentication, the Zend_Auth_Adapter_Http will challenge them on it if (!$result->isValid()) { // Bad userame/password, or canceled password prompt // Authentication failed; print the reasons why $this->getResponse()->setHttpResponseCode(401); $this->view->data = $result->getMessages(); // cancel the action but post dispatch will be executed $this->setCancelAction(true); return; } if ('Basic' == $headerAuthType || 'Digest' == $headerAuthType) { require_once 'models/Handler/Session.php'; $handler = new Default_Model_Handler_Session(); $handler->post(array('user_id' => $result->getIdentity()->id)); } }