Zend framework 3 checking Auth token in Factory and returning json

Question

IN ZF3 This is my Factory for a few controllers that will require user Authintication:

// Factory class
class ProjectControllerFactory implements FactoryInterface
{
    private $msg;
    public function __invoke(ContainerInterface $container, $requestedName, Array $options = null) {
        $entityManager = $container->get('doctrine.entitymanager.orm_default');
        $config = $container->get('config');
        $request = $container->get('request');

        if($this->authorize($request)){
            return new $requestedName($entityManager, $config);
        }

        echo json_encode([
            'success'=>false,
            'msg'=> 'Your are not authorized to access this page'
        ]);exit;

    }
private function authorize($request){... code here}
}

Now here authorize is function that will return true or false based on user access, i just want to return Json with status code or 401 if user want to access that page.

The question here is, am i doing it Right? is this the right way of checking user ?

if so how can i pass the return 401 code, i tried JsonModel() instead of echo json_encode() but it gives me the error:

Plugin of type "Zend\View\Model\JsonModel" is invalid; must implement Zend\Stdlib\DispatchableInterface

Doing authorization inside controllers is conceptually wrong, and doing it inside their factory is even worse. I suggest you to implement a correct authorization system, because what are you doing is totally wrong (from the auth in a factory, to the `exit` statement..) — Ermenegildo, Sep 13 '19 at 12:39
what if i check everything is `onBootstrap()` function in `Module.php` file — Waqar Haider, Sep 13 '19 at 12:44
Take a look at this: https://stackoverflow.com/questions/52832056/zf2-checking-permissions-for-get-parameter-in-each-action/52832998#52832998 — Ermenegildo, Sep 13 '19 at 13:25

Zend framework 3 checking Auth token in Factory and returning json

0 Answers0