Extending Magento – Customer Authentication Functionalty with SOAP API | Webservice

If you know about Magento API, you would know that Magento SOAP API does not provide method which can be used to authenticate user, this is one of major limitation of Magento API and we need to extend Magento API and write custom method. In this article “Extending Magento – Customer Authentication Functionalty with SOAP API | Webservice” we will see step by step guide to achieve this.

To add new method and understand how to extend Magento API, please go through this article or this article by Inchoo. By reading through this article it will help you in knowing what we are doing below

Requirement – Extend Magento Core API such that is expose method to authenticate user by passing user name and password from any client application (mobile apps from IOS or Andriod)

Step 2 – Your api.xml file

Step 2 – Your api.xml file
<?xml version="1.0"?>
<config>
 <modules>
 <MyCompany_Mymodule>
 <version>1.0.0</version>
 </MyCompany_Mymodule>
 </modules>
 <global>
 <models>
 <Mymodule>
 <class>MyCompany_Mymodule_Model</class>
 </Mymodule>
 </models>
 <helpers>
 <Mymodule>
 <class>MyCompany_Mymodule_Helper</class>
 </Mymodule>
 </helpers>
 </global>
</config>

Step 3 – Your config.xml

<?xml version="1.0"?>
<config>
 <modules>
 <MyCompany_Mymodule>
 <version>1.0.0</version>
 </MyCompany_Mymodule>
 </modules>
 <api>
 <resources>
 <Mymodule_Folder translate="title" module="Mymodule">
 <title>My Module API</title>
 <model>Mymodule/Folder_Api</model>
 <acl>Mymodule/Folder</acl>
 <methods> 
 <customerlogin translate="title" module="Mymodule">
 <title>My Api Method Title</title>
 <acl>Mymodule/Folder/customerlogin</acl>
 </customerlogin>
 </methods>
 </Mymodule_Folder>
 </resources>
 <resources_alias>
 <Folder>Mymodule_Folder</Folder>
 </resources_alias>
 <v2>
 <resources_function_prefix>
 <Folder>Folder</Folder>
 </resources_function_prefix>
 </v2>
 <acl>
 <resources>
 <Mymodule translate="title" module="Mymodule">
 <title>Mymodule</title>
 <Folder translate="title" module="Mymodule">
 <title>Folder</title> 
 <customerlogin translate="title" module="Mymodule">
 <title>customerlogin</title>
 </customerlogin> 
 </Folder>
 </Mymodule>
 </resources>
 </acl>
 </api>
</config>

Step 4 – Your wsdl.xml file

<?xml version="1.0" encoding="UTF-8"?>
<definitions xmlns:typens="urn:{{var wsdl.name}}" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
 xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns="http://schemas.xmlsoap.org/wsdl/"
 name="{{var wsdl.name}}" targetNamespace="urn:{{var wsdl.name}}">
 <types>
 <schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="urn:Magento">
 <import namespace="http://schemas.xmlsoap.org/soap/encoding/" schemaLocation="http://schemas.xmlsoap.org/soap/encoding/" />
 
 <complexType name="customerCustomerLoginEntity">
 <all>
 <element name="customer_id" type="xsd:int" minOccurs="0" />
 <element name="success" type="xsd:string" minOccurs="0" />
 <element name="customerobject" type="typens:customerCustomerEntity" minOccurs="0" />
 </all>
 </complexType>
 </schema>
 </types>
 <message name="FoldercustomerloginRequest">
 <part name="sessionId" type="xsd:string"/>
 <part name="message" type="xsd:string" />
 <part name="websitecode" type="xsd:string"/>
 <part name="email" type="xsd:string"/>
 <part name="password" type="xsd:string"/>
 </message>
 
 <message name="FoldercustomerloginResponse">
 <part name="result" type="typens:customerCustomerLoginEntity" />
 </message>
 
 <portType name="{{var wsdl.handler}}PortType">
 <operation name="Foldercustomerlogin">
 <documentation>this is Login to Magento Store for Customer.</documentation>
 <input message="typens:FoldercustomerloginRequest" />
 <output message="typens:FoldercustomerloginResponse" />
 </operation>
 
 </portType>
 <binding name="{{var wsdl.handler}}Binding" type="typens:{{var wsdl.handler}}PortType">
 <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http" />
 <operation name="Foldercustomerlogin">
 <soap:operation soapAction="urn:{{var wsdl.handler}}Action" />
 <input>
 <soap:body namespace="urn:{{var wsdl.name}}" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" />
 </input>
 <output>
 <soap:body namespace="urn:{{var wsdl.name}}" use="encoded" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" />
 </output>
 </operation>
 
 </binding>
 <service name="{{var wsdl.name}}Service">
 <port name="{{var wsdl.handler}}Port" binding="typens:{{var wsdl.handler}}Binding">
 <soap:address location="{{var wsdl.url}}" />
 </port>
 </service>
</definitions> 

Step 5 – Data.php file

<?php
class MyCompany_Mymodule_Helper_Data extends Mage_Core_Helper_Abstract{
}

Step 6 – Your V2.php file

<?php
class MyCompany_Mymodule_Model_Folder_Api_V2 extends MyCompany_Mymodule_Model_Folder_Api
{ 
}

Step 7 – Your Main Api.php file

customerlogin is our main method which is exposed, other methods are the supporting method which helps us to validate user credentials.

If user is valid this method will return customerid, a boolean true value whether call is sucessfull or not and customerObject holding values of customers attributes(check our wsdl.xml file)

If user is not valid this method will return empty customerid and a boolean false value.

<?php
class MyCompany_Mymodule_Model_Folder_Api extends Mage_Api_Model_Resource_Abstract
{ /* Customer Authitication STARTS*/
 /** @var Mage_Customer_Model_Session */
 protected $_customerSession = null;
 
 protected $_mapAttributes = array(
 'customer_id' => 'entity_id'
 );
 
 /**
 * Customer authentication.
 *
 * @param string $website Website code of website to authenticate customer against
 * @param string $username Username of customer to authenticate
 * @param string $password Password of customer to authenticate
 * @return boolean True, if successfully authenticated customer for supplied website; false, otherwise.
 */


 public function customerlogin($message,$website,$email,$password)
 {
 
 try{
 // determine store to login to
 $store = $this->_getStore($website);
 
 // get customer session object
 $session = $this->_getCustomerSession();
 
 // authenticate customer
 $result = array();
 $authenticated = $session->login($email, $password);
 $authenticated = true;
 if($authenticated)
 {
 $customer = $this->_getAuthenticatedCustomer();
 
 if (!$customer->getId()) {
 return "customer not found";
 } 
 $customerReturn = array();
 $customerReturn['firstname'] = $customer->getData('firstname');;
 $customerReturn['middlename'] = $customer->getData('middlename');;
 $customerReturn['lastname'] = $customer->getData('lastname');;
 $customerReturn['prefix'] = $customer->getData('prefix');;
 $customerReturn['suffix'] = $customer->getData('suffix');;
 $customerReturn['email'] = $customer->getData('email');;
 $customerReturn['confirmation'] = $customer->getData('confirmation');;
 $customerReturn['store_id'] = $customer->getData('store_id');;
 $customerReturn['website_id'] = $customer->getData('website_id');;
 $customerReturn['dob'] = $customer->getData('dob');;
 $customerReturn['created_at'] = $customer->getData('created_at');;
 $customerReturn['updated_at'] = $customer->getData('updated_at');;
 $result = array('customer_id'=> $session->getCustomerId(), 'success'=> 'true','customerobject'=> $customerReturn);
 }
 else
 {
 $result = array('customer_id'=> "", 'success'=> 'false');
 }
 }
 catch(Exception $e){
 // to do - catch exception and return exact fault code.
 $result = array('customer_id'=> "", 'success'=> $e);
 }
 return $result;
 }
 
 
 
 
 
 /**
 * Check whether a customer has been authenticated in this session.
 *
 * @return void
 * @throws Mage_Core_Exception If customer is not authenticated.
 */
 protected function _checkCustomerAuthentication()
 {
 // get customer session object
 $session = $this->_getCustomerSession();
 
 // check whether customer is logged in
 if ( !$session->isLoggedIn() ) {
 // if customer is not logged in throw an exception
 Mage::throwException(Mage::helper('mymodule')->__('Not logged in'));
 }
 }
 
 /**
 * Get authenticated customer object.
 *
 * @return Mage_Customer_Model_Customer Authenticated customer object.
 * @throws Mage_Core_Exception If customer is not authenticated or does not exist.
 */
 protected function _getAuthenticatedCustomer()
 {
 // retrieve authenticated customer ID
 $customerId = $this->_getAuthenticatedCustomerId();
 if ( $customerId )
 {
 // load customer
 /** @var Mage_Customer_Model_Customer $customer */
 $customer = Mage::getModel('customer/customer')
 ->load($customerId);
 if ( $customer->getId() ) {
 // if customer exists, return customer object
 return $customer;
 }
 }
 
 // customer not authenticated or does not exist, so throw exception
 Mage::throwException(Mage::helper('mymodule')->__('Unknown Customer'));
 }
/**
 * Get authenticated customer ID.
 *
 * @return integer Authenticated customer ID, if any; null, otherwise.
 */
 protected function _getAuthenticatedCustomerId()
 {
 // get customer session object
 $session = $this->_getCustomerSession();
 
 // return authenticated customer ID, if any
 return $session->getCustomerId();
 }


 /**
 * Get store object from supplied website code or from register or session.
 *
 * @param string $code Code
 */
 protected function _getStore( $code = null )
 {
 // get customer session
 $session = $this->_getCustomerSession();
 
 // if website code not supplied, check for selected store in register or selected website in session
 if ( null === $code ) {
 // try to get selected store from register
 $store = Mage::registry('current_store');
 if ( $store ) {
 return $store;
 }
 
 // try to get selected website code from session
 $code = $session->getCurrentWebsiteCode();
 if ( !$code ) {
 // if no store in register or website code in session, throw an exception
 Mage::throwException(Mage::helper('mymodule')->__('No Store set'));
 }
 }
 
 // load website from code
 /** @var Mage_Core_Model_Website $website */
 $website = Mage::getModel('core/website')
 ->load($code, 'code');
 if ( !$website->getId() ) {
 // if unknown website, throw an exception
 Mage::throwException(Mage::helper('mymodule')->__('Invalid Store') . $code);
 }
 
 // get the default store of the website
 $store = $website->getDefaultStore();
 
 // register the current store
 Mage::app()->setCurrentStore($store);
 Mage::register('current_store', $store, true);
 
 // set the current website code in the session
 $session->setCurrentWebsiteCode($website->getCode());
 
 // return store object
 return $store;
 }

/**
 * @return Mage_Customer_Model_Session
 */
 protected function _getCustomerSession()
 {
 if ( !$this->_customerSession ) {
 $this->_customerSession = Mage::getSingleton('customer/session');
 }
 return $this->_customerSession;
 }
 
 /* Customer Authitication Ends*/
 
 
 /* Emails Starts */

}

That’s It…we are done now let us make API call from client side(here we would call this from an php page)

Test PHP code to call custom api method.

<?php
try {
define("SOAP_WSDL",'http://localhost/magento/api/?wsdl');
define("SOAP_WSDL2",'http://localhost/magento/api/v2_soap/?wsdl');



 define("SOAP_USER","soap_user");
 define("SOAP_PASS","password");
 
 if($_GET['ver'] == '2') {
 $client = new SoapClient(SOAP_WSDL2, array('trace' => 1,'cache_wsdl' => 0));
 echo "<br>version 2 <br>";
 }
 else {
 $client = new SoapClient(SOAP_WSDL,array('trace' => 1,'cache_wsdl' => 0));

 echo "<br>version 1 <br>";
 }
 $session = $client->login(SOAP_USER, SOAP_PASS);
 $result = array();

 try {
 if($_GET['ver'] == '2') {
 $result = $client->Foldercustomerlogin($session,"caller message","base","[email protected]","userpassword"); // working one
 
 var_dump ($result); 
 } else { 
 
 $result= $client->call($session, 'Mymodule_Folder.customerlogin', array("My message ....","base","[email protected]",'userpassword')); // working one
 
 var_dump ( $result); 
 }
 } catch (SoapFault $exception) {
 echo 'EXCEPTION='.$exception;
 }
 echo "<br>end test<br>";
} catch (Exception $e){
 echo var_dump($e);
 throw $e;
} 
?>

Hope this helps!!!! Happy Coding!!!!