0

I've been trying to implement Zend\Authentication following the instructions on http://framework.zend.com/manual/current/en/modules/zend.authentication.intro.html, but I seem to be missing a piece of the puzzle.

I've built a custom adapter, and which is working fine, but I'm at a loss about how to implement custom storage.

I have created a custom class that is implementing the StorageInterface, but I can't really wrap my head around what I am supposed to do with the methods.

The write method is the only one that gets input, which seems to be the second parameter of a Authentication\Result.

What I don't understand is what data I am supposed to write to my storage (Redis) - will the contents of $contents be enough? Shouldn't I have some kind of key or something available in the custom storage class that I can use to query my storage?

Marco
  • 2,329
  • 1
  • 21
  • 25

2 Answers2

1

Even if you're writing your own Authentication Adapter, it's not mandatory that you build custom Session Storage. If you need to modify Storage to add functionality, you can still simply extend one of the stock Storage classes. For example, this is a class where I've done that. https://github.com/soliantconsulting/SimpleFM/blob/master/library/Soliant/SimpleFM/ZF2/Authentication/Storage/Session.php

Even if you do require custom session handling eventually, I suggest you start out using an existing Zend Session Storage class to get your Auth Adapter working. Then you can come back and focus on the Storage in a second pass.

I found it very informative to look at how the Zend classes work under the hood. Also, look at the unit tests. Finally, if it helps, look and my SimpleFM Authentication classes, because those are a nice simple use case. There's also a simple example of implementing the custom adapter via factories here https://github.com/soliantconsulting/SimpleFM-skeleton/tree/master/module/SimpleFMAuth/src/SimpleFMAuth/Factory

dualmon
  • 1,225
  • 1
  • 8
  • 16
0

I'm answering my own question with what I came up with, in case it might help someone else in the future.

As it turns out, the solution was fairly simple. I was under the impression that there would be some magic involved, but that was not the case at all.

My solution was simply to store all my session data in Redis using a hashed key, as well as storing the value of the hashed key in a cookie for easy retrieval.

Marco
  • 2,329
  • 1
  • 21
  • 25
  • Not the best approach for security sensitive applications, at least make sure to use encrypted cookie. Nobody should be able to pull data from someone else's session by guessing their storage key. – umbrel Mar 21 '17 at 05:57