ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Auth_OpenID_MDB2Store Class Reference
+ Inheritance diagram for Auth_OpenID_MDB2Store:
+ Collaboration diagram for Auth_OpenID_MDB2Store:

Public Member Functions

 Auth_OpenID_MDB2Store ($connection, $associations_table=null, $nonces_table=null)
 This creates a new MDB2Store instance.
 tableExists ($table_name)
 createTables ()
 create_nonce_table ()
 create_assoc_table ()
 storeAssociation ($server_url, $association)
 This method puts an Association object into storage, retrievable by server URL and handle.
 cleanupNonces ()
 cleanupAssociations ()
 getAssociation ($server_url, $handle=null)
 This method returns an Association object from storage that matches the server URL and, if specified, handle.
 removeAssociation ($server_url, $handle)
 This method removes the matching association if it's found, and returns whether the association was removed or not.
 useNonce ($server_url, $timestamp, $salt)
 Called when using a nonce.
 reset ()
 Resets the store by removing all records from the store's tables.
- Public Member Functions inherited from Auth_OpenID_OpenIDStore
 cleanup ()
 supportsCleanup ()
 Report whether this storage supports cleanup.

Detailed Description

Definition at line 46 of file MDB2Store.php.

Member Function Documentation

Auth_OpenID_MDB2Store::Auth_OpenID_MDB2Store (   $connection,
  $associations_table = null,
  $nonces_table = null 
)

This creates a new MDB2Store instance.

It requires an established database connection be given to it, and it allows overriding the default table names.

Parameters
connection$connectionThis must be an established connection to a database of the correct type for the SQLStore subclass you're using. This must be a PEAR::MDB2 connection handle.
associations_table,:This is an optional parameter to specify the name of the table used for storing associations. The default value is 'oid_associations'.
nonces_table,:This is an optional parameter to specify the name of the table used for storing nonces. The default value is 'oid_nonces'.

Definition at line 65 of file MDB2Store.php.

References PEAR\isError(), and MDB2_FETCHMODE_ASSOC.

{
$this->associations_table_name = "oid_associations";
$this->nonces_table_name = "oid_nonces";
// Check the connection object type to be sure it's a PEAR
// database connection.
if (!is_object($connection) ||
!is_subclass_of($connection, 'mdb2_driver_common')) {
trigger_error("Auth_OpenID_MDB2Store expected PEAR connection " .
"object (got ".get_class($connection).")",
E_USER_ERROR);
return;
}
$this->connection = $connection;
// Be sure to set the fetch mode so the results are keyed on
// column name instead of column index.
$this->connection->setFetchMode(MDB2_FETCHMODE_ASSOC);
if (PEAR::isError($this->connection->loadModule('Extended'))) {
trigger_error("Unable to load MDB2_Extended module", E_USER_ERROR);
return;
}
if ($associations_table) {
$this->associations_table_name = $associations_table;
}
if ($nonces_table) {
$this->nonces_table_name = $nonces_table;
}
$this->max_nonce_age = 6 * 60 * 60;
}

+ Here is the call graph for this function:

Auth_OpenID_MDB2Store::cleanupAssociations ( )

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 311 of file MDB2Store.php.

{
return $this->connection->exec(
sprintf("DELETE FROM %s WHERE issued + lifetime < %d",
$this->associations_table_name, time()));
}
Auth_OpenID_MDB2Store::cleanupNonces ( )

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 301 of file MDB2Store.php.

References $Auth_OpenID_SKEW.

{
$v = time() - $Auth_OpenID_SKEW;
return $this->connection->exec(
sprintf("DELETE FROM %s WHERE timestamp < %d",
$this->nonces_table_name, $v));
}
Auth_OpenID_MDB2Store::create_assoc_table ( )

Definition at line 192 of file MDB2Store.php.

References $options, PEAR\isError(), and tableExists().

Referenced by createTables().

{
if (!$this->tableExists($this->associations_table_name)) {
switch ($this->connection->phptype) {
case "mysql":
case "mysqli":
// Custom SQL for MySQL to use InnoDB and variable-
// length keys
$r = $this->connection->exec(
sprintf("CREATE TABLE %s(\n".
" server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
" handle VARCHAR(255) NOT NULL,\n".
" secret BLOB NOT NULL,\n".
" issued INTEGER NOT NULL,\n".
" lifetime INTEGER NOT NULL,\n".
" assoc_type VARCHAR(64) NOT NULL,\n".
" PRIMARY KEY (server_url(255), handle)\n".
") TYPE=InnoDB",
$this->associations_table_name));
if (PEAR::isError($r)) {
return false;
}
break;
default:
$this->connection->loadModule('Manager'))) {
return false;
}
$fields = array(
"server_url" => array(
"type" => "text",
"length" => 2047,
"notnull" => true
),
"handle" => array(
"type" => "text",
"length" => 255,
"notnull" => true
),
"secret" => array(
"type" => "blob",
"length" => "255",
"notnull" => true
),
"issued" => array(
"type" => "integer",
"notnull" => true
),
"lifetime" => array(
"type" => "integer",
"notnull" => true
),
"assoc_type" => array(
"type" => "text",
"length" => 64,
"notnull" => true
)
);
$options = array(
"primary" => array(
"server_url" => true,
"handle" => true
)
);
$r = $this->connection->createTable(
$this->associations_table_name,
$fields,
if (PEAR::isError($r)) {
return false;
}
break;
}
}
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_MDB2Store::create_nonce_table ( )

Definition at line 122 of file MDB2Store.php.

References PEAR\isError(), and tableExists().

Referenced by createTables().

{
if (!$this->tableExists($this->nonces_table_name)) {
switch ($this->connection->phptype) {
case "mysql":
case "mysqli":
// Custom SQL for MySQL to use InnoDB and variable-
// length keys
$r = $this->connection->exec(
sprintf("CREATE TABLE %s (\n".
" server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
" timestamp INTEGER NOT NULL,\n".
" salt CHAR(40) NOT NULL,\n".
" UNIQUE (server_url(255), timestamp, salt)\n".
") TYPE=InnoDB",
$this->nonces_table_name));
if (PEAR::isError($r)) {
return false;
}
break;
default:
$this->connection->loadModule('Manager'))) {
return false;
}
$fields = array(
"server_url" => array(
"type" => "text",
"length" => 2047,
"notnull" => true
),
"timestamp" => array(
"type" => "integer",
"notnull" => true
),
"salt" => array(
"type" => "text",
"length" => 40,
"fixed" => true,
"notnull" => true
)
);
$constraint = array(
"unique" => 1,
"fields" => array(
"server_url" => true,
"timestamp" => true,
"salt" => true
)
);
$r = $this->connection->createTable($this->nonces_table_name,
$fields);
if (PEAR::isError($r)) {
return false;
}
$r = $this->connection->createConstraint(
$this->nonces_table_name,
$this->nonces_table_name . "_constraint",
$constraint);
if (PEAR::isError($r)) {
return false;
}
break;
}
}
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_MDB2Store::createTables ( )

Definition at line 111 of file MDB2Store.php.

References $n, create_assoc_table(), and create_nonce_table().

{
$n = $this->create_nonce_table();
$a = $this->create_assoc_table();
if (!$n || !$a) {
return false;
}
return true;
}

+ Here is the call graph for this function:

Auth_OpenID_MDB2Store::getAssociation (   $server_url,
  $handle = null 
)

This method returns an Association object from storage that matches the server URL and, if specified, handle.

It returns null if no such association is found or if the matching association is expired.

If no handle is specified, the store may return any association which matches the server URL. If multiple associations are valid, the recommended return value for this method is the one most recently issued.

This method is allowed (and encouraged) to garbage collect expired associations when found. This method must not return expired associations.

Parameters
string$server_urlThe URL of the identity server to get the association for. Because of the way the server portion of the library uses this interface, don't assume there are any limitations on the character set of the input string. In particular, expect to see unescaped non-url-safe characters in the server_url field.
mixed$handleThis optional parameter is the handle of the specific association to get. If no specific handle is provided, any valid association matching the server URL is returned.
Returns
Association The Association for the given identity server.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 318 of file MDB2Store.php.

References PEAR\isError().

{
$sql = "";
$params = null;
$types = array(
"text",
"blob",
"integer",
"integer",
"text"
);
if ($handle !== null) {
$sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
"FROM %s WHERE server_url = ? AND handle = ?",
$this->associations_table_name);
$params = array($server_url, $handle);
} else {
$sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
"FROM %s WHERE server_url = ? ORDER BY issued DESC",
$this->associations_table_name);
$params = array($server_url);
}
$assoc = $this->connection->getRow($sql, $types, $params);
if (!$assoc || PEAR::isError($assoc)) {
return null;
} else {
$association = new Auth_OpenID_Association($assoc['handle'],
stream_get_contents(
$assoc['secret']),
$assoc['issued'],
$assoc['lifetime'],
$assoc['assoc_type']);
fclose($assoc['secret']);
return $association;
}
}

+ Here is the call graph for this function:

Auth_OpenID_MDB2Store::removeAssociation (   $server_url,
  $handle 
)

This method removes the matching association if it's found, and returns whether the association was removed or not.

Parameters
string$server_urlThe URL of the identity server the association to remove belongs to. Because of the way the server portion of the library uses this interface, don't assume there are any limitations on the character set of the input string. In particular, expect to see unescaped non-url-safe characters in the server_url field.
string$handleThis is the handle of the association to remove. If there isn't an association found that matches both the given URL and handle, then there was no matching handle found.
Returns
mixed Returns whether or not the given association existed.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 357 of file MDB2Store.php.

References PEAR\isError().

{
$r = $this->connection->execParam(
sprintf("DELETE FROM %s WHERE server_url = ? AND handle = ?",
$this->associations_table_name),
array($server_url, $handle));
if (PEAR::isError($r) || $r == 0) {
return false;
}
return true;
}

+ Here is the call graph for this function:

Auth_OpenID_MDB2Store::reset ( )

Resets the store by removing all records from the store's tables.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 402 of file MDB2Store.php.

{
$this->connection->query(sprintf("DELETE FROM %s",
$this->associations_table_name));
$this->connection->query(sprintf("DELETE FROM %s",
$this->nonces_table_name));
}
Auth_OpenID_MDB2Store::storeAssociation (   $server_url,
  $association 
)

This method puts an Association object into storage, retrievable by server URL and handle.

Parameters
string$server_urlThe URL of the identity server that this association is with. Because of the way the server portion of the library uses this interface, don't assume there are any limitations on the character set of the input string. In particular, expect to see unescaped non-url-safe characters in the server_url field.
Association$associationThe Association to store.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 270 of file MDB2Store.php.

References PEAR\isError().

{
$fields = array(
"server_url" => array(
"value" => $server_url,
"key" => true
),
"handle" => array(
"value" => $association->handle,
"key" => true
),
"secret" => array(
"value" => $association->secret,
"type" => "blob"
),
"issued" => array(
"value" => $association->issued
),
"lifetime" => array(
"value" => $association->lifetime
),
"assoc_type" => array(
"value" => $association->assoc_type
)
);
return !PEAR::isError($this->connection->replace(
$this->associations_table_name,
$fields));
}

+ Here is the call graph for this function:

Auth_OpenID_MDB2Store::tableExists (   $table_name)

Definition at line 104 of file MDB2Store.php.

References PEAR\isError().

Referenced by create_assoc_table(), and create_nonce_table().

{
return !PEAR::isError($this->connection->query(
sprintf("SELECT * FROM %s LIMIT 0",
$table_name)));
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_MDB2Store::useNonce (   $server_url,
  $timestamp,
  $salt 
)

Called when using a nonce.

This method should return C{True} if the nonce has not been used before, and store it for a while to make sure nobody tries to use the same value again. If the nonce has already been used, return C{False}.

Change: In earlier versions, round-trip nonces were used and a nonce was only valid if it had been previously stored with storeNonce. Version 2.0 uses one-way nonces, requiring a different implementation here that does not depend on a storeNonce call. (storeNonce is no longer part of the interface.

Parameters
string$nonceThe nonce to use.
Returns
bool Whether or not the nonce was valid.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 370 of file MDB2Store.php.

References $Auth_OpenID_SKEW, $timestamp, PEAR\isError(), and MDB2_AUTOQUERY_INSERT.

{
if (abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
return false;
}
$fields = array(
"timestamp" => $timestamp,
"salt" => $salt
);
if (!empty($server_url)) {
$fields["server_url"] = $server_url;
}
$r = $this->connection->autoExecute(
$this->nonces_table_name,
$fields,
if (PEAR::isError($r)) {
return false;
}
return true;
}

+ Here is the call graph for this function:


The documentation for this class was generated from the following file: