ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Facebook.php
Go to the documentation of this file.
1<?php
2
3require_once(dirname(dirname(__FILE__)) . '/extlibinc/base_facebook.php');
4
9class sspmod_authfacebook_Facebook extends BaseFacebook
10{
11 const FBSS_COOKIE_NAME = 'fbss';
12
13 // We can set this to a high number because the main session
14 // expiration will trump this
15 const FBSS_COOKIE_EXPIRE = 31556926; // 1 year
16
17 // Stores the shared session ID if one is set
18 protected $sharedSessionID;
19
20 // SimpleSAMLphp state array
21 protected $ssp_state;
22
35 public function __construct(array $config, &$ssp_state) {
36 $this->ssp_state = &$ssp_state;
37
38 parent::__construct($config);
39 if (!empty($config['sharedSession'])) {
40 $this->initSharedSession();
41 }
42 }
43
44 protected static $kSupportedKeys =
45 array('state', 'code', 'access_token', 'user_id');
46
47 protected function initSharedSession() {
48 $cookie_name = $this->getSharedSessionCookieName();
49 if (isset($_COOKIE[$cookie_name])) {
50 $data = $this->parseSignedRequest($_COOKIE[$cookie_name]);
51 if ($data && !empty($data['domain']) &&
52 self::isAllowedDomain($this->getHttpHost(), $data['domain'])) {
53 // good case
54 $this->sharedSessionID = $data['id'];
55 return;
56 }
57 // ignoring potentially unreachable data
58 }
59 // evil/corrupt/missing case
60 $base_domain = $this->getBaseDomain();
61 $this->sharedSessionID = md5(uniqid(mt_rand(), true));
62 $cookie_value = $this->makeSignedRequest(
63 array(
64 'domain' => $base_domain,
65 'id' => $this->sharedSessionID,
66 )
67 );
68 $_COOKIE[$cookie_name] = $cookie_value;
69 if (!headers_sent()) {
70 $expire = time() + self::FBSS_COOKIE_EXPIRE;
71 setcookie($cookie_name, $cookie_value, $expire, '/', '.'.$base_domain);
72 } else {
73 // @codeCoverageIgnoreStart
74 SimpleSAML\Logger::debug(
75 'Shared session ID cookie could not be set! You must ensure you '.
76 'create the Facebook instance before headers have been sent. This '.
77 'will cause authentication issues after the first request.'
78 );
79 // @codeCoverageIgnoreEnd
80 }
81 }
82
89 protected function setPersistentData($key, $value) {
90 if (!in_array($key, self::$kSupportedKeys)) {
91 SimpleSAML\Logger::debug("Unsupported key passed to setPersistentData: " . var_export($key, TRUE));
92 return;
93 }
94
95 $session_var_name = $this->constructSessionVariableName($key);
96 $this->ssp_state[$session_var_name] = $value;
97 }
98
99 protected function getPersistentData($key, $default = false) {
100 if (!in_array($key, self::$kSupportedKeys)) {
101 SimpleSAML\Logger::debug("Unsupported key passed to getPersistentData: " . var_export($key, TRUE));
102 return $default;
103 }
104
105 $session_var_name = $this->constructSessionVariableName($key);
106 return isset($this->ssp_state[$session_var_name]) ?
107 $this->ssp_state[$session_var_name] : $default;
108 }
109
110 protected function clearPersistentData($key) {
111 if (!in_array($key, self::$kSupportedKeys)) {
112 SimpleSAML\Logger::debug("Unsupported key passed to clearPersistentData: " . var_export($key, TRUE));
113 return;
114 }
115
116 $session_var_name = $this->constructSessionVariableName($key);
117 if (isset($this->ssp_state[$session_var_name])) {
118 unset($this->ssp_state[$session_var_name]);
119 }
120 }
121
122 protected function clearAllPersistentData() {
123 foreach (self::$kSupportedKeys as $key) {
124 $this->clearPersistentData($key);
125 }
126 if ($this->sharedSessionID) {
127 $this->deleteSharedSessionCookie();
128 }
129 }
130
131 protected function deleteSharedSessionCookie() {
132 $cookie_name = $this->getSharedSessionCookieName();
133 unset($_COOKIE[$cookie_name]);
134 $base_domain = $this->getBaseDomain();
135 setcookie($cookie_name, '', 1, '/', '.'.$base_domain);
136 }
137
138 protected function getSharedSessionCookieName() {
139 return self::FBSS_COOKIE_NAME . '_' . $this->getAppId();
140 }
141
142 protected function constructSessionVariableName($key) {
143 $parts = array('authfacebook:authdata:fb', $this->getAppId(), $key);
144 if ($this->sharedSessionID) {
145 array_unshift($parts, $this->sharedSessionID);
146 }
147 return implode('_', $parts);
148 }
149
150 protected function establishCSRFTokenState() {
151 if ($this->state === null) {
152 $this->state = SimpleSAML_Auth_State::getStateId($this->ssp_state);
153 $this->setPersistentData('state', $this->state);
154 }
155 }
156}
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
BaseFacebook
Provides access to the Facebook Platform.
Definition: base_facebook.php:119
BaseFacebook\parseSignedRequest
parseSignedRequest($signed_request)
Parses a signed_request and validates the signature.
Definition: base_facebook.php:996
BaseFacebook\getAppId
getAppId()
Get the Application ID.
Definition: base_facebook.php:256
BaseFacebook\makeSignedRequest
makeSignedRequest($data)
Makes a signed_request blob using the given data.
Definition: base_facebook.php:1026
BaseFacebook\getBaseDomain
getBaseDomain()
Get the base domain used for the cookie.
Definition: base_facebook.php:1171
php
An exception for terminatinating execution or to throw for unit testing.
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
SimpleSAML_Auth_State\getStateId
static getStateId(&$state, $rawId=false)
Retrieve the ID of a state array.
Definition: State.php:145
sspmod_authfacebook_Facebook
Extends the BaseFacebook class with the intent of using PHP sessions to store user ids and access tok...
Definition: Facebook.php:10
sspmod_authfacebook_Facebook\FBSS_COOKIE_EXPIRE
const FBSS_COOKIE_EXPIRE
Definition: Facebook.php:15
sspmod_authfacebook_Facebook\establishCSRFTokenState
establishCSRFTokenState()
Lays down a CSRF state token for this process.
Definition: Facebook.php:150
sspmod_authfacebook_Facebook\getSharedSessionCookieName
getSharedSessionCookieName()
Definition: Facebook.php:138
sspmod_authfacebook_Facebook\$sharedSessionID
$sharedSessionID
Definition: Facebook.php:18
sspmod_authfacebook_Facebook\__construct
__construct(array $config, &$ssp_state)
Identical to the parent constructor, except that we start a PHP session to store the user ID and acce...
Definition: Facebook.php:35
sspmod_authfacebook_Facebook\initSharedSession
initSharedSession()
Definition: Facebook.php:47
sspmod_authfacebook_Facebook\clearPersistentData
clearPersistentData($key)
Clear the data with $key from the persistent storage.
Definition: Facebook.php:110
sspmod_authfacebook_Facebook\constructSessionVariableName
constructSessionVariableName($key)
Definition: Facebook.php:142
sspmod_authfacebook_Facebook\$ssp_state
$ssp_state
Definition: Facebook.php:21
sspmod_authfacebook_Facebook\$kSupportedKeys
static $kSupportedKeys
Definition: Facebook.php:44
sspmod_authfacebook_Facebook\getPersistentData
getPersistentData($key, $default=false)
Get the data for $key, persisted by BaseFacebook::setPersistentData()
Definition: Facebook.php:99
sspmod_authfacebook_Facebook\setPersistentData
setPersistentData($key, $value)
Provides the implementations of the inherited abstract methods.
Definition: Facebook.php:89
sspmod_authfacebook_Facebook\deleteSharedSessionCookie
deleteSharedSessionCookie()
Definition: Facebook.php:131
sspmod_authfacebook_Facebook\clearAllPersistentData
clearAllPersistentData()
Clear all data from the persistent storage.
Definition: Facebook.php:122
sspmod_authfacebook_Facebook\FBSS_COOKIE_NAME
const FBSS_COOKIE_NAME
Definition: Facebook.php:11
$key
$key
Definition: croninfo.php:18
$expire
$expire
Definition: saml2-acs.php:140