diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Auth/OpenID/Extension.php | 11 | ||||
| -rw-r--r-- | Auth/OpenID/FileStore.php | 11 | ||||
| -rw-r--r-- | Auth/OpenID/MDB2Store.php | 26 | ||||
| -rw-r--r-- | Auth/OpenID/PredisStore.php | 208 | ||||
| -rw-r--r-- | Auth/OpenID/SQLStore.php | 2 | ||||
| -rw-r--r-- | Auth/Yadis/XML.php | 14 | ||||
| -rw-r--r-- | composer.json | 24 | ||||
| -rw-r--r-- | examples/detect.php | 2 |
9 files changed, 279 insertions, 20 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..22d0d82 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +vendor diff --git a/Auth/OpenID/Extension.php b/Auth/OpenID/Extension.php index c4e38c0..542a1da 100644 --- a/Auth/OpenID/Extension.php +++ b/Auth/OpenID/Extension.php @@ -39,7 +39,7 @@ class Auth_OpenID_Extension { * * Returns the message with the extension arguments added. */ - function toMessage($message) + function toMessage($message, $request = null) { $implicit = $message->isOpenID1(); $added = $message->namespaces->addAlias($this->ns_uri, @@ -53,8 +53,13 @@ class Auth_OpenID_Extension { } } - $message->updateArgs($this->ns_uri, - $this->getExtensionArgs()); + if ($request !== null) { + $message->updateArgs($this->ns_uri, + $this->getExtensionArgs($request)); + } else { + $message->updateArgs($this->ns_uri, + $this->getExtensionArgs()); + } return $message; } } diff --git a/Auth/OpenID/FileStore.php b/Auth/OpenID/FileStore.php index 074421a..7eec791 100644 --- a/Auth/OpenID/FileStore.php +++ b/Auth/OpenID/FileStore.php @@ -300,13 +300,22 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore { return null; } + if (file_exists($filename) !== true) { + return null; + } + $assoc_file = @fopen($filename, 'rb'); if ($assoc_file === false) { return null; } - $assoc_s = fread($assoc_file, filesize($filename)); + $filesize = filesize($filename); + if ($filesize === false || $filesize <= 0) { + return null; + } + + $assoc_s = fread($assoc_file, $filesize); fclose($assoc_file); if (!$assoc_s) { diff --git a/Auth/OpenID/MDB2Store.php b/Auth/OpenID/MDB2Store.php index 80024ba..fb27d5c 100644 --- a/Auth/OpenID/MDB2Store.php +++ b/Auth/OpenID/MDB2Store.php @@ -85,7 +85,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { // column name instead of column index. $this->connection->setFetchMode(MDB2_FETCHMODE_ASSOC); - if (PEAR::isError($this->connection->loadModule('Extended'))) { + if (@PEAR::isError($this->connection->loadModule('Extended'))) { trigger_error("Unable to load MDB2_Extended module", E_USER_ERROR); return; } @@ -103,7 +103,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { function tableExists($table_name) { - return !PEAR::isError($this->connection->query( + return !@PEAR::isError($this->connection->query( sprintf("SELECT * FROM %s LIMIT 0", $table_name))); } @@ -135,12 +135,12 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { " UNIQUE (server_url(255), timestamp, salt)\n". ") TYPE=InnoDB", $this->nonces_table_name)); - if (PEAR::isError($r)) { + if (@PEAR::isError($r)) { return false; } break; default: - if (PEAR::isError( + if (@PEAR::isError( $this->connection->loadModule('Manager'))) { return false; } @@ -172,7 +172,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { $r = $this->connection->createTable($this->nonces_table_name, $fields); - if (PEAR::isError($r)) { + if (@PEAR::isError($r)) { return false; } @@ -180,7 +180,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { $this->nonces_table_name, $this->nonces_table_name . "_constraint", $constraint); - if (PEAR::isError($r)) { + if (@PEAR::isError($r)) { return false; } break; @@ -208,12 +208,12 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { " PRIMARY KEY (server_url(255), handle)\n". ") TYPE=InnoDB", $this->associations_table_name)); - if (PEAR::isError($r)) { + if (@PEAR::isError($r)) { return false; } break; default: - if (PEAR::isError( + if (@PEAR::isError( $this->connection->loadModule('Manager'))) { return false; } @@ -258,7 +258,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { $this->associations_table_name, $fields, $options); - if (PEAR::isError($r)) { + if (@PEAR::isError($r)) { return false; } break; @@ -293,7 +293,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { ) ); - return !PEAR::isError($this->connection->replace( + return !@PEAR::isError($this->connection->replace( $this->associations_table_name, $fields)); } @@ -340,7 +340,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { $assoc = $this->connection->getRow($sql, $types, $params); - if (!$assoc || PEAR::isError($assoc)) { + if (!$assoc || @PEAR::isError($assoc)) { return null; } else { $association = new Auth_OpenID_Association($assoc['handle'], @@ -361,7 +361,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { $this->associations_table_name), array($server_url, $handle)); - if (PEAR::isError($r) || $r == 0) { + if (@PEAR::isError($r) || $r == 0) { return false; } return true; @@ -389,7 +389,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore { $fields, MDB2_AUTOQUERY_INSERT); - if (PEAR::isError($r)) { + if (@PEAR::isError($r)) { return false; } return true; diff --git a/Auth/OpenID/PredisStore.php b/Auth/OpenID/PredisStore.php new file mode 100644 index 0000000..7108c2f --- /dev/null +++ b/Auth/OpenID/PredisStore.php @@ -0,0 +1,208 @@ +<?php + +/** + * Supplies Redis server store backend for OpenID servers and consumers. + * Uses Predis library {@see https://github.com/nrk/predis}. + * Requires PHP >= 5.3. + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author Ville Mattila <ville@eventio.fi> + * @copyright 2008 JanRain Inc., 2013 Eventio Oy / Ville Mattila + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + * Contributed by Eventio Oy <http://www.eventio.fi/> + */ + +/** + * Import the interface for creating a new store class. + */ +require_once 'Auth/OpenID/Interface.php'; + +/** + * Supplies Redis server store backend for OpenID servers and consumers. + * Uses Predis library {@see https://github.com/nrk/predis}. + * Requires PHP >= 5.3. + * + * @package OpenID + */ +class Auth_OpenID_PredisStore extends Auth_OpenID_OpenIDStore { + + /** + * @var \Predis\Client + */ + protected $redis; + + /** + * Prefix for Redis keys + * @var string + */ + protected $prefix; + + /** + * Initializes a new {@link Auth_OpenID_PredisStore} instance. + * + * @param \Predis\Client $redis Predis client object + * @param string $prefix Prefix for all keys stored to the Redis + */ + function Auth_OpenID_PredisStore(\Predis\Client $redis, $prefix = '') + { + $this->prefix = $prefix; + $this->redis = $redis; + } + + /** + * Store association until its expiration time in Redis server. + * Overwrites any existing association with same server_url and + * handle. Handles list of associations for every server. + */ + function storeAssociation($server_url, $association) + { + // create Redis keys for association itself + // and list of associations for this server + $associationKey = $this->associationKey($server_url, + $association->handle); + $serverKey = $this->associationServerKey($server_url); + + // save association to server's associations' keys list + $this->redis->lpush( + $serverKey, + $associationKey + ); + + // Will touch the association list expiration, to avoid filling up + $newExpiration = ($association->issued + $association->lifetime); + + $expirationKey = $serverKey.'_expires_at'; + $expiration = $this->redis->get($expirationKey); + if (!$expiration || $newExpiration > $expiration) { + $this->redis->set($expirationKey, $newExpiration); + $this->redis->expireat($serverKey, $newExpiration); + $this->redis->expireat($expirationKey, $newExpiration); + } + + // save association itself, will automatically expire + $this->redis->setex( + $associationKey, + $newExpiration - time(), + serialize($association) + ); + } + + /** + * Read association from Redis. If no handle given + * and multiple associations found, returns latest issued + */ + function getAssociation($server_url, $handle = null) + { + // simple case: handle given + if ($handle !== null) { + return $this->getAssociationFromServer( + $this->associationKey($server_url, $handle) + ); + } + + // no handle given, receiving the latest issued + $serverKey = $this->associationServerKey($server_url); + $lastKey = $this->redis->lpop($serverKey); + if (!$lastKey) { return null; } + + // get association, return null if failed + return $this->getAssociationFromServer($lastKey); + } + + /** + * Function to actually receive and unserialize the association + * from the server. + */ + private function getAssociationFromServer($associationKey) + { + $association = $this->redis->get($associationKey); + return $association ? unserialize($association) : null; + } + + /** + * Immediately delete association from Redis. + */ + function removeAssociation($server_url, $handle) + { + // create Redis keys + $serverKey = $this->associationServerKey($server_url); + $associationKey = $this->associationKey($server_url, + $handle); + + // Removing the association from the server's association list + $removed = $this->redis->lrem($serverKey, 0, $associationKey); + if ($removed < 1) { + return false; + } + + // Delete the association itself + return $this->redis->del($associationKey); + } + + /** + * Create nonce for server and salt, expiring after + * $Auth_OpenID_SKEW seconds. + */ + function useNonce($server_url, $timestamp, $salt) + { + global $Auth_OpenID_SKEW; + + // save one request to memcache when nonce obviously expired + if (abs($timestamp - time()) > $Auth_OpenID_SKEW) { + return false; + } + + // SETNX will set the value only of the key doesn't exist yet. + $nonceKey = $this->nonceKey($server_url, $salt); + $added = $this->predis->setnx($nonceKey); + if ($added) { + // Will set expiration + $this->predis->expire($nonceKey, $Auth_OpenID_SKEW); + return true; + } else { + return false; + } + } + + /** + * Build up nonce key + */ + private function nonceKey($server_url, $salt) + { + return $this->prefix . + 'openid_nonce_' . + sha1($server_url) . '_' . sha1($salt); + } + + /** + * Key is prefixed with $prefix and 'openid_association_' string + */ + function associationKey($server_url, $handle = null) + { + return $this->prefix . + 'openid_association_' . + sha1($server_url) . '_' . sha1($handle); + } + + /** + * Key is prefixed with $prefix and 'openid_association_server_' string + */ + function associationServerKey($server_url) + { + return $this->prefix . + 'openid_association_server_' . + sha1($server_url); + } + + /** + * Report that this storage doesn't support cleanup + */ + function supportsCleanup() + { + return false; + } + +} + diff --git a/Auth/OpenID/SQLStore.php b/Auth/OpenID/SQLStore.php index c040597..2dc731a 100644 --- a/Auth/OpenID/SQLStore.php +++ b/Auth/OpenID/SQLStore.php @@ -166,7 +166,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore { */ function isError($value) { - return PEAR::isError($value); + return @PEAR::isError($value); } /** diff --git a/Auth/Yadis/XML.php b/Auth/Yadis/XML.php index cf1f5c4..39a9942 100644 --- a/Auth/Yadis/XML.php +++ b/Auth/Yadis/XML.php @@ -234,7 +234,19 @@ class Auth_Yadis_dom extends Auth_Yadis_XMLParser { return false; } - if (!@$this->doc->loadXML($xml_string)) { + // libxml_disable_entity_loader (PHP 5 >= 5.2.11) + if (function_exists('libxml_disable_entity_loader') && function_exists('libxml_use_internal_errors')) { + // disable external entities and libxml errors + $loader = libxml_disable_entity_loader(true); + $errors = libxml_use_internal_errors(true); + $parse_result = @$this->doc->loadXML($xml_string); + libxml_disable_entity_loader($loader); + libxml_use_internal_errors($errors); + } else { + $parse_result = @$this->doc->loadXML($xml_string); + } + + if (!$parse_result) { return false; } diff --git a/composer.json b/composer.json new file mode 100644 index 0000000..3af0be5 --- /dev/null +++ b/composer.json @@ -0,0 +1,24 @@ +{ + "name": "openid/php-openid", + "version": "2.2.2", + "description": "OpenID library for PHP5", + "keywords": ["openid", "authentication", "yadis", "auth"], + "license": "Apache-2.0", + "homepage": "http://github.com/openid/php-openid", + "authors": [ + { + "name": "JanRain Inc.", + "homepage": "http://www.openidenabled.com" + } + ], + "require": { + "php": ">=4.3", + "ext-gmp": "*", + "ext-curl": "*", + "ext-dom": "*" + }, + "autoload": { + "classmap": ["Auth"] + }, + "include-path": ["."] +} diff --git a/examples/detect.php b/examples/detect.php index 9c59db3..f809be2 100644 --- a/examples/detect.php +++ b/examples/detect.php @@ -434,7 +434,7 @@ function detect_fetcher($r, &$out) $ok = true; $fetcher = Auth_Yadis_Yadis::getHTTPFetcher(); - $fetch_url = 'https://raw.github.com/gist/465630/c57eff55ebc0c54973903af5f72bac72762cf4f4/helloworld'; + $fetch_url = 'https://gist.github.com/chuckpearce/6810258/raw/c57eff55ebc0c54973903af5f72bac72762cf4f4/gistfile1.txt'; $expected_url = $fetch_url;// . '.txt'; $result = $fetcher->get($fetch_url); |