Shld authentication be done in Zend_Validate instead of a controller action?

Question

currently, to login a user in Zend Framework, i do something like

public function loginAction()
{
    if ($this->getRequest()->isPost()) {
        $adapter = new Application_Auth_Adapter(
                        $this->getRequest()->getParam('username'),
                        $this->getRequest()->getParam('password')
                    );
        $auth = Zend_Auth::getInstance();
        $auth->authenticate($adapter);
        if ($auth->hasIdentity()) {
            echo $auth->getIdentity()->name;
        } else {
            echo "failed login";
        }
    } else {
        echo "not posted";
    }
}

but i am wondering if i shld have all the validation logic

$auth = Zend_Auth::getInstance();
$auth->authenticate($adapter);
if ($auth->hasIdentity()) { ...

put inside a Zend_Validate instead then all my controller does is check if the form isValid()? most tutorials do the authentication in controllers but i am wondering since authenticating a user login sounds like validation to me ...

Answer 1

I think the act of authenticating a user is separate from validating the user.

You could have a validator which can be used to test whether a certain set of credentials is valid or not. However, this would usually be a bit redundant, as you can simply pass the credentials to Zend_Auth to determine validity and authenticate the user if so.

If you wish to separate your login process (maybe it's a bit more involved than just calling Zend_Auth or you need to do it in more than one place for some reason) from your controller's logic, you could create a login service class which abstracts the necessary steps.