LiveUser and the Framework

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

LiveUser and the Framework

Paul-133
Hello,

I've read through the list's messages, and the Framework's accepted/rejected proposals.

Although I don't really understand the apparent decision not to include an Authentication/Permission class, I do realize that there are other options.

My current interest is to implement full RBAC.  There are a variety of options, but it looks like PEAR's LiveUser may be worth considering with Zend's Framework.

To integrate it 'more tightly', I believe one would need to

(1) determine where/how to invoke authentication checks to 'get around' Controller/Router redirection

(2) modify the class to use Zend_DB as a container, rather than PDO directly as currently in LiveUser

(3) replace LiveUser's use of _SESSION with Zend_Session

(4) integrate with Zend_Cache for credentials caching, etc.


Given "all that", I'm wondering if:

(i) Is it worth it to do the integration, rather than start from scratch, and

(ii) Has anyone here actually done anything with Framework/LiveUser yet and could post some examples?

I see that some of the posters here on the lists are/were leads on the LiveUser project too ...


Thank you.

Paul
Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Arnaud Limbourg
disclaimer: I am one of the maintainers of LiveUser.

Paul wrote:

> Hello,
>
> I've read through the list's messages, and the Framework's
> accepted/rejected proposals.
>
> Although I don't really understand the apparent decision not to include
> an Authentication/Permission class, I do realize that there are other
> options.
>
> My current interest is to implement full RBAC.  There are a variety of
> options, but it looks like PEAR's LiveUser may be worth considering with
> Zend's Framework.
>
> To integrate it 'more tightly', I believe one would need to
>
> (1) determine where/how to invoke authentication checks to 'get around'
> Controller/Router redirection

With help from the list it was a matter of adding an if statement
pointing to a different directory with a controller dealing with showing
the authentication form.

> (2) modify the class to use Zend_DB as a container, rather than PDO
> directly as currently in LiveUser

You can easily write a container using zend_DB. The PDO container was
very fast to write.

> (3) replace LiveUser's use of _SESSION with Zend_Session

Was the proposal accepted ? Anyway, it will take work, nothing drastic I
believe.

> (4) integrate with Zend_Cache for credentials caching, etc.

The caching of rights is definitely on the todo list though nobody has
found the necessary time to implement it yet.

>
> Given "all that", I'm wondering if:
>
> (i) Is it worth it to do the integration, rather than start from
> scratch, and

As with this kind of thing that requires a lot of work, help is more
than welcome :)

> (ii) Has anyone here actually done anything with Framework/LiveUser yet
> and could post some examples?

I'll try to post something tomorrow. The application I'm working on
needs users to be logged in so I implemented the authentication directly
in the index.php.

> I see that some of the posters here on the lists are/were leads on the
> LiveUser project too ...

One should also note that LiveUser, being PHP4 is not E_STRICT.
Conversion shouldn't be long and I believe we could work on how how to
have an e_strict version.

>
> Thank you.
>
> Paul

--
Arnaud
Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Paul-133
Hello Arnaud,

...
With help from the list it was a matter of adding an if statement
pointing to a different directory with a controller dealing with showing
the authentication form.
...
You can easily write a container using zend_DB. The PDO container was
very fast to write.
...
Was the proposal accepted ? Anyway, it will take work, nothing drastic I
believe.
...
The caching of rights is definitely on the todo list though nobody has
found the necessary time to implement it yet.
...
 
All good to know.  Thanks.

As with this kind of thing that requires a lot of work, help is more
than welcome :)
...
I'll try to post something tomorrow. The application I'm working on
needs users to be logged in so I implemented the authentication directly
in the index.php.

A real-world, Framework+LiveUser example will be very helpful to me, and I suspect to others as well.

I've been reading the LiveUser Docs, Wiki, and Tutorials and find that even without the Framework 'integration' it's all rather confusing ...

I'll be happy to help, but first want to just get 'something' working.  At this stage I'm really nothing more that "just a new end user".

> I see that some of the posters here on the lists are/were leads on the
> LiveUser project too ...

One should also note that LiveUser, being PHP4 is not E_STRICT.
Conversion shouldn't be long and I believe we could work on how how to
have an e_strict version.

I did not realize that LiveUser is "php4", not "5" ...

In general, I think 'this effort' would benefit from some greater participation from others here, if there's the interest.

I don't know if the development is appropriate for this list, as a LiveUser-based solution is, apparently, not being considered for a Framework proposal/solution.  I still am stymied as to why not ... In my experience, *every* framework and every CMS, e.g., ends up re-inventing the RBAC wheel.  Personally, I think it's a silly waste of time.

If that is true, perhaps launching a topic at the LiveUser wiki might be of value?

So far, in my exploration, I've found PHPGACL to be my favorite implementation, at first impression -- fast, lightweight, nice GUI -- but it does not seem to have very active development, is tied to Adodb and Smarty, and is apparently not even mysql5 safe/certified.  Not exactly Zend Framework "friendly".

Paul

Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Arnaud Limbourg
> A real-world, Framework+LiveUser example will be very helpful to me, and
> I suspect to others as well.
>
> I've been reading the LiveUser Docs, Wiki, and Tutorials and find that
> even without the Framework 'integration' it's all rather confusing ...

Yes, LiveUser offers a lot so newcomers can be baffled. We're always
trying to improve things in that regard, probably a never-ending process.

> I'll be happy to help, but first want to just get 'something' working.
> At this stage I'm really nothing more that "just a new end user".

>     One should also note that LiveUser, being PHP4 is not E_STRICT.
>     Conversion shouldn't be long and I believe we could work on how how to
>     have an e_strict version.
>
>
> I did not realize that LiveUser is "php4", not "5" ...

By that I means that it runs under PHP4 and PHP 5 but is not e_strict
compliant. Sorry about the lack of clarity.

> In general, I think 'this effort' would benefit from some greater
> participation from others here, if there's the interest.

Indeed.

> I don't know if the development is appropriate for this list, as a
> LiveUser-based solution is, apparently, not being considered for a
> Framework proposal/solution.  I still am stymied as to why not ... In my
> experience, *every* framework and every CMS, e.g., ends up re-inventing
> the RBAC wheel.  Personally, I think it's a silly waste of time.

I agree, reinventing the wheel is fun but not very efficient.

> If that is true, perhaps launching a topic at the LiveUser wiki might be
> of value?

yes I think so.

> So far, in my exploration, I've found PHPGACL to be my favorite
> implementation, at first impression -- fast, lightweight, nice GUI --
> but it does not seem to have very active development, is tied to Adodb
> and Smarty, and is apparently not even mysql5 safe/certified.  Not
> exactly Zend Framework "friendly".

> Paul
>

--
Arnaud
Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Paul-133
Hello again Arnaud,

Yes, LiveUser offers a lot so newcomers can be baffled. We're always
trying to improve things in that regard, probably a never-ending process.

That's true.  Again, I think that real examples & code make a huge difference. :-)

> I did not realize that LiveUser is "php4", not "5" ...

By that I means that it runs under PHP4 and PHP 5 but is not e_strict
compliant. Sorry about the lack of clarity.

Thank you for clarifying.

> In general, I think 'this effort' would benefit from some greater
> participation from others here, if there's the interest.

Indeed.
 
I hope others will (re)voice their interest, then.

I agree, reinventing the wheel is fun but not very efficient.

Personally, I prefer to use an already existing wheel, and spend my time on the rest of the car! :-)

> If that is true, perhaps launching a topic at the LiveUser wiki might be
> of value?

yes I think so.

That's good.  If/when you do that, please post an announcemment/invitation here ... I think that much would NOT be inappropriate, and would help get that additional interest started.

Paul

Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Rodrigo Moraes
I'm interested in LiveUser and/ot phpGACL implementations, as well as
the bit system someone proposed some time ago... and I couldn't find
it, but for simplicity it was quite interesting!

And, hmm, sorry for talking about phpGACL in a LiveUser topic, but the
same interests are involved... I think phpGACL can also be
"translated" to ZF... translating ADOdb to Zend_Db and PHP4 to PHP5
would require some time, but since it is one of the most flexibles
open source systems for ACL in the PHP world, it would be worth for
sure.

I would like to help with LiveUser and any other ACL proposals for the
Zend Framework. Be sure I'll be listening this discussion and I hope I
can help one day.

cheers,
rodrigo moraes / brazil
Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Arnaud Limbourg
In reply to this post by Paul-133
Here is quick rundown of how I got LiveUser working with the controller.
One important thing is that all pages require the user to be logged in
so I chose the simplest route, put the check in the main index.php

Here is a slightly modified version of an index.php I use.

// $users_conf is the configuration array I will not copy here as it is
pretty long (but easy to understand)

require 'LiveUser.php';

$liveuser = LiveUser::factory($users_conf);

if (!$liveuser->init()) {
     var_dump($liveuser->getErrors());
     die();
}

// then the check to see if the user is authenticated an authenticate
him if needed
if (!$liveuser->isLoggedIn()) {
     $username = (array_key_exists('username', $_POST)) ?
$_POST['username'] : null;
     $password  = (array_key_exists('password', $_POST)) ?
$_POST['password'] : null;

     $login = $liveuser->login($username, $password);

     if (LIVEUSER_STATUS_OK != $liveuser->getStatus()) {
         displayError(LiveUser::statusMessage($liveuser->getStatus()));
         exit();
     }
     if (LIVEUSER_STATUS_AUTHFAILED == $liveuser->getStatus()) {
         displayError('Wrong login or password');
         exit();
     } else {
         displayError(LiveUser::statusMessage($liveuser->getStatus()));
         exit;
     }
}

// Later in the page, before the call to dispatch I have the following
code (courtesy of a suggestion on this list) to set a different path for
a controller dealing with the authentication

     // When the user is not logged in show a login page
     if ($liveuser->isLoggedIn()) {
 
$controller->setControllerDirectory($conf->getSetting('filepaths',
'controllers'));
     } else {
 
$controller->setControllerDirectory($conf->getSetting('filepaths',
'controllers') . '/auth');
     }
     $controller->dispatch();


Following that in every action of a controller where I want to do some
right checking I can do something similar to

         if (!$this->user->checkRight(Ipnotic::rights('LIST_RIGHT'))) {
             die("Cannot access");
         }

To create the database there is a script that takes care of it using
MDB2_Schema. I can also provide a mysql (5) dump of the structure.

I hope this answers some of your questions regarding the integration,
let me know if I can give you any extra info.

Arnaud.
Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Eric Coleman-3
Sorry Arnaud, I messed up again :P

Here's the original message ->

Forgive the rails thoughts here, but couldn't you extend the  
controller in such a way to have an array of 'actions' that require  
login, and then from there request the authorization based on that?

Or, maybe you guys/gals could be cool and build it into the standard  
controller, allowing us to specify a callback of some sort to handle  
the authorization for that controller/action..

Eric Coleman


On Jun 2, 2006, at 8:54 AM, Arnaud Limbourg wrote:

> Here is quick rundown of how I got LiveUser working with the  
> controller. One important thing is that all pages require the user  
> to be logged in so I chose the simplest route, put the check in the  
> main index.php
>
> Here is a slightly modified version of an index.php I use.
>
> // $users_conf is the configuration array I will not copy here as  
> it is pretty long (but easy to understand)
>
> require 'LiveUser.php';
>
> $liveuser = LiveUser::factory($users_conf);
>
> if (!$liveuser->init()) {
>     var_dump($liveuser->getErrors());
>     die();
> }
>
> // then the check to see if the user is authenticated an  
> authenticate him if needed
> if (!$liveuser->isLoggedIn()) {
>     $username = (array_key_exists('username', $_POST)) ? $_POST
> ['username'] : null;
>     $password  = (array_key_exists('password', $_POST)) ? $_POST
> ['password'] : null;
>
>     $login = $liveuser->login($username, $password);
>
>     if (LIVEUSER_STATUS_OK != $liveuser->getStatus()) {
>         displayError(LiveUser::statusMessage($liveuser->getStatus()));
>         exit();
>     }
>     if (LIVEUSER_STATUS_AUTHFAILED == $liveuser->getStatus()) {
>         displayError('Wrong login or password');
>         exit();
>     } else {
>         displayError(LiveUser::statusMessage($liveuser->getStatus()));
>         exit;
>     }
> }
>
> // Later in the page, before the call to dispatch I have the  
> following code (courtesy of a suggestion on this list) to set a  
> different path for a controller dealing with the authentication
>
>     // When the user is not logged in show a login page
>     if ($liveuser->isLoggedIn()) {
> $controller->setControllerDirectory($conf->getSetting('filepaths',  
> 'controllers'));
>     } else {
> $controller->setControllerDirectory($conf->getSetting('filepaths',  
> 'controllers') . '/auth');
>     }
>     $controller->dispatch();
>
>
> Following that in every action of a controller where I want to do  
> some right checking I can do something similar to
>
>         if (!$this->user->checkRight(Ipnotic::rights('LIST_RIGHT'))) {
>             die("Cannot access");
>         }
>
> To create the database there is a script that takes care of it  
> using MDB2_Schema. I can also provide a mysql (5) dump of the  
> structure.
>
> I hope this answers some of your questions regarding the  
> integration, let me know if I can give you any extra info.
>
> Arnaud.

Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Arnaud Limbourg
Well, the use I have for it requires uses to be logged in so it was
pretty straightforward to add it to the index.php.

Another choice is to use the plugin mechanism and make the check there
(preDispatch or one of those :) This plugin could then run the check the
requested controller/action against a source of authorized
controllers/actions.

Arnaud.

Eric Coleman wrote:

> Sorry Arnaud, I messed up again :P
>
> Here's the original message ->
>
> Forgive the rails thoughts here, but couldn't you extend the controller
> in such a way to have an array of 'actions' that require login, and then
> from there request the authorization based on that?
>
> Or, maybe you guys/gals could be cool and build it into the standard
> controller, allowing us to specify a callback of some sort to handle the
> authorization for that controller/action..
>
> Eric Coleman
>
>
> On Jun 2, 2006, at 8:54 AM, Arnaud Limbourg wrote:
>
>> Here is quick rundown of how I got LiveUser working with the
>> controller. One important thing is that all pages require the user to
>> be logged in so I chose the simplest route, put the check in the main
>> index.php
>>
>> Here is a slightly modified version of an index.php I use.
>>
>> // $users_conf is the configuration array I will not copy here as it
>> is pretty long (but easy to understand)
>>
>> require 'LiveUser.php';
>>
>> $liveuser = LiveUser::factory($users_conf);
>>
>> if (!$liveuser->init()) {
>>     var_dump($liveuser->getErrors());
>>     die();
>> }
>>
>> // then the check to see if the user is authenticated an authenticate
>> him if needed
>> if (!$liveuser->isLoggedIn()) {
>>     $username = (array_key_exists('username', $_POST)) ?
>> $_POST['username'] : null;
>>     $password  = (array_key_exists('password', $_POST)) ?
>> $_POST['password'] : null;
>>
>>     $login = $liveuser->login($username, $password);
>>
>>     if (LIVEUSER_STATUS_OK != $liveuser->getStatus()) {
>>         displayError(LiveUser::statusMessage($liveuser->getStatus()));
>>         exit();
>>     }
>>     if (LIVEUSER_STATUS_AUTHFAILED == $liveuser->getStatus()) {
>>         displayError('Wrong login or password');
>>         exit();
>>     } else {
>>         displayError(LiveUser::statusMessage($liveuser->getStatus()));
>>         exit;
>>     }
>> }
>>
>> // Later in the page, before the call to dispatch I have the following
>> code (courtesy of a suggestion on this list) to set a different path
>> for a controller dealing with the authentication
>>
>>     // When the user is not logged in show a login page
>>     if ($liveuser->isLoggedIn()) {
>> $controller->setControllerDirectory($conf->getSetting('filepaths',
>> 'controllers'));
>>     } else {
>> $controller->setControllerDirectory($conf->getSetting('filepaths',
>> 'controllers') . '/auth');
>>     }
>>     $controller->dispatch();
>>
>>
>> Following that in every action of a controller where I want to do some
>> right checking I can do something similar to
>>
>>         if (!$this->user->checkRight(Ipnotic::rights('LIST_RIGHT'))) {
>>             die("Cannot access");
>>         }
>>
>> To create the database there is a script that takes care of it using
>> MDB2_Schema. I can also provide a mysql (5) dump of the structure.
>>
>> I hope this answers some of your questions regarding the integration,
>> let me know if I can give you any extra info.
>>
>> Arnaud.
>

--
Arnaud
Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Paul-133
In reply to this post by Arnaud Limbourg
Hello Arnaud,


Here is quick rundown of how I got LiveUser working with the controller.
One important thing is that all pages require the user to be logged in
so I chose the simplest route, put the check in the main index.php

Here is a slightly modified version of an index.php I use.

Thanks.  This is a helpful start.

Following that in every action of a controller where I want to do some
right checking I can do something similar to

I see the simplicity of  the  check in index.php.

How would you suggest handling, then, "public" pages addressed by specific controllers?  Simply don't do the rights check?  Or circumvent in each controller somehow?

To create the database there is a script that takes care of it using
MDB2_Schema. I can also provide a mysql (5) dump of the structure.

The dump would be helpful.   If at all possible, I'd like to avoid the MDB2 step ... and move right to PDO containe.  Even better, to Zend_DB ...

I hope this answers some of your questions regarding the integration,
let me know if I can give you any extra info.

Thanks again.

Paul

Arnaud.

Reply | Threaded
Open this post in threaded view
|

Re: LiveUser and the Framework

Arnaud Limbourg
> How would you suggest handling, then, "public" pages addressed by
> specific controllers?  Simply don't do the rights check?  Or circumvent
> in each controller somehow?

I'm not very familiar with the plugin mechanism but I believe this is
where I would handle the check. Another solution would be to have every
controller call an authenticate() method in a custom controller.

>     To create the database there is a script that takes care of it using
>     MDB2_Schema. I can also provide a mysql (5) dump of the structure.
>
>
> The dump would be helpful.   If at all possible, I'd like to avoid the
> MDB2 step ... and move right to PDO containe.  Even better, to Zend_DB ...
>
>     I hope this answers some of your questions regarding the integration,
>     let me know if I can give you any extra info.
>
>
> Thanks again.
>
> Paul
>
>     Arnaud.
>
>

--
Arnaud