nextcloud/lib/private/Authentication/Token/IProvider.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-only
 */
namespace OC\Authentication\Token;

use OC\Authentication\Exceptions\PasswordlessTokenException;
use OCP\Authentication\Exceptions\ExpiredTokenException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\Authentication\Exceptions\WipeTokenException;
use OCP\Authentication\Token\IToken as OCPIToken;

interface IProvider {
	/**
	 * Create and persist a new token
	 *
	 * @param string $token
	 * @param string $uid
	 * @param string $loginName
	 * @param string|null $password
	 * @param string $name Name will be trimmed to 120 chars when longer
	 * @param int $type token type
	 * @param int $remember whether the session token should be used for remember-me
	 * @return OCPIToken
	 * @throws \RuntimeException when OpenSSL reports a problem
	 */
	public function generateToken(string $token,
		string $uid,
		string $loginName,
		?string $password,
		string $name,
		int $type = OCPIToken::TEMPORARY_TOKEN,
		int $remember = OCPIToken::DO_NOT_REMEMBER,
		?array $scope = null,
	): OCPIToken;

	/**
	 * Get a token by token id
	 *
	 * @param string $tokenId
	 * @throws InvalidTokenException
	 * @throws ExpiredTokenException
	 * @throws WipeTokenException
	 * @return OCPIToken
	 */
	public function getToken(string $tokenId): OCPIToken;

	/**
	 * Get a token by token id
	 *
	 * @param int $tokenId
	 * @throws InvalidTokenException
	 * @throws ExpiredTokenException
	 * @throws WipeTokenException
	 * @return OCPIToken
	 */
	public function getTokenById(int $tokenId): OCPIToken;

	/**
	 * Duplicate an existing session token
	 *
	 * @param string $oldSessionId
	 * @param string $sessionId
	 * @throws InvalidTokenException
	 * @throws \RuntimeException when OpenSSL reports a problem
	 * @return OCPIToken The new token
	 */
	public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken;

	/**
	 * Invalidate (delete) the given session token
	 *
	 * @param string $token
	 */
	public function invalidateToken(string $token);

	/**
	 * Invalidate (delete) the given token
	 *
	 * @param string $uid
	 * @param int $id
	 */
	public function invalidateTokenById(string $uid, int $id);

	/**
	 * Invalidate (delete) old session tokens
	 */
	public function invalidateOldTokens();

	/**
	 * Invalidate (delete) tokens last used before a given date
	 */
	public function invalidateLastUsedBefore(string $uid, int $before): void;

	/**
	 * Save the updated token
	 *
	 * @param OCPIToken $token
	 */
	public function updateToken(OCPIToken $token);

	/**
	 * Update token activity timestamp
	 *
	 * @param OCPIToken $token
	 */
	public function updateTokenActivity(OCPIToken $token);

	/**
	 * Get all tokens of a user
	 *
	 * The provider may limit the number of result rows in case of an abuse
	 * where a high number of (session) tokens is generated
	 *
	 * @param string $uid
	 * @return OCPIToken[]
	 */
	public function getTokenByUser(string $uid): array;

	/**
	 * Get the (unencrypted) password of the given token
	 *
	 * @param OCPIToken $savedToken
	 * @param string $tokenId
	 * @throws InvalidTokenException
	 * @throws PasswordlessTokenException
	 * @return string
	 */
	public function getPassword(OCPIToken $savedToken, string $tokenId): string;

	/**
	 * Encrypt and set the password of the given token
	 *
	 * @param OCPIToken $token
	 * @param string $tokenId
	 * @param string $password
	 * @throws InvalidTokenException
	 */
	public function setPassword(OCPIToken $token, string $tokenId, string $password);

	/**
	 * Rotate the token. Useful for for example oauth tokens
	 *
	 * @param OCPIToken $token
	 * @param string $oldTokenId
	 * @param string $newTokenId
	 * @return OCPIToken
	 * @throws \RuntimeException when OpenSSL reports a problem
	 */
	public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken;

	/**
	 * Marks a token as having an invalid password.
	 *
	 * @param OCPIToken $token
	 * @param string $tokenId
	 */
	public function markPasswordInvalid(OCPIToken $token, string $tokenId);

	/**
	 * Update all the passwords of $uid if required
	 *
	 * @param string $uid
	 * @param string $password
	 */
	public function updatePasswords(string $uid, string $password);
}
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 08:10:55 -04:00			`<?php`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 13:57:53 -05:00
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 04:24:46 -04:00			`declare(strict_types=1);`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 13:57:53 -05:00
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 08:10:55 -04:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 03:26:56 -04:00			`* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-only`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 08:10:55 -04:00			`*/`
			`namespace OC\Authentication\Token;`

Create session tokens for apache auth users 2016-05-31 04:48:14 -04:00			`use OC\Authentication\Exceptions\PasswordlessTokenException;`
Suppress or fix psalm errors related to InvalidTokenException Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-08 11:47:22 -05:00			`use OCP\Authentication\Exceptions\ExpiredTokenException;`
			`use OCP\Authentication\Exceptions\InvalidTokenException;`
			`use OCP\Authentication\Exceptions\WipeTokenException;`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`use OCP\Authentication\Token\IToken as OCPIToken;`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 08:10:55 -04:00
			`interface IProvider {`
a single token provider suffices 2016-05-17 11:20:54 -04:00			`/**`
			`* Create and persist a new token`
			`*`
			`* @param string $token`
			`* @param string $uid`
when generating browser/device token, save the login name for later password checks 2016-05-24 04:50:18 -04:00			`* @param string $loginName`
Create session tokens for apache auth users 2016-05-31 04:48:14 -04:00			`* @param string\|null $password`
Automatically cut the token name on the first level Signed-off-by: Joas Schilling <coding@schilljs.com> 2022-03-23 16:38:53 -04:00			`* @param string $name Name will be trimmed to 120 chars when longer`
a single token provider suffices 2016-05-17 11:20:54 -04:00			`* @param int $type token type`
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 15:41:15 -04:00			`* @param int $remember whether the session token should be used for remember-me`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @return OCPIToken`
Error with exception on SSL error Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2019-07-18 05:36:50 -04:00			`* @throws \RuntimeException when OpenSSL reports a problem`
a single token provider suffices 2016-05-17 11:20:54 -04:00			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 04:24:46 -04:00			`public function generateToken(string $token,`
chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> 2023-11-23 04:22:34 -05:00			`string $uid,`
			`string $loginName,`
			`?string $password,`
			`string $name,`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`int $type = OCPIToken::TEMPORARY_TOKEN,`
fix(Token): take over scope in token refresh with login by cookie Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> 2024-07-19 09:53:46 -04:00			`int $remember = OCPIToken::DO_NOT_REMEMBER,`
			`?array $scope = null,`
			`): OCPIToken;`
a single token provider suffices 2016-05-17 11:20:54 -04:00
			`/**`
			`* Get a token by token id`
			`*`
			`* @param string $tokenId`
			`* @throws InvalidTokenException`
Certain tokens can expire However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-16 06:39:00 -04:00			`* @throws ExpiredTokenException`
Remote wipe support This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-04-03 10:00:46 -04:00			`* @throws WipeTokenException`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @return OCPIToken`
a single token provider suffices 2016-05-17 11:20:54 -04:00			`*/`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`public function getToken(string $tokenId): OCPIToken;`
allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 09:57:06 -04:00
			`/**`
			`* Get a token by token id`
			`*`
Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 04:56:40 -04:00			`* @param int $tokenId`
allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 09:57:06 -04:00			`* @throws InvalidTokenException`
Certain tokens can expire However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-16 06:39:00 -04:00			`* @throws ExpiredTokenException`
Remote wipe support This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-04-03 10:00:46 -04:00			`* @throws WipeTokenException`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @return OCPIToken`
allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com> 2016-08-03 09:57:06 -04:00			`*/`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`public function getTokenById(int $tokenId): OCPIToken;`
add button to invalidate browser sessions/device tokens 2016-05-19 05:20:22 -04:00
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 15:41:15 -04:00			`/**`
document what the method does Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-11-02 12:32:44 -04:00			`* Duplicate an existing session token`
			`*`
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 15:41:15 -04:00			`* @param string $oldSessionId`
			`* @param string $sessionId`
Add missing tests and fix PHPDoc Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2016-11-02 08:37:39 -04:00			`* @throws InvalidTokenException`
Error with exception on SSL error Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2019-07-18 05:36:50 -04:00			`* @throws \RuntimeException when OpenSSL reports a problem`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @return OCPIToken The new token`
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 15:41:15 -04:00			`*/`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`public function renewSessionToken(string $oldSessionId, string $sessionId): OCPIToken;`
bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2016-09-06 15:41:15 -04:00
a single token provider suffices 2016-05-17 11:20:54 -04:00			`/**`
			`* Invalidate (delete) the given session token`
			`*`
			`* @param string $token`
			`*/`
Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 04:24:46 -04:00			`public function invalidateToken(string $token);`
a single token provider suffices 2016-05-17 11:20:54 -04:00
add button to invalidate browser sessions/device tokens 2016-05-19 05:20:22 -04:00			`/**`
			`* Invalidate (delete) the given token`
			`*`
Just pass uid to the Token stuff We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-29 03:29:29 -04:00			`* @param string $uid`
add button to invalidate browser sessions/device tokens 2016-05-19 05:20:22 -04:00			`* @param int $id`
			`*/`
Just pass uid to the Token stuff We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-29 03:29:29 -04:00			`public function invalidateTokenById(string $uid, int $id);`
add button to invalidate browser sessions/device tokens 2016-05-19 05:20:22 -04:00
Add token auth for OCS APIs 2016-04-27 03:38:30 -04:00			`/**`
add invalidateOldTokens to IProvider interface 2016-08-02 04:34:11 -04:00			`* Invalidate (delete) old session tokens`
			`*/`
			`public function invalidateOldTokens();`

Add last-used-before option Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com> 2023-08-25 01:07:57 -04:00			`/**`
			`* Invalidate (delete) tokens last used before a given date`
			`*/`
			`public function invalidateLastUsedBefore(string $uid, int $before): void;`

add invalidateOldTokens to IProvider interface 2016-08-02 04:34:11 -04:00			`/**`
store last check timestamp in token instead of session 2016-06-17 07:59:15 -04:00			`* Save the updated token`
Add token auth for OCS APIs 2016-04-27 03:38:30 -04:00			`*`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @param OCPIToken $token`
Add token auth for OCS APIs 2016-04-27 03:38:30 -04:00			`*/`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`public function updateToken(OCPIToken $token);`
a single token provider suffices 2016-05-17 11:20:54 -04:00
Add token auth for OCS APIs 2016-04-27 03:38:30 -04:00			`/**`
			`* Update token activity timestamp`
			`*`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @param OCPIToken $token`
Add token auth for OCS APIs 2016-04-27 03:38:30 -04:00			`*/`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`public function updateTokenActivity(OCPIToken $token);`
a single token provider suffices 2016-05-17 11:20:54 -04:00
add method to query all user auth tokens 2016-05-18 05:33:56 -04:00			`/**`
Minor typos Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de> 2017-07-21 03:50:44 -04:00			`* Get all tokens of a user`
add method to query all user auth tokens 2016-05-18 05:33:56 -04:00			`*`
			`* The provider may limit the number of result rows in case of an abuse`
			`* where a high number of (session) tokens is generated`
			`*`
Just pass uid to the Token stuff We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-29 03:29:29 -04:00			`* @param string $uid`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @return OCPIToken[]`
add method to query all user auth tokens 2016-05-18 05:33:56 -04:00			`*/`
Just pass uid to the Token stuff We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-29 03:29:29 -04:00			`public function getTokenByUser(string $uid): array;`
add method to query all user auth tokens 2016-05-18 05:33:56 -04:00
a single token provider suffices 2016-05-17 11:20:54 -04:00			`/**`
			`* Get the (unencrypted) password of the given token`
			`*`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @param OCPIToken $savedToken`
a single token provider suffices 2016-05-17 11:20:54 -04:00			`* @param string $tokenId`
add button to add new device tokens 2016-05-18 12:25:05 -04:00			`* @throws InvalidTokenException`
Create session tokens for apache auth users 2016-05-31 04:48:14 -04:00			`* @throws PasswordlessTokenException`
a single token provider suffices 2016-05-17 11:20:54 -04:00			`* @return string`
			`*/`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`public function getPassword(OCPIToken $savedToken, string $tokenId): string;`
update session token password on user password change 2016-06-21 04:23:50 -04:00
			`/**`
			`* Encrypt and set the password of the given token`
			`*`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @param OCPIToken $token`
update session token password on user password change 2016-06-21 04:23:50 -04:00			`* @param string $tokenId`
			`* @param string $password`
			`* @throws InvalidTokenException`
			`*/`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`public function setPassword(OCPIToken $token, string $tokenId, string $password);`
Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 15:10:43 -04:00
			`/**`
Fix typos in lib/private subdirectory Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com> 2022-07-27 08:51:42 -04:00			`* Rotate the token. Useful for for example oauth tokens`
Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 15:10:43 -04:00			`*`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @param OCPIToken $token`
Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 15:10:43 -04:00			`* @param string $oldTokenId`
			`* @param string $newTokenId`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @return OCPIToken`
Error with exception on SSL error Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2019-07-18 05:36:50 -04:00			`* @throws \RuntimeException when OpenSSL reports a problem`
Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-15 15:10:43 -04:00			`*/`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`public function rotate(OCPIToken $token, string $oldTokenId, string $newTokenId): OCPIToken;`
Mark token as invalid if the password doesn't match Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-09-26 07:10:17 -04:00
			`/**`
			`* Marks a token as having an invalid password.`
			`*`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`* @param OCPIToken $token`
Mark token as invalid if the password doesn't match Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-09-26 07:10:17 -04:00			`* @param string $tokenId`
			`*/`
Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-01-11 09:42:19 -05:00			`public function markPasswordInvalid(OCPIToken $token, string $tokenId);`
Update all the publickey tokens if needed on web login * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-09-26 07:36:04 -04:00
			`/**`
			`* Update all the passwords of $uid if required`
			`*`
			`* @param string $uid`
			`* @param string $password`
			`*/`
			`public function updatePasswords(string $uid, string $password);`
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token 2016-04-25 08:10:55 -04:00			`}`