Using Pear Auth As Zend Auth Adapter

July 2009 ยท 4 minute read

If you use both Pear and Zend framework you may want to extend the Zend_Auth adapters to use all the containers shipped with the Pear::Auth package.

Let’s go to create the class implements the Zend_Auth_Adapter_Interface starting from the Zend_Auth_Adapter_Ldap class. My_Zend_Auth_Adapter_PearAuth

<?php
class My_Zend_Auth_Adapter_PearAuth implements Zend_Auth_Adapter_Interface
{

/**
* The array of arrays of Pear::Auth options passed to the constructor.
*
* @var array
*/
protected $_options = null;

/**
* The username of the account being authenticated.
*
* @var string
*/
protected $_username = null;

/**
* The password of the account being authenticated.
*
* @var string
*/
protected $_password = null;

/**
* The Pear::Auth container.
*
* @var string
*/
protected $_container = null;

protected $_logger = null;

/**
* Constructor
*
* @param  string $container The Pear::Auth container to use
* @param  array  $options  An array of arrays of Pear::Auth options
* @param  string $username The username of the account being authenticated
* @param  string $password The password of the account being authenticated
* @return void
*/
public function __construct($container, array $options = array(), $username = null, $password = null)
{
$this->setOptions($options);
if ($username !== null) {
$this->setUsername($username);
}
if ($password !== null) {
$this->setPassword($password);
}
$this->_container = $container;
}

public function setLogger($logger)
{
$this->_logger = $logger;
}

/**
* Returns the array of arrays of Pear::Auth options.
*
* @return array|null
*/
public function getOptions()
{
return $this->_options;
}

/**
* Sets the array of arrays of Pear::Auth options to be used by
* this adapter.
*
* @param  array $options The array of arrays of of Pear::Auth options
* @return My_Zend_Auth_Adapter_PearAuth Provides a fluent interface
*/
public function setOptions($options)
{
$this->_options = is_array($options) ? $options : array();
return $this;
}

/**
* Returns the username of the account being authenticated, or
* NULL if none is set.
*
* @return string|null
*/
public function getUsername()
{
return $this->_username;
}

/**
* Sets the username for binding
*
* @param  string $username The username for binding
* @return My_Zend_Auth_Adapter_PearAuth Provides a fluent interface
*/
public function setUsername($username)
{
$this->_username = (string) $username;
return $this;
}

/**
* Returns the password of the account being authenticated, or
* NULL if none is set.
*
* @return string|null
*/
public function getPassword()
{
return $this->_password;
}

/**
* Sets the password for the account
*
* @param  string $password The password of the account being authenticated
* @return My_Zend_Auth_Adapter_PearAuth Provides a fluent interface
*/
public function setPassword($password)
{
$this->_password = (string) $password;
return $this;
}

/**
* Authenticate the user
*
* @throws Zend_Auth_Adapter_Exception
* @return Zend_Auth_Result
*/
public function authenticate()
{
require_once 'Pear/Auth.php';

$messages = array();
$messages[0] = ''; // reserved
$messages[1] = ''; // reserved

$username = $this->_username;
$password = $this->_password;

if (!$username) {
$code = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
$messages[0] = 'A username is required';
return new Zend_Auth_Result($code, '', $messages);
}
if (!$password) {
/* A password is required because some servers will
* treat an empty password as an anonymous bind.
*/
$code = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
$messages[0] = 'A password is required';
return new Zend_Auth_Result($code, '', $messages);
}

//Override $_POST variables required by Auth pear package.
$_POST['username'] = $username;
$_POST['password'] = $password;

$_auth = new Auth($this->_container, $this->_options, '', false);

//Enable logging
if (isset ($this->_options['enableLogging']) && $this->_options['enableLogging'] &&
!is_null($this->_logger)) {
$_auth->logger = $this->_logger;
}

$_auth->start();

if ($_auth->getAuth()) {
//Destroy Pear::Auth session to avoid unespected behaviour
$_auth->logout();
$messages[] = "$username authentication successful";
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $username, $messages);
}

$messages[] = "$username authentication failed.";
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE, $username, $messages);
}
}

and now let’s go to use it, for example in our controller

<?php
....
$auth = Zend_Auth::getInstance();
$config = new Zend_Config_Xml('APPLICATION_HOME/configs/auth_ldap.xml', 'production');
$options = $config->ldap->toArray();
$authAdapter = new Zend_Auth_Adapter_PearAuth('LDAP', $options, $username, $password);
$result = $auth->authenticate($authAdapter);
if(!is_null($result) && $result->isValid()) {
$authorized = true;
}
....

In the example above I’ve used the LDAP container but this should be valid for all supported containers by Pear::Auth.

comments powered by Disqus