ZfcUser authentication for an API

1
votes

In the project I am currently working on, I have the following situation: there is a web application that is accessible for human users through a browser, where the user can manipulate data in a database (representing the state of household devices in a house) after he has logged in. The logging functionality is implemented with the ZfcUser module. Furthermore, the application is accessible for a computer (a raspberry pi that is installed in the house with the devices and is responsible for turning them on and off), which sees the state of the database and reacts accordingly.

The communication between the computer and the application is implemented using JSON and works fine. But right now, the computer does not send any user specific information (email, password...) so that the application functionality used by the raspberry can be accessed by any post request to the right URL. I would like to include the email and the password of the user into the JSON object sent by the computer, so that before executing a function, the web application checks whether the request is valid.

What I would like to know is whether there is a simple possibility to check whether the credentials (email and password, both represented as strings) are valid using ZfcUser (if I understand it correctly, the zfcUserAuthentification() methods can not be used for this task because they work with the cookies stored by the browser).

1
zend-framework2zfcuser
Application in any case can work with cookie. If the GUI is written under Linux, it is likely that this QT, hence - WebKit. If the application is written under Windows (based on MFC/ATL/etc.) - used MSHTML.DLLuser2627106
I too would like to see more on how to implement ZFCUser with a JSON only view type of server..Erik

1 Answers

2
votes

You can use the httprequest and populate it with credentials from JSON POST, then try to authenticate on it after calling prepareForAuthentication

$adapter = $this->zfcUserAuthentication()->getAuthAdapter();
    /** @var \Zend\Http\Request */
    $fakeRequest = $this->getRequest();
    $fakeRequest->getPost()->set('identity', $username);
    $fakeRequest->getPost()->set('credential', $password);
    $result = $adapter->prepareForAuthentication($this->getRequest());

    // Return early if an adapter returned a response
    if ($result instanceof Response) {
        throw new LoginException("");
    }

    $auth = $this->zfcUserAuthentication()->getAuthService()->authenticate($adapter);

    if (!$auth->isValid()) {
        $this->flashMessenger()->setNamespace('zfcuser-login-form')->addMessage($this->failedLoginMessage);
        $adapter->resetAdapters();
        // Password does not match
        throw new LoginException("Invalid Username or password");
    }