ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Private Member Functions | Static Private Member Functions
sspmod_consent_Consent_Store_Cookie Class Reference
+ Inheritance diagram for sspmod_consent_Consent_Store_Cookie:
+ Collaboration diagram for sspmod_consent_Consent_Store_Cookie:

Public Member Functions

 hasConsent ($userId, $destinationId, $attributeSet)
 Check for consent. More...
 
 saveConsent ($userId, $destinationId, $attributeSet)
 Save consent. More...
 
 deleteConsent ($userId, $destinationId)
 Delete consent. More...
 
 deleteAllConsents ($userId)
 Delete consent. More...
 
 getConsents ($userId)
 Retrieve consents. More...
 
- Public Member Functions inherited from sspmod_consent_Store
 hasConsent ($userId, $destinationId, $attributeSet)
 Check for consent. More...
 
 saveConsent ($userId, $destinationId, $attributeSet)
 Save consent. More...
 
 deleteConsent ($userId, $destinationId)
 Delete consent. More...
 
 deleteAllConsents ($userId)
 Delete all consents. More...
 
 getStatistics ()
 Get statistics for all consent given in the consent store. More...
 
 getConsents ($userId)
 Retrieve consents. More...
 

Private Member Functions

 _setConsentCookie ($name, $value)
 Helper function for setting a cookie. More...
 

Static Private Member Functions

static _sign ($data)
 Calculate a signature of some data. More...
 
static _verify ($signedData)
 Verify signed data. More...
 
static _getCookieName ($userId, $destinationId)
 Get cookie name. More...
 

Additional Inherited Members

- Static Public Member Functions inherited from sspmod_consent_Store
static parseStoreConfig ($config)
 Parse consent storage configuration. More...
 
- Protected Member Functions inherited from sspmod_consent_Store
 __construct (&$config)
 Constructor for the base class. More...
 

Detailed Description

Definition at line 21 of file Cookie.php.

Member Function Documentation

◆ _getCookieName()

static sspmod_consent_Consent_Store_Cookie::_getCookieName (   $userId,
  $destinationId 
)
staticprivate

Get cookie name.

This function gets the cookie name for the given user & destination.

Parameters
string$userIdThe hash identifying the user at an IdP.
string$destinationIdA string which identifies the destination.
Returns
string The cookie name

Definition at line 254 of file Cookie.php.

255  {
256  assert('is_string($userId)');
257  assert('is_string($destinationId)');
258 
259  return 'sspmod_consent:' . sha1($userId . ':' . $destinationId);
260  }

◆ _setConsentCookie()

sspmod_consent_Consent_Store_Cookie::_setConsentCookie (   $name,
  $value 
)
private

Helper function for setting a cookie.

Parameters
string$nameName of the cookie.
string | null$valueValue of the cookie. Set this to null to delete the cookie.
Returns
void

Definition at line 271 of file Cookie.php.

References $globalConfig, $name, $params, array, SimpleSAML_Configuration\getInstance(), and SimpleSAML\Utils\HTTP\setCookie().

Referenced by deleteConsent(), and saveConsent().

272  {
273  assert('is_string($name)');
274  assert('is_string($value) || is_null($value)');
275 
276  $globalConfig = SimpleSAML_Configuration::getInstance();
277  $params = array(
278  'lifetime' => (90*24*60*60),
279  'path' => ($globalConfig->getBasePath()),
280  'httponly' => false,
281  );
282 
283  if (\SimpleSAML\Utils\HTTP::isHTTPS()) {
284  // Enable secure cookie for https-requests
285  $params['secure'] = true;
286  } else {
287  $params['secure'] = false;
288  }
289 
290  \SimpleSAML\Utils\HTTP::setCookie($name, $value, $params, false);
291  }
$params
$params
Definition: disable.php:11
SimpleSAML
Attribute-related utility methods.
$name
if($format !==null) $name
Definition: metadata.php:146
SimpleSAML\Utils\HTTP\setCookie
static setCookie($name, $value, $params=null, $throw=true)
Set a cookie.
Definition: HTTP.php:1107
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$globalConfig
$globalConfig
Definition: authorize_403.php:13
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:297
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _sign()

static sspmod_consent_Consent_Store_Cookie::_sign (   $data)
staticprivate

Calculate a signature of some data.

This function calculates a signature of the data.

Parameters
string$dataThe data which should be signed.
Returns
string The signed data.

Definition at line 204 of file Cookie.php.

References $data, and SimpleSAML\Utils\Config\getSecretSalt().

205  {
206  assert('is_string($data)');
207 
208  $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
209 
210  return sha1($secretSalt . $data . $secretSalt) . ':' . $data;
211  }
SimpleSAML\Utils\Config\getSecretSalt
static getSecretSalt()
Retrieve the secret salt.
Definition: Config.php:49
+ Here is the call graph for this function:

◆ _verify()

static sspmod_consent_Consent_Store_Cookie::_verify (   $signedData)
staticprivate

Verify signed data.

This function verifies signed data.

Parameters
string$signedDataThe data which is signed.
Returns
string|false The data, or false if the signature is invalid.

Definition at line 223 of file Cookie.php.

References $data, and SimpleSAML\Logger\warning().

224  {
225  assert('is_string($signedData)');
226 
227  $data = explode(':', $signedData, 2);
228  if (count($data) !== 2) {
229  SimpleSAML\Logger::warning('Consent cookie: Missing signature.');
230  return false;
231  }
232  $data = $data[1];
233 
234  $newSignedData = self::_sign($data);
235  if ($newSignedData !== $signedData) {
236  SimpleSAML\Logger::warning('Consent cookie: Invalid signature.');
237  return false;
238  }
239 
240  return $data;
241  }
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
+ Here is the call graph for this function:

◆ deleteAllConsents()

sspmod_consent_Consent_Store_Cookie::deleteAllConsents (   $userId)

Delete consent.

Parameters
string$userIdThe hash identifying the user at an IdP.
Returns
void This method does not return.
Exceptions
ExceptionThis method always throws an exception indicating that it is not possible to delete all given consents with this handler.

Definition at line 137 of file Cookie.php.

138  {
139  assert('is_string($userId)');
140 
141  throw new Exception(
142  'The cookie consent handler does not support delete of all consents...'
143  );
144  }

◆ deleteConsent()

sspmod_consent_Consent_Store_Cookie::deleteConsent (   $userId,
  $destinationId 
)

Delete consent.

Called when a user revokes consent for a given destination.

Parameters
string$userIdThe hash identifying the user at an IdP.
string$destinationIdA string which identifies the destination.
Returns
void

Definition at line 117 of file Cookie.php.

References $name, and _setConsentCookie().

118  {
119  assert('is_string($userId)');
120  assert('is_string($destinationId)');
121 
122  $name = self::_getCookieName($userId, $destinationId);
123  $this->_setConsentCookie($name, null);
124  }
sspmod_consent_Consent_Store_Cookie\_setConsentCookie
_setConsentCookie($name, $value)
Helper function for setting a cookie.
Definition: Cookie.php:271
$name
if($format !==null) $name
Definition: metadata.php:146
+ Here is the call graph for this function:

◆ getConsents()

sspmod_consent_Consent_Store_Cookie::getConsents (   $userId)

Retrieve consents.

This function should return a list of consents the user has saved.

Parameters
string$userIdThe hash identifying the user at an IdP.
Returns
array Array of all destination ids the user has given consent for.

Definition at line 156 of file Cookie.php.

References $_COOKIE, $destination, $name, $ret, array, and SimpleSAML\Logger\warning().

157  {
158  assert('is_string($userId)');
159 
160  $ret = array();
161 
162  $cookieNameStart = 'sspmod_consent:';
163  $cookieNameStartLen = strlen($cookieNameStart);
164  foreach ($_COOKIE as $name => $value) {
165  if (substr($name, 0, $cookieNameStartLen) !== $cookieNameStart) {
166  continue;
167  }
168 
169  $value = self::_verify($value);
170  if ($value === false) {
171  continue;
172  }
173 
174  $tmp = explode(':', $value, 3);
175  if (count($tmp) !== 3) {
176  SimpleSAML\Logger::warning(
177  'Consent cookie with invalid value: ' . $value
178  );
179  continue;
180  }
181 
182  if ($userId !== $tmp[0]) {
183  // Wrong user
184  continue;
185  }
186 
187  $destination = $tmp[2];
188  $ret[] = $destination;
189  }
190 
191  return $ret;
192  }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
$destination
$destination
Definition: saml2-logout.php:50
$name
if($format !==null) $name
Definition: metadata.php:146
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ret
$ret
Definition: parser.php:6
+ Here is the call graph for this function:

◆ hasConsent()

sspmod_consent_Consent_Store_Cookie::hasConsent (   $userId,
  $destinationId,
  $attributeSet 
)

Check for consent.

This function checks whether a given user has authorized the release of the attributes identified by $attributeSet from $source to $destination.

Parameters
string$userIdThe hash identifying the user at an IdP.
string$destinationIdA string which identifies the destination.
string$attributeSetA hash which identifies the attributes.
Returns
bool True if the user has given consent earlier, false if not (or on error).

Definition at line 35 of file Cookie.php.

References $_COOKIE, $cookieName, $data, SimpleSAML\Logger\debug(), and SimpleSAML\Logger\info().

36  {
37  assert('is_string($userId)');
38  assert('is_string($destinationId)');
39  assert('is_string($attributeSet)');
40 
41  $cookieName = self::_getCookieName($userId, $destinationId);
42 
43  $data = $userId . ':' . $attributeSet . ':' . $destinationId;
44 
45  SimpleSAML\Logger::debug('Consent cookie - Get [' . $data . ']');
46 
47  if (!array_key_exists($cookieName, $_COOKIE)) {
48  SimpleSAML\Logger::debug(
49  'Consent cookie - no cookie with name \'' .
50  $cookieName . '\'.'
51  );
52  return false;
53  }
54  if (!is_string($_COOKIE[$cookieName])) {
55  SimpleSAML\Logger::warning(
56  'Value of consent cookie wasn\'t a string. Was: ' .
57  var_export($_COOKIE[$cookieName], true)
58  );
59  return false;
60  }
61 
62  $data = self::_sign($data);
63 
64  if ($_COOKIE[$cookieName] !== $data) {
65  SimpleSAML\Logger::info(
66  'Attribute set changed from the last time consent was given.'
67  );
68  return false;
69  }
70 
71  SimpleSAML\Logger::debug(
72  'Consent cookie - found cookie with correct name and value.'
73  );
74 
75  return true;
76  }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
$cookieName
$cookieName
Definition: authmemcookie.php:37
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201
+ Here is the call graph for this function:

◆ saveConsent()

sspmod_consent_Consent_Store_Cookie::saveConsent (   $userId,
  $destinationId,
  $attributeSet 
)

Save consent.

Called when the user asks for the consent to be saved. If consent information for the given user and destination already exists, it should be overwritten.

Parameters
string$userIdThe hash identifying the user at an IdP.
string$destinationIdA string which identifies the destination.
string$attributeSetA hash which identifies the attributes.
Returns
void

Definition at line 91 of file Cookie.php.

References $name, _setConsentCookie(), and SimpleSAML\Logger\debug().

92  {
93  assert('is_string($userId)');
94  assert('is_string($destinationId)');
95  assert('is_string($attributeSet)');
96 
97  $name = self::_getCookieName($userId, $destinationId);
98  $value = $userId . ':' . $attributeSet . ':' . $destinationId;
99 
100  SimpleSAML\Logger::debug('Consent cookie - Set [' . $value . ']');
101 
102  $value = self::_sign($value);
103  $this->_setConsentCookie($name, $value);
104  }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
sspmod_consent_Consent_Store_Cookie\_setConsentCookie
_setConsentCookie($name, $value)
Helper function for setting a cookie.
Definition: Cookie.php:271
$name
if($format !==null) $name
Definition: metadata.php:146
+ Here is the call graph for this function:
The documentation for this class was generated from the following file: