|
1 <?php |
|
2 namespace Symfony\Component\Security\Http\RememberMe; |
|
3 |
|
4 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
5 use Symfony\Component\HttpFoundation\Response; |
|
6 use Symfony\Component\HttpFoundation\Request; |
|
7 |
|
8 /* |
|
9 * This file is part of the Symfony package. |
|
10 * |
|
11 * (c) Fabien Potencier <fabien@symfony.com> |
|
12 * |
|
13 * For the full copyright and license information, please view the LICENSE |
|
14 * file that was distributed with this source code. |
|
15 */ |
|
16 |
|
17 /** |
|
18 * Interface that needs to be implemented by classes which provide remember-me |
|
19 * capabilities. |
|
20 * |
|
21 * We provide two implementations out-of-the-box: |
|
22 * - TokenBasedRememberMeServices (does not require a TokenProvider) |
|
23 * - PersistentTokenBasedRememberMeServices (requires a TokenProvider) |
|
24 * |
|
25 * @author Johannes M. Schmitt <schmittjoh@gmail.com> |
|
26 */ |
|
27 interface RememberMeServicesInterface |
|
28 { |
|
29 /** |
|
30 * This attribute name can be used by the implementation if it needs to set |
|
31 * a cookie on the Request when there is no actual Response, yet. |
|
32 * |
|
33 * @var string |
|
34 */ |
|
35 const COOKIE_ATTR_NAME = '_security_remember_me_cookie'; |
|
36 |
|
37 /** |
|
38 * This method will be called whenever the SecurityContext does not contain |
|
39 * an TokenInterface object and the framework wishes to provide an implementation |
|
40 * with an opportunity to authenticate the request using remember-me capabilities. |
|
41 * |
|
42 * No attempt whatsoever is made to determine whether the browser has requested |
|
43 * remember-me services or presented a valid cookie. Any and all such determinations |
|
44 * are left to the implementation of this method. |
|
45 * |
|
46 * If a browser has presented an unauthorised cookie for whatever reason, |
|
47 * make sure to throw an AuthenticationException as this will consequentially |
|
48 * result in a call to loginFail() and therefore an invalidation of the cookie. |
|
49 * |
|
50 * @param Request $request |
|
51 * @return TokenInterface |
|
52 */ |
|
53 function autoLogin(Request $request); |
|
54 |
|
55 /** |
|
56 * Called whenever an interactive authentication attempt was made, but the |
|
57 * credentials supplied by the user were missing or otherwise invalid. |
|
58 * |
|
59 * This method needs to take care of invalidating the cookie. |
|
60 * |
|
61 * @param Request $request |
|
62 * @return void |
|
63 */ |
|
64 function loginFail(Request $request); |
|
65 |
|
66 /** |
|
67 * Called whenever an interactive authentication attempt is successful |
|
68 * (e.g. a form login). |
|
69 * |
|
70 * An implementation may always set a remember-me cookie in the Response, |
|
71 * although this is not recommended. |
|
72 * |
|
73 * Instead, implementations should typically look for a request parameter |
|
74 * (such as a HTTP POST parameter) that indicates the browser has explicitly |
|
75 * requested for the authentication to be remembered. |
|
76 * |
|
77 * @param Request $request |
|
78 * @param Response $response |
|
79 * @param TokenInterface $token |
|
80 * @return void |
|
81 */ |
|
82 function loginSuccess(Request $request, Response $response, TokenInterface $token); |
|
83 } |