gbirke / rememberme

A PHP library that implements secure "Remember me" cookies
MIT License
125 stars 30 forks source link

Authenticator should have a getStorage() method #18

Open alexweissman opened 8 years ago

alexweissman commented 8 years ago

I initialize my Storage together with my Authenticator as part of a single service in my DI container. So, it would be helpful if I could access Storage (for example, to call cleanAllTriplets) through the Authenticator instance.

gbirke commented 7 years ago

Interesting idea, however, I'd like to know more about your use case. Just implementing getStorage would violate the Law of Demeter. It would be better in this case if you code requested the storage from your DI and manipulated directly.

alexweissman commented 7 years ago

I ended up creating a manager class for my authentication system, which encapsulates both the Storage and Authenticator. So, I'm not sure if this is still an issue for me.

Smitsel commented 6 years ago

I encountered something similar when integrating this library.

When creating a manager class for encapsulating i added a complete logout method like the one in your examples. But when doing so i needed to get the credential for the cleanAllTiplets call.

So my result was something like this: $triplet = Triplet::fromString($this->authenticator->getCookie()->getValue()); $this->storage->cleanAllTriplets($triplet->getCredential()); $this->authenticator->clearCookie();

So in my case i needed to add the Triplet::fromString on my cookie value in order to clean the storage triplets. Would it not be nicer if the cleanAllTriplets call would be on my authenticator? Maybe with a better name, but then you could internally get the credentials from the active cookie and do a call on the Storage dependency to delete the triplets from storage?

Just opening the conversation on this. There might be something i missed.