d9/d49/LogoutStore_8php_source.html

<?php


class sspmod_saml_SP_LogoutStore {


        private static function createLogoutTable(\SimpleSAML\Store\SQL $store) {


                $tableVer = $store->getTableVersion('saml_LogoutStore');

                if ($tableVer === 2) {

                        return;

                } elseif ($tableVer === 1) {

                        /* TableVersion 2 increased the column size to 255 which is the maximum length of a FQDN. */

                        $query = 'ALTER TABLE ' . $store->prefix . '_saml_LogoutStore MODIFY _authSource VARCHAR(255) NOT NULL';

                        try {

                                $ret = $store->pdo->exec($query);

                        } catch (Exception $e) {

                                SimpleSAML\Logger::warning($store->pdo->errorInfo());

                                return;

                        }

                        $store->setTableVersion('saml_LogoutStore', 2);

                        return;

                }


                $query = 'CREATE TABLE ' . $store->prefix . '_saml_LogoutStore (

                        _authSource VARCHAR(255) NOT NULL,

                        _nameId VARCHAR(40) NOT NULL,

                        _sessionIndex VARCHAR(50) NOT NULL,

                        _expire TIMESTAMP NOT NULL,

                        _sessionId VARCHAR(50) NOT NULL,

                        UNIQUE (_authSource, _nameID, _sessionIndex)

                )';

                $store->pdo->exec($query);


                $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_expire ON '  . $store->prefix . '_saml_LogoutStore (_expire)';

                $store->pdo->exec($query);


                $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_nameId ON '  . $store->prefix . '_saml_LogoutStore (_authSource, _nameId)';

                $store->pdo->exec($query);


                $store->setTableVersion('saml_LogoutStore', 2);

        }


        private static function cleanLogoutStore(\SimpleSAML\Store\SQL $store) {


                SimpleSAML\Logger::debug('saml.LogoutStore: Cleaning logout store.');


                $query = 'DELETE FROM ' . $store->prefix . '_saml_LogoutStore WHERE _expire < :now';

                $params = array('now' => gmdate('Y-m-d H:i:s'));


                $query = $store->pdo->prepare($query);

                $query->execute($params);

        }


        private static function addSessionSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId) {

                assert('is_string($authId)');

                assert('is_string($nameId)');

                assert('is_string($sessionIndex)');

                assert('is_string($sessionId)');

                assert('is_int($expire)');


                self::createLogoutTable($store);


                if (rand(0, 1000) < 10) {

                        self::cleanLogoutStore($store);

                }


                $data = array(

                        '_authSource' => $authId,

                        '_nameId' => $nameId,

                        '_sessionIndex' => $sessionIndex,

                        '_expire' => gmdate('Y-m-d H:i:s', $expire),

                        '_sessionId' => $sessionId,

                );

                $store->insertOrUpdate($store->prefix . '_saml_LogoutStore', array('_authSource', '_nameId', '_sessionIndex'), $data);

        }


        private static function getSessionsSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId) {

                assert('is_string($authId)');

                assert('is_string($nameId)');


                self::createLogoutTable($store);


                $params = array(

                        '_authSource' => $authId,

                        '_nameId' => $nameId,

                        'now' => gmdate('Y-m-d H:i:s'),

                );


                // We request the columns in lowercase in order to be compatible with PostgreSQL

                $query = 'SELECT _sessionIndex AS _sessionindex, _sessionId AS _sessionid FROM ' . $store->prefix . '_saml_LogoutStore' .

                        ' WHERE _authSource = :_authSource AND _nameId = :_nameId AND _expire >= :now';

                $query = $store->pdo->prepare($query);

                $query->execute($params);


                $res = array();

                while ( ($row = $query->fetch(PDO::FETCH_ASSOC)) !== FALSE) {

                        $res[$row['_sessionindex']] = $row['_sessionid'];

                }


                return $res;

        }


        private static function getSessionsStore(\SimpleSAML\Store $store, $authId, $nameId, array $sessionIndexes) {

                assert('is_string($authId)');

                assert('is_string($nameId)');


                $res = array();

                foreach ($sessionIndexes as $sessionIndex) {

                        $sessionId = $store->get('saml.LogoutStore', $nameId . ':' . $sessionIndex);

                        if ($sessionId === NULL) {

                                continue;

                        }

                        assert('is_string($sessionId)');

                        $res[$sessionIndex] = $sessionId;

                }


                return $res;

        }


        public static function addSession($authId, $nameId, $sessionIndex, $expire) {

                assert('is_string($authId)');

                assert('is_string($sessionIndex) || is_null($sessionIndex)');

                assert('is_int($expire)');


                if ($sessionIndex === NULL) {

                        /* This IdP apparently did not include a SessionIndex, and thus probably does not

                         * support SLO. We still want to add the session to the data store just in case

                         * it supports SLO, but we don't want an LogoutRequest with a specific

                         * SessionIndex to match this session. We therefore generate our own session index.

                         */

                        $sessionIndex = SimpleSAML\Utils\Random::generateID();

                }


                $store = \SimpleSAML\Store::getInstance();

                if ($store === FALSE) {

                        // We don't have a datastore.

                        return;

                }


                // serialize and anonymize the NameID

        // TODO: remove this conditional statement

                if (is_array($nameId)) {

                        $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);

                }

                $strNameId = serialize($nameId);

                $strNameId = sha1($strNameId);


                /* Normalize SessionIndex. */

                if (strlen($sessionIndex) > 50) {

                        $sessionIndex = sha1($sessionIndex);

                }


                $session = SimpleSAML_Session::getSessionFromRequest();

                $sessionId = $session->getSessionId();


                if ($store instanceof \SimpleSAML\Store\SQL) {

                        self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId);

                } else {

                        $store->set('saml.LogoutStore', $strNameId . ':' . $sessionIndex, $sessionId, $expire);

                }

        }


        public static function logoutSessions($authId, $nameId, array $sessionIndexes) {

                assert('is_string($authId)');


                $store = \SimpleSAML\Store::getInstance();

                if ($store === FALSE) {

                        /* We don't have a datastore. */

                        return FALSE;

                }


                // serialize and anonymize the NameID

                // TODO: remove this conditional statement

                if (is_array($nameId)) {

                        $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);

                }

                $strNameId = serialize($nameId);

                $strNameId = sha1($strNameId);


                /* Normalize SessionIndexes. */

                foreach ($sessionIndexes as &$sessionIndex) {

                        assert('is_string($sessionIndex)');

                        if (strlen($sessionIndex) > 50) {

                                $sessionIndex = sha1($sessionIndex);

                        }

                }

                unset($sessionIndex); // Remove reference


                if ($store instanceof \SimpleSAML\Store\SQL) {

                        $sessions = self::getSessionsSQL($store, $authId, $strNameId);

                } elseif (empty($sessionIndexes)) {

                        /* We cannot fetch all sessions without a SQL store. */

                        return FALSE;

                } else {

                        $sessions = self::getSessionsStore($store, $authId, $strNameId, $sessionIndexes);


                }


                if (empty($sessionIndexes)) {

                        $sessionIndexes = array_keys($sessions);

                }


                $sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();


                $numLoggedOut = 0;

                foreach ($sessionIndexes as $sessionIndex) {

                        if (!isset($sessions[$sessionIndex])) {

                                SimpleSAML\Logger::info('saml.LogoutStore: Logout requested for unknown SessionIndex.');

                                continue;

                        }


                        $sessionId = $sessions[$sessionIndex];


                        $session = SimpleSAML_Session::getSession($sessionId);

                        if ($session === NULL) {

                                SimpleSAML\Logger::info('saml.LogoutStore: Skipping logout of missing session.');

                                continue;

                        }


                        if (!$session->isValid($authId)) {

                                SimpleSAML\Logger::info('saml.LogoutStore: Skipping logout of session because it isn\'t authenticated.');

                                continue;

                        }


                        SimpleSAML\Logger::info('saml.LogoutStore: Logging out of session with trackId [' . $session->getTrackID() . '].');

                        $session->doLogout($authId);

                        $numLoggedOut += 1;

                }


                return $numLoggedOut;

        }


}

$row
$row
Definition: 10autofilter-selection-1.php:74

php
An exception for terminatinating execution or to throw for unit testing.

SAML2\XML\saml\NameIDType\fromArray
static fromArray(array $nameId)
Create a \SAML2\XML\saml\NameID object from an array with its contents.
Definition: NameIDType.php:87

SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201

SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179

SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213

SimpleSAML\SessionHandler\getSessionHandler
static getSessionHandler()
This function retrieves the current instance of the session handler.
Definition: SessionHandler.php:38

SimpleSAML\Store\getInstance
static getInstance()
Retrieve our singleton instance.
Definition: Store.php:31

SimpleSAML\Utils\Random\generateID
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26

SimpleSAML_Session\getSession
static getSession($sessionId=null)
Get a session from the session handler.
Definition: Session.php:317

SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:243

sspmod_saml_SP_LogoutStore
Definition: LogoutStore.php:8

sspmod_saml_SP_LogoutStore\addSession
static addSession($authId, $nameId, $sessionIndex, $expire)
Register a new session in the datastore.
Definition: LogoutStore.php:177

sspmod_saml_SP_LogoutStore\cleanLogoutStore
static cleanLogoutStore(\SimpleSAML\Store\SQL $store)
Clean the logout table of expired entries.
Definition: LogoutStore.php:58

sspmod_saml_SP_LogoutStore\addSessionSQL
static addSessionSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId)
Register a session in the SQL datastore.
Definition: LogoutStore.php:78

sspmod_saml_SP_LogoutStore\getSessionsSQL
static getSessionsSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId)
Retrieve sessions from the SQL datastore.
Definition: LogoutStore.php:110

sspmod_saml_SP_LogoutStore\getSessionsStore
static getSessionsStore(\SimpleSAML\Store $store, $authId, $nameId, array $sessionIndexes)
Retrieve all session IDs from a key-value store.
Definition: LogoutStore.php:146

sspmod_saml_SP_LogoutStore\createLogoutTable
static createLogoutTable(\SimpleSAML\Store\SQL $store)
Create logout table in SQL, if it is missing.
Definition: LogoutStore.php:15

$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11

$nameId
$nameId
Definition: saml2-acs.php:138

$expire
$expire
Definition: saml2-acs.php:140

$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139

SimpleSAML
Attribute-related utility methods.

$ret
$ret
Definition: parser.php:6

$query
$query
Definition: proxy_ylocal.php:13

$session
$session
Definition: proxy_ylocal.php:32

$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

$data
$data
Definition: test-settings.sample.php:14

$params
$params
Definition: disable.php:11