0

I am calling one function from onBootStrap() to authorize user, in that function I am using header information to verify the user.

If this is not correct, I want to stop execution here(onBootStrap()) without even calling the actual API and return some response to the user .

User should get some response because then only user can know what's the problem.

How I can return response from there?

Siguza
  • 21,155
  • 6
  • 52
  • 89
keen
  • 3,001
  • 4
  • 34
  • 59

1 Answers1

4

Simply said, onBootstrap is not sufficient for this. Usually, you have two stages in your application. The first is bootstrapping, the second is running. During run you can authorize users and return responses, during bootstrap this is not possible.

The reason is simple, you might have another module overriding it's behaviour. If you stop bootstrapping after your module, you can stop the execution of these modules. It's better to move the logic to run. This run stage is defined with various listeners, of which the first is route. There isn't much going on after bootstrap and before route, so in terms of performance it's neglectable.

A code example:

use Zend\Mvc\MvcEvent;
use Zend\Json\Json;

class Module
{
    public function onBootstrap($e)
    {
        $app = $e->getApplication();
        $em  = $app->getEventManager();

        $em->attach(MvcEvent::EVENT_ROUTE, function($e) use ($app) {
            // your auth logic here

            if (!$auth) {
                $response = $e->getResponse();

                $response->setStatusCode(403);
                $response->setContent(Json::encode(array(
                   'error'   => 12345,
                   'message' => 'You are not authorized for this request',
                ));

                return $response;
            }
        }, PHP_INT_MAX);
    }
}

The listener is attached at an very early stage (PHP_INT_MAX) so the check happens as first in the complete route stage. You can also choose for quite a high number (like, 1000) so you can hook in this event before user authorization.

Jurian Sluiman
  • 13,498
  • 3
  • 67
  • 99
  • Currently I am authorizing in onBootStrap() and if verification is successful then it calls api otherwise it won't call the API. This is not a problem I have already done this. I just want to throw error back to the user from this function. – keen Jan 03 '14 at 09:34
  • As said, bootstrap is not the right place, as you cannot return a response there. The route or dispatch have a [short circuit check](https://github.com/zendframework/zf2/blob/master/library/Zend/Mvc/Application.php#L278-L287) attached, and the [bootstrap not](https://github.com/zendframework/zf2/blob/master/library/Zend/Mvc/Application.php#L155-L157). That is why you always see a listener is attached, as you can return responses to the user. The response is the only way to show the user any message about the verification error. – Jurian Sluiman Jan 03 '14 at 09:37
  • ok. then can I create a new API for error handling ? So when ever there is a error in authorization I can call this API and return response from there. Is there a way to redirect a API call? – keen Jan 03 '14 at 10:47
  • You shouldn't redirect or so. Just set the status code in the response and add a message. I updated my answer where I show the response has a status code and message set. In this case, it's a Json response, but you can modify the response whatever you want. – Jurian Sluiman Jan 03 '14 at 10:55
  • 1) Is this the proper way to return error? Because we added an listener to onBootStrap(). 2) Even if i set status code to 403, it shows status code 200 when I tried to run this from advanced Rest client. What could be the problem? – keen Jan 04 '14 at 06:16
  • see this http://stackoverflow.com/questions/20917970/always-returns-status-code-200. – keen Jan 04 '14 at 06:51