IProvider.php 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  6. * SPDX-License-Identifier: AGPL-3.0-only
  7. */
  8. namespace OC\Authentication\Token;
  9. use OC\Authentication\Exceptions\PasswordlessTokenException;
  10. use OCP\Authentication\Exceptions\ExpiredTokenException;
  11. use OCP\Authentication\Exceptions\InvalidTokenException;
  12. use OCP\Authentication\Exceptions\WipeTokenException;
  13. use OCP\Authentication\Token\IToken as OCPIToken;
  14. interface IProvider {
  15. /**
  16. * Create and persist a new token
  17. *
  18. * @param string $token
  19. * @param string $uid
  20. * @param string $loginName
  21. * @param string|null $password
  22. * @param string $name Name will be trimmed to 120 chars when longer
  23. * @param int $type token type
  24. * @param int $remember whether the session token should be used for remember-me
  25. * @return OCPIToken
  26. * @throws \RuntimeException when OpenSSL reports a problem
  27. */
  28. public function generateToken(string $token,
  29. string $uid,
  30. string $loginName,
  31. ?string $password,
  32. string $name,
  33. int $type = OCPIToken::TEMPORARY_TOKEN,
  34. int $remember = OCPIToken::DO_NOT_REMEMBER): OCPIToken;
  35. /**
  36. * Get a token by token id
  37. *
  38. * @param string $tokenId
  39. * @throws InvalidTokenException
  40. * @throws ExpiredTokenException
  41. * @throws WipeTokenException
  42. * @return OCPIToken
  43. */
  44. public function getToken(string $tokenId): OCPIToken;
  45. /**
  46. * Get a token by token id
  47. *
  48. * @param int $tokenId
  49. * @throws InvalidTokenException
  50. * @throws ExpiredTokenException
  51. * @throws WipeTokenException
  52. * @return OCPIToken
  53. */
  54. public function getTokenById(int $tokenId): OCPIToken;
  55. /**
  56. * Duplicate an existing session token
  57. *
  58. * @param string $oldSessionId
  59. * @param string $sessionId
  60. * @throws InvalidTokenException
  61. * @throws \RuntimeException when OpenSSL reports a problem
  62. * @return OCPIToken The new token
  63. */
  64. public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken;
  65. /**
  66. * Invalidate (delete) the given session token
  67. *
  68. * @param string $token
  69. */
  70. public function invalidateToken(string $token);
  71. /**
  72. * Invalidate (delete) the given token
  73. *
  74. * @param string $uid
  75. * @param int $id
  76. */
  77. public function invalidateTokenById(string $uid, int $id);
  78. /**
  79. * Invalidate (delete) old session tokens
  80. */
  81. public function invalidateOldTokens();
  82. /**
  83. * Invalidate (delete) tokens last used before a given date
  84. */
  85. public function invalidateLastUsedBefore(string $uid, int $before): void;
  86. /**
  87. * Save the updated token
  88. *
  89. * @param OCPIToken $token
  90. */
  91. public function updateToken(OCPIToken $token);
  92. /**
  93. * Update token activity timestamp
  94. *
  95. * @param OCPIToken $token
  96. */
  97. public function updateTokenActivity(OCPIToken $token);
  98. /**
  99. * Get all tokens of a user
  100. *
  101. * The provider may limit the number of result rows in case of an abuse
  102. * where a high number of (session) tokens is generated
  103. *
  104. * @param string $uid
  105. * @return OCPIToken[]
  106. */
  107. public function getTokenByUser(string $uid): array;
  108. /**
  109. * Get the (unencrypted) password of the given token
  110. *
  111. * @param OCPIToken $savedToken
  112. * @param string $tokenId
  113. * @throws InvalidTokenException
  114. * @throws PasswordlessTokenException
  115. * @return string
  116. */
  117. public function getPassword(OCPIToken $savedToken, string $tokenId): string;
  118. /**
  119. * Encrypt and set the password of the given token
  120. *
  121. * @param OCPIToken $token
  122. * @param string $tokenId
  123. * @param string $password
  124. * @throws InvalidTokenException
  125. */
  126. public function setPassword(OCPIToken $token, string $tokenId, string $password);
  127. /**
  128. * Rotate the token. Useful for for example oauth tokens
  129. *
  130. * @param OCPIToken $token
  131. * @param string $oldTokenId
  132. * @param string $newTokenId
  133. * @return OCPIToken
  134. * @throws \RuntimeException when OpenSSL reports a problem
  135. */
  136. public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken;
  137. /**
  138. * Marks a token as having an invalid password.
  139. *
  140. * @param OCPIToken $token
  141. * @param string $tokenId
  142. */
  143. public function markPasswordInvalid(OCPIToken $token, string $tokenId);
  144. /**
  145. * Update all the passwords of $uid if required
  146. *
  147. * @param string $uid
  148. * @param string $password
  149. */
  150. public function updatePasswords(string $uid, string $password);
  151. }