Upload
rupeshkumarinfo
View
215
Download
0
Embed Size (px)
Citation preview
8/12/2019 2010 07 Phpwm Zf Auth and Acl
1/32
ZF authentication
and access controlRob Allen
1
8/12/2019 2010 07 Phpwm Zf Auth and Acl
2/32
Authentication
2
8/12/2019 2010 07 Phpwm Zf Auth and Acl
3/32
Rob Allen http://akrabat.comPHPWM 2010
Authentication is the
process of deciding ifsomeone is who they say
they are
3
8/12/2019 2010 07 Phpwm Zf Auth and Acl
4/32
Rob Allen http://akrabat.comPHPWM 2010
Zend_Auth process
4
8/12/2019 2010 07 Phpwm Zf Auth and Acl
5/32
Rob Allen http://akrabat.comPHPWM 2010
AuthController$ zf create controller AuthCreating a controller at /www/todolist/application/controllers/AuthController.phpCreating an index action method in controller AuthCreating a view script for the index action method at /www/todolist/application/views/scripts/auth/index.phtmlCreating a controller test file at /www/todolist/tests/application/controllers/AuthControllerTest.phpUpdating project profile '/www/todolist/.zfproject.xml'
$ zf create form LoginCreating a form at /www/todolist/application/forms/Login.phpUpdating project profile '/www/todolist/.zfproject.xml'
5
8/12/2019 2010 07 Phpwm Zf Auth and Acl
6/32
Rob Allen http://akrabat.comPHPWM 2010
Users tableCREATE TABLE IF NOT EXISTS users ( id int NOT NULL AUTO_INCREMENT, username varchar(50) NOT NULL, password varchar(50) NOT NULL, date_created datetime NOT NULL, PRIMARY KEY (id)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- insert first userINSERT INTO users (username, password, date_created) VALUES('admin', SHA1('AkR654_password'), NOW());
6
8/12/2019 2010 07 Phpwm Zf Auth and Acl
7/32
Rob Allen http://akrabat.comPHPWM 2010
application.iniauth.salt = "AkR654_"
7
8/12/2019 2010 07 Phpwm Zf Auth and Acl
8/32
Rob Allen http://akrabat.comPHPWM 2010
Reverse SHA1 lookupsSHA1('password') = 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8SHA1('AkR654_password') = b871d8401e775fa80c15f40186064c0a632201f7
8
8/12/2019 2010 07 Phpwm Zf Auth and Acl
9/32
Rob Allen http://akrabat.comPHPWM 2010
Login formclass Application_Form_Login extends Zend_Form { public function init() { $this ->addElement( 'text' , 'username' , array ( 'filters' => array ( 'StringTrim' , 'StringToLower' ), 'required' => true , 'label' => 'Username:' , )); $this ->addElement( 'password' , 'password' , array ( 'filters' => array ( 'StringTrim' ), 'required' => true , 'label' => 'Password:' ,
)); $this ->addElement( 'submit' , 'login' , array ( 'required' => false , 'ignore' => true , 'label' => 'Login' , )); }}
9
8/12/2019 2010 07 Phpwm Zf Auth and Acl
10/32
Rob Allen http://akrabat.comPHPWM 2010
Login form
10
8/12/2019 2010 07 Phpwm Zf Auth and Acl
11/32
Rob Allen http://akrabat.comPHPWM 2010
AuthControllerclass AuthController extends Zend_Controller_Action{ public function indexAction() { $form = new Application_Form_Login(); $request = $this ->getRequest(); if ( $request ->isPost()) { if ( $form ->isValid( $request ->getPost())) { if ( $this ->_process( $form ->getValues())) { // Success: Redirect to the home page $this ->_helper->redirector( 'index' , 'index' );
} } } $this ->view->form = $form ; }
11
8/12/2019 2010 07 Phpwm Zf Auth and Acl
12/32
Rob Allen http://akrabat.comPHPWM 2010
Authenticatingprotected function _process( $values ){ // Get our authentication adapter and check credentials $adapter = $this ->_getAuthAdapter( $values );
$auth = Zend_Auth::getInstance(); $result = $auth ->authenticate( $adapter ); if ( $result ->isValid()) { $data = $adapter ->getResultRowObject(); $user = new Application_Model_User( $data ); $auth ->getStorage()->write( $user ); return true ; } return false ;}
12
8/12/2019 2010 07 Phpwm Zf Auth and Acl
13/32
Rob Allen http://akrabat.comPHPWM 2010
Authenticating protected function _getAuthAdapter( $formData ) { $dbAdapter = Zend_Db_Table::getDefaultAdapter(); $authAdapter = new Zend_Auth_Adapter_DbTable( $dbAdapter ); $authAdapter ->setTableName( 'users' ) ->setIdentityColumn( 'username' ) ->setCredentialColumn( 'password' ) ->setCredentialTreatment( 'SHA1(?)' );
$fc = Zend_Controller_Front::getInstance(); $options = $fc->getParam( 'bootstrap' )->getOptions(); $password = $options [ 'auth' ][ 'salt' ]. $formData [ 'password' ];
$authAdapter ->setIdentity( $formData [ 'username' ]);$authAdapter ->setCredential( $password );
return $authAdapter ;
}
13
8/12/2019 2010 07 Phpwm Zf Auth and Acl
14/32
Rob Allen http://akrabat.comPHPWM 2010
LoggedInAs view helperclass Zend_View_Helper_LoggedInAs extends Zend_View_Helper_Abstract{ public function loggedInAs () { $auth = Zend_Auth::getInstance(); if ( $auth ->hasIdentity()) { $username = $auth ->getIdentity()->getUsername(); $url = $this ->view->url( array ( 'controller' => 'auth' , 'action' => 'logout' ), null, true ); return 'Welcome ' . $username . 'Logout' ; }
$url = $this ->view->url( array ( 'controller' => 'auth' , 'action' => 'index' )); return 'Login' ; }}
14
8/12/2019 2010 07 Phpwm Zf Auth and Acl
15/32
Rob Allen http://akrabat.comPHPWM 2010
Layout.phtml
15
8/12/2019 2010 07 Phpwm Zf Auth and Acl
16/32
Rob Allen http://akrabat.comPHPWM 2010
LoggedInAs in action
16
8/12/2019 2010 07 Phpwm Zf Auth and Acl
17/32
Access control
17
8/12/2019 2010 07 Phpwm Zf Auth and Acl
18/32
Rob Allen http://akrabat.comPHPWM 2010
Authorisation is the act ofdetermining if somebody
has permissions toperform an action on a
given resource
18
8/12/2019 2010 07 Phpwm Zf Auth and Acl
19/32
The three Rs
Roles - what/who requests the action Resources - what is being acted upon Rights - the privileges a role has for a
given resource
PHPWM 2010 Rob Allen http://akrabat.com
19
8/12/2019 2010 07 Phpwm Zf Auth and Acl
20/32
Roles
Implement Zend_Acl_Role_Interface One method: getRoleId()
Rob Allen http://akrabat.comPHPWM 2010
20
8/12/2019 2010 07 Phpwm Zf Auth and Acl
21/32
Rob Allen http://akrabat.com
User modelclass Default_Model_User implements Zend_Acl_Role_Interface{ protected $_role = 'administrator' ;
public function getRoleId() { return $this ->getRole(); }}
PHPWM 2010
21
8/12/2019 2010 07 Phpwm Zf Auth and Acl
22/32
Protecting controllers Extend Zend_Acl to set up Use a Front Controller plugin
Rob Allen http://akrabat.comPHPWM 2010
22
8/12/2019 2010 07 Phpwm Zf Auth and Acl
23/32
Rob Allen http://akrabat.com
Extend Zend_Aclclass Application_Acl extends Zend_Acl{ public function __construct() {
// Roles $this ->addRole( 'guest' ); $this ->addRole( 'user' , 'guest' ); $this ->addRole( 'administrator' , 'user' );
// Resources (Controllers) $this ->addResource( new Zend_Acl_Resource( 'indexController' )); $this ->addResource( new Zend_Acl_Resource( 'authController' )); $this ->addResource( new Zend_Acl_Resource( 'errorController' ));
}}
PHPWM 2010
23
8/12/2019 2010 07 Phpwm Zf Auth and Acl
24/32
Rob Allen http://akrabat.com
Front Controller plugin// application/plugins/Acl.phpclass Application_Plugin_Acl extends Zend_Controller_Plugin_Abstract{ public function dispatchLoopStartup( Zend_Controller_Request_Abstract $request ) { }}
// application/configs/application.iniresources.frontController.plugins.acl = Application_Plugin_Acl
PHPWM 2010
24
8/12/2019 2010 07 Phpwm Zf Auth and Acl
25/32
Rob Allen http://akrabat.com
Acl pluginpublic function dispatchLoopStartup(Zend_Controller_Request_Abstract $request ){ $acl = $this ->getAcl(); $role = $this ->getCurrentUser(); $resource = $request ->getControllerName() . 'Controller' ; $privilege = $request ->getActionName();
$allowed = $acl ->isAllowed( $role , $resource , $privilege ); if (! $allowed ) { $controller = 'auth' ; $auth = $this ->getAuth(); if (! $auth ->hasIdentity()) { $action = 'index' ;
} else { $action = 'permissions' ; } $redirector = new Zend_Controller_Action_Helper_Redirector(); $redirector ->gotoSimpleAndExit( $action , $controller ); }}
PHPWM 2010
25
8/12/2019 2010 07 Phpwm Zf Auth and Acl
26/32
Rob Allen http://akrabat.com
Setup ACL rulespublic function getAcl(){ if (null === $this ->_acl) { $acl = new Application_Acl();
// Rules for controller access $acl ->deny(); $acl ->allow( 'guest' , 'authController' , null); $acl ->allow( 'guest' , 'errorController' , null); $acl ->allow( 'user' , 'indexController' , null);
$this ->_acl = $acl ; } return $this ->_acl;}
Role Resource Privileges
PHPWM 2010
26
8/12/2019 2010 07 Phpwm Zf Auth and Acl
27/32
Rob Allen http://akrabat.com
Get current rolepublic function getCurrentUser(){ if (! $this ->_currentUser) { $auth = Zend_Auth::getInstance();
if ( $auth ->hasIdentity()) { $this ->_currentUser = $auth ->getIdentity(); } else { $this ->_currentUser = new Application_Model_User(); } } return $this ->_currentUser;}
PHPWM 2010
27
8/12/2019 2010 07 Phpwm Zf Auth and Acl
28/32
Protecting your models Implement Zend_Acl_Roesource_Interface
One method: getResourceId()
Use a ServiceLayer to do the ACL work
Rob Allen http://akrabat.comPHPWM 2010
28
8/12/2019 2010 07 Phpwm Zf Auth and Acl
29/32
Rob Allen http://akrabat.com
Add to modelclass Application_Model_Task implements Zend_Acl_Resource_Interface{ // ... other methods ...
public function getResourceId()
{ return 'task' ; } }
PHPWM 2010
29
8/12/2019 2010 07 Phpwm Zf Auth and Acl
30/32
Rob Allen http://akrabat.com
ServiceLayer integrationclass Application_Model_TaskService{ public function fetchOutstanding() { $acl = $this ->getAcl(); $user = $this ->getCurrentUser();
if (! $acl ->isAllowed( $user , 'task' , 'read' )) { throw new Exception( "Not Allowed" ); }
$cacheId = 'outstandingTasks' ; $cache = $this ->_getCache(); $rows = $cache ->load( $cacheId ); if ( $rows === false ) {
$tasksGateway = new Application_Model_DbTable_Tasks(); $rows = $tasksGateway ->fetchOutstanding(); $cache ->save( $rows , $cacheId , array ( 'tasks' )); } return $rows ; }}
PHPWM 2010
30
8/12/2019 2010 07 Phpwm Zf Auth and Acl
31/32
Rob Allen http://akrabat.com
ServiceLayer integrationclass IndexController extends Zend_Controller_Action{ public function indexAction() {
$taskService = new Application_Model_TaskService(); $this ->view->tasks = $taskService ->fetchOutstanding(); }
}
PHPWM 2010
31
8/12/2019 2010 07 Phpwm Zf Auth and Acl
32/32
Thank you