eZ Components - AuthenticationDatabaseTiein
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. contents:: Table of Contents

Introduction
============

Description
-----------

The purpose of the `Authentication`_ component is to provide support for
different means of identification and authentication of users using different
providers and protocols.

AuthenticationDatabaseTiein provides a Database filter for the
`Authentication`_ component by using the `Database`_ component, and an
implementation of a database store (backend) for OpenID authentication.


Class overview
==============

An overview of the most important classes in the `Authentication`_ component
and this component.


Base classes
------------

ezcAuthentication
  Main class of `Authentication`_. It is a container for authentication
  filters, which will be run in sequence. The method run() returns true or
  false depending on the success of the authentication filters. Implemented
  in `Authentication`_.

ezcAuthenticationCredentials
  Structure which holds user credentials. Types are id credentials
  (ezcAuthenticationIdCredentials) and id + password credentials
  (ezcAuthenticationPasswordCredentials).  Implemented in `Authentication`_.


Authentication filters
----------------------

ezcAuthenticationDatabaseFilter
  Filter to authenticate against a database. Uses a database instance provided
  by the `Database`_ component (via the ezcDbInstance::get() function).


Stores
------

OpenID uses a store to hold the generated nonces and the associations (in
"smart" mode). If there is no store specified, then nonces are not checked.

ezcAuthenticationOpenidStore
  Abstract class from which the different stores inherit.  Implemented in
  `Authentication`_.

ezcAuthenticationOpenidFileStore
  Uses file storage. Nonces are stored in files named after the nonce itself,
  and associations are stored in files named after the OpenID provider with
  which the association is made. Implemented in `Authentication`_.

ezcAuthenticationOpenidDbStore
  Database storage. Nonces and associations are stored in two tables, with
  names defined as options in ezcAuthenticationOpenidDbStoreOptions.


Authentication filters
======================

Database
--------

The following example shows how to authenticate against a database.

.. include:: tutorial/tutorial_database.php
   :literal:

First, a credentials object is created with username jan.modaal and password
'b1b3773a05c0ed0176787a4f1574ff0075f7521e' (sha1() hash).

An authentication object is created using the credentials object, and a
Database filter is added to it. The $database structure specifies the database
instance (ezcDbInstance::get()), the table name ('users') and the username and
password fields in the table ('user', 'password').

After running the authentication (line 8), if the username and the password do
not pass through the Database filter, then the credentials are incorrect and
the user must be informed. The getStatus() method is used for this. The values
in the status returned must be cycled through and for each value a response is
created for the user ("Username incorrect", "Password incorrect").

If run() returned true (line 24) then the user is logged-in and he can see his
content.


Fetch extra data during Database authentication
```````````````````````````````````````````````

Any value from the table which holds the users can be fetched. The exact column
names must be specified. Example: ::

    // $filter is an ezcAuthenticationDatabaseFilter object
    $filter->registerFetchData( array( 'name', 'country' ) );

After the authentication process is finished (after run()), retrieve the extra
data: ::

    // $filter is an ezcAuthenticationDatabaseFilter object
    $data = $filter->fetchData();

For the previous example, the $data array will be something like this: ::

    array( 'name' => array( 'John Doe' ),
           'country' => array( 'US' )
         );


OpenID
------

OpenID "smart" (stateful) mode
``````````````````````````````

The following example shows how to authenticate against OpenID in "smart"
(stateful) mode, using a database store.

.. include:: tutorial/tutorial_openid_smart_db.php
   :literal:

A database store is defined at line 25. This store will also hold the nonces
which are used to prevent replay attacks.

The database store requires that certain tables are present in the database. To
load the .dba definition for these tables into your database you must have the
DatabaseSchema component installed. Use the following code to load the schema:

.. include:: tutorial/load_openid_db_store_schema.php
   :literal:


Securing applications
=====================

`Securing applications`_ - A guide to improve the security of online
applications. It is not exhaustive, but it provides solutions against common
attacks.

.. _Securing applications: ../Authentication/security.html


.. _Authentication: ../Authentication/tutorial.html#introduction
.. _Database: ../Database/tutorial.html#introduction


..
   Local Variables:
   mode: rst
   fill-column: 79
   End:
   vim: et syn=rst tw=79 nocin