ZF-11086: Zend_Auth_Result getCode() function returning invalid code


I'm trying to use Zend_Auth_Adapter_Http but there seems to be a problem with the Zend_Auth_Result class that it returns after calling authenticate(): According to the documentation its getCode() should return one of the following constants: FAILURE=0 , FAILURE_CREDENTIAL_INVALID=-3, FAILURE_IDENTITY_AMBIGUOUS=-2, FAILURE_IDENTITY_NOT_FOUND=-1,FAILURE_UNCATEGORIZED=-4,SUCCESS=1 It's my understanding that if no credentials where supplied to the call it should return FAILURE_IDENTITY_NOT_FOUND, but it always returns FAILURE_CREDENTIAL_INVALID... Diving a bit into the Zend_Auth_Adapter_Http code, around line 383 (Auth/Adapter/Http.php), I see that there is check for the presence of the HTTP Authorization in the request header, and if it isn't there, the _challengeClient() function gets called. Unfortunetly this function tells Zend_Auth_Result to return FAILURE_CREDENTIAL_INVALID no matter what... Am I using it wrongly, or is it a bug?


_challengeClient() is reused in a variety of places. If _challengeClient() is returning, a response with the proper HTTP codes is happening anyway, I am unsure what changing the Zend_Auth_Response code will afford you. What is the use case to have different response codes on the result of a challenge request?


I want to allow access to the resources with either no credentials at all or using valid credentials. I expected that I could use the Zend_Auth_Result returned by "authenticate()" to find out whether there's a valid user, and invalid user or no user at all using the getCode() method. Right now I performing this check manually before calling the Zend_Auth_Adapter_Http authenticate() method like that: (...) $getHeader = 'Authorization'; $authHeader = $this->_request->getHeader($getHeader); if ($authHeader) { $Auth_Adapter_Http->authenticate(); (...) Duplicating the same check that gets executed inside authenticate() but doesn't inform the _code variable accordingly Regards, Toni