ZF-11086: Zend_Auth_Result getCode() function returning invalid code

Issue Type: Bug Created: 2011-02-17T08:05:07.000+0000 Last Updated: 2011-02-18T07:57:59.000+0000 Status: Open Fix version(s): Reporter: Toni Rosa (arosa) Assignee: Ralph Schindler (ralph) Tags: - Zend_Auth

Related issues: Attachments:


I'm trying to use Zend_Auth_Adapter_Http but there seems to be a problem with the Zend_Auth_Result class that it returns after calling authenticate(): According to the documentation its getCode() should return one of the following constants: FAILURE=0 , FAILURE_CREDENTIAL_INVALID=-3, FAILURE_IDENTITY_AMBIGUOUS=-2, FAILURE_IDENTITY_NOT_FOUND=-1,FAILURE_UNCATEGORIZED=-4,SUCCESS=1 It's my understanding that if no credentials where supplied to the call it should return FAILURE_IDENTITY_NOT_FOUND, but it always returns FAILURE_CREDENTIAL_INVALID... Diving a bit into the Zend_Auth_Adapter_Http code, around line 383 (Auth/Adapter/Http.php), I see that there is check for the presence of the HTTP Authorization in the request header, and if it isn't there, the _challengeClient() function gets called. Unfortunetly this function tells Zend_Auth_Result to return FAILURE_CREDENTIAL_INVALID no matter what... Am I using it wrongly, or is it a bug?


Posted by Ralph Schindler (ralph) on 2011-02-18T06:57:19.000+0000

_challengeClient() is reused in a variety of places. If _challengeClient() is returning, a response with the proper HTTP codes is happening anyway, I am unsure what changing the Zend_Auth_Response code will afford you. What is the use case to have different response codes on the result of a challenge request?


Posted by Toni Rosa (arosa) on 2011-02-18T07:57:59.000+0000

I want to allow access to the resources with either no credentials at all or using valid credentials. I expected that I could use the Zend_Auth_Result returned by "authenticate()" to find out whether there's a valid user, and invalid user or no user at all using the getCode() method. Right now I performing this check manually before calling the Zend_Auth_Adapter_Http authenticate() method like that: (...) $getHeader = 'Authorization'; $authHeader = $this->_request->getHeader($getHeader); if ($authHeader) { $Auth_Adapter_Http->authenticate(); (...) Duplicating the same check that gets executed inside authenticate() but doesn't inform the _code variable accordingly Regards, Toni

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.