I do like the idea of keeping a history of a user as I have done so in the past.
Now for the bean being passed into an authentication CFC suggests that natively, you should return void. During the authentication process, the setters should be updated as part of the bean to set methods like setUserID(). Now to keep a traditional bean without having hybrid methods like isLoggedIn() or isAuthenticated() in your bean, you can detect if the bean has a valid user ID in your controller when all you need to do is return getUserID(). This will keep your bean with a smaller footprint. The whole purpose of a DAO or psuedo DAO is to modify the bean passed in. Teddy On 1/9/07, Matthew Drayer <[EMAIL PROTECTED]> wrote:
Hi Aaron, You may want to consider maintaining an authentication history for the user, so that if the CF service is recycled, you can load it back into the user object (or auth service, etc.). This way the user does not have to reauthenticate just because the plug was pulled in the middle of their session. You can do this within your existing method using <cftransaction>, or you can have the caller invoke a second method based on a valid return value. Either way works, although we employ the latter here because authentication is handled by a third party service and the history is stored in our own database. Also, instead of simply returning "true", I might think about returning the userid value itself, which can be useful to the caller and also evaluates to "true" for boolean purposes. In addition, you may want to think about your naming convention -- our particular customer authentication method is named "getCustomerAuthenticationData" and it returns a structure containing several pieces of related data, including customer_id, date_authenticated, authentication_type (we support IP and login), etc. In our model, for "question" type methods such as your example below, it would be called something like "isUserAuthenticated(user)" to convey the fact that it is a boolean operation. Matt Matthew Drayer Development Manager HCPro, Inc. Marblehead MA [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Roberson Sent: Tuesday, January 09, 2007 12:14 PM To: [email protected] Subject: [CFCDEV] Code Examples for User Authentication Login I am looking for some code examples to learn from for authenticating users in an MVC architecture using DAOs, services, gateways and beans. I currently have the following code in my DAO, but I am wondering if I should really be adding to the CRUD methods: <cffunction name="authenticate" access="public" output="false" hint="accepts user object, email and password and checks performs authentication. Populates user object if authenticated and returns true or false"> <cfargument name="user" required="yes" hint="required. accepts user object"> <cfset var qCheckUser = ""> <cfquery name="qCheckUser" datasource="#variables.dsn#"> SELECT userid, email, password FROM user WHERE email = <cfqueryparam cfsqltype="cf_sql_varchar" value="#user.getEmail()#"> AND password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#user.getPassword()#"> </cfquery> <cfscript> if(IsQuery(qCheckUser) AND qCheckUser.RecordCount EQ 1){ read(arguments.user,qCheckUser.userid); return true; }else{ return false; } </cfscript> </cffunction> Thanks for the help! -Aaron You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected] You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
-- <cf_payne /> Adobe Certified ColdFusion MX 7 Developer Atlanta CFUG (ACFUG): http://www.acfug.org You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
