This repository has been archived by the owner on Jan 29, 2020. It is now read-only.
{Question] Why authenticate writes identity? #21
Comments
|
This repository has been closed and moved to laminas/laminas-authentication; a new issue has been opened at laminas/laminas-authentication#6. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello.
I wanted to ask, if there is a specific reason why authenticate() method also writes data to a storage?
In ZF1 adapter only returned a result, which I think was the best possible solution.
I think AuthService should only check data and prepare subclasses for further actions. In most cases, user won't need default identity but custom data. And now, if data is saved, it might cause bug ZF-7546 to re-appear. To prevent it, one should once again call clearIdentity() and write again after checking isValid().
As an example, possible bug code scenario - time window logins. User can only login during 8 -16. Because of some extra blocking inside !isValid(), we treat it as valid authentication and made some extra redirects if time didn't match. Now if we forget to clear identity before redirecting, MVC identity plugin will return true. Which may then lead to another bugs if we expected array and identity is a string.
The text was updated successfully, but these errors were encountered: