PageRenderTime 13ms CodeModel.GetById 15ms RepoModel.GetById 1ms app.codeStats 0ms

/modules/Auth/OpenID/SQLStore.php

https://gitlab.com/x33n/ampache
PHP | 557 lines | 353 code | 68 blank | 136 comment | 57 complexity | 647c48b054dda7f45bb4bb17d1d49418 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * SQL-backed OpenID stores.
    5. 

  5.  *
    6. 

  6.  * PHP versions 4 and 5
    7. 

  7.  *
    8. 

  8.  * LICENSE: See the COPYING file included in this distribution.
    9. 

  9.  *
    10. 

  10.  * @package OpenID
    11. 

  11.  * @author JanRain, Inc. <openid@janrain.com>
    12. 

  12.  * @copyright 2005-2008 Janrain, Inc.
    13. 

  13.  * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
    14. 

  14.  */
    15. 

  15. 

  16. /**
    17. 

  17.  * @access private
    18. 

  18.  */
    19. 

  19. require_once 'Auth/OpenID/Interface.php';
    20. 

  20. require_once 'Auth/OpenID/Nonce.php';
    21. 

  21. 

  22. /**
    23. 

  23.  * @access private
    24. 

  24.  */
    25. 

  25. require_once 'Auth/OpenID.php';
    26. 

  26. 

  27. /**
    28. 

  28.  * @access private
    29. 

  29.  */
    30. 

  30. require_once 'Auth/OpenID/Nonce.php';
    31. 

  31. 

  32. /**
    33. 

  33.  * This is the parent class for the SQL stores, which contains the
    34. 

  34.  * logic common to all of the SQL stores.
    35. 

  35.  *
    36. 

  36.  * The table names used are determined by the class variables
    37. 

  37.  * associations_table_name and nonces_table_name.  To change the name
    38. 

  38.  * of the tables used, pass new table names into the constructor.
    39. 

  39.  *
    40. 

  40.  * To create the tables with the proper schema, see the createTables
    41. 

  41.  * method.
    42. 

  42.  *
    43. 

  43.  * This class shouldn't be used directly.  Use one of its subclasses
    44. 

  44.  * instead, as those contain the code necessary to use a specific
    45. 

  45.  * database.  If you're an OpenID integrator and you'd like to create
    46. 

  46.  * an SQL-driven store that wraps an application's database
    47. 

  47.  * abstraction, be sure to create a subclass of
    48. 

  48.  * {@link Auth_OpenID_DatabaseConnection} that calls the application's
    49. 

  49.  * database abstraction calls.  Then, pass an instance of your new
    50. 

  50.  * database connection class to your SQLStore subclass constructor.
    51. 

  51.  *
    52. 

  52.  * All methods other than the constructor and createTables should be
    53. 

  53.  * considered implementation details.
    54. 

  54.  *
    55. 

  55.  * @package OpenID
    56. 

  56.  */
    57. 

  57. class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
    58. 

  58. 

  59.     /**
    60. 

  60.      * This creates a new SQLStore instance.  It requires an
    61. 

  61.      * established database connection be given to it, and it allows
    62. 

  62.      * overriding the default table names.
    63. 

  63.      *
    64. 

  64.      * @param connection $connection This must be an established
    65. 

  65.      * connection to a database of the correct type for the SQLStore
    66. 

  66.      * subclass you're using.  This must either be an PEAR DB
    67. 

  67.      * connection handle or an instance of a subclass of
    68. 

  68.      * Auth_OpenID_DatabaseConnection.
    69. 

  69.      *
    70. 

  70.      * @param associations_table: This is an optional parameter to
    71. 

  71.      * specify the name of the table used for storing associations.
    72. 

  72.      * The default value is 'oid_associations'.
    73. 

  73.      *
    74. 

  74.      * @param nonces_table: This is an optional parameter to specify
    75. 

  75.      * the name of the table used for storing nonces.  The default
    76. 

  76.      * value is 'oid_nonces'.
    77. 

  77.      */
    78. 

  78.     function Auth_OpenID_SQLStore($connection,
    79. 

  79.                                   $associations_table = null,
    80. 

  80.                                   $nonces_table = null)
    81. 

  81.     {
    82. 

  82.         $this->associations_table_name = "oid_associations";
    83. 

  83.         $this->nonces_table_name = "oid_nonces";
    84. 

  84. 

  85.         // Check the connection object type to be sure it's a PEAR
    86. 

  86.         // database connection.
    87. 

  87.         if (!(is_object($connection) &&
    88. 

  88.               (is_subclass_of($connection, 'db_common') ||
    89. 

  89.                is_subclass_of($connection,
    90. 

  90.                               'auth_openid_databaseconnection')))) {
    91. 

  91.             trigger_error("Auth_OpenID_SQLStore expected PEAR connection " .
    92. 

  92.                           "object (got ".get_class($connection).")",
    93. 

  93.                           E_USER_ERROR);
    94. 

  94.             return;
    95. 

  95.         }
    96. 

  96. 

  97.         $this->connection = $connection;
    98. 

  98. 

  99.         // Be sure to set the fetch mode so the results are keyed on
    100. 

  100.         // column name instead of column index.  This is a PEAR
    101. 

  101.         // constant, so only try to use it if PEAR is present.  Note
    102. 

  102.         // that Auth_Openid_Databaseconnection instances need not
    103. 

  103.         // implement ::setFetchMode for this reason.
    104. 

  104.         if (is_subclass_of($this->connection, 'db_common')) {
    105. 

  105.             $this->connection->setFetchMode(DB_FETCHMODE_ASSOC);
    106. 

  106.         }
    107. 

  107. 

  108.         if ($associations_table) {
    109. 

  109.             $this->associations_table_name = $associations_table;
    110. 

  110.         }
    111. 

  111. 

  112.         if ($nonces_table) {
    113. 

  113.             $this->nonces_table_name = $nonces_table;
    114. 

  114.         }
    115. 

  115. 

  116.         $this->max_nonce_age = 6 * 60 * 60;
    117. 

  117. 

  118.         // Be sure to run the database queries with auto-commit mode
    119. 

  119.         // turned OFF, because we want every function to run in a
    120. 

  120.         // transaction, implicitly.  As a rule, methods named with a
    121. 

  121.         // leading underscore will NOT control transaction behavior.
    122. 

  122.         // Callers of these methods will worry about transactions.
    123. 

  123.         $this->connection->autoCommit(false);
    124. 

  124. 

  125.         // Create an empty SQL strings array.
    126. 

  126.         $this->sql = array();
    127. 

  127. 

  128.         // Call this method (which should be overridden by subclasses)
    129. 

  129.         // to populate the $this->sql array with SQL strings.
    130. 

  130.         $this->setSQL();
    131. 

  131. 

  132.         // Verify that all required SQL statements have been set, and
    133. 

  133.         // raise an error if any expected SQL strings were either
    134. 

  134.         // absent or empty.
    135. 

  135.         list($missing, $empty) = $this->_verifySQL();
    136. 

  136. 

  137.         if ($missing) {
    138. 

  138.             trigger_error("Expected keys in SQL query list: " .
    139. 

  139.                           implode(", ", $missing),
    140. 

  140.                           E_USER_ERROR);
    141. 

  141.             return;
    142. 

  142.         }
    143. 

  143. 

  144.         if ($empty) {
    145. 

  145.             trigger_error("SQL list keys have no SQL strings: " .
    146. 

  146.                           implode(", ", $empty),
    147. 

  147.                           E_USER_ERROR);
    148. 

  148.             return;
    149. 

  149.         }
    150. 

  150. 

  151.         // Add table names to queries.
    152. 

  152.         $this->_fixSQL();
    153. 

  153.     }
    154. 

  154. 

  155.     function tableExists($table_name)
    156. 

  156.     {
    157. 

  157.         return !$this->isError(
    158. 

  158.                       $this->connection->query(
    159. 

  159.                           sprintf("SELECT * FROM %s LIMIT 0",
    160. 

  160.                                   $table_name)));
    161. 

  161.     }
    162. 

  162. 

  163.     /**
    164. 

  164.      * Returns true if $value constitutes a database error; returns
    165. 

  165.      * false otherwise.
    166. 

  166.      */
    167. 

  167.     function isError($value)
    168. 

  168.     {
    169. 

  169.         return @PEAR::isError($value);
    170. 

  170.     }
    171. 

  171. 

  172.     /**
    173. 

  173.      * Converts a query result to a boolean.  If the result is a
    174. 

  174.      * database error according to $this->isError(), this returns
    175. 

  175.      * false; otherwise, this returns true.
    176. 

  176.      */
    177. 

  177.     function resultToBool($obj)
    178. 

  178.     {
    179. 

  179.         if ($this->isError($obj)) {
    180. 

  180.             return false;
    181. 

  181.         } else {
    182. 

  182.             return true;
    183. 

  183.         }
    184. 

  184.     }
    185. 

  185. 

  186.     /**
    187. 

  187.      * This method should be overridden by subclasses.  This method is
    188. 

  188.      * called by the constructor to set values in $this->sql, which is
    189. 

  189.      * an array keyed on sql name.
    190. 

  190.      */
    191. 

  191.     function setSQL()
    192. 

  192.     {
    193. 

  193.     }
    194. 

  194. 

  195.     /**
    196. 

  196.      * Resets the store by removing all records from the store's
    197. 

  197.      * tables.
    198. 

  198.      */
    199. 

  199.     function reset()
    200. 

  200.     {
    201. 

  201.         $this->connection->query(sprintf("DELETE FROM %s",
    202. 

  202.                                          $this->associations_table_name));
    203. 

  203. 

  204.         $this->connection->query(sprintf("DELETE FROM %s",
    205. 

  205.                                          $this->nonces_table_name));
    206. 

  206.     }
    207. 

  207. 

  208.     /**
    209. 

  209.      * @access private
    210. 

  210.      */
    211. 

  211.     function _verifySQL()
    212. 

  212.     {
    213. 

  213.         $missing = array();
    214. 

  214.         $empty = array();
    215. 

  215. 

  216.         $required_sql_keys = array(
    217. 

  217.                                    'nonce_table',
    218. 

  218.                                    'assoc_table',
    219. 

  219.                                    'set_assoc',
    220. 

  220.                                    'get_assoc',
    221. 

  221.                                    'get_assocs',
    222. 

  222.                                    'remove_assoc'
    223. 

  223.                                    );
    224. 

  224. 

  225.         foreach ($required_sql_keys as $key) {
    226. 

  226.             if (!array_key_exists($key, $this->sql)) {
    227. 

  227.                 $missing[] = $key;
    228. 

  228.             } else if (!$this->sql[$key]) {
    229. 

  229.                 $empty[] = $key;
    230. 

  230.             }
    231. 

  231.         }
    232. 

  232. 

  233.         return array($missing, $empty);
    234. 

  234.     }
    235. 

  235. 

  236.     /**
    237. 

  237.      * @access private
    238. 

  238.      */
    239. 

  239.     function _fixSQL()
    240. 

  240.     {
    241. 

  241.         $replacements = array(
    242. 

  242.                               array(
    243. 

  243.                                     'value' => $this->nonces_table_name,
    244. 

  244.                                     'keys' => array('nonce_table',
    245. 

  245.                                                     'add_nonce',
    246. 

  246.                                                     'clean_nonce')
    247. 

  247.                                     ),
    248. 

  248.                               array(
    249. 

  249.                                     'value' => $this->associations_table_name,
    250. 

  250.                                     'keys' => array('assoc_table',
    251. 

  251.                                                     'set_assoc',
    252. 

  252.                                                     'get_assoc',
    253. 

  253.                                                     'get_assocs',
    254. 

  254.                                                     'remove_assoc',
    255. 

  255.                                                     'clean_assoc')
    256. 

  256.                                     )
    257. 

  257.                               );
    258. 

  258. 

  259.         foreach ($replacements as $item) {
    260. 

  260.             $value = $item['value'];
    261. 

  261.             $keys = $item['keys'];
    262. 

  262. 

  263.             foreach ($keys as $k) {
    264. 

  264.                 if (is_array($this->sql[$k])) {
    265. 

  265.                     foreach ($this->sql[$k] as $part_key => $part_value) {
    266. 

  266.                         $this->sql[$k][$part_key] = sprintf($part_value,
    267. 

  267.                                                             $value);
    268. 

  268.                     }
    269. 

  269.                 } else {
    270. 

  270.                     $this->sql[$k] = sprintf($this->sql[$k], $value);
    271. 

  271.                 }
    272. 

  272.             }
    273. 

  273.         }
    274. 

  274.     }
    275. 

  275. 

  276.     function blobDecode($blob)
    277. 

  277.     {
    278. 

  278.         return $blob;
    279. 

  279.     }
    280. 

  280. 

  281.     function blobEncode($str)
    282. 

  282.     {
    283. 

  283.         return $str;
    284. 

  284.     }
    285. 

  285. 

  286.     function createTables()
    287. 

  287.     {
    288. 

  288.         $this->connection->autoCommit(true);
    289. 

  289.         $n = $this->create_nonce_table();
    290. 

  290.         $a = $this->create_assoc_table();
    291. 

  291.         $this->connection->autoCommit(false);
    292. 

  292. 

  293.         if ($n && $a) {
    294. 

  294.             return true;
    295. 

  295.         } else {
    296. 

  296.             return false;
    297. 

  297.         }
    298. 

  298.     }
    299. 

  299. 

  300.     function create_nonce_table()
    301. 

  301.     {
    302. 

  302.         if (!$this->tableExists($this->nonces_table_name)) {
    303. 

  303.             $r = $this->connection->query($this->sql['nonce_table']);
    304. 

  304.             return $this->resultToBool($r);
    305. 

  305.         }
    306. 

  306.         return true;
    307. 

  307.     }
    308. 

  308. 

  309.     function create_assoc_table()
    310. 

  310.     {
    311. 

  311.         if (!$this->tableExists($this->associations_table_name)) {
    312. 

  312.             $r = $this->connection->query($this->sql['assoc_table']);
    313. 

  313.             return $this->resultToBool($r);
    314. 

  314.         }
    315. 

  315.         return true;
    316. 

  316.     }
    317. 

  317. 

  318.     /**
    319. 

  319.      * @access private
    320. 

  320.      */
    321. 

  321.     function _set_assoc($server_url, $handle, $secret, $issued,
    322. 

  322.                         $lifetime, $assoc_type)
    323. 

  323.     {
    324. 

  324.         return $this->connection->query($this->sql['set_assoc'],
    325. 

  325.                                         array(
    326. 

  326.                                               $server_url,
    327. 

  327.                                               $handle,
    328. 

  328.                                               $secret,
    329. 

  329.                                               $issued,
    330. 

  330.                                               $lifetime,
    331. 

  331.                                               $assoc_type));
    332. 

  332.     }
    333. 

  333. 

  334.     function storeAssociation($server_url, $association)
    335. 

  335.     {
    336. 

  336.         if ($this->resultToBool($this->_set_assoc(
    337. 

  337.                                             $server_url,
    338. 

  338.                                             $association->handle,
    339. 

  339.                                             $this->blobEncode(
    340. 

  340.                                                   $association->secret),
    341. 

  341.                                             $association->issued,
    342. 

  342.                                             $association->lifetime,
    343. 

  343.                                             $association->assoc_type
    344. 

  344.                                             ))) {
    345. 

  345.             $this->connection->commit();
    346. 

  346.         } else {
    347. 

  347.             $this->connection->rollback();
    348. 

  348.         }
    349. 

  349.     }
    350. 

  350. 

  351.     /**
    352. 

  352.      * @access private
    353. 

  353.      */
    354. 

  354.     function _get_assoc($server_url, $handle)
    355. 

  355.     {
    356. 

  356.         $result = $this->connection->getRow($this->sql['get_assoc'],
    357. 

  357.                                             array($server_url, $handle));
    358. 

  358.         if ($this->isError($result)) {
    359. 

  359.             return null;
    360. 

  360.         } else {
    361. 

  361.             return $result;
    362. 

  362.         }
    363. 

  363.     }
    364. 

  364. 

  365.     /**
    366. 

  366.      * @access private
    367. 

  367.      */
    368. 

  368.     function _get_assocs($server_url)
    369. 

  369.     {
    370. 

  370.         $result = $this->connection->getAll($this->sql['get_assocs'],
    371. 

  371.                                             array($server_url));
    372. 

  372. 

  373.         if ($this->isError($result)) {
    374. 

  374.             return array();
    375. 

  375.         } else {
    376. 

  376.             return $result;
    377. 

  377.         }
    378. 

  378.     }
    379. 

  379. 

  380.     function removeAssociation($server_url, $handle)
    381. 

  381.     {
    382. 

  382.         if ($this->_get_assoc($server_url, $handle) == null) {
    383. 

  383.             return false;
    384. 

  384.         }
    385. 

  385. 

  386.         if ($this->resultToBool($this->connection->query(
    387. 

  387.                               $this->sql['remove_assoc'],
    388. 

  388.                               array($server_url, $handle)))) {
    389. 

  389.             $this->connection->commit();
    390. 

  390.         } else {
    391. 

  391.             $this->connection->rollback();
    392. 

  392.         }
    393. 

  393. 

  394.         return true;
    395. 

  395.     }
    396. 

  396. 

  397.     function getAssociation($server_url, $handle = null)
    398. 

  398.     {
    399. 

  399.         if ($handle !== null) {
    400. 

  400.             $assoc = $this->_get_assoc($server_url, $handle);
    401. 

  401. 

  402.             $assocs = array();
    403. 

  403.             if ($assoc) {
    404. 

  404.                 $assocs[] = $assoc;
    405. 

  405.             }
    406. 

  406.         } else {
    407. 

  407.             $assocs = $this->_get_assocs($server_url);
    408. 

  408.         }
    409. 

  409. 

  410.         if (!$assocs || (count($assocs) == 0)) {
    411. 

  411.             return null;
    412. 

  412.         } else {
    413. 

  413.             $associations = array();
    414. 

  414. 

  415.             foreach ($assocs as $assoc_row) {
    416. 

  416.                 $assoc = new Auth_OpenID_Association($assoc_row['handle'],
    417. 

  417.                                                      $assoc_row['secret'],
    418. 

  418.                                                      $assoc_row['issued'],
    419. 

  419.                                                      $assoc_row['lifetime'],
    420. 

  420.                                                      $assoc_row['assoc_type']);
    421. 

  421. 

  422.                 $assoc->secret = $this->blobDecode($assoc->secret);
    423. 

  423. 

  424.                 if ($assoc->getExpiresIn() == 0) {
    425. 

  425.                     $this->removeAssociation($server_url, $assoc->handle);
    426. 

  426.                 } else {
    427. 

  427.                     $associations[] = array($assoc->issued, $assoc);
    428. 

  428.                 }
    429. 

  429.             }
    430. 

  430. 

  431.             if ($associations) {
    432. 

  432.                 $issued = array();
    433. 

  433.                 $assocs = array();
    434. 

  434.                 foreach ($associations as $key => $assoc) {
    435. 

  435.                     $issued[$key] = $assoc[0];
    436. 

  436.                     $assocs[$key] = $assoc[1];
    437. 

  437.                 }
    438. 

  438. 

  439.                 array_multisort($issued, SORT_DESC, $assocs, SORT_DESC,
    440. 

  440.                                 $associations);
    441. 

  441. 

  442.                 // return the most recently issued one.
    443. 

  443.                 list($issued, $assoc) = $associations[0];
    444. 

  444.                 return $assoc;
    445. 

  445.             } else {
    446. 

  446.                 return null;
    447. 

  447.             }
    448. 

  448.         }
    449. 

  449.     }
    450. 

  450. 

  451.     /**
    452. 

  452.      * @access private
    453. 

  453.      */
    454. 

  454.     function _add_nonce($server_url, $timestamp, $salt)
    455. 

  455.     {
    456. 

  456.         $sql = $this->sql['add_nonce'];
    457. 

  457.         $result = $this->connection->query($sql, array($server_url,
    458. 

  458.                                                        $timestamp,
    459. 

  459.                                                        $salt));
    460. 

  460.         if ($this->isError($result)) {
    461. 

  461.             $this->connection->rollback();
    462. 

  462.         } else {
    463. 

  463.             $this->connection->commit();
    464. 

  464.         }
    465. 

  465.         return $this->resultToBool($result);
    466. 

  466.     }
    467. 

  467. 

  468.     function useNonce($server_url, $timestamp, $salt)
    469. 

  469.     {
    470. 

  470.         global $Auth_OpenID_SKEW;
    471. 

  471. 

  472.         if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
    473. 

  473.             return false;
    474. 

  474.         }
    475. 

  475. 

  476.         return $this->_add_nonce($server_url, $timestamp, $salt);
    477. 

  477.     }
    478. 

  478. 

  479.     /**
    480. 

  480.      * "Octifies" a binary string by returning a string with escaped
    481. 

  481.      * octal bytes.  This is used for preparing binary data for
    482. 

  482.      * PostgreSQL BYTEA fields.
    483. 

  483.      *
    484. 

  484.      * @access private
    485. 

  485.      */
    486. 

  486.     function _octify($str)
    487. 

  487.     {
    488. 

  488.         $result = "";
    489. 

  489.         for ($i = 0; $i < Auth_OpenID::bytes($str); $i++) {
    490. 

  490.             $ch = substr($str, $i, 1);
    491. 

  491.             if ($ch == "\\") {
    492. 

  492.                 $result .= "\\\\\\\\";
    493. 

  493.             } else if (ord($ch) == 0) {
    494. 

  494.                 $result .= "\\\\000";
    495. 

  495.             } else {
    496. 

  496.                 $result .= "\\" . strval(decoct(ord($ch)));
    497. 

  497.             }
    498. 

  498.         }
    499. 

  499.         return $result;
    500. 

  500.     }
    501. 

  501. 

  502.     /**
    503. 

  503.      * "Unoctifies" octal-escaped data from PostgreSQL and returns the
    504. 

  504.      * resulting ASCII (possibly binary) string.
    505. 

  505.      *
    506. 

  506.      * @access private
    507. 

  507.      */
    508. 

  508.     function _unoctify($str)
    509. 

  509.     {
    510. 

  510.         $result = "";
    511. 

  511.         $i = 0;
    512. 

  512.         while ($i < strlen($str)) {
    513. 

  513.             $char = $str[$i];
    514. 

  514.             if ($char == "\\") {
    515. 

  515.                 // Look to see if the next char is a backslash and
    516. 

  516.                 // append it.
    517. 

  517.                 if ($str[$i + 1] != "\\") {
    518. 

  518.                     $octal_digits = substr($str, $i + 1, 3);
    519. 

  519.                     $dec = octdec($octal_digits);
    520. 

  520.                     $char = chr($dec);
    521. 

  521.                     $i += 4;
    522. 

  522.                 } else {
    523. 

  523.                     $char = "\\";
    524. 

  524.                     $i += 2;
    525. 

  525.                 }
    526. 

  526.             } else {
    527. 

  527.                 $i += 1;
    528. 

  528.             }
    529. 

  529. 

  530.             $result .= $char;
    531. 

  531.         }
    532. 

  532. 

  533.         return $result;
    534. 

  534.     }
    535. 

  535. 

  536.     function cleanupNonces()
    537. 

  537.     {
    538. 

  538.         global $Auth_OpenID_SKEW;
    539. 

  539.         $v = time() - $Auth_OpenID_SKEW;
    540. 

  540. 

  541.         $this->connection->query($this->sql['clean_nonce'], array($v));
    542. 

  542.         $num = $this->connection->affectedRows();
    543. 

  543.         $this->connection->commit();
    544. 

  544.         return $num;
    545. 

  545.     }
    546. 

  546. 

  547.     function cleanupAssociations()
    548. 

  548.     {
    549. 

  549.         $this->connection->query($this->sql['clean_assoc'],
    550. 

  550.                                  array(time()));
    551. 

  551.         $num = $this->connection->affectedRows();
    552. 

  552.         $this->connection->commit();
    553. 

  553.         return $num;
    554. 

  554.     }
    555. 

  555. }
    556. 

  556. 

  557. 

  558.