Track token usage and automatic token invalidation

Proposed Changes:

• add a usage (integer, not null) and maxUsage (integer, null) fields to TokenInterface
• each call to verify of TokenVerifier should increment the usage field
• each call to verify should check if maxUsage is set (not null) and if usage >= maxUsage, it should automatically invalidate the token

These changes remove some boilerplate code in token handling applications (for example in the controllers in the payum bundle)

if you want i can provide a PR

I'd :+1: in general, I was also thinking of expiration https://github.com/Payum/Payum/issues/76.

I am not sure about maxUsage. How sets this field, the token factory? but it may vary.

These changes remove some boilerplate code in token handling applications (for example in the controllers in the payum bundle)

could you clarify it a bit more?

Kind of Offtopic: I am also think that when we call invalidate($token) it must not be delete, just marked as invalid or used, so we can revert the change.

for example when I debug application I need to call capture url several times but the token can be deleted, so I have to start from the very beginning or comment out the invalidate method call.

The TokenFactory can get an additional optional parameter: createToken(..., $maxUsage = null); The createCaptureToken et al of the generic interface can use sensible default values (which means $maxUsage=null for notify and $maxUsage=1 for the rest)

What i mean with boilerplate code: just the need to invalidate the token, which is kind of repeating action for every token verifying action (except notify).

I agree with the invalid flag.

Another idea: store token creation date and max age date. It gives some more security to token validity (unused tokens are not valid forever) and helps to clean the token table of old tokens; something like: DELETE FROM token_table WHERE NOW() > max_age + '1 month' OR (invalid = 1 AND NOW() > creation_date + '1 month')