server/lib/private/Authentication/Token/IToken.php

<?php
declare(strict_types=1);
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Christoph Wurst <christoph@owncloud.com>
 * @author Robin Appelman <robin@icewind.nl>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

namespace OC\Authentication\Token;

use JsonSerializable;

interface IToken extends JsonSerializable {

	const TEMPORARY_TOKEN = 0;
	const PERMANENT_TOKEN = 1;
	const DO_NOT_REMEMBER = 0;
	const REMEMBER = 1;

	/**
	 * Get the token ID
	 *
	 * @return int
	 */
	public function getId(): int;

	/**
	 * Get the user UID
	 *
	 * @return string
	 */
	public function getUID(): string;

	/**
	 * Get the login name used when generating the token
	 *
	 * @return string
	 */
	public function getLoginName(): string;

	/**
	 * Get the (encrypted) login password
	 *
	 * @return string|null
	 */
	public function getPassword();

	/**
	 * Get the timestamp of the last password check
	 *
	 * @return int
	 */
	public function getLastCheck(): int;

	/**
	 * Set the timestamp of the last password check
	 *
	 * @param int $time
	 */
	public function setLastCheck(int $time);

	/**
	 * Get the authentication scope for this token
	 *
	 * @return string
	 */
	public function getScope(): string;

	/**
	 * Get the authentication scope for this token
	 *
	 * @return array
	 */
	public function getScopeAsArray(): array;

	/**
	 * Set the authentication scope for this token
	 *
	 * @param array $scope
	 */
	public function setScope($scope);

	/**
	 * Get the name of the token
	 * @return string
	 */
	public function getName(): string;

	/**
	 * Get the remember state of the token
	 *
	 * @return int
	 */
	public function getRemember(): int;

	/**
	 * Set the token
	 *
	 * @param string $token
	 */
	public function setToken(string $token);

	/**
	 * Set the password
	 *
	 * @param string $password
	 */
	public function setPassword(string $password);

	/**
	 * Set the expiration time of the token
	 *
	 * @param int|null $expires
	 */
	public function setExpires($expires);
}
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 12:10:55 +00:00			`<?php`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`declare(strict_types=1);`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 12:10:55 +00:00			`/**`
Fix others 2016-07-21 15:07:57 +00:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 12:10:55 +00:00			`* @author Christoph Wurst <christoph@owncloud.com>`
Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2017-11-06 14:56:42 +00:00			`* @author Robin Appelman <robin@icewind.nl>`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 12:10:55 +00:00			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
			`*`
			`*/`

			`namespace OC\Authentication\Token;`

add button to invalidate browser sessions/device tokens 2016-05-19 09:20:22 +00:00			`use JsonSerializable;`

			`interface IToken extends JsonSerializable {`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 12:10:55 +00:00
Add index on 'last_activity' add token type column and delete only temporary tokens in the background job debounce token updates; fix wrong class import 2016-04-26 10:48:19 +00:00			`const TEMPORARY_TOKEN = 0;`
			`const PERMANENT_TOKEN = 1;`
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 19:41:15 +00:00			`const DO_NOT_REMEMBER = 0;`
			`const REMEMBER = 1;`
Add index on 'last_activity' add token type column and delete only temporary tokens in the background job debounce token updates; fix wrong class import 2016-04-26 10:48:19 +00:00
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 12:10:55 +00:00			`/**`
			`* Get the token ID`
			`*`
add button to invalidate browser sessions/device tokens 2016-05-19 09:20:22 +00:00			`* @return int`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 12:10:55 +00:00			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`public function getId(): int;`
Add token auth for OCS APIs 2016-04-27 07:38:30 +00:00
			`/**`
			`* Get the user UID`
			`*`
			`* @return string`
			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`public function getUID(): string;`
a single token provider suffices 2016-05-17 15:20:54 +00:00
when generating browser/device token, save the login name for later password checks 2016-05-24 08:50:18 +00:00			`/**`
			`* Get the login name used when generating the token`
			`*`
			`* @return string`
			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`public function getLoginName(): string;`
when generating browser/device token, save the login name for later password checks 2016-05-24 08:50:18 +00:00
a single token provider suffices 2016-05-17 15:20:54 +00:00			`/**`
			`* Get the (encrypted) login password`
			`*`
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:56:40 +00:00			`* @return string\|null`
a single token provider suffices 2016-05-17 15:20:54 +00:00			`*/`
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:56:40 +00:00			`public function getPassword();`
store last check timestamp in token instead of session 2016-06-17 11:59:15 +00:00
			`/**`
			`* Get the timestamp of the last password check`
			`*`
			`* @return int`
			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`public function getLastCheck(): int;`
store last check timestamp in token instead of session 2016-06-17 11:59:15 +00:00
			`/**`
app password scope wip Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 10:03:18 +00:00			`* Set the timestamp of the last password check`
store last check timestamp in token instead of session 2016-06-17 11:59:15 +00:00			`*`
			`* @param int $time`
			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`public function setLastCheck(int $time);`
read lockdown scope from token Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-01 17:06:54 +00:00
app password scope wip Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 10:03:18 +00:00			`/**`
			`* Get the authentication scope for this token`
			`*`
allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 13:57:06 +00:00			`* @return string`
app password scope wip Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 10:03:18 +00:00			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`public function getScope(): string;`
read lockdown scope from token Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-01 17:06:54 +00:00
allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 13:57:06 +00:00			`/**`
			`* Get the authentication scope for this token`
			`*`
			`* @return array`
			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`public function getScopeAsArray(): array;`
allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 13:57:06 +00:00
app password scope wip Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 10:03:18 +00:00			`/**`
			`* Set the authentication scope for this token`
			`*`
Add test for setting up fake fs Signed-off-by: Robin Appelman <robin@icewind.nl> 2016-11-15 16:25:28 +00:00			`* @param array $scope`
app password scope wip Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 10:03:18 +00:00			`*/`
Refix scope Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 09:41:27 +00:00			`public function setScope($scope);`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00
Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 19:10:43 +00:00			`/**`
			`* Get the name of the token`
			`* @return string`
			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`public function getName(): string;`

Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 19:10:43 +00:00			`/**`
			`* Get the remember state of the token`
			`*`
			`* @return int`
			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 08:24:46 +00:00			`public function getRemember(): int;`
Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 19:10:43 +00:00
			`/**`
			`* Set the token`
			`*`
			`* @param string $token`
			`*/`
			`public function setToken(string $token);`

			`/**`
			`* Set the password`
			`*`
			`* @param string $password`
			`*/`
			`public function setPassword(string $password);`
Certain tokens can expire However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-16 10:39:00 +00:00
			`/**`
			`* Set the expiration time of the token`
			`*`
			`* @param int\|null $expires`
			`*/`
			`public function setExpires($expires);`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 12:10:55 +00:00			`}`