Issues

ZF-2405: Add example of how to extend Zend_Auth_Adapter_DbTable for adding authentication criteria

Description

To the Zend_Auth_Adapter_DbTable documentation should be added an example of how to extend the class in order to add arbitrary authentication criteria.

This solution would demonstrate to developers how to use custom authentication conditions such as: * the {{status}} field value of an account is not equal to {{"compromised"}}, * the {{active}} field value of an account is equal to {{true}}, and * three unsuccessful login attempts having occurred in a certain timespan.

It may be helpful to convey that to achieve encapsulation of authentication with Zend_Auth, these criteria should only deal with authentication - the process of determining that an entity is (or most likely is) what it purports to be. That is, it may not a good idea generally to add conditions to the authentication mechanism that deal more with access control than with authentication, unless there is good reason to do so. As an example, consider the use case of "no logins allowed except from 8am-5pm". In many situations this policy would be considered an access control rule, since it may not deal directly with authentication. When Joe types his password into the form at 7:30am, does this mean that the application should operate under the assumption that it's not Joe making the request? It probably depends on the situation.

Comments

Fixed in r8216.

I've added documentation to support the first two use cases you suggest. Although at this time, I think that the 3rd advanced usage case is too far outside the scope of Zend_Auth to be included in the manual. I think that for that level of advanced usage, you'd probably want to first visit Zend_Acl.

-ralph