Zend Authentication

index.php

<?php

// mkdir /tmp/zend-auth && cd /tmp/zend-auth && \
//       composer req zendframework/zend-authentication zendframework/zend-permissions-rbac

use Zend\Authentication\AuthenticationService;
use Zend\Permissions\Rbac\Rbac;

require_once 'vendor/autoload.php';

////////////////////
/// Autenticação ///
////////////////////

$authenticationService = new AuthenticationService();
$authenticationService->setStorage(new InMemoryStorage());
$usernamePasswordAuthenticationAdapter = new UsernamePasswordAuthenticationAdapter('hallison', 'hallison');
$result = $authenticationService->authenticate($usernamePasswordAuthenticationAdapter);

if (!$result->isValid()) {
    foreach ($result->getMessages() as $message) {
        echo $message, PHP_EOL;
    }

    exit;
}

///////////////////
/// Autorização ///
///////////////////

function getAllRoles(): array
{
    return [
        'ROLE_USER',
        'ROLE_ADMIN',
    ];
}

$identity = $result->getIdentity();
$identityRoles = $identity['roles'];

echo 'Usuário autenticado:', PHP_EOL;
echo $identity['name'], ' (', $identity['age'], ' anos)', ' [', implode(', ', $identityRoles), ']', PHP_EOL;

$rbac = new Rbac();
foreach (getAllRoles() as $role) {
    $rbac->addRole($role);

    $currentRole = $rbac->getRole($role);
    $currentRole->addPermission('READ');

    if ('ROLE_ADMIN' === $role) {
        $currentRole->addPermission('WRITE');
    }
}

///////////////////////////////////////////////////////
/// Verificando se o usuário pode acessar o recurso ///
///////////////////////////////////////////////////////

function isGrantedAffirmative($rbac, $identityRoles, $role)
{
    foreach ($identityRoles as $identityRole) {
        if ($rbac->isGranted($identityRole, $role)) {
            return $identityRole;
        }
    }

    return false;
}

if (false !== $identityRole = isGrantedAffirmative($rbac, $identityRoles, 'READ')) {
    echo $identityRole, ' deu permissão de leitura nesse recurso', PHP_EOL;
} else {
    echo 'Usuário sem permissão de leitura', PHP_EOL;
}

if (false !== $identityRole = isGrantedAffirmative($rbac, $identityRoles, 'WRITE')) {
    echo $identityRole, ' deu permissão de escrita nesse recurso', PHP_EOL;
} else {
    echo 'Usuário sem permissão de escrita', PHP_EOL;
}

InMemoryStorage.php

<?php

use Zend\Authentication\Storage\StorageInterface;

class InMemoryStorage implements StorageInterface
{
    private $contents = null;

    public function isEmpty()
    {
        return null === $this->contents;
    }

    public function read()
    {
        return $this->contents;
    }

    public function write($contents)
    {
        $this->contents = $contents;
    }

    public function clear()
    {
        $this->contents = null;
    }
}

UsernamePasswordAuthenticationAdapter.php

<?php

use Zend\Authentication\Adapter\AdapterInterface;
use Zend\Authentication\Result;

class UsernamePasswordAuthenticationAdapter implements AdapterInterface
{
    private $username;
    private $password;

    public function __construct(string $username, string $password)
    {
        $this->username = $username;
        $this->password = $password;
    }

    public function authenticate()
    {
        if ('hallison' === $this->username && 'hallison' === $this->password) {
            $identity = [
                'name' => 'Hallison Boaventura',
                'age'  => 29,
                'roles' => [
                    'ROLE_USER',
                ],
            ];

            $messages = [
                'Usuário logado com sucesso',
            ];

            return new Result(Result::SUCCESS, $identity, $messages);
        }

        $messages = [
            'Usuário e/ou senha incorretos',
        ];

        return new Result(Result::FAILURE_CREDENTIAL_INVALID, null, $messages);
    }
}