nextcloud/lib/private/Authentication/Token/IProvider.php

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Christoph Wurst <christoph@owncloud.com>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

namespace OC\Authentication\Token;

use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException;
use OCP\IUser;

interface IProvider {


	/**
	 * Create and persist a new token
	 *
	 * @param string $token
	 * @param string $uid
	 * @param string $loginName
	 * @param string|null $password
	 * @param string $name
	 * @param int $type token type
	 * @param int $remember whether the session token should be used for remember-me
	 * @return IToken
	 */
	public function generateToken($token, $uid, $loginName, $password, $name, $type = IToken::TEMPORARY_TOKEN, $remember = IToken::DO_NOT_REMEMBER);

	/**
	 * Get a token by token id
	 *
	 * @param string $tokenId
	 * @throws InvalidTokenException
	 * @return IToken
	 */
	public function getToken($tokenId);

	/**
	 * Get a token by token id
	 *
	 * @param string $tokenId
	 * @throws InvalidTokenException
	 * @return DefaultToken
	 */
	public function getTokenById($tokenId);

	/**
	 * Duplicate an existing session token
	 *
	 * @param string $oldSessionId
	 * @param string $sessionId
	 * @throws InvalidTokenException
	 */
	public function renewSessionToken($oldSessionId, $sessionId);

	/**
	 * Invalidate (delete) the given session token
	 *
	 * @param string $token
	 */
	public function invalidateToken($token);

	/**
	 * Invalidate (delete) the given token
	 *
	 * @param IUser $user
	 * @param int $id
	 */
	public function invalidateTokenById(IUser $user, $id);

	/**
	 * Invalidate (delete) old session tokens
	 */
	public function invalidateOldTokens();

	/**
	 * Save the updated token
	 *
	 * @param IToken $token
	 */
	public function updateToken(IToken $token);

	/**
	 * Update token activity timestamp
	 *
	 * @param IToken $token
	 */
	public function updateTokenActivity(IToken $token);

	/**
	 * Get all token of a user
	 *
	 * The provider may limit the number of result rows in case of an abuse
	 * where a high number of (session) tokens is generated
	 *
	 * @param IUser $user
	 * @return IToken[]
	 */
	public function getTokenByUser(IUser $user);

	/**
	 * Get the (unencrypted) password of the given token
	 *
	 * @param IToken $token
	 * @param string $tokenId
	 * @throws InvalidTokenException
	 * @throws PasswordlessTokenException
	 * @return string
	 */
	public function getPassword(IToken $token, $tokenId);

	/**
	 * Encrypt and set the password of the given token
	 *
	 * @param IToken $token
	 * @param string $tokenId
	 * @param string $password
	 * @throws InvalidTokenException
	 */
	public function setPassword(IToken $token, $tokenId, $password);
}
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 15:10:55 +03:00			`<?php`
			`/**`
Fix others 2016-07-21 18:07:57 +03:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 15:10:55 +03:00			`* @author Christoph Wurst <christoph@owncloud.com>`
			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
			`*`
			`*/`

			`namespace OC\Authentication\Token;`

			`use OC\Authentication\Exceptions\InvalidTokenException;`
Create session tokens for apache auth users 2016-05-31 11:48:14 +03:00			`use OC\Authentication\Exceptions\PasswordlessTokenException;`
add method to query all user auth tokens 2016-05-18 12:33:56 +03:00			`use OCP\IUser;`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 15:10:55 +03:00
			`interface IProvider {`

bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 22:41:15 +03:00
a single token provider suffices 2016-05-17 18:20:54 +03:00			`/**`
			`* Create and persist a new token`
			`*`
			`* @param string $token`
			`* @param string $uid`
when generating browser/device token, save the login name for later password checks 2016-05-24 11:50:18 +03:00			`* @param string $loginName`
Create session tokens for apache auth users 2016-05-31 11:48:14 +03:00			`* @param string\|null $password`
a single token provider suffices 2016-05-17 18:20:54 +03:00			`* @param string $name`
			`* @param int $type token type`
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 22:41:15 +03:00			`* @param int $remember whether the session token should be used for remember-me`
add button to add new device tokens 2016-05-18 19:25:05 +03:00			`* @return IToken`
a single token provider suffices 2016-05-17 18:20:54 +03:00			`*/`
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 22:41:15 +03:00			`public function generateToken($token, $uid, $loginName, $password, $name, $type = IToken::TEMPORARY_TOKEN, $remember = IToken::DO_NOT_REMEMBER);`
a single token provider suffices 2016-05-17 18:20:54 +03:00
			`/**`
			`* Get a token by token id`
			`*`
			`* @param string $tokenId`
			`* @throws InvalidTokenException`
			`* @return IToken`
			`*/`
allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 16:57:06 +03:00			`public function getToken($tokenId);`

			`/**`
			`* Get a token by token id`
			`*`
			`* @param string $tokenId`
			`* @throws InvalidTokenException`
			`* @return DefaultToken`
			`*/`
			`public function getTokenById($tokenId);`
add button to invalidate browser sessions/device tokens 2016-05-19 12:20:22 +03:00
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 22:41:15 +03:00			`/**`
document what the method does Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-11-02 19:32:44 +03:00			`* Duplicate an existing session token`
			`*`
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 22:41:15 +03:00			`* @param string $oldSessionId`
			`* @param string $sessionId`
Add missing tests and fix PHPDoc Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2016-11-02 15:37:39 +03:00			`* @throws InvalidTokenException`
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 22:41:15 +03:00			`*/`
			`public function renewSessionToken($oldSessionId, $sessionId);`

a single token provider suffices 2016-05-17 18:20:54 +03:00			`/**`
			`* Invalidate (delete) the given session token`
			`*`
			`* @param string $token`
			`*/`
			`public function invalidateToken($token);`

add button to invalidate browser sessions/device tokens 2016-05-19 12:20:22 +03:00			`/**`
			`* Invalidate (delete) the given token`
			`*`
			`* @param IUser $user`
			`* @param int $id`
			`*/`
			`public function invalidateTokenById(IUser $user, $id);`

Add token auth for OCS APIs 2016-04-27 10:38:30 +03:00			`/**`
add invalidateOldTokens to IProvider interface 2016-08-02 11:34:11 +03:00			`* Invalidate (delete) old session tokens`
			`*/`
			`public function invalidateOldTokens();`

			`/**`
store last check timestamp in token instead of session 2016-06-17 14:59:15 +03:00			`* Save the updated token`
Add token auth for OCS APIs 2016-04-27 10:38:30 +03:00			`*`
fix PHPDoc and other minor issues 2016-05-06 17:31:40 +03:00			`* @param IToken $token`
Add token auth for OCS APIs 2016-04-27 10:38:30 +03:00			`*/`
			`public function updateToken(IToken $token);`
a single token provider suffices 2016-05-17 18:20:54 +03:00
Add token auth for OCS APIs 2016-04-27 10:38:30 +03:00			`/**`
			`* Update token activity timestamp`
			`*`
fix PHPDoc and other minor issues 2016-05-06 17:31:40 +03:00			`* @param IToken $token`
Add token auth for OCS APIs 2016-04-27 10:38:30 +03:00			`*/`
use token last_activity instead of session value 2016-06-17 13:08:48 +03:00			`public function updateTokenActivity(IToken $token);`
a single token provider suffices 2016-05-17 18:20:54 +03:00
add method to query all user auth tokens 2016-05-18 12:33:56 +03:00			`/**`
			`* Get all token of a user`
			`*`
			`* The provider may limit the number of result rows in case of an abuse`
			`* where a high number of (session) tokens is generated`
			`*`
			`* @param IUser $user`
			`* @return IToken[]`
			`*/`
			`public function getTokenByUser(IUser $user);`

a single token provider suffices 2016-05-17 18:20:54 +03:00			`/**`
			`* Get the (unencrypted) password of the given token`
			`*`
			`* @param IToken $token`
			`* @param string $tokenId`
add button to add new device tokens 2016-05-18 19:25:05 +03:00			`* @throws InvalidTokenException`
Create session tokens for apache auth users 2016-05-31 11:48:14 +03:00			`* @throws PasswordlessTokenException`
a single token provider suffices 2016-05-17 18:20:54 +03:00			`* @return string`
			`*/`
			`public function getPassword(IToken $token, $tokenId);`
update session token password on user password change 2016-06-21 11:23:50 +03:00
			`/**`
			`* Encrypt and set the password of the given token`
			`*`
			`* @param IToken $token`
			`* @param string $tokenId`
			`* @param string $password`
			`* @throws InvalidTokenException`
			`*/`
			`public function setPassword(IToken $token, $tokenId, $password);`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 15:10:55 +03:00			`}`