summaryrefslogtreecommitdiffstats
path: root/Auth/OpenID
diff options
context:
space:
mode:
Diffstat (limited to 'Auth/OpenID')
-rw-r--r--Auth/OpenID/Extension.php11
-rw-r--r--Auth/OpenID/FileStore.php11
-rw-r--r--Auth/OpenID/MDB2Store.php26
-rw-r--r--Auth/OpenID/PredisStore.php208
-rw-r--r--Auth/OpenID/SQLStore.php2
5 files changed, 240 insertions, 18 deletions
diff --git a/Auth/OpenID/Extension.php b/Auth/OpenID/Extension.php
index c4e38c0..542a1da 100644
--- a/Auth/OpenID/Extension.php
+++ b/Auth/OpenID/Extension.php
@@ -39,7 +39,7 @@ class Auth_OpenID_Extension {
*
* Returns the message with the extension arguments added.
*/
- function toMessage($message)
+ function toMessage($message, $request = null)
{
$implicit = $message->isOpenID1();
$added = $message->namespaces->addAlias($this->ns_uri,
@@ -53,8 +53,13 @@ class Auth_OpenID_Extension {
}
}
- $message->updateArgs($this->ns_uri,
- $this->getExtensionArgs());
+ if ($request !== null) {
+ $message->updateArgs($this->ns_uri,
+ $this->getExtensionArgs($request));
+ } else {
+ $message->updateArgs($this->ns_uri,
+ $this->getExtensionArgs());
+ }
return $message;
}
}
diff --git a/Auth/OpenID/FileStore.php b/Auth/OpenID/FileStore.php
index 074421a..7eec791 100644
--- a/Auth/OpenID/FileStore.php
+++ b/Auth/OpenID/FileStore.php
@@ -300,13 +300,22 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
return null;
}
+ if (file_exists($filename) !== true) {
+ return null;
+ }
+
$assoc_file = @fopen($filename, 'rb');
if ($assoc_file === false) {
return null;
}
- $assoc_s = fread($assoc_file, filesize($filename));
+ $filesize = filesize($filename);
+ if ($filesize === false || $filesize <= 0) {
+ return null;
+ }
+
+ $assoc_s = fread($assoc_file, $filesize);
fclose($assoc_file);
if (!$assoc_s) {
diff --git a/Auth/OpenID/MDB2Store.php b/Auth/OpenID/MDB2Store.php
index 80024ba..fb27d5c 100644
--- a/Auth/OpenID/MDB2Store.php
+++ b/Auth/OpenID/MDB2Store.php
@@ -85,7 +85,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
// column name instead of column index.
$this->connection->setFetchMode(MDB2_FETCHMODE_ASSOC);
- if (PEAR::isError($this->connection->loadModule('Extended'))) {
+ if (@PEAR::isError($this->connection->loadModule('Extended'))) {
trigger_error("Unable to load MDB2_Extended module", E_USER_ERROR);
return;
}
@@ -103,7 +103,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
function tableExists($table_name)
{
- return !PEAR::isError($this->connection->query(
+ return !@PEAR::isError($this->connection->query(
sprintf("SELECT * FROM %s LIMIT 0",
$table_name)));
}
@@ -135,12 +135,12 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
" UNIQUE (server_url(255), timestamp, salt)\n".
") TYPE=InnoDB",
$this->nonces_table_name));
- if (PEAR::isError($r)) {
+ if (@PEAR::isError($r)) {
return false;
}
break;
default:
- if (PEAR::isError(
+ if (@PEAR::isError(
$this->connection->loadModule('Manager'))) {
return false;
}
@@ -172,7 +172,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
$r = $this->connection->createTable($this->nonces_table_name,
$fields);
- if (PEAR::isError($r)) {
+ if (@PEAR::isError($r)) {
return false;
}
@@ -180,7 +180,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
$this->nonces_table_name,
$this->nonces_table_name . "_constraint",
$constraint);
- if (PEAR::isError($r)) {
+ if (@PEAR::isError($r)) {
return false;
}
break;
@@ -208,12 +208,12 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
" PRIMARY KEY (server_url(255), handle)\n".
") TYPE=InnoDB",
$this->associations_table_name));
- if (PEAR::isError($r)) {
+ if (@PEAR::isError($r)) {
return false;
}
break;
default:
- if (PEAR::isError(
+ if (@PEAR::isError(
$this->connection->loadModule('Manager'))) {
return false;
}
@@ -258,7 +258,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
$this->associations_table_name,
$fields,
$options);
- if (PEAR::isError($r)) {
+ if (@PEAR::isError($r)) {
return false;
}
break;
@@ -293,7 +293,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
)
);
- return !PEAR::isError($this->connection->replace(
+ return !@PEAR::isError($this->connection->replace(
$this->associations_table_name,
$fields));
}
@@ -340,7 +340,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
$assoc = $this->connection->getRow($sql, $types, $params);
- if (!$assoc || PEAR::isError($assoc)) {
+ if (!$assoc || @PEAR::isError($assoc)) {
return null;
} else {
$association = new Auth_OpenID_Association($assoc['handle'],
@@ -361,7 +361,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
$this->associations_table_name),
array($server_url, $handle));
- if (PEAR::isError($r) || $r == 0) {
+ if (@PEAR::isError($r) || $r == 0) {
return false;
}
return true;
@@ -389,7 +389,7 @@ class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
$fields,
MDB2_AUTOQUERY_INSERT);
- if (PEAR::isError($r)) {
+ if (@PEAR::isError($r)) {
return false;
}
return true;
diff --git a/Auth/OpenID/PredisStore.php b/Auth/OpenID/PredisStore.php
new file mode 100644
index 0000000..7108c2f
--- /dev/null
+++ b/Auth/OpenID/PredisStore.php
@@ -0,0 +1,208 @@
+<?php
+
+/**
+ * Supplies Redis server store backend for OpenID servers and consumers.
+ * Uses Predis library {@see https://github.com/nrk/predis}.
+ * Requires PHP >= 5.3.
+ *
+ * LICENSE: See the COPYING file included in this distribution.
+ *
+ * @package OpenID
+ * @author Ville Mattila <ville@eventio.fi>
+ * @copyright 2008 JanRain Inc., 2013 Eventio Oy / Ville Mattila
+ * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
+ * Contributed by Eventio Oy <http://www.eventio.fi/>
+ */
+
+/**
+ * Import the interface for creating a new store class.
+ */
+require_once 'Auth/OpenID/Interface.php';
+
+/**
+ * Supplies Redis server store backend for OpenID servers and consumers.
+ * Uses Predis library {@see https://github.com/nrk/predis}.
+ * Requires PHP >= 5.3.
+ *
+ * @package OpenID
+ */
+class Auth_OpenID_PredisStore extends Auth_OpenID_OpenIDStore {
+
+ /**
+ * @var \Predis\Client
+ */
+ protected $redis;
+
+ /**
+ * Prefix for Redis keys
+ * @var string
+ */
+ protected $prefix;
+
+ /**
+ * Initializes a new {@link Auth_OpenID_PredisStore} instance.
+ *
+ * @param \Predis\Client $redis Predis client object
+ * @param string $prefix Prefix for all keys stored to the Redis
+ */
+ function Auth_OpenID_PredisStore(\Predis\Client $redis, $prefix = '')
+ {
+ $this->prefix = $prefix;
+ $this->redis = $redis;
+ }
+
+ /**
+ * Store association until its expiration time in Redis server.
+ * Overwrites any existing association with same server_url and
+ * handle. Handles list of associations for every server.
+ */
+ function storeAssociation($server_url, $association)
+ {
+ // create Redis keys for association itself
+ // and list of associations for this server
+ $associationKey = $this->associationKey($server_url,
+ $association->handle);
+ $serverKey = $this->associationServerKey($server_url);
+
+ // save association to server's associations' keys list
+ $this->redis->lpush(
+ $serverKey,
+ $associationKey
+ );
+
+ // Will touch the association list expiration, to avoid filling up
+ $newExpiration = ($association->issued + $association->lifetime);
+
+ $expirationKey = $serverKey.'_expires_at';
+ $expiration = $this->redis->get($expirationKey);
+ if (!$expiration || $newExpiration > $expiration) {
+ $this->redis->set($expirationKey, $newExpiration);
+ $this->redis->expireat($serverKey, $newExpiration);
+ $this->redis->expireat($expirationKey, $newExpiration);
+ }
+
+ // save association itself, will automatically expire
+ $this->redis->setex(
+ $associationKey,
+ $newExpiration - time(),
+ serialize($association)
+ );
+ }
+
+ /**
+ * Read association from Redis. If no handle given
+ * and multiple associations found, returns latest issued
+ */
+ function getAssociation($server_url, $handle = null)
+ {
+ // simple case: handle given
+ if ($handle !== null) {
+ return $this->getAssociationFromServer(
+ $this->associationKey($server_url, $handle)
+ );
+ }
+
+ // no handle given, receiving the latest issued
+ $serverKey = $this->associationServerKey($server_url);
+ $lastKey = $this->redis->lpop($serverKey);
+ if (!$lastKey) { return null; }
+
+ // get association, return null if failed
+ return $this->getAssociationFromServer($lastKey);
+ }
+
+ /**
+ * Function to actually receive and unserialize the association
+ * from the server.
+ */
+ private function getAssociationFromServer($associationKey)
+ {
+ $association = $this->redis->get($associationKey);
+ return $association ? unserialize($association) : null;
+ }
+
+ /**
+ * Immediately delete association from Redis.
+ */
+ function removeAssociation($server_url, $handle)
+ {
+ // create Redis keys
+ $serverKey = $this->associationServerKey($server_url);
+ $associationKey = $this->associationKey($server_url,
+ $handle);
+
+ // Removing the association from the server's association list
+ $removed = $this->redis->lrem($serverKey, 0, $associationKey);
+ if ($removed < 1) {
+ return false;
+ }
+
+ // Delete the association itself
+ return $this->redis->del($associationKey);
+ }
+
+ /**
+ * Create nonce for server and salt, expiring after
+ * $Auth_OpenID_SKEW seconds.
+ */
+ function useNonce($server_url, $timestamp, $salt)
+ {
+ global $Auth_OpenID_SKEW;
+
+ // save one request to memcache when nonce obviously expired
+ if (abs($timestamp - time()) > $Auth_OpenID_SKEW) {
+ return false;
+ }
+
+ // SETNX will set the value only of the key doesn't exist yet.
+ $nonceKey = $this->nonceKey($server_url, $salt);
+ $added = $this->predis->setnx($nonceKey);
+ if ($added) {
+ // Will set expiration
+ $this->predis->expire($nonceKey, $Auth_OpenID_SKEW);
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ /**
+ * Build up nonce key
+ */
+ private function nonceKey($server_url, $salt)
+ {
+ return $this->prefix .
+ 'openid_nonce_' .
+ sha1($server_url) . '_' . sha1($salt);
+ }
+
+ /**
+ * Key is prefixed with $prefix and 'openid_association_' string
+ */
+ function associationKey($server_url, $handle = null)
+ {
+ return $this->prefix .
+ 'openid_association_' .
+ sha1($server_url) . '_' . sha1($handle);
+ }
+
+ /**
+ * Key is prefixed with $prefix and 'openid_association_server_' string
+ */
+ function associationServerKey($server_url)
+ {
+ return $this->prefix .
+ 'openid_association_server_' .
+ sha1($server_url);
+ }
+
+ /**
+ * Report that this storage doesn't support cleanup
+ */
+ function supportsCleanup()
+ {
+ return false;
+ }
+
+}
+
diff --git a/Auth/OpenID/SQLStore.php b/Auth/OpenID/SQLStore.php
index c040597..2dc731a 100644
--- a/Auth/OpenID/SQLStore.php
+++ b/Auth/OpenID/SQLStore.php
@@ -166,7 +166,7 @@ class Auth_OpenID_SQLStore extends Auth_OpenID_OpenIDStore {
*/
function isError($value)
{
- return PEAR::isError($value);
+ return @PEAR::isError($value);
}
/**
generated by cgit v1.1 at 2025-05-17 12:59:33 +0000