Zend\Authentication & DbTable Adapter with Bcrypt

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Zend\Authentication & DbTable Adapter with Bcrypt

This post has NOT been accepted by the mailing list yet.
This post was updated on .

I'm trying to make use of Zend\Authentication and the provided DbTable adapter.

This is what I have.

// in AuthController

use Zend\Authentication\AuthenticationService;
use Zend\Authentication\Adapter\DbTable as AuthAdapter;

    protected $mapper = null;
    public function loginAction()
        $form = new LoginForm();
        $request = $this->getRequest();
        if ($request->isPost()) {
            $email = $request->getPost()->get('email');
            $password = $request->getPost()->get('password');
            $identity = $this->auth($email, $password);
            if (isset($identity) && $identity->isValid() == TRUE) {
                $user = $this->getUserMapper()->find($identity->getIdentity());
                return $this->redirect()->toRoute('solon');
            } else {
                foreach ($identity->getMessages() as $message) {
                    echo "$message\n";
        return array(
            'form' => $form,
    public function getUserMapper()
        if(!isset($this->mapper)) {
            $sm = $this->getServiceLocator();
            $this->mapper = $sm->get('mapper/user');
        return $this->mapper;

    public function getAuthService()
        return new AuthenticationService();
    protected function auth($email, $password)
        $dbadapter = $this->getServiceLocator()->get('dbAdapter');
        $adapter = new AuthAdapter($dbadapter, 'users', 'email', 'password');
        return $this->getAuthService()->authenticate($adapter);

And yet, $identity->isValid() returns false every time with the error message "Supplied credential is invalid".
I'm guessing the problem is that I never told the Adapter how I hash my passwords (Bcrypt).
How do I integrate with authenticate()'s inner password checking mechanism to have successful validation?