Skip to content

[Proposal] Refactor to work in the same way as the proposed revision of Zend\Validator #3

New issue
New issue
Closed as not planned
Closed as not planned
[Proposal] Refactor to work in the same way as the proposed revision of Zend\Validator#3
@weierophinney

Description

@weierophinney
weierophinney
opened on Dec 31, 2019

Authentication adapter and validator are the same.
The authentication service provides input to adapter, which validates the identity and returns a result.
With the proposed revision of Zend\Validator, we also have the ability to chain adapters and aggregate results which can be useful in Zend\Authentication. We could add these missing features to the Zend\Authentication component.

As adapters validate identity, they could be renamed to Validator or moved to Zend\Validator, which would make Zend\Authentication dependent on Zend\Validator ?

Currently, the content of Zend\Authentication\Result::identity is not clear if the result is not valid. Most of time, it returns null, but sometimes it returns an empty array, or the provided identity.
The documentation says two different things about this:

getIdentity() returns the identity of the authentication attempt.

$identity is the value representing the authenticated identity. This may be any PHP type; typically you will see a string username or token, or an object type specific to the application or login module you utilize. When the result represents a failure to authenticate, this will often be null; some systems will provide a default identity in such cases.

So, on authentication failure, should the getIdentity() method always return the identity of the authentication attempt, or can it return whatever it wants?
I think it should not return identity if the authentication fails, as this method is intended to provide identity to the storage on successful authentication.

To sum up, I would like the Zend\Authentication component to :

  • Defines a Result interface modeling the results of authentication; it would compose the identity validated which will be use in authentication storage (only if authentication succeeded, otherwise it throws an error or returns null), authentication status, and, if present, any authentication error messages.
  • Defines validators (adapters) which define a single validate() (authenticate()) method, accepting both a value and optional context, and return a Result instance.
  • Defines a ResultAggregate interface for aggregating several results, as is necessary in a ValidatorChain (AdapterChain); Result instances would be pushed upon an aggregate.

What do you think of this proposal ?

Originally posted by @ghost at zendframework/zend-authentication#32

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions