ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Static Public Member Functions | Static Private Member Functions
sspmod_saml_SP_LogoutStore Class Reference
+ Collaboration diagram for sspmod_saml_SP_LogoutStore:

Static Public Member Functions

static addSession ($authId, $nameId, $sessionIndex, $expire)
 Register a new session in the datastore. More...
 

Static Private Member Functions

static createLogoutTable (\SimpleSAML\Store\SQL $store)
 Create logout table in SQL, if it is missing. More...
 
static cleanLogoutStore (\SimpleSAML\Store\SQL $store)
 Clean the logout table of expired entries. More...
 
static addSessionSQL (\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId)
 Register a session in the SQL datastore. More...
 
static getSessionsSQL (\SimpleSAML\Store\SQL $store, $authId, $nameId)
 Retrieve sessions from the SQL datastore. More...
 
static getSessionsStore (\SimpleSAML\Store $store, $authId, $nameId, array $sessionIndexes)
 Retrieve all session IDs from a key-value store. More...
 

Detailed Description

Definition at line 8 of file LogoutStore.php.

Member Function Documentation

◆ addSession()

static sspmod_saml_SP_LogoutStore::addSession (   $authId,
  $nameId,
  $sessionIndex,
  $expire 
)
static

Register a new session in the datastore.

Please observe the change of the signature in this method. Previously, the second parameter ($nameId) was forced to be an array. However, it has no type restriction now, and the documentation states it must be a object. Currently, this function still accepts an array passed as $nameId, and will silently convert it to a object. This is done to keep backwards-compatibility, though will no longer be possible in the future as the $nameId parameter will be required to be an object.

Parameters
string$authIdThe authsource ID.
\SAML2\XML\saml\NameID$nameIdThe NameID of the user.
string | null$sessionIndexThe SessionIndex of the user.

Definition at line 189 of file LogoutStore.php.

References $expire, $nameId, $session, $sessionIndex, $store, SAML2\XML\saml\NameIDType\fromArray(), SimpleSAML\Utils\Random\generateID(), SimpleSAML\Store\getInstance(), SimpleSAML_Session\getSession(), SimpleSAML_Session\getSessionFromRequest(), and SimpleSAML\Logger\info().

190  {
191  assert(is_string($authId));
192  assert(is_string($sessionIndex) || $sessionIndex === null);
193  assert(is_int($expire));
194 
195  if ($sessionIndex === null) {
196  /* This IdP apparently did not include a SessionIndex, and thus probably does not
197  * support SLO. We still want to add the session to the data store just in case
198  * it supports SLO, but we don't want an LogoutRequest with a specific
199  * SessionIndex to match this session. We therefore generate our own session index.
200  */
201  $sessionIndex = SimpleSAML\Utils\Random::generateID();
202  }
203 
204  $store = \SimpleSAML\Store::getInstance();
205  if ($store === false) {
206  // We don't have a datastore.
207  return;
208  }
209 
210  // serialize and anonymize the NameID
211  // TODO: remove this conditional statement
212  if (is_array($nameId)) {
213  $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);
214  }
215  $strNameId = serialize($nameId);
216  $strNameId = sha1($strNameId);
217 
218  /* Normalize SessionIndex. */
219  if (strlen($sessionIndex) > 50) {
220  $sessionIndex = sha1($sessionIndex);
221  }
222 
223  $session = SimpleSAML_Session::getSessionFromRequest();
224  $sessionId = $session->getSessionId();
225 
226  if ($store instanceof \SimpleSAML\Store\SQL) {
227  self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId);
228  } else {
229  $store->set('saml.LogoutStore', $strNameId . ':' . $sessionIndex, $sessionId, $expire);
230  }
231  }
$expire
$expire
Definition: saml2-acs.php:140
SimpleSAML\Utils\Random\generateID
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26
$session
$session
Definition: proxy_ylocal.php:32
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11
$nameId
$nameId
Definition: saml2-acs.php:138
SimpleSAML
Attribute-related utility methods.
SimpleSAML\Store\getInstance
static getInstance()
Retrieve our singleton instance.
Definition: Store.php:31
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:241
SAML2\XML\saml\NameIDType\fromArray
static fromArray(array $nameId)
Create a object from an array with its contents.
Definition: NameIDType.php:87
+ Here is the call graph for this function:

◆ addSessionSQL()

static sspmod_saml_SP_LogoutStore::addSessionSQL ( \SimpleSAML\Store\SQL  $store,
  $authId,
  $nameId,
  $sessionIndex,
  $expire,
  $sessionId 
)
staticprivate

Register a session in the SQL datastore.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.
string$authIdThe authsource ID.
string$nameIdThe hash of the users NameID.
string$sessionIndexThe SessionIndex of the user.

Definition at line 87 of file LogoutStore.php.

References $data, $expire, $nameId, and $sessionIndex.

88  {
89  assert(is_string($authId));
90  assert(is_string($nameId));
91  assert(is_string($sessionIndex));
92  assert(is_string($sessionId));
93  assert(is_int($expire));
94 
95  self::createLogoutTable($store);
96 
97  if (rand(0, 1000) < 10) {
98  self::cleanLogoutStore($store);
99  }
100 
101  $data = array(
102  '_authSource' => $authId,
103  '_nameId' => $nameId,
104  '_sessionIndex' => $sessionIndex,
105  '_expire' => gmdate('Y-m-d H:i:s', $expire),
106  '_sessionId' => $sessionId,
107  );
108  $store->insertOrUpdate($store->prefix . '_saml_LogoutStore', array('_authSource', '_nameId', '_sessionIndex'), $data);
109  }
$expire
$expire
Definition: saml2-acs.php:140
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11
$nameId
$nameId
Definition: saml2-acs.php:138
$data
$data
Definition: bench.php:6

◆ cleanLogoutStore()

static sspmod_saml_SP_LogoutStore::cleanLogoutStore ( \SimpleSAML\Store\SQL  $store)
staticprivate

Clean the logout table of expired entries.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.

Definition at line 67 of file LogoutStore.php.

References PHPMailer\PHPMailer\$params, $query, and SimpleSAML\Logger\debug().

68  {
69  SimpleSAML\Logger::debug('saml.LogoutStore: Cleaning logout store.');
70 
71  $query = 'DELETE FROM ' . $store->prefix . '_saml_LogoutStore WHERE _expire < :now';
72  $params = array('now' => gmdate('Y-m-d H:i:s'));
73 
74  $query = $store->pdo->prepare($query);
75  $query->execute($params);
76  }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11
$query
$query
Definition: proxy_ylocal.php:13
+ Here is the call graph for this function:

◆ createLogoutTable()

static sspmod_saml_SP_LogoutStore::createLogoutTable ( \SimpleSAML\Store\SQL  $store)
staticprivate

Create logout table in SQL, if it is missing.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.

Definition at line 15 of file LogoutStore.php.

References $query, and SimpleSAML\Logger\warning().

16  {
17  $tableVer = $store->getTableVersion('saml_LogoutStore');
18  if ($tableVer === 2) {
19  return;
20  } elseif ($tableVer === 1) {
21  /* TableVersion 2 increased the column size to 255 which is the maximum length of a FQDN. */
22  switch ($store->driver) {
23  case 'pgsql':
24  // This does not affect the NOT NULL constraint
25  $query = 'ALTER TABLE ' . $store->prefix . '_saml_LogoutStore ALTER COLUMN _authSource TYPE VARCHAR(255)';
26  break;
27  default:
28  $query = 'ALTER TABLE ' . $store->prefix . '_saml_LogoutStore MODIFY _authSource VARCHAR(255) NOT NULL';
29  break;
30  }
31 
32  try {
33  $store->pdo->exec($query);
34  } catch (Exception $e) {
35  SimpleSAML\Logger::warning($store->pdo->errorInfo());
36  return;
37  }
38  $store->setTableVersion('saml_LogoutStore', 2);
39  return;
40  }
41 
42  $query = 'CREATE TABLE ' . $store->prefix . '_saml_LogoutStore (
43  _authSource VARCHAR(255) NOT NULL,
44  _nameId VARCHAR(40) NOT NULL,
45  _sessionIndex VARCHAR(50) NOT NULL,
46  _expire TIMESTAMP NOT NULL,
47  _sessionId VARCHAR(50) NOT NULL,
48  UNIQUE (_authSource, _nameID, _sessionIndex)
49  )';
50  $store->pdo->exec($query);
51 
52  $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_expire ON ' . $store->prefix . '_saml_LogoutStore (_expire)';
53  $store->pdo->exec($query);
54 
55  $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_nameId ON ' . $store->prefix . '_saml_LogoutStore (_authSource, _nameId)';
56  $store->pdo->exec($query);
57 
58  $store->setTableVersion('saml_LogoutStore', 2);
59  }
$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177
$query
$query
Definition: proxy_ylocal.php:13
+ Here is the call graph for this function:

◆ getSessionsSQL()

static sspmod_saml_SP_LogoutStore::getSessionsSQL ( \SimpleSAML\Store\SQL  $store,
  $authId,
  $nameId 
)
staticprivate

Retrieve sessions from the SQL datastore.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.
string$authIdThe authsource ID.
string$nameIdThe hash of the users NameID.
Returns
array Associative array of SessionIndex => SessionId.

Definition at line 120 of file LogoutStore.php.

References $nameId, PHPMailer\PHPMailer\$params, $query, $res, and $row.

121  {
122  assert(is_string($authId));
123  assert(is_string($nameId));
124 
125  self::createLogoutTable($store);
126 
127  $params = array(
128  '_authSource' => $authId,
129  '_nameId' => $nameId,
130  'now' => gmdate('Y-m-d H:i:s'),
131  );
132 
133  // We request the columns in lowercase in order to be compatible with PostgreSQL
134  $query = 'SELECT _sessionIndex AS _sessionindex, _sessionId AS _sessionid FROM ' . $store->prefix . '_saml_LogoutStore' .
135  ' WHERE _authSource = :_authSource AND _nameId = :_nameId AND _expire >= :now';
136  $query = $store->pdo->prepare($query);
137  $query->execute($params);
138 
139  $res = array();
140  while ( ($row = $query->fetch(PDO::FETCH_ASSOC)) !== false) {
141  $res[$row['_sessionindex']] = $row['_sessionid'];
142  }
143 
144  return $res;
145  }
$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11
$nameId
$nameId
Definition: saml2-acs.php:138
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$row
$row
Definition: migrateto20.php:360

◆ getSessionsStore()

static sspmod_saml_SP_LogoutStore::getSessionsStore ( \SimpleSAML\Store  $store,
  $authId,
  $nameId,
array  $sessionIndexes 
)
staticprivate

Retrieve all session IDs from a key-value store.

Parameters
\SimpleSAML\Store$storeThe datastore.
string$authIdThe authsource ID.
string$nameIdThe hash of the users NameID.
array$sessionIndexesThe session indexes.
Returns
array Associative array of SessionIndex => SessionId.

Definition at line 157 of file LogoutStore.php.

References $nameId, $res, and $sessionIndex.

158  {
159  assert(is_string($authId));
160  assert(is_string($nameId));
161 
162  $res = array();
163  foreach ($sessionIndexes as $sessionIndex) {
164  $sessionId = $store->get('saml.LogoutStore', $nameId . ':' . $sessionIndex);
165  if ($sessionId === null) {
166  continue;
167  }
168  assert(is_string($sessionId));
169  $res[$sessionIndex] = $sessionId;
170  }
171 
172  return $res;
173  }
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11
$nameId
$nameId
Definition: saml2-acs.php:138
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
The documentation for this class was generated from the following file: