zend-authentication icon indicating copy to clipboard operation
zend-authentication copied to clipboard
verified publisher icon zendframework

[Proposal] Refactor to work in the same way as the proposed revision of Zend\Validator

Open ghost opened this issue 8 years ago • 1 comments

Authentication adapter and validator are the same. The authentication service provides input to adapter, which validates the identity and returns a result. With the proposed revision of Zend\Validator, we also have the ability to chain adapters and aggregate results which can be useful in Zend\Authentication. We could add these missing features to the Zend\Authentication component.

As adapters validate identity, they could be renamed to Validator or moved to Zend\Validator, which would make Zend\Authentication dependent on Zend\Validator ?

Currently, the content of Zend\Authentication\Result::identity is not clear if the result is not valid. Most of time, it returns null, but sometimes it returns an empty array, or the provided identity. The documentation says two different things about this:

getIdentity() returns the identity of the authentication attempt.

$identity is the value representing the authenticated identity. This may be any PHP type; typically you will see a string username or token, or an object type specific to the application or login module you utilize. When the result represents a failure to authenticate, this will often be null; some systems will provide a default identity in such cases.

So, on authentication failure, should the getIdentity() method always return the identity of the authentication attempt, or can it return whatever it wants? I think it should not return identity if the authentication fails, as this method is intended to provide identity to the storage on successful authentication.

To sum up, I would like the Zend\Authentication component to :

  • Defines a Result interface modeling the results of authentication; it would compose the identity validated which will be use in authentication storage (only if authentication succeeded, otherwise it throws an error or returns null), authentication status, and, if present, any authentication error messages.
  • Defines validators (adapters) which define a single validate() (authenticate()) method, accepting both a value and optional context, and return a Result instance.
  • Defines a ResultAggregate interface for aggregating several results, as is necessary in a ValidatorChain (AdapterChain); Result instances would be pushed upon an aggregate.

What do you think of this proposal ?

ghost avatar Aug 29 '17 14:08 ghost

This repository has been closed and moved to laminas/laminas-authentication; a new issue has been opened at https://github.com/laminas/laminas-authentication/issues/3.

weierophinney avatar Dec 31 '19 21:12 weierophinney