Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation: An alternative login workflow #2

Open
weierophinney opened this issue Dec 31, 2019 · 3 comments
Open

Documentation: An alternative login workflow #2

weierophinney opened this issue Dec 31, 2019 · 3 comments
Labels
Documentation

Comments

@weierophinney
Copy link
Contributor

As requested in #19 here is my current login workflow.

I've laid out all the related code in this gist

I'm not sure how to present an alternative workflow in the documentation therefor I'm starting this discussion to figure out the how's and where's. If you want take the code and incorporate it into the documentation yourselves then that's fine too, I'm not much of a documentation guy 😄

Originally posted by @jonsa at zendframework/zend-expressive-authentication-session#20
@weierophinney weierophinney mentioned this issue Dec 31, 2019
Open
@kfeldt
Copy link

kfeldt commented Jan 22, 2022

Thank you - this solution was helpful as the PhPSession class in the documented example wasn't managing the referrer properly.

@froschdesign
Copy link
Member

@kfeldt
I haven't tried the alternative solution, but should we include this solution in the documentation?

@froschdesign froschdesign mentioned this issue Jan 28, 2022
Closed
@imonteiro
Copy link

Hi everyone,

I just implement a different workflow, and now I see this topic. I try to adapt the current example in documentation, to the following code.

class UserMiddleware implements MiddlewareInterface
{
    private const REDIRECT_ATTRIBUTE = 'authentication:redirect';

    /** @var callable */
    private $user;

    public function __construct(callable $user, string $redirect)
    {
        $this->user     = $user;
        $this->redirect = $redirect;
    }

    public function process(
        ServerRequestInterface $request,
        RequestHandlerInterface $handler
    ): ResponseInterface {
        $session     = $request->getAttribute(SessionMiddleware::SESSION_ATTRIBUTE);
        $sessionData = $session->get(UserInterface::class);

        $currentPath = $request->getUri()->getPath() ?? '/';
        if ($currentPath != '/login' && $currentPath != '/logout') {
            $session->set(self::REDIRECT_ATTRIBUTE, $currentPath);
        }

        $request  = $request->withAttribute(
            UserInterface::class,
            $user = ($this->user)($sessionData['username'] ?? '', $sessionData['roles'] ?? ['guest'])
        );

        $response      = $handler->handle($request);
        $isGuest       = current($user->getRoles()) === 'guest';
        $isAtLoginPage = $request->getUri()->getPath() === $this->redirect;

        if (! $isGuest && $isAtLoginPage) {
            $session->unset(self::REDIRECT_ATTRIBUTE);
            return new RedirectResponse($currentPath);
        }

        return $response;
    }
}

At LoginHandler, after login successful I change the code to:
(removed all other stuff, which are implemented at UserMiddleware)

        // Login was successful
        if ($this->adapter->authenticate($request)) {
            $redirect = $session->get(self::REDIRECT_ATTRIBUTE) ?? '/';
            $session->unset(self::REDIRECT_ATTRIBUTE);
            return new RedirectResponse($redirect);
        }

Is this a "good" practise? Or this example is a better approach?

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@weierophinney @froschdesign @kfeldt @imonteiro