d9/d49/LogoutStore_8php_source.html

 <?php

 class sspmod_saml_SP_LogoutStore {

         private static function createLogoutTable(\SimpleSAML\Store\SQL $store) {

                 $tableVer = $store->getTableVersion('saml_LogoutStore');
                 if ($tableVer === 2) {
                         return;
                 } elseif ($tableVer === 1) {
                         /* TableVersion 2 increased the column size to 255 which is the maximum length of a FQDN. */
                         $query = 'ALTER TABLE ' . $store->prefix . '_saml_LogoutStore MODIFY _authSource VARCHAR(255) NOT NULL';
                         try {
                                 $ret = $store->pdo->exec($query);
                         } catch (Exception $e) {
                                 SimpleSAML\Logger::warning($store->pdo->errorInfo());
                                 return;
                         }
                         $store->setTableVersion('saml_LogoutStore', 2);
                         return;
                 }

                 $query = 'CREATE TABLE ' . $store->prefix . '_saml_LogoutStore (
                         _authSource VARCHAR(255) NOT NULL,
                         _nameId VARCHAR(40) NOT NULL,
                         _sessionIndex VARCHAR(50) NOT NULL,
                         _expire TIMESTAMP NOT NULL,
                         _sessionId VARCHAR(50) NOT NULL,
                         UNIQUE (_authSource, _nameID, _sessionIndex)
                 )';
                 $store->pdo->exec($query);

                 $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_expire ON '  . $store->prefix . '_saml_LogoutStore (_expire)';
                 $store->pdo->exec($query);

                 $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_nameId ON '  . $store->prefix . '_saml_LogoutStore (_authSource, _nameId)';
                 $store->pdo->exec($query);

                 $store->setTableVersion('saml_LogoutStore', 2);
         }


         private static function cleanLogoutStore(\SimpleSAML\Store\SQL $store) {

                 SimpleSAML\Logger::debug('saml.LogoutStore: Cleaning logout store.');

                 $query = 'DELETE FROM ' . $store->prefix . '_saml_LogoutStore WHERE _expire < :now';
                 $params = array('now' => gmdate('Y-m-d H:i:s'));

                 $query = $store->pdo->prepare($query);
                 $query->execute($params);
         }


         private static function addSessionSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId) {
                 assert('is_string($authId)');
                 assert('is_string($nameId)');
                 assert('is_string($sessionIndex)');
                 assert('is_string($sessionId)');
                 assert('is_int($expire)');

                 self::createLogoutTable($store);

                 if (rand(0, 1000) < 10) {
                         self::cleanLogoutStore($store);
                 }

                 $data = array(
                         '_authSource' => $authId,
                         '_nameId' => $nameId,
                         '_sessionIndex' => $sessionIndex,
                         '_expire' => gmdate('Y-m-d H:i:s', $expire),
                         '_sessionId' => $sessionId,
                 );
                 $store->insertOrUpdate($store->prefix . '_saml_LogoutStore', array('_authSource', '_nameId', '_sessionIndex'), $data);
         }


         private static function getSessionsSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId) {
                 assert('is_string($authId)');
                 assert('is_string($nameId)');

                 self::createLogoutTable($store);

                 $params = array(
                         '_authSource' => $authId,
                         '_nameId' => $nameId,
                         'now' => gmdate('Y-m-d H:i:s'),
                 );

                 // We request the columns in lowercase in order to be compatible with PostgreSQL
                 $query = 'SELECT _sessionIndex AS _sessionindex, _sessionId AS _sessionid FROM ' . $store->prefix . '_saml_LogoutStore' .
                         ' WHERE _authSource = :_authSource AND _nameId = :_nameId AND _expire >= :now';
                 $query = $store->pdo->prepare($query);
                 $query->execute($params);

                 $res = array();
                 while ( ($row = $query->fetch(PDO::FETCH_ASSOC)) !== FALSE) {
                         $res[$row['_sessionindex']] = $row['_sessionid'];
                 }

                 return $res;
         }


         private static function getSessionsStore(\SimpleSAML\Store $store, $authId, $nameId, array $sessionIndexes) {
                 assert('is_string($authId)');
                 assert('is_string($nameId)');

                 $res = array();
                 foreach ($sessionIndexes as $sessionIndex) {
                         $sessionId = $store->get('saml.LogoutStore', $nameId . ':' . $sessionIndex);
                         if ($sessionId === NULL) {
                                 continue;
                         }
                         assert('is_string($sessionId)');
                         $res[$sessionIndex] = $sessionId;
                 }

                 return $res;
         }


         public static function addSession($authId, $nameId, $sessionIndex, $expire) {
                 assert('is_string($authId)');
                 assert('is_string($sessionIndex) || is_null($sessionIndex)');
                 assert('is_int($expire)');

                 if ($sessionIndex === NULL) {
                         /* This IdP apparently did not include a SessionIndex, and thus probably does not
                          * support SLO. We still want to add the session to the data store just in case
                          * it supports SLO, but we don't want an LogoutRequest with a specific
                          * SessionIndex to match this session. We therefore generate our own session index.
                          */
                         $sessionIndex = SimpleSAML\Utils\Random::generateID();
                 }

                 $store = \SimpleSAML\Store::getInstance();
                 if ($store === FALSE) {
                         // We don't have a datastore.
                         return;
                 }

                 // serialize and anonymize the NameID
         // TODO: remove this conditional statement
                 if (is_array($nameId)) {
                         $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);
                 }
                 $strNameId = serialize($nameId);
                 $strNameId = sha1($strNameId);

                 /* Normalize SessionIndex. */
                 if (strlen($sessionIndex) > 50) {
                         $sessionIndex = sha1($sessionIndex);
                 }

                 $session = SimpleSAML_Session::getSessionFromRequest();
                 $sessionId = $session->getSessionId();

                 if ($store instanceof \SimpleSAML\Store\SQL) {
                         self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId);
                 } else {
                         $store->set('saml.LogoutStore', $strNameId . ':' . $sessionIndex, $sessionId, $expire);
                 }
         }


         public static function logoutSessions($authId, $nameId, array $sessionIndexes) {
                 assert('is_string($authId)');

                 $store = \SimpleSAML\Store::getInstance();
                 if ($store === FALSE) {
                         /* We don't have a datastore. */
                         return FALSE;
                 }

                 // serialize and anonymize the NameID
                 // TODO: remove this conditional statement
                 if (is_array($nameId)) {
                         $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);
                 }
                 $strNameId = serialize($nameId);
                 $strNameId = sha1($strNameId);

                 /* Normalize SessionIndexes. */
                 foreach ($sessionIndexes as &$sessionIndex) {
                         assert('is_string($sessionIndex)');
                         if (strlen($sessionIndex) > 50) {
                                 $sessionIndex = sha1($sessionIndex);
                         }
                 }
                 unset($sessionIndex); // Remove reference

                 if ($store instanceof \SimpleSAML\Store\SQL) {
                         $sessions = self::getSessionsSQL($store, $authId, $strNameId);
                 } elseif (empty($sessionIndexes)) {
                         /* We cannot fetch all sessions without a SQL store. */
                         return FALSE;
                 } else {
                         $sessions = self::getSessionsStore($store, $authId, $strNameId, $sessionIndexes);

                 }

                 if (empty($sessionIndexes)) {
                         $sessionIndexes = array_keys($sessions);
                 }

                 $sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();

                 $numLoggedOut = 0;
                 foreach ($sessionIndexes as $sessionIndex) {
                         if (!isset($sessions[$sessionIndex])) {
                                 SimpleSAML\Logger::info('saml.LogoutStore: Logout requested for unknown SessionIndex.');
                                 continue;
                         }

                         $sessionId = $sessions[$sessionIndex];

                         $session = SimpleSAML_Session::getSession($sessionId);
                         if ($session === NULL) {
                                 SimpleSAML\Logger::info('saml.LogoutStore: Skipping logout of missing session.');
                                 continue;
                         }

                         if (!$session->isValid($authId)) {
                                 SimpleSAML\Logger::info('saml.LogoutStore: Skipping logout of session because it isn\'t authenticated.');
                                 continue;
                         }

                         SimpleSAML\Logger::info('saml.LogoutStore: Logging out of session with trackId [' . $session->getTrackID() . '].');
                         $session->doLogout($authId);
                         $numLoggedOut += 1;
                 }

                 return $numLoggedOut;
         }

 }
$params
$params
Definition: disable.php:11

$expire
$expire
Definition: saml2-acs.php:140

SimpleSAML\Utils\Random\generateID
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26

sspmod_saml_SP_LogoutStore\addSession
static addSession($authId, $nameId, $sessionIndex, $expire)
Register a new session in the datastore.
Definition: LogoutStore.php:177

sspmod_saml_SP_LogoutStore\getSessionsStore
static getSessionsStore(\SimpleSAML\Store $store, $authId, $nameId, array $sessionIndexes)
Retrieve all session IDs from a key-value store.
Definition: LogoutStore.php:146

sspmod_saml_SP_LogoutStore\cleanLogoutStore
static cleanLogoutStore(\SimpleSAML\Store\SQL $store)
Clean the logout table of expired entries.
Definition: LogoutStore.php:58

SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213

sspmod_saml_SP_LogoutStore\getSessionsSQL
static getSessionsSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId)
Retrieve sessions from the SQL datastore.
Definition: LogoutStore.php:110

$session
$session
Definition: proxy_ylocal.php:32

$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139

sspmod_saml_SP_LogoutStore
Definition: LogoutStore.php:8

SimpleSAML_Session\getSession
static getSession($sessionId=null)
Get a session from the session handler.
Definition: Session.php:317

$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11

$nameId
$nameId
Definition: saml2-acs.php:138

SimpleSAML
Attribute-related utility methods.

SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201

$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

sspmod_saml_SP_LogoutStore\addSessionSQL
static addSessionSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId)
Register a session in the SQL datastore.
Definition: LogoutStore.php:78

SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179

$data
$data
Definition: test-settings.sample.php:14

$query
$query
Definition: proxy_ylocal.php:13

array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

SimpleSAML\SessionHandler\getSessionHandler
static getSessionHandler()
This function retrieves the current instance of the session handler.
Definition: SessionHandler.php:38

$ret
$ret
Definition: parser.php:6

$row
$row
Definition: 10autofilter-selection-1.php:74

SimpleSAML\Store\getInstance
static getInstance()
Retrieve our singleton instance.
Definition: Store.php:31

SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:243

sspmod_saml_SP_LogoutStore\createLogoutTable
static createLogoutTable(\SimpleSAML\Store\SQL $store)
Create logout table in SQL, if it is missing.
Definition: LogoutStore.php:15

SAML2\XML\saml\NameIDType\fromArray
static fromArray(array $nameId)
Create a  object from an array with its contents.
Definition: NameIDType.php:87

Exception