ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Static Public Member Functions | Static Private Member Functions
sspmod_saml_SP_LogoutStore Class Reference
+ Collaboration diagram for sspmod_saml_SP_LogoutStore:

Static Public Member Functions

static addSession ($authId, $nameId, $sessionIndex, $expire)
 Register a new session in the datastore. More...
 

Static Private Member Functions

static createLogoutTable (\SimpleSAML\Store\SQL $store)
 Create logout table in SQL, if it is missing. More...
 
static cleanLogoutStore (\SimpleSAML\Store\SQL $store)
 Clean the logout table of expired entries. More...
 
static addSessionSQL (\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId)
 Register a session in the SQL datastore. More...
 
static getSessionsSQL (\SimpleSAML\Store\SQL $store, $authId, $nameId)
 Retrieve sessions from the SQL datastore. More...
 
static getSessionsStore (\SimpleSAML\Store $store, $authId, $nameId, array $sessionIndexes)
 Retrieve all session IDs from a key-value store. More...
 

Detailed Description

Definition at line 8 of file LogoutStore.php.

Member Function Documentation

◆ addSession()

static sspmod_saml_SP_LogoutStore::addSession (   $authId,
  $nameId,
  $sessionIndex,
  $expire 
)
static

Register a new session in the datastore.

Please observe the change of the signature in this method. Previously, the second parameter ($nameId) was forced to be an array. However, it has no type restriction now, and the documentation states it must be a \SAML2\XML\saml\NameID object. Currently, this function still accepts an array passed as $nameId, and will silently convert it to a \SAML2\XML\saml\NameID object. This is done to keep backwards-compatibility, though will no longer be possible in the future as the $nameId parameter will be required to be an object.

Parameters
string$authIdThe authsource ID.
\SAML2\XML\saml\NameID$nameIdThe NameID of the user.
string | null$sessionIndexThe SessionIndex of the user.

Definition at line 189 of file LogoutStore.php.

190 {
191 assert(is_string($authId));
192 assert(is_string($sessionIndex) || $sessionIndex === null);
193 assert(is_int($expire));
194
195 if ($sessionIndex === null) {
196 /* This IdP apparently did not include a SessionIndex, and thus probably does not
197 * support SLO. We still want to add the session to the data store just in case
198 * it supports SLO, but we don't want an LogoutRequest with a specific
199 * SessionIndex to match this session. We therefore generate our own session index.
200 */
201 $sessionIndex = SimpleSAML\Utils\Random::generateID();
202 }
203
204 $store = \SimpleSAML\Store::getInstance();
205 if ($store === false) {
206 // We don't have a datastore.
207 return;
208 }
209
210 // serialize and anonymize the NameID
211 // TODO: remove this conditional statement
212 if (is_array($nameId)) {
213 $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);
214 }
215 $strNameId = serialize($nameId);
216 $strNameId = sha1($strNameId);
217
218 /* Normalize SessionIndex. */
219 if (strlen($sessionIndex) > 50) {
220 $sessionIndex = sha1($sessionIndex);
221 }
222
223 $session = SimpleSAML_Session::getSessionFromRequest();
224 $sessionId = $session->getSessionId();
225
226 if ($store instanceof \SimpleSAML\Store\SQL) {
227 self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId);
228 } else {
229 $store->set('saml.LogoutStore', $strNameId . ':' . $sessionIndex, $sessionId, $expire);
230 }
231 }
SAML2\XML\saml\NameIDType\fromArray
static fromArray(array $nameId)
Create a \SAML2\XML\saml\NameID object from an array with its contents.
Definition: NameIDType.php:87
SimpleSAML\Store\getInstance
static getInstance()
Retrieve our singleton instance.
Definition: Store.php:31
SimpleSAML\Utils\Random\generateID
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26
SimpleSAML_Session\getSessionFromRequest
static getSessionFromRequest()
Retrieves the current session.
Definition: Session.php:241
sspmod_saml_SP_LogoutStore\addSessionSQL
static addSessionSQL(\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId)
Register a session in the SQL datastore.
Definition: LogoutStore.php:87
$store
if(! $oauthconfig->getBoolean('getUserInfo.enable', FALSE)) $store
Definition: getUserInfo.php:11
$nameId
$nameId
Definition: saml2-acs.php:138
$expire
$expire
Definition: saml2-acs.php:140
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139
SimpleSAML
Attribute-related utility methods.
$session
$session
Definition: proxy_ylocal.php:32

References $expire, $nameId, $session, $sessionIndex, $store, addSessionSQL(), SAML2\XML\saml\NameIDType\fromArray(), SimpleSAML\Utils\Random\generateID(), SimpleSAML\Store\getInstance(), and SimpleSAML_Session\getSessionFromRequest().

+ Here is the call graph for this function:

◆ addSessionSQL()

static sspmod_saml_SP_LogoutStore::addSessionSQL ( \SimpleSAML\Store\SQL  $store,
  $authId,
  $nameId,
  $sessionIndex,
  $expire,
  $sessionId 
)
staticprivate

Register a session in the SQL datastore.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.
string$authIdThe authsource ID.
string$nameIdThe hash of the users NameID.
string$sessionIndexThe SessionIndex of the user.

Definition at line 87 of file LogoutStore.php.

88 {
89 assert(is_string($authId));
90 assert(is_string($nameId));
91 assert(is_string($sessionIndex));
92 assert(is_string($sessionId));
93 assert(is_int($expire));
94
95 self::createLogoutTable($store);
96
97 if (rand(0, 1000) < 10) {
98 self::cleanLogoutStore($store);
99 }
100
101 $data = array(
102 '_authSource' => $authId,
103 '_nameId' => $nameId,
104 '_sessionIndex' => $sessionIndex,
105 '_expire' => gmdate('Y-m-d H:i:s', $expire),
106 '_sessionId' => $sessionId,
107 );
108 $store->insertOrUpdate($store->prefix . '_saml_LogoutStore', array('_authSource', '_nameId', '_sessionIndex'), $data);
109 }
sspmod_saml_SP_LogoutStore\cleanLogoutStore
static cleanLogoutStore(\SimpleSAML\Store\SQL $store)
Clean the logout table of expired entries.
Definition: LogoutStore.php:67
sspmod_saml_SP_LogoutStore\createLogoutTable
static createLogoutTable(\SimpleSAML\Store\SQL $store)
Create logout table in SQL, if it is missing.
Definition: LogoutStore.php:15
$data
$data
Definition: bench.php:6

References $data, $expire, $nameId, $sessionIndex, $store, cleanLogoutStore(), and createLogoutTable().

Referenced by addSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ cleanLogoutStore()

static sspmod_saml_SP_LogoutStore::cleanLogoutStore ( \SimpleSAML\Store\SQL  $store)
staticprivate

Clean the logout table of expired entries.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.

Definition at line 67 of file LogoutStore.php.

68 {
69 SimpleSAML\Logger::debug('saml.LogoutStore: Cleaning logout store.');
70
71 $query = 'DELETE FROM ' . $store->prefix . '_saml_LogoutStore WHERE _expire < :now';
72 $params = array('now' => gmdate('Y-m-d H:i:s'));
73
74 $query = $store->pdo->prepare($query);
75 $query->execute($params);
76 }
SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:211
$query
$query
Definition: proxy_ylocal.php:13

References PHPMailer\PHPMailer\$params, $query, $store, and SimpleSAML\Logger\debug().

Referenced by addSessionSQL().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ createLogoutTable()

static sspmod_saml_SP_LogoutStore::createLogoutTable ( \SimpleSAML\Store\SQL  $store)
staticprivate

Create logout table in SQL, if it is missing.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.

Definition at line 15 of file LogoutStore.php.

16 {
17 $tableVer = $store->getTableVersion('saml_LogoutStore');
18 if ($tableVer === 2) {
19 return;
20 } elseif ($tableVer === 1) {
21 /* TableVersion 2 increased the column size to 255 which is the maximum length of a FQDN. */
22 switch ($store->driver) {
23 case 'pgsql':
24 // This does not affect the NOT NULL constraint
25 $query = 'ALTER TABLE ' . $store->prefix . '_saml_LogoutStore ALTER COLUMN _authSource TYPE VARCHAR(255)';
26 break;
27 default:
28 $query = 'ALTER TABLE ' . $store->prefix . '_saml_LogoutStore MODIFY _authSource VARCHAR(255) NOT NULL';
29 break;
30 }
31
32 try {
33 $store->pdo->exec($query);
34 } catch (Exception $e) {
35 SimpleSAML\Logger::warning($store->pdo->errorInfo());
36 return;
37 }
38 $store->setTableVersion('saml_LogoutStore', 2);
39 return;
40 }
41
42 $query = 'CREATE TABLE ' . $store->prefix . '_saml_LogoutStore (
43 _authSource VARCHAR(255) NOT NULL,
44 _nameId VARCHAR(40) NOT NULL,
45 _sessionIndex VARCHAR(50) NOT NULL,
46 _expire TIMESTAMP NOT NULL,
47 _sessionId VARCHAR(50) NOT NULL,
48 UNIQUE (_authSource, _nameID, _sessionIndex)
49 )';
50 $store->pdo->exec($query);
51
52 $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_expire ON ' . $store->prefix . '_saml_LogoutStore (_expire)';
53 $store->pdo->exec($query);
54
55 $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_nameId ON ' . $store->prefix . '_saml_LogoutStore (_authSource, _nameId)';
56 $store->pdo->exec($query);
57
58 $store->setTableVersion('saml_LogoutStore', 2);
59 }
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177

References $query, $store, and SimpleSAML\Logger\warning().

Referenced by addSessionSQL(), and getSessionsSQL().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSessionsSQL()

static sspmod_saml_SP_LogoutStore::getSessionsSQL ( \SimpleSAML\Store\SQL  $store,
  $authId,
  $nameId 
)
staticprivate

Retrieve sessions from the SQL datastore.

Parameters
\SimpleSAML\Store\SQL$storeThe datastore.
string$authIdThe authsource ID.
string$nameIdThe hash of the users NameID.
Returns
array Associative array of SessionIndex => SessionId.

Definition at line 120 of file LogoutStore.php.

121 {
122 assert(is_string($authId));
123 assert(is_string($nameId));
124
125 self::createLogoutTable($store);
126
127 $params = array(
128 '_authSource' => $authId,
129 '_nameId' => $nameId,
130 'now' => gmdate('Y-m-d H:i:s'),
131 );
132
133 // We request the columns in lowercase in order to be compatible with PostgreSQL
134 $query = 'SELECT _sessionIndex AS _sessionindex, _sessionId AS _sessionid FROM ' . $store->prefix . '_saml_LogoutStore' .
135 ' WHERE _authSource = :_authSource AND _nameId = :_nameId AND _expire >= :now';
136 $query = $store->pdo->prepare($query);
137 $query->execute($params);
138
139 $res = array();
140 while ( ($row = $query->fetch(PDO::FETCH_ASSOC)) !== false) {
141 $res[$row['_sessionindex']] = $row['_sessionid'];
142 }
143
144 return $res;
145 }
$row
$row
Definition: migrateto20.php:360
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

References $nameId, PHPMailer\PHPMailer\$params, $query, $res, $row, $store, and createLogoutTable().

+ Here is the call graph for this function:

◆ getSessionsStore()

static sspmod_saml_SP_LogoutStore::getSessionsStore ( \SimpleSAML\Store  $store,
  $authId,
  $nameId,
array  $sessionIndexes 
)
staticprivate

Retrieve all session IDs from a key-value store.

Parameters
\SimpleSAML\Store$storeThe datastore.
string$authIdThe authsource ID.
string$nameIdThe hash of the users NameID.
array$sessionIndexesThe session indexes.
Returns
array Associative array of SessionIndex => SessionId.

Definition at line 157 of file LogoutStore.php.

158 {
159 assert(is_string($authId));
160 assert(is_string($nameId));
161
162 $res = array();
163 foreach ($sessionIndexes as $sessionIndex) {
164 $sessionId = $store->get('saml.LogoutStore', $nameId . ':' . $sessionIndex);
165 if ($sessionId === null) {
166 continue;
167 }
168 assert(is_string($sessionId));
169 $res[$sessionIndex] = $sessionId;
170 }
171
172 return $res;
173 }

References $nameId, $res, $sessionIndex, and $store.

The documentation for this class was generated from the following file: