ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Static Public Member Functions | Static Private Member Functions
sspmod_saml_SP_LogoutStore Class Reference
+ Collaboration diagram for sspmod_saml_SP_LogoutStore:

Static Public Member Functions

static addSession ($authId, $nameId, $sessionIndex, $expire)
 Register a new session in the datastore. More...
 

Static Private Member Functions

static createLogoutTable (\SimpleSAML\Store\SQL $store)
 Create logout table in SQL, if it is missing. More...
 
static cleanLogoutStore (\SimpleSAML\Store\SQL $store)
 Clean the logout table of expired entries. More...
 
static addSessionSQL (\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId)
 Register a session in the SQL datastore. More...
 
static getSessionsSQL (\SimpleSAML\Store\SQL $store, $authId, $nameId)
 Retrieve sessions from the SQL datastore. More...
 
static getSessionsStore (\SimpleSAML\Store $store, $authId, $nameId, array $sessionIndexes)
 Retrieve all session IDs from a key-value store. More...
 

Detailed Description

Definition at line 8 of file LogoutStore.php.

Member Function Documentation

◆ addSession()

static sspmod_saml_SP_LogoutStore::addSession (   $authId,
  $nameId,
  $sessionIndex,
  $expire 
)
static

Register a new session in the datastore.

Please observe the change of the signature in this method. Previously, the second parameter ($nameId) was forced to be an array. However, it has no type restriction now, and the documentation states it must be a \SAML2\XML\saml\NameID object. Currently, this function still accepts an array passed as $nameId, and will silently convert it to a \SAML2\XML\saml\NameID object. This is done to keep backwards-compatibility, though will no longer be possible in the future as the $nameId parameter will be required to be an object.

Parameters
string$authIdThe authsource ID.
\SAML2\XML\saml\NameID$nameIdThe NameID of the user.
string | NULL$sessionIndexThe SessionIndex of the user.

Definition at line 177 of file LogoutStore.php.

177 {
178 assert('is_string($authId)');
179 assert('is_string($sessionIndex) || is_null($sessionIndex)');
180 assert('is_int($expire)');
181
182 if ($sessionIndex === NULL) {
183 /* This IdP apparently did not include a SessionIndex, and thus probably does not
184 * support SLO. We still want to add the session to the data store just in case
185 * it supports SLO, but we don't want an LogoutRequest with a specific
186 * SessionIndex to match this session. We therefore generate our own session index.
187 */
188 $sessionIndex = SimpleSAML\Utils\Random::generateID();
189 }
190
191 $store = \SimpleSAML\Store::getInstance();
192 if ($store === FALSE) {
193 // We don't have a datastore.
194 return;
195 }
196
197 // serialize and anonymize the NameID
198 // TODO: remove this conditional statement
199 if (is_array($nameId)) {
200 $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);
201 }
202 $strNameId = serialize($nameId);
203 $strNameId = sha1($strNameId);
204
205 /* Normalize SessionIndex. */
206 if (strlen($sessionIndex) > 50) {
207 $sessionIndex = sha1($sessionIndex);
208 }
209
210 $session = SimpleSAML_Session::getSessionFromRequest();
211 $sessionId = $session->getSessionId();
212
213 if ($store instanceof \SimpleSAML\Store\SQL) {
214 self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId);
215 } else {
216 $store->set('saml.LogoutStore', $strNameId . ':' . $sessionIndex, $sessionId, $expire);
217 }
218 }
SAML2\XML\saml\NameIDType\fromArray
static fromArray(array $nameId)
Create a \SAML2\XML\saml\NameID object from an array with its contents.
Definition: NameIDType.php:87
SimpleSAML\Store\getInstance
static getInstance()
Retrieve our singleton instance.
Definition: Store.php:31
SimpleSAML\Utils\Random\generateID
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:243
sspmod_saml_SP_LogoutStore\addSessionSQL
static addSessionSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId)
Register a session in the SQL datastore.
Definition: LogoutStore.php:78
$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11
$nameId
$nameId
Definition: saml2-acs.php:138
$expire
$expire
Definition: saml2-acs.php:140
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
SimpleSAML
Attribute-related utility methods.
$session
$session
Definition: proxy_ylocal.php:32

References $expire, $nameId, $session, $sessionIndex, $store, addSessionSQL(), SAML2\XML\saml\NameIDType\fromArray(), SimpleSAML\Utils\Random\generateID(), SimpleSAML\Store\getInstance(), and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ addSessionSQL()

static sspmod_saml_SP_LogoutStore::addSessionSQL ( \SimpleSAML\Store\SQL  $store,
  $authId,
  $nameId,
  $sessionIndex,
  $expire,
  $sessionId 
)
staticprivate

Register a session in the SQL datastore.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.
string$authIdThe authsource ID.
string$nameIdThe hash of the users NameID.
string$sessionIndexThe SessionIndex of the user.

Definition at line 78 of file LogoutStore.php.

78 {
79 assert('is_string($authId)');
80 assert('is_string($nameId)');
81 assert('is_string($sessionIndex)');
82 assert('is_string($sessionId)');
83 assert('is_int($expire)');
84
85 self::createLogoutTable($store);
86
87 if (rand(0, 1000) < 10) {
88 self::cleanLogoutStore($store);
89 }
90
91 $data = array(
92 '_authSource' => $authId,
93 '_nameId' => $nameId,
94 '_sessionIndex' => $sessionIndex,
95 '_expire' => gmdate('Y-m-d H:i:s', $expire),
96 '_sessionId' => $sessionId,
97 );
98 $store->insertOrUpdate($store->prefix . '_saml_LogoutStore', array('_authSource', '_nameId', '_sessionIndex'), $data);
99 }
sspmod_saml_SP_LogoutStore\cleanLogoutStore
static cleanLogoutStore(\SimpleSAML\Store\SQL $store)
Clean the logout table of expired entries.
Definition: LogoutStore.php:58
sspmod_saml_SP_LogoutStore\createLogoutTable
static createLogoutTable(\SimpleSAML\Store\SQL $store)
Create logout table in SQL, if it is missing.
Definition: LogoutStore.php:15

References $data, $expire, $nameId, $sessionIndex, $store, cleanLogoutStore(), and createLogoutTable().

Referenced by addSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cleanLogoutStore()

static sspmod_saml_SP_LogoutStore::cleanLogoutStore ( \SimpleSAML\Store\SQL  $store)
staticprivate

Clean the logout table of expired entries.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.

Definition at line 58 of file LogoutStore.php.

58 {
59
60 SimpleSAML\Logger::debug('saml.LogoutStore: Cleaning logout store.');
61
62 $query = 'DELETE FROM ' . $store->prefix . '_saml_LogoutStore WHERE _expire < :now';
63 $params = array('now' => gmdate('Y-m-d H:i:s'));
64
65 $query = $store->pdo->prepare($query);
66 $query->execute($params);
67 }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213
$query
$query
Definition: proxy_ylocal.php:13
$params
$params
Definition: disable.php:11

References $params, $query, $store, and SimpleSAML\Logger\debug().

Referenced by addSessionSQL().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ createLogoutTable()

static sspmod_saml_SP_LogoutStore::createLogoutTable ( \SimpleSAML\Store\SQL  $store)
staticprivate

Create logout table in SQL, if it is missing.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.

Definition at line 15 of file LogoutStore.php.

15 {
16
17 $tableVer = $store->getTableVersion('saml_LogoutStore');
18 if ($tableVer === 2) {
19 return;
20 } elseif ($tableVer === 1) {
21 /* TableVersion 2 increased the column size to 255 which is the maximum length of a FQDN. */
22 $query = 'ALTER TABLE ' . $store->prefix . '_saml_LogoutStore MODIFY _authSource VARCHAR(255) NOT NULL';
23 try {
24 $ret = $store->pdo->exec($query);
25 } catch (Exception $e) {
26 SimpleSAML\Logger::warning($store->pdo->errorInfo());
27 return;
28 }
29 $store->setTableVersion('saml_LogoutStore', 2);
30 return;
31 }
32
33 $query = 'CREATE TABLE ' . $store->prefix . '_saml_LogoutStore (
34 _authSource VARCHAR(255) NOT NULL,
35 _nameId VARCHAR(40) NOT NULL,
36 _sessionIndex VARCHAR(50) NOT NULL,
37 _expire TIMESTAMP NOT NULL,
38 _sessionId VARCHAR(50) NOT NULL,
39 UNIQUE (_authSource, _nameID, _sessionIndex)
40 )';
41 $store->pdo->exec($query);
42
43 $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_expire ON ' . $store->prefix . '_saml_LogoutStore (_expire)';
44 $store->pdo->exec($query);
45
46 $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_nameId ON ' . $store->prefix . '_saml_LogoutStore (_authSource, _nameId)';
47 $store->pdo->exec($query);
48
49 $store->setTableVersion('saml_LogoutStore', 2);
50 }
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179
$ret
$ret
Definition: parser.php:6

References $query, $ret, $store, and SimpleSAML\Logger\warning().

Referenced by addSessionSQL(), and getSessionsSQL().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSessionsSQL()

static sspmod_saml_SP_LogoutStore::getSessionsSQL ( \SimpleSAML\Store\SQL  $store,
  $authId,
  $nameId 
)
staticprivate

Retrieve sessions from the SQL datastore.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.
string$authIdThe authsource ID.
string$nameIdThe hash of the users NameID.
Returns
array Associative array of SessionIndex => SessionId.

Definition at line 110 of file LogoutStore.php.

110 {
111 assert('is_string($authId)');
112 assert('is_string($nameId)');
113
114 self::createLogoutTable($store);
115
116 $params = array(
117 '_authSource' => $authId,
118 '_nameId' => $nameId,
119 'now' => gmdate('Y-m-d H:i:s'),
120 );
121
122 // We request the columns in lowercase in order to be compatible with PostgreSQL
123 $query = 'SELECT _sessionIndex AS _sessionindex, _sessionId AS _sessionid FROM ' . $store->prefix . '_saml_LogoutStore' .
124 ' WHERE _authSource = :_authSource AND _nameId = :_nameId AND _expire >= :now';
125 $query = $store->pdo->prepare($query);
126 $query->execute($params);
127
128 $res = array();
129 while ( ($row = $query->fetch(PDO::FETCH_ASSOC)) !== FALSE) {
130 $res[$row['_sessionindex']] = $row['_sessionid'];
131 }
132
133 return $res;
134 }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

References $nameId, $params, $query, $res, $row, $store, and createLogoutTable().

+ Here is the call graph for this function:

◆ getSessionsStore()

static sspmod_saml_SP_LogoutStore::getSessionsStore ( \SimpleSAML\Store  $store,
  $authId,
  $nameId,
array  $sessionIndexes 
)
staticprivate

Retrieve all session IDs from a key-value store.

Parameters
\SimpleSAML\Store$storeThe datastore.
string$authIdThe authsource ID.
string$nameIdThe hash of the users NameID.
array$sessionIndexesThe session indexes.
Returns
array Associative array of SessionIndex => SessionId.

Definition at line 146 of file LogoutStore.php.

146 {
147 assert('is_string($authId)');
148 assert('is_string($nameId)');
149
150 $res = array();
151 foreach ($sessionIndexes as $sessionIndex) {
152 $sessionId = $store->get('saml.LogoutStore', $nameId . ':' . $sessionIndex);
153 if ($sessionId === NULL) {
154 continue;
155 }
156 assert('is_string($sessionId)');
157 $res[$sessionIndex] = $sessionId;
158 }
159
160 return $res;
161 }

References $nameId, $res, $sessionIndex, and $store.

The documentation for this class was generated from the following file: