Implement user

src/Session/Session.php

@@ -92,7 +92,7 @@ public function regenerateId(): void
     {
         if ($this->isActive()) {
             try {
-                session_regenerate_id();
+                session_regenerate_id(true);
             } catch (\Throwable $e) {
                 throw new SessionException('Failed to regenerate ID', $e->getCode(), $e);
             }

src/User/AuthenticationKeyInterface.php

@@ -0,0 +1,37 @@
+<?php
+namespace Yiisoft\Yii\Web\User;
+
+/**
+ * TODO: seriously need better name for it :(
+ */
+interface AuthenticationKeyInterface
+{
+    /**
+     * Returns a key that can be used to check the validity of a given identity ID.
+     *
+     * The key should be unique for each individual user, and should be persistent
+     * so that it can be used to check the validity of the user identity.
+     *
+     * The space of such keys should be big enough to defeat potential identity attacks.
+     *
+     * This is required if [[User::enableAutoLogin]] is enabled. The returned key will be stored on the
+     * client side as a cookie and will be used to authenticate user even if PHP session has been expired.
+     *
+     * Make sure to invalidate earlier issued authKeys when you implement force user logout, password change and
+     * other scenarios, that require forceful access revocation for old sessions.
+     *
+     * @return string a key that is used to check the validity of a given identity ID.
+     * @see validateAuthKey()
+     */
+    public function getAuthKey(): string;
+
+    /**
+     * Validates the given auth key.
+     *
+     * This is required if [[User::enableAutoLogin]] is enabled.
+     * @param string $authKey the given auth key
+     * @return bool whether the given auth key is valid.
+     * @see getAuthKey()
+     */
+    public function validateAuthKey(string $authKey): bool;
+}

src/User/AutoLoginMiddleware.php

@@ -0,0 +1,18 @@
+<?php
+namespace Yiisoft\Yii\Web\User;
+
+/**
+ * AutoLoginMiddleware automatically logs user in based on "remember me" cookie
+ */
+class AutoLoginMiddleware
+{
+    /**
+     * @var User
+     */
+    private $user;
+
+    public function __construct(User $user)
+    {
+        $this->user = $user;
+    }
+}

src/User/Event/AfterLoginEvent.php

@@ -0,0 +1,26 @@
+<?php
+namespace Yiisoft\Yii\Web\User\Event;
+
+use Yiisoft\Yii\Web\User\IdentityInterface;
+
+class AfterLoginEvent
+{
+    private $identity;
+    private $duration;
+
+    public function __construct(IdentityInterface $identity, int $duration)
+    {
+        $this->identity = $identity;
+        $this->duration = $duration;
+    }
+
+    public function getIdentity(): IdentityInterface
+    {
+        return $this->identity;
+    }
+
+    public function getDuration(): int
+    {
+        return $this->duration;
+    }
+}

src/User/Event/AfterLogoutEvent.php

@@ -0,0 +1,19 @@
+<?php
+namespace Yiisoft\Yii\Web\User\Event;
+
+use Yiisoft\Yii\Web\User\IdentityInterface;
+
+class AfterLogoutEvent
+{
+    private $identity;
+
+    public function __construct(IdentityInterface $identity)
+    {
+        $this->identity = $identity;
+    }
+
+    public function getIdentity(): IdentityInterface
+    {
+        return $this->identity;
+    }
+}

src/User/Event/BeforeLoginEvent.php

@@ -0,0 +1,37 @@
+<?php
+namespace Yiisoft\Yii\Web\User\Event;
+
+use Yiisoft\Yii\Web\User\IdentityInterface;
+
+class BeforeLoginEvent
+{
+    private $identity;
+    private $duration;
+    private $isValid = true;
+
+    public function __construct(IdentityInterface $identity, int $duration)
+    {
+        $this->identity = $identity;
+        $this->duration = $duration;
+    }
+
+    public function invalidate(): void
+    {
+        $this->isValid = false;
+    }
+
+    public function isValid(): bool
+    {
+        return $this->isValid;
+    }
+
+    public function getIdentity(): IdentityInterface
+    {
+        return $this->identity;
+    }
+
+    public function getDuration(): int
+    {
+        return $this->duration;
+    }
+}

src/User/Event/BeforeLogout.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace Yiisoft\Yii\Web\User\Event;
+
+use Yiisoft\Yii\Web\User\IdentityInterface;
+
+class BeforeLogout
+{
+    private $identity;
+    private $isValid = true;
+
+    public function __construct(IdentityInterface $identity)
+    {
+        $this->identity = $identity;
+    }
+
+    public function invalidate(): void
+    {
+        $this->isValid = false;
+    }
+
+    public function isValid(): bool
+    {
+        return $this->isValid;
+    }
+
+    public function getIdentity(): IdentityInterface
+    {
+        return $this->identity;
+    }
+}

src/User/GuestIdentity.php

@@ -0,0 +1,10 @@
+<?php
+namespace Yiisoft\Yii\Web\User;
+
+class GuestIdentity implements IdentityInterface
+{
+    public function getId(): ?string
+    {
+        return null;
+    }
+}

src/User/IdentityInterface.php

@@ -0,0 +1,11 @@
+<?php
+namespace Yiisoft\Yii\Web\User;
+
+interface IdentityInterface
+{
+    /**
+     * Returns an ID that can uniquely identify a user identity.
+     * @return string an ID that uniquely identifies a user identity.
+     */
+    public function getId(): ?string;
+}

src/User/IdentityRepositoryInterface.php

@@ -0,0 +1,18 @@
+<?php
+namespace Yiisoft\Yii\Web\User;
+
+interface IdentityRepositoryInterface
+{
+    public function findIdentity(string $id): ?IdentityInterface;
+
+    /**
+     * Finds an identity by the given token.
+     * @param string $token the token to be looked for
+     * @param string $type the type of the token. The value of this parameter depends on the implementation and should
+     * allow supporting multiple token types for a single identity.
+     * @return IdentityInterface|null the identity object that matches the given token.
+     * Null should be returned if such an identity cannot be found
+     * or the identity is not in an active state (disabled, deleted, etc.)
+     */
+    public function findIdentityByToken(string $token, string $type): ?IdentityInterface;
+}