Testing user identification before any request

Question

I wondering how to perform an access control in a entire module. Let me explain : If I have got a module (/authentication/) which is only developed to create a session. And a another module (/Main/) which contains the main application.

What I want to do is to check in any request on the main module if a session was correctly created by a user.

During my research on the internet, I saw a method to do it. I'm not sure, so tell me if my solution is good : I will implemente an event in my bootstrap function (on module.php) which will check if the session is correctly created. If it is not I will redirect to the module authentication.

public function onBootstrap($e){

    $eventManager = $e->getApplication()->getEventManager();

    $auth = new AuthenticationService();
    if (!$auth->hasIdentity()) {
        $response  = $e->getResponse();
        $response->getHeaders()->addHeaderLine('Location', 'authentification');
        $response->setStatusCode(302);
    }

    $moduleRouteListener = new ModuleRouteListener();
    $moduleRouteListener->attach($eventManager);
}

What do you think about this solution ?

Unfortunately this solution is not good. I don't know why, but it seem that this code is executed even in the module authentication. So at the first call when you are trying to go in the url : /main, you will be redirect to the module /authentication and again the code will be re-executed and the module will redirect you to /authentication and again and again and again...

So I think the solution is to check if the requested url is different from this one /authentication.

How to do this ?

Hope my question is clear and easily understandable.

Thank you =D

Answer 1

public function onBootstrap(MvcEvent $e) {

        $eventManager = $e->getApplication()->getEventManager();

        $eventManager->attach(MvcEvent::EVENT_DISPATCH, function($e) {

            $controller = $e->getTarget();
            $auth = new AuthenticationService();
            $is_login = $auth->hasIdentity();


                        //check if action is login

            $params = $e->getApplication()->getMvcEvent()->getRouteMatch()->getParams();

            if ($params['action'] == 'login') {


                if ($is_login) {
                    return $controller->redirect()->toRoute('adminindex');
                }

            } else {


                if (!$is_login) {
                    return $controller->redirect()->toRoute('adminauthlogin');
                }

            }
});

    }

a little bit better solution ;)