1

I'm using ZF2 in combination with ZFCUser and bjyauthorize. I have a landing page which should be globally accessable. All other pages need to be behind a login.

At first I blamed bjyauthorize for not letting guest users access my landing page. But after some discussions it seems that ZFCUser is blocking the way.

My question is: How can I tell ZFCUser not to block one page/action?

Edit:

My Application/Module.php looks like in this post. When I add my app myApp to the whitlist, I can access my landing page but all other actions from myApp as well.

Any ideas how to alter the condition that I can match the URL or just whitlist my frontend-action?

Maybe I could add a second route to my landing page. But that's not a clean solution, right?

Community
  • 1
  • 1
Ron
  • 22,128
  • 31
  • 108
  • 206
  • 2
    Can you show some code please. What is the controller code and BjyAuthorize config? What exactly do you think ZfcUser is doing? Are you sure you are not redirecting in your controller if the user is not logged in? I don't think ZfcUser will redirect by itself – Aydin Hassan Apr 09 '13 at 07:43
  • 1
    Define `landing page`. What's the exact error, which page does not get shown? etc... etc... we need information! – Sam Apr 09 '13 at 07:57

1 Answers1

1

If you insist on checking authentication in the onBoostrap method you could do something like this:

class Module
{
    protected $whitelist = array(
        'zfcuser/login' => array('login'),
        'your-landing-route' => array('your-landing-action'),
    );

    public function onBootstrap($e)
    {
        $app = $e->getApplication();
        $em  = $app->getEventManager();
        $sm  = $app->getServiceManager();

        $list = $this->whitelist;
        $auth = $sm->get('zfcuser_auth_service');

        $em->attach(MvcEvent::EVENT_ROUTE, function($e) use ($list, $auth) {
            $match = $e->getRouteMatch();

            // No route match, this is a 404
            if (!$match instanceof RouteMatch) {
                return;
            }

            // Route and action is whitelisted
            $routeName = $match->getMatchedRouteName();
            $action = $match->getParam("action");

            if(array_key_exists($routeName,$list) && in_array($action,$list[$routeName])) {
                return;
            }

            // User is authenticated
            if ($auth->hasIdentity()) {
                return;
            }

            // Redirect to the user login page, as an example
            $router   = $e->getRouter();
            $url      = $router->assemble(array(), array(
                'name' => 'zfcuser/login'
            ));

            $response = $e->getResponse();
            $response->getHeaders()->addHeaderLine('Location', $url);
            $response->setStatusCode(302);

            return $response;
        }, -100);
    }
}

I've just changed the code a little but so your white list also contains specific actions. Then we can check the action parameter to be a little bit more specific with your white listing.

I don't know if this is the best way to do it, I'm just showing you how you can do it.

I don't think you even need to check authentication when using BjyAuthorize as you can just use resource checks. If a user has anything other than a guest role then they are a real user and are authenticated. Again, I'm not 100% on that but I do know that I don't use ZfcUser authentication checks in my application which uses BjyAuthorize. I just use route guards to specify the role level needed for a aparticular route.

Maybe somebody else could clarify this?

Aydin Hassan
  • 1,465
  • 2
  • 20
  • 41
  • thanks, in general I agree with you but in my case I just leave it this way... :) – Ron Apr 09 '13 at 09:07
  • unfortunately it doesn't work quite as expected: http://stackoverflow.com/q/16147533/1331671 – Ron Apr 22 '13 at 12:57