diff options
author | Bernhard Schussek <bschussek@gmail.com> | 2013-10-04 15:25:38 +0200 |
---|---|---|
committer | Bernhard Schussek <bschussek@gmail.com> | 2013-10-07 14:50:43 +0200 |
commit | 8780aecc6088ec65909d68dfebd867dfa99a0d77 (patch) | |
tree | 2b316b31b3af6f43883b7a1ac1ae1ee39b36349e /Csrf/TokenGenerator/TokenGeneratorInterface.php | |
parent | 45e1ca5d20c2721e3085ff45773559cc45645ce2 (diff) | |
download | symfony-security-8780aecc6088ec65909d68dfebd867dfa99a0d77.zip symfony-security-8780aecc6088ec65909d68dfebd867dfa99a0d77.tar.gz symfony-security-8780aecc6088ec65909d68dfebd867dfa99a0d77.tar.bz2 |
[Security\Csrf] Split CsrfTokenGenerator into CsrfTokenManager and TokenGeneratorv2.4.0-BETA1
Diffstat (limited to 'Csrf/TokenGenerator/TokenGeneratorInterface.php')
-rw-r--r-- | Csrf/TokenGenerator/TokenGeneratorInterface.php | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/Csrf/TokenGenerator/TokenGeneratorInterface.php b/Csrf/TokenGenerator/TokenGeneratorInterface.php new file mode 100644 index 0000000..4d81da9 --- /dev/null +++ b/Csrf/TokenGenerator/TokenGeneratorInterface.php @@ -0,0 +1,40 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien@symfony.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Csrf\TokenGenerator; + +/** + * Generates and validates CSRF tokens. + * + * You can generate a CSRF token by using the method {@link generateCsrfToken()}. + * This method expects a unique token ID as argument. The token ID can later be + * used to validate a token provided by the user. + * + * Token IDs do not necessarily have to be secret, but they should NEVER be + * created from data provided by the client. A good practice is to hard-code the + * token IDs for the various CSRF tokens used by your application. + * + * You should use the method {@link isCsrfTokenValid()} to check a CSRF token + * submitted by the client. This method will return true if the CSRF token is + * valid. + * + * @since 2.4 + * @author Bernhard Schussek <bschussek@gmail.com> + */ +interface TokenGeneratorInterface +{ + /** + * Generates a CSRF token. + * + * @return string The generated CSRF token + */ + public function generateToken(); +} |