|
0
|
1 |
<?php |
|
|
2 |
namespace Symfony\Component\Security\Http\RememberMe; |
|
|
3 |
|
|
|
4 |
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
|
5 |
use Symfony\Component\HttpFoundation\Response; |
|
|
6 |
use Symfony\Component\HttpFoundation\Request; |
|
|
7 |
|
|
|
8 |
/* |
|
|
9 |
* This file is part of the Symfony package. |
|
|
10 |
* |
|
|
11 |
* (c) Fabien Potencier <fabien@symfony.com> |
|
|
12 |
* |
|
|
13 |
* For the full copyright and license information, please view the LICENSE |
|
|
14 |
* file that was distributed with this source code. |
|
|
15 |
*/ |
|
|
16 |
|
|
|
17 |
/** |
|
|
18 |
* Interface that needs to be implemented by classes which provide remember-me |
|
|
19 |
* capabilities. |
|
|
20 |
* |
|
|
21 |
* We provide two implementations out-of-the-box: |
|
|
22 |
* - TokenBasedRememberMeServices (does not require a TokenProvider) |
|
|
23 |
* - PersistentTokenBasedRememberMeServices (requires a TokenProvider) |
|
|
24 |
* |
|
|
25 |
* @author Johannes M. Schmitt <schmittjoh@gmail.com> |
|
|
26 |
*/ |
|
|
27 |
interface RememberMeServicesInterface |
|
|
28 |
{ |
|
|
29 |
/** |
|
|
30 |
* This attribute name can be used by the implementation if it needs to set |
|
|
31 |
* a cookie on the Request when there is no actual Response, yet. |
|
|
32 |
* |
|
|
33 |
* @var string |
|
|
34 |
*/ |
|
|
35 |
const COOKIE_ATTR_NAME = '_security_remember_me_cookie'; |
|
|
36 |
|
|
|
37 |
/** |
|
|
38 |
* This method will be called whenever the SecurityContext does not contain |
|
|
39 |
* an TokenInterface object and the framework wishes to provide an implementation |
|
|
40 |
* with an opportunity to authenticate the request using remember-me capabilities. |
|
|
41 |
* |
|
|
42 |
* No attempt whatsoever is made to determine whether the browser has requested |
|
|
43 |
* remember-me services or presented a valid cookie. Any and all such determinations |
|
|
44 |
* are left to the implementation of this method. |
|
|
45 |
* |
|
|
46 |
* If a browser has presented an unauthorised cookie for whatever reason, |
|
|
47 |
* make sure to throw an AuthenticationException as this will consequentially |
|
|
48 |
* result in a call to loginFail() and therefore an invalidation of the cookie. |
|
|
49 |
* |
|
|
50 |
* @param Request $request |
|
|
51 |
* @return TokenInterface |
|
|
52 |
*/ |
|
|
53 |
function autoLogin(Request $request); |
|
|
54 |
|
|
|
55 |
/** |
|
|
56 |
* Called whenever an interactive authentication attempt was made, but the |
|
|
57 |
* credentials supplied by the user were missing or otherwise invalid. |
|
|
58 |
* |
|
|
59 |
* This method needs to take care of invalidating the cookie. |
|
|
60 |
* |
|
|
61 |
* @param Request $request |
|
|
62 |
* @return void |
|
|
63 |
*/ |
|
|
64 |
function loginFail(Request $request); |
|
|
65 |
|
|
|
66 |
/** |
|
|
67 |
* Called whenever an interactive authentication attempt is successful |
|
|
68 |
* (e.g. a form login). |
|
|
69 |
* |
|
|
70 |
* An implementation may always set a remember-me cookie in the Response, |
|
|
71 |
* although this is not recommended. |
|
|
72 |
* |
|
|
73 |
* Instead, implementations should typically look for a request parameter |
|
|
74 |
* (such as a HTTP POST parameter) that indicates the browser has explicitly |
|
|
75 |
* requested for the authentication to be remembered. |
|
|
76 |
* |
|
|
77 |
* @param Request $request |
|
|
78 |
* @param Response $response |
|
|
79 |
* @param TokenInterface $token |
|
|
80 |
* @return void |
|
|
81 |
*/ |
|
|
82 |
function loginSuccess(Request $request, Response $response, TokenInterface $token); |
|
|
83 |
} |