ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Auth_OpenID_SQLStore Class Reference
+ Inheritance diagram for Auth_OpenID_SQLStore:
+ Collaboration diagram for Auth_OpenID_SQLStore:

Public Member Functions

 Auth_OpenID_SQLStore ($connection, $associations_table=null, $nonces_table=null)
 This creates a new SQLStore instance. More...
 
 tableExists ($table_name)
 
 isError ($value)
 Returns true if $value constitutes a database error; returns false otherwise. More...
 
 resultToBool ($obj)
 Converts a query result to a boolean. More...
 
 setSQL ()
 This method should be overridden by subclasses. More...
 
 reset ()
 Resets the store by removing all records from the store's tables. More...
 
 _verifySQL ()
 @access private More...
 
 _fixSQL ()
 @access private More...
 
 blobDecode ($blob)
 
 blobEncode ($str)
 
 createTables ()
 
 create_nonce_table ()
 
 create_assoc_table ()
 
 _set_assoc ($server_url, $handle, $secret, $issued, $lifetime, $assoc_type)
 @access private More...
 
 storeAssociation ($server_url, $association)
 This method puts an Association object into storage, retrievable by server URL and handle. More...
 
 _get_assoc ($server_url, $handle)
 @access private More...
 
 _get_assocs ($server_url)
 @access private More...
 
 removeAssociation ($server_url, $handle)
 This method removes the matching association if it's found, and returns whether the association was removed or not. More...
 
 getAssociation ($server_url, $handle=null)
 This method returns an Association object from storage that matches the server URL and, if specified, handle. More...
 
 _add_nonce ($server_url, $timestamp, $salt)
 @access private More...
 
 useNonce ($server_url, $timestamp, $salt)
 Called when using a nonce. More...
 
 _octify ($str)
 "Octifies" a binary string by returning a string with escaped octal bytes. More...
 
 _unoctify ($str)
 "Unoctifies" octal-escaped data from PostgreSQL and returns the resulting ASCII (possibly binary) string. More...
 
 cleanupNonces ()
 
 cleanupAssociations ()
 
- Public Member Functions inherited from Auth_OpenID_OpenIDStore
 storeAssociation ($server_url, $association)
 This method puts an Association object into storage, retrievable by server URL and handle. More...
 
 cleanupNonces ()
 
 cleanupAssociations ()
 
 cleanup ()
 
 supportsCleanup ()
 Report whether this storage supports cleanup. More...
 
 getAssociation ($server_url, $handle=null)
 This method returns an Association object from storage that matches the server URL and, if specified, handle. More...
 
 removeAssociation ($server_url, $handle)
 This method removes the matching association if it's found, and returns whether the association was removed or not. More...
 
 useNonce ($server_url, $timestamp, $salt)
 Called when using a nonce. More...
 
 reset ()
 Removes all entries from the store; implementation is optional. More...
 

Detailed Description

Definition at line 57 of file SQLStore.php.

Member Function Documentation

◆ _add_nonce()

Auth_OpenID_SQLStore::_add_nonce (   $server_url,
  $timestamp,
  $salt 
)

@access private

Reimplemented in Auth_OpenID_SQLiteStore.

Definition at line 454 of file SQLStore.php.

455 {
456 $sql = $this->sql['add_nonce'];
457 $result = $this->connection->query($sql, array($server_url,
459 $salt));
460 if ($this->isError($result)) {
461 $this->connection->rollback();
462 } else {
463 $this->connection->commit();
464 }
465 return $this->resultToBool($result);
466 }
$result
foreach($mandatory_scripts as $file) $timestamp
Definition: buildRTE.php:81
resultToBool($obj)
Converts a query result to a boolean.
Definition: SQLStore.php:177
isError($value)
Returns true if $value constitutes a database error; returns false otherwise.
Definition: SQLStore.php:167

References $result, $timestamp, isError(), and resultToBool().

Referenced by useNonce().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _fixSQL()

Auth_OpenID_SQLStore::_fixSQL ( )

@access private

Definition at line 239 of file SQLStore.php.

240 {
241 $replacements = array(
242 array(
243 'value' => $this->nonces_table_name,
244 'keys' => array('nonce_table',
245 'add_nonce',
246 'clean_nonce')
247 ),
248 array(
249 'value' => $this->associations_table_name,
250 'keys' => array('assoc_table',
251 'set_assoc',
252 'get_assoc',
253 'get_assocs',
254 'remove_assoc',
255 'clean_assoc')
256 )
257 );
258
259 foreach ($replacements as $item) {
260 $value = $item['value'];
261 $keys = $item['keys'];
262
263 foreach ($keys as $k) {
264 if (is_array($this->sql[$k])) {
265 foreach ($this->sql[$k] as $part_key => $part_value) {
266 $this->sql[$k][$part_key] = sprintf($part_value,
267 $value);
268 }
269 } else {
270 $this->sql[$k] = sprintf($this->sql[$k], $value);
271 }
272 }
273 }
274 }

Referenced by Auth_OpenID_SQLStore().

+ Here is the caller graph for this function:

◆ _get_assoc()

Auth_OpenID_SQLStore::_get_assoc (   $server_url,
  $handle 
)

@access private

Definition at line 354 of file SQLStore.php.

355 {
356 $result = $this->connection->getRow($this->sql['get_assoc'],
357 array($server_url, $handle));
358 if ($this->isError($result)) {
359 return null;
360 } else {
361 return $result;
362 }
363 }

References $result, and isError().

Referenced by Auth_OpenID_PostgreSQLStore\_set_assoc(), getAssociation(), and removeAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _get_assocs()

Auth_OpenID_SQLStore::_get_assocs (   $server_url)

@access private

Definition at line 368 of file SQLStore.php.

369 {
370 $result = $this->connection->getAll($this->sql['get_assocs'],
371 array($server_url));
372
373 if ($this->isError($result)) {
374 return array();
375 } else {
376 return $result;
377 }
378 }

References $result, and isError().

Referenced by getAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _octify()

Auth_OpenID_SQLStore::_octify (   $str)

"Octifies" a binary string by returning a string with escaped octal bytes.

This is used for preparing binary data for PostgreSQL BYTEA fields.

@access private

Definition at line 486 of file SQLStore.php.

487 {
488 $result = "";
489 for ($i = 0; $i < Auth_OpenID::bytes($str); $i++) {
490 $ch = substr($str, $i, 1);
491 if ($ch == "\\") {
492 $result .= "\\\\\\\\";
493 } else if (ord($ch) == 0) {
494 $result .= "\\\\000";
495 } else {
496 $result .= "\\" . strval(decoct(ord($ch)));
497 }
498 }
499 return $result;
500 }
static bytes($str)
Count the number of bytes in a string independently of multibyte support conditions.
Definition: OpenID.php:462

References $result, and Auth_OpenID\bytes().

Referenced by Auth_OpenID_PostgreSQLStore\blobEncode().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _set_assoc()

Auth_OpenID_SQLStore::_set_assoc (   $server_url,
  $handle,
  $secret,
  $issued,
  $lifetime,
  $assoc_type 
)

@access private

Reimplemented in Auth_OpenID_PostgreSQLStore.

Definition at line 321 of file SQLStore.php.

323 {
324 return $this->connection->query($this->sql['set_assoc'],
325 array(
326 $server_url,
327 $handle,
328 $secret,
329 $issued,
330 $lifetime,
331 $assoc_type));
332 }

Referenced by storeAssociation().

+ Here is the caller graph for this function:

◆ _unoctify()

Auth_OpenID_SQLStore::_unoctify (   $str)

"Unoctifies" octal-escaped data from PostgreSQL and returns the resulting ASCII (possibly binary) string.

@access private

Definition at line 508 of file SQLStore.php.

509 {
510 $result = "";
511 $i = 0;
512 while ($i < strlen($str)) {
513 $char = $str[$i];
514 if ($char == "\\") {
515 // Look to see if the next char is a backslash and
516 // append it.
517 if ($str[$i + 1] != "\\") {
518 $octal_digits = substr($str, $i + 1, 3);
519 $dec = octdec($octal_digits);
520 $char = chr($dec);
521 $i += 4;
522 } else {
523 $char = "\\";
524 $i += 2;
525 }
526 } else {
527 $i += 1;
528 }
529
530 $result .= $char;
531 }
532
533 return $result;
534 }

References $result.

Referenced by Auth_OpenID_PostgreSQLStore\blobDecode().

+ Here is the caller graph for this function:

◆ _verifySQL()

Auth_OpenID_SQLStore::_verifySQL ( )

@access private

Definition at line 211 of file SQLStore.php.

212 {
213 $missing = array();
214 $empty = array();
215
216 $required_sql_keys = array(
217 'nonce_table',
218 'assoc_table',
219 'set_assoc',
220 'get_assoc',
221 'get_assocs',
222 'remove_assoc'
223 );
224
225 foreach ($required_sql_keys as $key) {
226 if (!array_key_exists($key, $this->sql)) {
227 $missing[] = $key;
228 } else if (!$this->sql[$key]) {
229 $empty[] = $key;
230 }
231 }
232
233 return array($missing, $empty);
234 }

Referenced by Auth_OpenID_SQLStore().

+ Here is the caller graph for this function:

◆ Auth_OpenID_SQLStore()

Auth_OpenID_SQLStore::Auth_OpenID_SQLStore (   $connection,
  $associations_table = null,
  $nonces_table = null 
)

This creates a new SQLStore instance.

It requires an established database connection be given to it, and it allows overriding the default table names.

Parameters
connection$connectionThis must be an established connection to a database of the correct type for the SQLStore subclass you're using. This must either be an PEAR DB connection handle or an instance of a subclass of Auth_OpenID_DatabaseConnection.
associations_tableThis is an optional parameter to specify the name of the table used for storing associations. The default value is 'oid_associations'.
nonces_tableThis is an optional parameter to specify the name of the table used for storing nonces. The default value is 'oid_nonces'.

Definition at line 78 of file SQLStore.php.

81 {
82 $this->associations_table_name = "oid_associations";
83 $this->nonces_table_name = "oid_nonces";
84
85 // Check the connection object type to be sure it's a PEAR
86 // database connection.
87 if (!(is_object($connection) &&
88 (is_subclass_of($connection, 'db_common') ||
89 is_subclass_of($connection,
90 'auth_openid_databaseconnection')))) {
91 trigger_error("Auth_OpenID_SQLStore expected PEAR connection " .
92 "object (got ".get_class($connection).")",
93 E_USER_ERROR);
94 return;
95 }
96
97 $this->connection = $connection;
98
99 // Be sure to set the fetch mode so the results are keyed on
100 // column name instead of column index. This is a PEAR
101 // constant, so only try to use it if PEAR is present. Note
102 // that Auth_Openid_Databaseconnection instances need not
103 // implement ::setFetchMode for this reason.
104 if (is_subclass_of($this->connection, 'db_common')) {
105 $this->connection->setFetchMode(DB_FETCHMODE_ASSOC);
106 }
107
108 if ($associations_table) {
109 $this->associations_table_name = $associations_table;
110 }
111
112 if ($nonces_table) {
113 $this->nonces_table_name = $nonces_table;
114 }
115
116 $this->max_nonce_age = 6 * 60 * 60;
117
118 // Be sure to run the database queries with auto-commit mode
119 // turned OFF, because we want every function to run in a
120 // transaction, implicitly. As a rule, methods named with a
121 // leading underscore will NOT control transaction behavior.
122 // Callers of these methods will worry about transactions.
123 $this->connection->autoCommit(false);
124
125 // Create an empty SQL strings array.
126 $this->sql = array();
127
128 // Call this method (which should be overridden by subclasses)
129 // to populate the $this->sql array with SQL strings.
130 $this->setSQL();
131
132 // Verify that all required SQL statements have been set, and
133 // raise an error if any expected SQL strings were either
134 // absent or empty.
135 list($missing, $empty) = $this->_verifySQL();
136
137 if ($missing) {
138 trigger_error("Expected keys in SQL query list: " .
139 implode(", ", $missing),
140 E_USER_ERROR);
141 return;
142 }
143
144 if ($empty) {
145 trigger_error("SQL list keys have no SQL strings: " .
146 implode(", ", $empty),
147 E_USER_ERROR);
148 return;
149 }
150
151 // Add table names to queries.
152 $this->_fixSQL();
153 }
_fixSQL()
@access private
Definition: SQLStore.php:239
setSQL()
This method should be overridden by subclasses.
Definition: SQLStore.php:191
_verifySQL()
@access private
Definition: SQLStore.php:211
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10

References _fixSQL(), _verifySQL(), DB_FETCHMODE_ASSOC, and setSQL().

+ Here is the call graph for this function:

◆ blobDecode()

Auth_OpenID_SQLStore::blobDecode (   $blob)

Reimplemented in Auth_OpenID_PostgreSQLStore.

Definition at line 276 of file SQLStore.php.

277 {
278 return $blob;
279 }

Referenced by getAssociation().

+ Here is the caller graph for this function:

◆ blobEncode()

Auth_OpenID_SQLStore::blobEncode (   $str)

Reimplemented in Auth_OpenID_MySQLStore, and Auth_OpenID_PostgreSQLStore.

Definition at line 281 of file SQLStore.php.

282 {
283 return $str;
284 }

◆ cleanupAssociations()

Auth_OpenID_SQLStore::cleanupAssociations ( )

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 547 of file SQLStore.php.

548 {
549 $this->connection->query($this->sql['clean_assoc'],
550 array(time()));
551 $num = $this->connection->affectedRows();
552 $this->connection->commit();
553 return $num;
554 }

◆ cleanupNonces()

Auth_OpenID_SQLStore::cleanupNonces ( )

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 536 of file SQLStore.php.

537 {
538 global $Auth_OpenID_SKEW;
539 $v = time() - $Auth_OpenID_SKEW;
540
541 $this->connection->query($this->sql['clean_nonce'], array($v));
542 $num = $this->connection->affectedRows();
543 $this->connection->commit();
544 return $num;
545 }
global $Auth_OpenID_SKEW
Definition: Nonce.php:23

References $Auth_OpenID_SKEW.

◆ create_assoc_table()

Auth_OpenID_SQLStore::create_assoc_table ( )

Definition at line 309 of file SQLStore.php.

310 {
311 if (!$this->tableExists($this->associations_table_name)) {
312 $r = $this->connection->query($this->sql['assoc_table']);
313 return $this->resultToBool($r);
314 }
315 return true;
316 }
tableExists($table_name)
Definition: SQLStore.php:155
$r
Definition: example_031.php:79

References $r, resultToBool(), and tableExists().

Referenced by createTables().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ create_nonce_table()

Auth_OpenID_SQLStore::create_nonce_table ( )

Definition at line 300 of file SQLStore.php.

301 {
302 if (!$this->tableExists($this->nonces_table_name)) {
303 $r = $this->connection->query($this->sql['nonce_table']);
304 return $this->resultToBool($r);
305 }
306 return true;
307 }

References $r, resultToBool(), and tableExists().

Referenced by createTables().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ createTables()

Auth_OpenID_SQLStore::createTables ( )

Definition at line 286 of file SQLStore.php.

287 {
288 $this->connection->autoCommit(true);
289 $n = $this->create_nonce_table();
290 $a = $this->create_assoc_table();
291 $this->connection->autoCommit(false);
292
293 if ($n && $a) {
294 return true;
295 } else {
296 return false;
297 }
298 }
$n
Definition: RandomTest.php:80

References $n, create_assoc_table(), and create_nonce_table().

+ Here is the call graph for this function:

◆ getAssociation()

Auth_OpenID_SQLStore::getAssociation (   $server_url,
  $handle = null 
)

This method returns an Association object from storage that matches the server URL and, if specified, handle.

It returns null if no such association is found or if the matching association is expired.

If no handle is specified, the store may return any association which matches the server URL. If multiple associations are valid, the recommended return value for this method is the one most recently issued.

This method is allowed (and encouraged) to garbage collect expired associations when found. This method must not return expired associations.

Parameters
string$server_urlThe URL of the identity server to get the association for. Because of the way the server portion of the library uses this interface, don't assume there are any limitations on the character set of the input string. In particular, expect to see unescaped non-url-safe characters in the server_url field.
mixed$handleThis optional parameter is the handle of the specific association to get. If no specific handle is provided, any valid association matching the server URL is returned.
Returns
Association The Association for the given identity server.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 397 of file SQLStore.php.

398 {
399 if ($handle !== null) {
400 $assoc = $this->_get_assoc($server_url, $handle);
401
402 $assocs = array();
403 if ($assoc) {
404 $assocs[] = $assoc;
405 }
406 } else {
407 $assocs = $this->_get_assocs($server_url);
408 }
409
410 if (!$assocs || (count($assocs) == 0)) {
411 return null;
412 } else {
413 $associations = array();
414
415 foreach ($assocs as $assoc_row) {
416 $assoc = new Auth_OpenID_Association($assoc_row['handle'],
417 $assoc_row['secret'],
418 $assoc_row['issued'],
419 $assoc_row['lifetime'],
420 $assoc_row['assoc_type']);
421
422 $assoc->secret = $this->blobDecode($assoc->secret);
423
424 if ($assoc->getExpiresIn() == 0) {
425 $this->removeAssociation($server_url, $assoc->handle);
426 } else {
427 $associations[] = array($assoc->issued, $assoc);
428 }
429 }
430
431 if ($associations) {
432 $issued = array();
433 $assocs = array();
434 foreach ($associations as $key => $assoc) {
435 $issued[$key] = $assoc[0];
436 $assocs[$key] = $assoc[1];
437 }
438
439 array_multisort($issued, SORT_DESC, $assocs, SORT_DESC,
440 $associations);
441
442 // return the most recently issued one.
443 list($issued, $assoc) = $associations[0];
444 return $assoc;
445 } else {
446 return null;
447 }
448 }
449 }
_get_assoc($server_url, $handle)
@access private
Definition: SQLStore.php:354
_get_assocs($server_url)
@access private
Definition: SQLStore.php:368
removeAssociation($server_url, $handle)
This method removes the matching association if it's found, and returns whether the association was r...
Definition: SQLStore.php:380

References _get_assoc(), _get_assocs(), blobDecode(), and removeAssociation().

+ Here is the call graph for this function:

◆ isError()

Auth_OpenID_SQLStore::isError (   $value)

Returns true if $value constitutes a database error; returns false otherwise.

Definition at line 167 of file SQLStore.php.

168 {
169 return PEAR::isError($value);
170 }
isError($data, $code=null)
Tell whether a value is a PEAR error.
Definition: PEAR.php:279

References PEAR\isError().

Referenced by _add_nonce(), _get_assoc(), _get_assocs(), resultToBool(), and tableExists().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ removeAssociation()

Auth_OpenID_SQLStore::removeAssociation (   $server_url,
  $handle 
)

This method removes the matching association if it's found, and returns whether the association was removed or not.

Parameters
string$server_urlThe URL of the identity server the association to remove belongs to. Because of the way the server portion of the library uses this interface, don't assume there are any limitations on the character set of the input string. In particular, expect to see unescaped non-url-safe characters in the server_url field.
string$handleThis is the handle of the association to remove. If there isn't an association found that matches both the given URL and handle, then there was no matching handle found.
Returns
mixed Returns whether or not the given association existed.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 380 of file SQLStore.php.

381 {
382 if ($this->_get_assoc($server_url, $handle) == null) {
383 return false;
384 }
385
386 if ($this->resultToBool($this->connection->query(
387 $this->sql['remove_assoc'],
388 array($server_url, $handle)))) {
389 $this->connection->commit();
390 } else {
391 $this->connection->rollback();
392 }
393
394 return true;
395 }

References _get_assoc(), and resultToBool().

Referenced by getAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ reset()

Auth_OpenID_SQLStore::reset ( )

Resets the store by removing all records from the store's tables.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 199 of file SQLStore.php.

200 {
201 $this->connection->query(sprintf("DELETE FROM %s",
202 $this->associations_table_name));
203
204 $this->connection->query(sprintf("DELETE FROM %s",
205 $this->nonces_table_name));
206 }

◆ resultToBool()

Auth_OpenID_SQLStore::resultToBool (   $obj)

Converts a query result to a boolean.

If the result is a database error according to $this->isError(), this returns false; otherwise, this returns true.

Definition at line 177 of file SQLStore.php.

178 {
179 if ($this->isError($obj)) {
180 return false;
181 } else {
182 return true;
183 }
184 }

References isError().

Referenced by _add_nonce(), create_assoc_table(), create_nonce_table(), removeAssociation(), and storeAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setSQL()

Auth_OpenID_SQLStore::setSQL ( )

This method should be overridden by subclasses.

This method is called by the constructor to set values in $this->sql, which is an array keyed on sql name.

Reimplemented in Auth_OpenID_MySQLStore, Auth_OpenID_PostgreSQLStore, and Auth_OpenID_SQLiteStore.

Definition at line 191 of file SQLStore.php.

192 {
193 }

Referenced by Auth_OpenID_SQLStore().

+ Here is the caller graph for this function:

◆ storeAssociation()

Auth_OpenID_SQLStore::storeAssociation (   $server_url,
  $association 
)

This method puts an Association object into storage, retrievable by server URL and handle.

Parameters
string$server_urlThe URL of the identity server that this association is with. Because of the way the server portion of the library uses this interface, don't assume there are any limitations on the character set of the input string. In particular, expect to see unescaped non-url-safe characters in the server_url field.
Association$associationThe Association to store.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 334 of file SQLStore.php.

335 {
336 if ($this->resultToBool($this->_set_assoc(
337 $server_url,
338 $association->handle,
339 $this->blobEncode(
340 $association->secret),
341 $association->issued,
342 $association->lifetime,
343 $association->assoc_type
344 ))) {
345 $this->connection->commit();
346 } else {
347 $this->connection->rollback();
348 }
349 }
_set_assoc($server_url, $handle, $secret, $issued, $lifetime, $assoc_type)
@access private
Definition: SQLStore.php:321

References _set_assoc(), and resultToBool().

+ Here is the call graph for this function:

◆ tableExists()

Auth_OpenID_SQLStore::tableExists (   $table_name)

Definition at line 155 of file SQLStore.php.

156 {
157 return !$this->isError(
158 $this->connection->query(
159 sprintf("SELECT * FROM %s LIMIT 0",
160 $table_name)));
161 }

References isError().

Referenced by create_assoc_table(), and create_nonce_table().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ useNonce()

Auth_OpenID_SQLStore::useNonce (   $server_url,
  $timestamp,
  $salt 
)

Called when using a nonce.

This method should return C{True} if the nonce has not been used before, and store it for a while to make sure nobody tries to use the same value again. If the nonce has already been used, return C{False}.

Change: In earlier versions, round-trip nonces were used and a nonce was only valid if it had been previously stored with storeNonce. Version 2.0 uses one-way nonces, requiring a different implementation here that does not depend on a storeNonce call. (storeNonce is no longer part of the interface.

Parameters
string$nonceThe nonce to use.
Returns
bool Whether or not the nonce was valid.

Reimplemented from Auth_OpenID_OpenIDStore.

Definition at line 468 of file SQLStore.php.

469 {
470 global $Auth_OpenID_SKEW;
471
472 if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
473 return false;
474 }
475
476 return $this->_add_nonce($server_url, $timestamp, $salt);
477 }
_add_nonce($server_url, $timestamp, $salt)
@access private
Definition: SQLStore.php:454

References $Auth_OpenID_SKEW, $timestamp, and _add_nonce().

+ Here is the call graph for this function:

The documentation for this class was generated from the following file: