RememberMeServicesInterface.php 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\Security\Http\RememberMe;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpFoundation\Response;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. /**
  15. * Interface that needs to be implemented by classes which provide remember-me
  16. * capabilities.
  17. *
  18. * We provide two implementations out-of-the-box:
  19. * - TokenBasedRememberMeServices (does not require a TokenProvider)
  20. * - PersistentTokenBasedRememberMeServices (requires a TokenProvider)
  21. *
  22. * @author Johannes M. Schmitt <schmittjoh@gmail.com>
  23. *
  24. * @method logout(Request $request, Response $response, TokenInterface $token)
  25. */
  26. interface RememberMeServicesInterface
  27. {
  28. /**
  29. * This attribute name can be used by the implementation if it needs to set
  30. * a cookie on the Request when there is no actual Response, yet.
  31. */
  32. public const COOKIE_ATTR_NAME = '_security_remember_me_cookie';
  33. /**
  34. * This method will be called whenever the TokenStorage does not contain
  35. * a TokenInterface object and the framework wishes to provide an implementation
  36. * with an opportunity to authenticate the request using remember-me capabilities.
  37. *
  38. * No attempt whatsoever is made to determine whether the browser has requested
  39. * remember-me services or presented a valid cookie. Any and all such determinations
  40. * are left to the implementation of this method.
  41. *
  42. * If a browser has presented an unauthorised cookie for whatever reason,
  43. * make sure to throw an AuthenticationException as this will consequentially
  44. * result in a call to loginFail() and therefore an invalidation of the cookie.
  45. *
  46. * @return TokenInterface|null
  47. */
  48. public function autoLogin(Request $request);
  49. /**
  50. * Called whenever an interactive authentication attempt was made, but the
  51. * credentials supplied by the user were missing or otherwise invalid.
  52. *
  53. * This method needs to take care of invalidating the cookie.
  54. */
  55. public function loginFail(Request $request, \Exception $exception = null);
  56. /**
  57. * Called whenever an interactive authentication attempt is successful
  58. * (e.g. a form login).
  59. *
  60. * An implementation may always set a remember-me cookie in the Response,
  61. * although this is not recommended.
  62. *
  63. * Instead, implementations should typically look for a request parameter
  64. * (such as an HTTP POST parameter) that indicates the browser has explicitly
  65. * requested for the authentication to be remembered.
  66. */
  67. public function loginSuccess(Request $request, Response $response, TokenInterface $token);
  68. }