2015-05-17 19:39:26 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Symfony\Component\Security\Guard;
|
|
|
|
|
|
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
|
|
use Symfony\Component\Security\Core\Exception\AuthenticationException;
|
|
|
|
use Symfony\Component\Security\Core\User\UserInterface;
|
|
|
|
use Symfony\Component\Security\Core\User\UserProviderInterface;
|
2015-05-17 22:35:08 +01:00
|
|
|
use Symfony\Component\Security\Guard\Token\GuardTokenInterface;
|
2015-05-17 19:39:26 +01:00
|
|
|
use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The interface for all "guard" authenticators
|
|
|
|
*
|
|
|
|
* The methods on this interface are called throughout the guard authentication
|
|
|
|
* process to give you the power to control most parts of the process from
|
|
|
|
* one location.
|
|
|
|
*
|
|
|
|
* @author Ryan Weaver <weaverryan@gmail.com>
|
|
|
|
*/
|
|
|
|
interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Get the authentication credentials from the request and return them
|
|
|
|
* as any type (e.g. an associate array). If you return null, authentication
|
|
|
|
* will be skipped.
|
|
|
|
*
|
|
|
|
* Whatever value you return here will be passed to authenticate()
|
|
|
|
*
|
|
|
|
* For example, for a form login, you might:
|
|
|
|
*
|
|
|
|
* return array(
|
|
|
|
* 'username' => $request->request->get('_username'),
|
|
|
|
* 'password' => $request->request->get('_password'),
|
|
|
|
* );
|
|
|
|
*
|
|
|
|
* Or for an API token that's on a header, you might use:
|
|
|
|
*
|
|
|
|
* return array('api_key' => $request->headers->get('X-API-TOKEN'));
|
|
|
|
*
|
|
|
|
* @param Request $request
|
|
|
|
* @return mixed|null
|
|
|
|
*/
|
|
|
|
public function getCredentialsFromRequest(Request $request);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a UserInterface object based on the credentials OR throw
|
|
|
|
* an AuthenticationException
|
|
|
|
*
|
|
|
|
* The *credentials* are the return value from getCredentialsFromRequest()
|
|
|
|
*
|
|
|
|
* @param mixed $credentials
|
|
|
|
* @param UserProviderInterface $userProvider
|
|
|
|
* @throws AuthenticationException
|
|
|
|
* @return UserInterface
|
|
|
|
*/
|
|
|
|
public function authenticate($credentials, UserProviderInterface $userProvider);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create an authenticated token for the given user
|
|
|
|
*
|
|
|
|
* If you don't care about which token class is used or don't really
|
|
|
|
* understand what a "token" is, you can skip this method by extending
|
|
|
|
* the AbstractGuardAuthenticator class from your authenticator.
|
|
|
|
*
|
|
|
|
* @see AbstractGuardAuthenticator
|
|
|
|
* @param UserInterface $user
|
|
|
|
* @param string $providerKey The provider (i.e. firewall) key
|
2015-05-17 22:35:08 +01:00
|
|
|
* @return GuardTokenInterface
|
2015-05-17 19:39:26 +01:00
|
|
|
*/
|
|
|
|
public function createAuthenticatedToken(UserInterface $user, $providerKey);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Called when authentication executed, but failed (e.g. wrong username password)
|
|
|
|
*
|
|
|
|
* This should return the Response sent back to the user, like a
|
|
|
|
* RedirectResponse to the login page or a 403 response.
|
|
|
|
*
|
|
|
|
* If you return null, the request will continue, but the user will
|
|
|
|
* not be authenticated. This is probably not what you want to do.
|
|
|
|
*
|
|
|
|
* @param Request $request
|
|
|
|
* @param AuthenticationException $exception
|
|
|
|
* @return Response|null
|
|
|
|
*/
|
|
|
|
public function onAuthenticationFailure(Request $request, AuthenticationException $exception);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Called when authentication executed and was successful!
|
|
|
|
*
|
|
|
|
* This should return the Response sent back to the user, like a
|
|
|
|
* RedirectResponse to the last page they visited.
|
|
|
|
*
|
|
|
|
* If you return null, the current request will continue, and the user
|
|
|
|
* will be authenticated. This makes sense, for example, with an API.
|
|
|
|
*
|
|
|
|
* @param Request $request
|
|
|
|
* @param TokenInterface $token
|
|
|
|
* @param string $providerKey The provider (i.e. firewall) key
|
|
|
|
* @return Response|null
|
|
|
|
*/
|
|
|
|
public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Does this method support remember me cookies?
|
|
|
|
*
|
|
|
|
* Remember me cookie will be set if *all* of the following are met:
|
|
|
|
* A) This method returns true
|
|
|
|
* B) The remember_me key under your firewall is configured
|
|
|
|
* C) The "remember me" functionality is activated. This is usually
|
|
|
|
* done by having a _remember_me checkbox in your form, but
|
|
|
|
* can be configured by the "always_remember_me" and "remember_me_parameter"
|
|
|
|
* parameters under the "remember_me" firewall key
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function supportsRememberMe();
|
|
|
|
}
|