sspmod_consent_Consent_Store_Cookie Class Reference

Inheritance diagram for sspmod_consent_Consent_Store_Cookie:

Collaboration diagram for sspmod_consent_Consent_Store_Cookie:

Public Member Functions
	hasConsent ($userId, $destinationId, $attributeSet)
	Check for consent. More...
	saveConsent ($userId, $destinationId, $attributeSet)
	Save consent. More...
	deleteConsent ($userId, $destinationId)
	Delete consent. More...
	deleteAllConsents ($userId)
	Delete consent. More...
	getConsents ($userId)
	Retrieve consents. More...
Public Member Functions inherited from sspmod_consent_Store
	hasConsent ($userId, $destinationId, $attributeSet)
	Check for consent. More...
	saveConsent ($userId, $destinationId, $attributeSet)
	Save consent. More...
	deleteConsent ($userId, $destinationId)
	Delete consent. More...
	deleteAllConsents ($userId)
	Delete all consents. More...
	getStatistics ()
	Get statistics for all consent given in the consent store. More...
	getConsents ($userId)
	Retrieve consents. More...

Private Member Functions
	_setConsentCookie ($name, $value)
	Helper function for setting a cookie. More...

Static Private Member Functions
static	_sign ($data)
	Calculate a signature of some data. More...
static	_verify ($signedData)
	Verify signed data. More...
static	_getCookieName ($userId, $destinationId)
	Get cookie name. More...

Additional Inherited Members
Static Public Member Functions inherited from sspmod_consent_Store
static	parseStoreConfig ($config)
	Parse consent storage configuration. More...
Protected Member Functions inherited from sspmod_consent_Store
	__construct (&$config)
	Constructor for the base class. More...

Detailed Description

Definition at line 21 of file Cookie.php.

Member Function Documentation

_getCookieName()

static sspmod_consent_Consent_Store_Cookie::_getCookieName (   $userId,   $destinationId  )

staticprivate

Get cookie name.

This function gets the cookie name for the given user & destination.

Parameters

string	$userId	The hash identifying the user at an IdP.
string	$destinationId	A string which identifies the destination.

Returns

string The cookie name

Definition at line 254 of file Cookie.php.

    {
        assert('is_string($userId)');
        assert('is_string($destinationId)');
 
        return 'sspmod_consent:' . sha1($userId . ':' . $destinationId);
    }

Referenced by deleteConsent(), hasConsent(), and saveConsent().

Here is the caller graph for this function:

_setConsentCookie()

sspmod_consent_Consent_Store_Cookie::_setConsentCookie (   $name,   $value  )

private

Helper function for setting a cookie.

Parameters

string	$name	Name of the cookie.
string | null	$value	Value of the cookie. Set this to null to delete the cookie.

Returns

void

Definition at line 271 of file Cookie.php.

    {
        assert('is_string($name)');
        assert('is_string($value) || is_null($value)');
 
        $globalConfig = SimpleSAML_Configuration::getInstance();
        $params = array(
            'lifetime' => (90*24*60*60),
            'path' => ($globalConfig->getBasePath()),
            'httponly' => false,
        );
 
        if (\SimpleSAML\Utils\HTTP::isHTTPS()) {
            // Enable secure cookie for https-requests
            $params['secure'] = true;
        } else {
            $params['secure'] = false;
        }
 
        \SimpleSAML\Utils\HTTP::setCookie($name, $value, $params, false);
    }

References $globalConfig, $name, $params, SimpleSAML_Configuration\getInstance(), and SimpleSAML\Utils\HTTP\setCookie().

Referenced by deleteConsent(), and saveConsent().

Here is the call graph for this function:

Here is the caller graph for this function:

_sign()

static sspmod_consent_Consent_Store_Cookie::_sign (   $data )

staticprivate

Calculate a signature of some data.

This function calculates a signature of the data.

Parameters

string

$data

The data which should be signed.

Returns

string The signed data.

Definition at line 204 of file Cookie.php.

    {
        assert('is_string($data)');
 
        $secretSalt = SimpleSAML\Utils\Config::getSecretSalt();
 
        return sha1($secretSalt . $data . $secretSalt) . ':' . $data;
    }

References $data, and SimpleSAML\Utils\Config\getSecretSalt().

Referenced by _verify(), hasConsent(), and saveConsent().

Here is the call graph for this function:

Here is the caller graph for this function:

_verify()

static sspmod_consent_Consent_Store_Cookie::_verify (   $signedData )

staticprivate

Verify signed data.

This function verifies signed data.

Parameters

string

$signedData

The data which is signed.

Returns

string|false The data, or false if the signature is invalid.

Definition at line 223 of file Cookie.php.

    {
        assert('is_string($signedData)');
 
        $data = explode(':', $signedData, 2);
        if (count($data) !== 2) {
            SimpleSAML\Logger::warning('Consent cookie: Missing signature.');
            return false;
        }
        $data = $data[1];
 
        $newSignedData = self::_sign($data);
        if ($newSignedData !== $signedData) {
            SimpleSAML\Logger::warning('Consent cookie: Invalid signature.');
            return false;
        }
 
        return $data;
    }

References $data, _sign(), and SimpleSAML\Logger\warning().

Referenced by getConsents().

Here is the call graph for this function:

Here is the caller graph for this function:

deleteAllConsents()

sspmod_consent_Consent_Store_Cookie::deleteAllConsents

(

$userId

)

Delete consent.

Parameters

string

$userId

The hash identifying the user at an IdP.

Returns

void This method does not return.

Exceptions

Exception

This method always throws an exception indicating that it is not possible to delete all given consents with this handler.

Reimplemented from sspmod_consent_Store.

Definition at line 137 of file Cookie.php.

    {
        assert('is_string($userId)');
 
        throw new Exception(
            'The cookie consent handler does not support delete of all consents...'
        );
    }

deleteConsent()

sspmod_consent_Consent_Store_Cookie::deleteConsent	(		$userId,
			$destinationId
	)

Delete consent.

Called when a user revokes consent for a given destination.

Parameters

string	$userId	The hash identifying the user at an IdP.
string	$destinationId	A string which identifies the destination.

Returns

void

Reimplemented from sspmod_consent_Store.

Definition at line 117 of file Cookie.php.

    {
        assert('is_string($userId)');
        assert('is_string($destinationId)');
 
        $name = self::_getCookieName($userId, $destinationId);
        $this->_setConsentCookie($name, null);
    }

References $name, _getCookieName(), and _setConsentCookie().

Here is the call graph for this function:

getConsents()

sspmod_consent_Consent_Store_Cookie::getConsents

(

$userId

)

Retrieve consents.

This function should return a list of consents the user has saved.

Parameters

string

$userId

The hash identifying the user at an IdP.

Returns

array Array of all destination ids the user has given consent for.

Reimplemented from sspmod_consent_Store.

Definition at line 156 of file Cookie.php.

    {
        assert('is_string($userId)');
 
        $ret = array();
 
        $cookieNameStart = 'sspmod_consent:';
        $cookieNameStartLen = strlen($cookieNameStart);
        foreach ($_COOKIE as $name => $value) {
            if (substr($name, 0, $cookieNameStartLen) !== $cookieNameStart) {
                continue;
            }
 
            $value = self::_verify($value);
            if ($value === false) {
                continue;
            }
 
            $tmp = explode(':', $value, 3);
            if (count($tmp) !== 3) {
                SimpleSAML\Logger::warning(
                    'Consent cookie with invalid value: ' . $value
                );
                continue;
            }
 
            if ($userId !== $tmp[0]) {
                // Wrong user
                continue;
            }
 
            $destination = $tmp[2];
            $ret[] = $destination;
        }
 
        return $ret;
    }

References $_COOKIE, $destination, $name, $ret, _verify(), and SimpleSAML\Logger\warning().

Here is the call graph for this function:

hasConsent()

sspmod_consent_Consent_Store_Cookie::hasConsent	(		$userId,
			$destinationId,
			$attributeSet
	)

Check for consent.

This function checks whether a given user has authorized the release of the attributes identified by $attributeSet from $source to $destination.

Parameters

string	$userId	The hash identifying the user at an IdP.
string	$destinationId	A string which identifies the destination.
string	$attributeSet	A hash which identifies the attributes.

Returns

bool True if the user has given consent earlier, false if not (or on error).

Reimplemented from sspmod_consent_Store.

Definition at line 35 of file Cookie.php.

    {
        assert('is_string($userId)');
        assert('is_string($destinationId)');
        assert('is_string($attributeSet)');
 
        $cookieName = self::_getCookieName($userId, $destinationId);
 
        $data = $userId . ':' . $attributeSet . ':' . $destinationId;
 
        SimpleSAML\Logger::debug('Consent cookie - Get [' . $data . ']');
 
        if (!array_key_exists($cookieName, $_COOKIE)) {
            SimpleSAML\Logger::debug(
                'Consent cookie - no cookie with name \'' .
                $cookieName . '\'.'
            );
            return false;
        }
        if (!is_string($_COOKIE[$cookieName])) {
            SimpleSAML\Logger::warning(
                'Value of consent cookie wasn\'t a string. Was: ' .
                var_export($_COOKIE[$cookieName], true)
            );
            return false;
        }
 
        $data = self::_sign($data);
 
        if ($_COOKIE[$cookieName] !== $data) {
            SimpleSAML\Logger::info(
                'Attribute set changed from the last time consent was given.'
            );
            return false;
        }
 
        SimpleSAML\Logger::debug(
            'Consent cookie - found cookie with correct name and value.'
        );
 
        return true;
    }

References $_COOKIE, $cookieName, $data, _getCookieName(), _sign(), SimpleSAML\Logger\debug(), and SimpleSAML\Logger\info().

Here is the call graph for this function:

saveConsent()

sspmod_consent_Consent_Store_Cookie::saveConsent	(		$userId,
			$destinationId,
			$attributeSet
	)

Save consent.

Called when the user asks for the consent to be saved. If consent information for the given user and destination already exists, it should be overwritten.

Parameters

string	$userId	The hash identifying the user at an IdP.
string	$destinationId	A string which identifies the destination.
string	$attributeSet	A hash which identifies the attributes.

Returns

void

Reimplemented from sspmod_consent_Store.

Definition at line 91 of file Cookie.php.

    {
        assert('is_string($userId)');
        assert('is_string($destinationId)');
        assert('is_string($attributeSet)');
 
        $name = self::_getCookieName($userId, $destinationId);
        $value = $userId . ':' . $attributeSet . ':' . $destinationId;
 
        SimpleSAML\Logger::debug('Consent cookie - Set [' . $value . ']');
 
        $value = self::_sign($value);
        $this->_setConsentCookie($name, $value);
    }

References $name, _getCookieName(), _setConsentCookie(), _sign(), and SimpleSAML\Logger\debug().

Here is the call graph for this function:

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/modules/consent/lib/Consent/Store/Cookie.php