ILIAS  eassessment Revision 61809
 All Data Structures Namespaces Files Functions Variables Groups Pages
Auth_OpenID_SQLStore Class Reference
+ Inheritance diagram for Auth_OpenID_SQLStore:
+ Collaboration diagram for Auth_OpenID_SQLStore:

Public Member Functions

 Auth_OpenID_SQLStore ($connection, $associations_table=null, $nonces_table=null)
 This creates a new SQLStore instance.
 tableExists ($table_name)
 isError ($value)
 Returns true if $value constitutes a database error; returns false otherwise.
 resultToBool ($obj)
 Converts a query result to a boolean.
 setSQL ()
 This method should be overridden by subclasses.
 reset ()
 Resets the store by removing all records from the store's tables.
 _verifySQL ()
 private
 _fixSQL ()
 private
 blobDecode ($blob)
 blobEncode ($str)
 createTables ()
 create_nonce_table ()
 create_assoc_table ()
 _set_assoc ($server_url, $handle, $secret, $issued, $lifetime, $assoc_type)
 private
 storeAssociation ($server_url, $association)
 This method puts an Association object into storage, retrievable by server URL and handle.
 _get_assoc ($server_url, $handle)
 private
 _get_assocs ($server_url)
 private
 removeAssociation ($server_url, $handle)
 This method removes the matching association if it's found, and returns whether the association was removed or not.
 getAssociation ($server_url, $handle=null)
 This method returns an Association object from storage that matches the server URL and, if specified, handle.
 _add_nonce ($server_url, $timestamp, $salt)
 private
 useNonce ($server_url, $timestamp, $salt)
 Called when using a nonce.
 _octify ($str)
 "Octifies" a binary string by returning a string with escaped octal bytes.
 _unoctify ($str)
 "Unoctifies" octal-escaped data from PostgreSQL and returns the resulting ASCII (possibly binary) string.
 cleanupNonces ()
 cleanupAssociations ()
- Public Member Functions inherited from Auth_OpenID_OpenIDStore
 cleanup ()
 supportsCleanup ()
 Report whether this storage supports cleanup.

Detailed Description

Definition at line 57 of file SQLStore.php.

Member Function Documentation

Auth_OpenID_SQLStore::_add_nonce (   $server_url,
  $timestamp,
  $salt 
)

private

Reimplemented in Auth_OpenID_SQLiteStore.

Definition at line 454 of file SQLStore.php.

References $timestamp, isError(), and resultToBool().

Referenced by useNonce().

{
$sql = $this->sql['add_nonce'];
$result = $this->connection->query($sql, array($server_url,
$salt));
if ($this->isError($result)) {
$this->connection->rollback();
} else {
$this->connection->commit();
}
return $this->resultToBool($result);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::_fixSQL ( )

private

Definition at line 239 of file SQLStore.php.

Referenced by Auth_OpenID_SQLStore().

{
$replacements = array(
array(
'value' => $this->nonces_table_name,
'keys' => array('nonce_table',
'add_nonce',
'clean_nonce')
),
array(
'value' => $this->associations_table_name,
'keys' => array('assoc_table',
'set_assoc',
'get_assoc',
'get_assocs',
'remove_assoc',
'clean_assoc')
)
);
foreach ($replacements as $item) {
$value = $item['value'];
$keys = $item['keys'];
foreach ($keys as $k) {
if (is_array($this->sql[$k])) {
foreach ($this->sql[$k] as $part_key => $part_value) {
$this->sql[$k][$part_key] = sprintf($part_value,
$value);
}
} else {
$this->sql[$k] = sprintf($this->sql[$k], $value);
}
}
}
}

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::_get_assoc (   $server_url,
  $handle 
)

private

Definition at line 354 of file SQLStore.php.

References $handle, and isError().

Referenced by Auth_OpenID_PostgreSQLStore\_set_assoc(), getAssociation(), and removeAssociation().

{
$result = $this->connection->getRow($this->sql['get_assoc'],
array($server_url, $handle));
if ($this->isError($result)) {
return null;
} else {
return $result;
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::_get_assocs (   $server_url)

private

Definition at line 368 of file SQLStore.php.

References isError().

Referenced by getAssociation().

{
$result = $this->connection->getAll($this->sql['get_assocs'],
array($server_url));
if ($this->isError($result)) {
return array();
} else {
return $result;
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::_octify (   $str)

"Octifies" a binary string by returning a string with escaped octal bytes.

This is used for preparing binary data for PostgreSQL BYTEA fields.

private

Definition at line 486 of file SQLStore.php.

References Auth_OpenID\bytes().

Referenced by Auth_OpenID_PostgreSQLStore\blobEncode().

{
$result = "";
for ($i = 0; $i < Auth_OpenID::bytes($str); $i++) {
$ch = substr($str, $i, 1);
if ($ch == "\\") {
$result .= "\\\\\\\\";
} else if (ord($ch) == 0) {
$result .= "\\\\000";
} else {
$result .= "\\" . strval(decoct(ord($ch)));
}
}
return $result;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::_set_assoc (   $server_url,
  $handle,
  $secret,
  $issued,
  $lifetime,
  $assoc_type 
)

private

Reimplemented in Auth_OpenID_PostgreSQLStore.

Definition at line 321 of file SQLStore.php.

References $handle.

Referenced by storeAssociation().

{
return $this->connection->query($this->sql['set_assoc'],
array(
$server_url,
$secret,
$issued,
$lifetime,
$assoc_type));
}

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::_unoctify (   $str)

"Unoctifies" octal-escaped data from PostgreSQL and returns the resulting ASCII (possibly binary) string.

private

Definition at line 508 of file SQLStore.php.

Referenced by Auth_OpenID_PostgreSQLStore\blobDecode().

{
$result = "";
$i = 0;
while ($i < strlen($str)) {
$char = $str[$i];
if ($char == "\\") {
// Look to see if the next char is a backslash and
// append it.
if ($str[$i + 1] != "\\") {
$octal_digits = substr($str, $i + 1, 3);
$dec = octdec($octal_digits);
$char = chr($dec);
$i += 4;
} else {
$char = "\\";
$i += 2;
}
} else {
$i += 1;
}
$result .= $char;
}
return $result;
}

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::_verifySQL ( )

private

Definition at line 211 of file SQLStore.php.

Referenced by Auth_OpenID_SQLStore().

{
$missing = array();
$empty = array();
$required_sql_keys = array(
'nonce_table',
'assoc_table',
'set_assoc',
'get_assoc',
'get_assocs',
'remove_assoc'
);
foreach ($required_sql_keys as $key) {
if (!array_key_exists($key, $this->sql)) {
$missing[] = $key;
} else if (!$this->sql[$key]) {
$empty[] = $key;
}
}
return array($missing, $empty);
}

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::Auth_OpenID_SQLStore (   $connection,
  $associations_table = null,
  $nonces_table = null 
)

This creates a new SQLStore instance.

It requires an established database connection be given to it, and it allows overriding the default table names.

Parameters
connection$connectionThis must be an established connection to a database of the correct type for the SQLStore subclass you're using. This must either be an PEAR DB connection handle or an instance of a subclass of Auth_OpenID_DatabaseConnection.
associations_table,:This is an optional parameter to specify the name of the table used for storing associations. The default value is 'oid_associations'.
nonces_table,:This is an optional parameter to specify the name of the table used for storing nonces. The default value is 'oid_nonces'.

Definition at line 78 of file SQLStore.php.

References _fixSQL(), _verifySQL(), DB_FETCHMODE_ASSOC, and setSQL().

{
$this->associations_table_name = "oid_associations";
$this->nonces_table_name = "oid_nonces";
// Check the connection object type to be sure it's a PEAR
// database connection.
if (!(is_object($connection) &&
(is_subclass_of($connection, 'db_common') ||
is_subclass_of($connection,
'auth_openid_databaseconnection')))) {
trigger_error("Auth_OpenID_SQLStore expected PEAR connection " .
"object (got ".get_class($connection).")",
E_USER_ERROR);
return;
}
$this->connection = $connection;
// Be sure to set the fetch mode so the results are keyed on
// column name instead of column index. This is a PEAR
// constant, so only try to use it if PEAR is present. Note
// that Auth_Openid_Databaseconnection instances need not
// implement ::setFetchMode for this reason.
if (is_subclass_of($this->connection, 'db_common')) {
$this->connection->setFetchMode(DB_FETCHMODE_ASSOC);
}
if ($associations_table) {
$this->associations_table_name = $associations_table;
}
if ($nonces_table) {
$this->nonces_table_name = $nonces_table;
}
$this->max_nonce_age = 6 * 60 * 60;
// Be sure to run the database queries with auto-commit mode
// turned OFF, because we want every function to run in a
// transaction, implicitly. As a rule, methods named with a
// leading underscore will NOT control transaction behavior.
// Callers of these methods will worry about transactions.
$this->connection->autoCommit(false);
// Create an empty SQL strings array.
$this->sql = array();
// Call this method (which should be overridden by subclasses)
// to populate the $this->sql array with SQL strings.
$this->setSQL();
// Verify that all required SQL statements have been set, and
// raise an error if any expected SQL strings were either
// absent or empty.
list($missing, $empty) = $this->_verifySQL();
if ($missing) {
trigger_error("Expected keys in SQL query list: " .
implode(", ", $missing),
E_USER_ERROR);
return;
}
if ($empty) {
trigger_error("SQL list keys have no SQL strings: " .
implode(", ", $empty),
E_USER_ERROR);
return;
}
// Add table names to queries.
$this->_fixSQL();
}

+ Here is the call graph for this function:

Auth_OpenID_SQLStore::blobDecode (   $blob)

Reimplemented in Auth_OpenID_PostgreSQLStore.

Definition at line 276 of file SQLStore.php.

Referenced by getAssociation().

{
return $blob;
}

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::blobEncode (   $str)

Reimplemented in Auth_OpenID_PostgreSQLStore, and Auth_OpenID_MySQLStore.

Definition at line 281 of file SQLStore.php.

{
return $str;
}
Auth_OpenID_SQLStore::cleanupAssociations ( )

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 547 of file SQLStore.php.

{
$this->connection->query($this->sql['clean_assoc'],
array(time()));
$num = $this->connection->affectedRows();
$this->connection->commit();
return $num;
}
Auth_OpenID_SQLStore::cleanupNonces ( )

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 536 of file SQLStore.php.

References $Auth_OpenID_SKEW.

{
$v = time() - $Auth_OpenID_SKEW;
$this->connection->query($this->sql['clean_nonce'], array($v));
$num = $this->connection->affectedRows();
$this->connection->commit();
return $num;
}
Auth_OpenID_SQLStore::create_assoc_table ( )

Definition at line 309 of file SQLStore.php.

References resultToBool(), and tableExists().

Referenced by createTables().

{
if (!$this->tableExists($this->associations_table_name)) {
$r = $this->connection->query($this->sql['assoc_table']);
return $this->resultToBool($r);
}
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::create_nonce_table ( )

Definition at line 300 of file SQLStore.php.

References resultToBool(), and tableExists().

Referenced by createTables().

{
if (!$this->tableExists($this->nonces_table_name)) {
$r = $this->connection->query($this->sql['nonce_table']);
return $this->resultToBool($r);
}
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::createTables ( )

Definition at line 286 of file SQLStore.php.

References create_assoc_table(), and create_nonce_table().

{
$this->connection->autoCommit(true);
$n = $this->create_nonce_table();
$a = $this->create_assoc_table();
$this->connection->autoCommit(false);
if ($n && $a) {
return true;
} else {
return false;
}
}

+ Here is the call graph for this function:

Auth_OpenID_SQLStore::getAssociation (   $server_url,
  $handle = null 
)

This method returns an Association object from storage that matches the server URL and, if specified, handle.

It returns null if no such association is found or if the matching association is expired.

If no handle is specified, the store may return any association which matches the server URL. If multiple associations are valid, the recommended return value for this method is the one most recently issued.

This method is allowed (and encouraged) to garbage collect expired associations when found. This method must not return expired associations.

Parameters
string$server_urlThe URL of the identity server to get the association for. Because of the way the server portion of the library uses this interface, don't assume there are any limitations on the character set of the input string. In particular, expect to see unescaped non-url-safe characters in the server_url field.
mixed$handleThis optional parameter is the handle of the specific association to get. If no specific handle is provided, any valid association matching the server URL is returned.
Returns
Association The Association for the given identity server.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 397 of file SQLStore.php.

References $handle, _get_assoc(), _get_assocs(), blobDecode(), and removeAssociation().

{
if ($handle !== null) {
$assoc = $this->_get_assoc($server_url, $handle);
$assocs = array();
if ($assoc) {
$assocs[] = $assoc;
}
} else {
$assocs = $this->_get_assocs($server_url);
}
if (!$assocs || (count($assocs) == 0)) {
return null;
} else {
$associations = array();
foreach ($assocs as $assoc_row) {
$assoc = new Auth_OpenID_Association($assoc_row['handle'],
$assoc_row['secret'],
$assoc_row['issued'],
$assoc_row['lifetime'],
$assoc_row['assoc_type']);
$assoc->secret = $this->blobDecode($assoc->secret);
if ($assoc->getExpiresIn() == 0) {
$this->removeAssociation($server_url, $assoc->handle);
} else {
$associations[] = array($assoc->issued, $assoc);
}
}
if ($associations) {
$issued = array();
$assocs = array();
foreach ($associations as $key => $assoc) {
$issued[$key] = $assoc[0];
$assocs[$key] = $assoc[1];
}
array_multisort($issued, SORT_DESC, $assocs, SORT_DESC,
$associations);
// return the most recently issued one.
list($issued, $assoc) = $associations[0];
return $assoc;
} else {
return null;
}
}
}

+ Here is the call graph for this function:

Auth_OpenID_SQLStore::isError (   $value)

Returns true if $value constitutes a database error; returns false otherwise.

Definition at line 167 of file SQLStore.php.

Referenced by _add_nonce(), _get_assoc(), _get_assocs(), resultToBool(), and tableExists().

{
return PEAR::isError($value);
}

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::removeAssociation (   $server_url,
  $handle 
)

This method removes the matching association if it's found, and returns whether the association was removed or not.

Parameters
string$server_urlThe URL of the identity server the association to remove belongs to. Because of the way the server portion of the library uses this interface, don't assume there are any limitations on the character set of the input string. In particular, expect to see unescaped non-url-safe characters in the server_url field.
string$handleThis is the handle of the association to remove. If there isn't an association found that matches both the given URL and handle, then there was no matching handle found.
Returns
mixed Returns whether or not the given association existed.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 380 of file SQLStore.php.

References $handle, _get_assoc(), and resultToBool().

Referenced by getAssociation().

{
if ($this->_get_assoc($server_url, $handle) == null) {
return false;
}
if ($this->resultToBool($this->connection->query(
$this->sql['remove_assoc'],
array($server_url, $handle)))) {
$this->connection->commit();
} else {
$this->connection->rollback();
}
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::reset ( )

Resets the store by removing all records from the store's tables.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 199 of file SQLStore.php.

{
$this->connection->query(sprintf("DELETE FROM %s",
$this->associations_table_name));
$this->connection->query(sprintf("DELETE FROM %s",
$this->nonces_table_name));
}
Auth_OpenID_SQLStore::resultToBool (   $obj)

Converts a query result to a boolean.

If the result is a database error according to $this->isError(), this returns false; otherwise, this returns true.

Definition at line 177 of file SQLStore.php.

References isError().

Referenced by _add_nonce(), create_assoc_table(), create_nonce_table(), removeAssociation(), and storeAssociation().

{
if ($this->isError($obj)) {
return false;
} else {
return true;
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::setSQL ( )

This method should be overridden by subclasses.

This method is called by the constructor to set values in $this->sql, which is an array keyed on sql name.

Reimplemented in Auth_OpenID_MySQLStore, Auth_OpenID_PostgreSQLStore, and Auth_OpenID_SQLiteStore.

Definition at line 191 of file SQLStore.php.

Referenced by Auth_OpenID_SQLStore().

{
}

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::storeAssociation (   $server_url,
  $association 
)

This method puts an Association object into storage, retrievable by server URL and handle.

Parameters
string$server_urlThe URL of the identity server that this association is with. Because of the way the server portion of the library uses this interface, don't assume there are any limitations on the character set of the input string. In particular, expect to see unescaped non-url-safe characters in the server_url field.
Association$associationThe Association to store.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 334 of file SQLStore.php.

References _set_assoc(), and resultToBool().

{
if ($this->resultToBool($this->_set_assoc(
$server_url,
$association->handle,
$this->blobEncode(
$association->secret),
$association->issued,
$association->lifetime,
$association->assoc_type
))) {
$this->connection->commit();
} else {
$this->connection->rollback();
}
}

+ Here is the call graph for this function:

Auth_OpenID_SQLStore::tableExists (   $table_name)

Definition at line 155 of file SQLStore.php.

References isError().

Referenced by create_assoc_table(), and create_nonce_table().

{
return !$this->isError(
$this->connection->query(
sprintf("SELECT * FROM %s LIMIT 0",
$table_name)));
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth_OpenID_SQLStore::useNonce (   $server_url,
  $timestamp,
  $salt 
)

Called when using a nonce.

This method should return C{True} if the nonce has not been used before, and store it for a while to make sure nobody tries to use the same value again. If the nonce has already been used, return C{False}.

Change: In earlier versions, round-trip nonces were used and a nonce was only valid if it had been previously stored with storeNonce. Version 2.0 uses one-way nonces, requiring a different implementation here that does not depend on a storeNonce call. (storeNonce is no longer part of the interface.

Parameters
string$nonceThe nonce to use.
Returns
bool Whether or not the nonce was valid.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 468 of file SQLStore.php.

References $Auth_OpenID_SKEW, $timestamp, and _add_nonce().

{
if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
return false;
}
return $this->_add_nonce($server_url, $timestamp, $salt);
}

+ Here is the call graph for this function:


The documentation for this class was generated from the following file: