1
0

IProvider.php 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  6. * SPDX-License-Identifier: AGPL-3.0-only
  7. */
  8. namespace OC\Authentication\Token;
  9. use OC\Authentication\Exceptions\PasswordlessTokenException;
  10. use OCP\Authentication\Exceptions\ExpiredTokenException;
  11. use OCP\Authentication\Exceptions\InvalidTokenException;
  12. use OCP\Authentication\Exceptions\WipeTokenException;
  13. use OCP\Authentication\Token\IToken as OCPIToken;
  14. interface IProvider {
  15. /**
  16. * Create and persist a new token
  17. *
  18. * @param string $token
  19. * @param string $uid
  20. * @param string $loginName
  21. * @param string|null $password
  22. * @param string $name Name will be trimmed to 120 chars when longer
  23. * @param int $type token type
  24. * @param int $remember whether the session token should be used for remember-me
  25. * @return OCPIToken
  26. * @throws \RuntimeException when OpenSSL reports a problem
  27. */
  28. public function generateToken(string $token,
  29. string $uid,
  30. string $loginName,
  31. ?string $password,
  32. string $name,
  33. int $type = OCPIToken::TEMPORARY_TOKEN,
  34. int $remember = OCPIToken::DO_NOT_REMEMBER,
  35. ?array $scope = null,
  36. ): OCPIToken;
  37. /**
  38. * Get a token by token id
  39. *
  40. * @param string $tokenId
  41. * @throws InvalidTokenException
  42. * @throws ExpiredTokenException
  43. * @throws WipeTokenException
  44. * @return OCPIToken
  45. */
  46. public function getToken(string $tokenId): OCPIToken;
  47. /**
  48. * Get a token by token id
  49. *
  50. * @param int $tokenId
  51. * @throws InvalidTokenException
  52. * @throws ExpiredTokenException
  53. * @throws WipeTokenException
  54. * @return OCPIToken
  55. */
  56. public function getTokenById(int $tokenId): OCPIToken;
  57. /**
  58. * Duplicate an existing session token
  59. *
  60. * @param string $oldSessionId
  61. * @param string $sessionId
  62. * @throws InvalidTokenException
  63. * @throws \RuntimeException when OpenSSL reports a problem
  64. * @return OCPIToken The new token
  65. */
  66. public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken;
  67. /**
  68. * Invalidate (delete) the given session token
  69. *
  70. * @param string $token
  71. */
  72. public function invalidateToken(string $token);
  73. /**
  74. * Invalidate (delete) the given token
  75. *
  76. * @param string $uid
  77. * @param int $id
  78. */
  79. public function invalidateTokenById(string $uid, int $id);
  80. /**
  81. * Invalidate (delete) old session tokens
  82. */
  83. public function invalidateOldTokens();
  84. /**
  85. * Invalidate (delete) tokens last used before a given date
  86. */
  87. public function invalidateLastUsedBefore(string $uid, int $before): void;
  88. /**
  89. * Save the updated token
  90. *
  91. * @param OCPIToken $token
  92. */
  93. public function updateToken(OCPIToken $token);
  94. /**
  95. * Update token activity timestamp
  96. *
  97. * @param OCPIToken $token
  98. */
  99. public function updateTokenActivity(OCPIToken $token);
  100. /**
  101. * Get all tokens of a user
  102. *
  103. * The provider may limit the number of result rows in case of an abuse
  104. * where a high number of (session) tokens is generated
  105. *
  106. * @param string $uid
  107. * @return OCPIToken[]
  108. */
  109. public function getTokenByUser(string $uid): array;
  110. /**
  111. * Get the (unencrypted) password of the given token
  112. *
  113. * @param OCPIToken $savedToken
  114. * @param string $tokenId
  115. * @throws InvalidTokenException
  116. * @throws PasswordlessTokenException
  117. * @return string
  118. */
  119. public function getPassword(OCPIToken $savedToken, string $tokenId): string;
  120. /**
  121. * Encrypt and set the password of the given token
  122. *
  123. * @param OCPIToken $token
  124. * @param string $tokenId
  125. * @param string $password
  126. * @throws InvalidTokenException
  127. */
  128. public function setPassword(OCPIToken $token, string $tokenId, string $password);
  129. /**
  130. * Rotate the token. Useful for for example oauth tokens
  131. *
  132. * @param OCPIToken $token
  133. * @param string $oldTokenId
  134. * @param string $newTokenId
  135. * @return OCPIToken
  136. * @throws \RuntimeException when OpenSSL reports a problem
  137. */
  138. public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken;
  139. /**
  140. * Marks a token as having an invalid password.
  141. *
  142. * @param OCPIToken $token
  143. * @param string $tokenId
  144. */
  145. public function markPasswordInvalid(OCPIToken $token, string $tokenId);
  146. /**
  147. * Update all the passwords of $uid if required
  148. *
  149. * @param string $uid
  150. * @param string $password
  151. */
  152. public function updatePasswords(string $uid, string $password);
  153. }