1 <?php

2 namespace TYPO3\CMS\Openid;

3 

17 require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('openid') . 'lib/php-openid/Auth/OpenID/Interface.php';

18 

24 class OpenidStore extends \Auth_OpenID_OpenIDStore {

25 

26  const ASSOCIATION_TABLE_NAME = 'tx_openid_assoc_store';

27  const NONCE_TABLE_NAME = 'tx_openid_nonce_store';

28  /* 2 minutes */

29  const ASSOCIATION_EXPIRATION_SAFETY_INTERVAL = 120;

30  /* 10 days */

31  const NONCE_STORAGE_TIME = 864000;

32 

36  protected $databaseConnection;

37 

41  public function __construct($databaseConnection = NULL) {

42  $this->databaseConnection = $databaseConnection ?: $GLOBALS['TYPO3_DB'];

43  }

44 

52  public function storeAssociation($serverUrl, $association) {

53  /* @var $association \Auth_OpenID_Association */

54  $this->databaseConnection->sql_query('START TRANSACTION');

55  if ($this->doesAssociationExist($serverUrl, $association->handle)) {

56  $this->updateExistingAssociation($serverUrl, $association);

57  } else {

58  $this->storeNewAssociation($serverUrl, $association);

59  }

60  $this->databaseConnection->sql_query('COMMIT');

61  }

62 

68  public function cleanupAssociations() {

69  $where = sprintf('expires<=%d', time());

70  $this->databaseConnection->exec_DELETEquery(self::ASSOCIATION_TABLE_NAME, $where);

71  return $this->databaseConnection->sql_affected_rows();

72  }

73 

81  public function getAssociation($serverUrl, $handle = NULL) {

82  $this->cleanupAssociations();

83  $where = sprintf('server_url=%s AND expires>%d', $this->databaseConnection->fullQuoteStr($serverUrl, self::ASSOCIATION_TABLE_NAME), time());

84  if ($handle != NULL) {

85  $where .= sprintf(' AND assoc_handle=%s', $this->databaseConnection->fullQuoteStr($handle, self::ASSOCIATION_TABLE_NAME));

86  $sort = '';

87  } else {

88  $sort = 'tstamp DESC';

89  }

90  $row = $this->databaseConnection->exec_SELECTgetSingleRow('uid, content', self::ASSOCIATION_TABLE_NAME, $where, '', $sort);

91  $result = NULL;

92  if (is_array($row)) {

93  $result = @unserialize(base64_decode($row['content']));

94  if ($result === FALSE) {

95  $result = NULL;

96  } else {

97  $this->updateAssociationTimeStamp($row['tstamp']);

98  }

99  }

100  return $result;

101  }

102 

110  public function removeAssociation($serverUrl, $handle) {

111  $where = sprintf('server_url=%s AND assoc_handle=%s', $this->databaseConnection->fullQuoteStr($serverUrl, self::ASSOCIATION_TABLE_NAME), $this->databaseConnection->fullQuoteStr($handle, self::ASSOCIATION_TABLE_NAME));

112  $this->databaseConnection->exec_DELETEquery(self::ASSOCIATION_TABLE_NAME, $where);

113  $deletedCount = $this->databaseConnection->sql_affected_rows();

114  return $deletedCount > 0;

115  }

116 

122  public function cleanupNonces() {

123  $where = sprintf('crdate<%d', time() - self::NONCE_STORAGE_TIME);

124  $this->databaseConnection->exec_DELETEquery(self::NONCE_TABLE_NAME, $where);

125  }

126 

135  public function useNonce($serverUrl, $timestamp, $salt) {

136  $result = FALSE;

137  if (abs($timestamp - time()) < $GLOBALS['Auth_OpenID_SKEW']) {

138  $values = array(

139  'crdate' => time(),

140  'salt' => $salt,

141  'server_url' => $serverUrl,

142  'tstamp' => $timestamp

143  );

144  $this->databaseConnection->exec_INSERTquery(self::NONCE_TABLE_NAME, $values);

145  $affectedRows = $this->databaseConnection->sql_affected_rows();

146  $result = $affectedRows > 0;

147  }

148  return $result;

149  }

150 

156  public function reset() {

157  $this->databaseConnection->exec_TRUNCATEquery(self::ASSOCIATION_TABLE_NAME);

158  $this->databaseConnection->exec_TRUNCATEquery(self::NONCE_TABLE_NAME);

159  }

160 

168  protected function doesAssociationExist($serverUrl, $association) {

169  $where = sprintf('server_url=%s AND assoc_handle=%s AND expires>%d', $this->databaseConnection->fullQuoteStr($serverUrl, self::ASSOCIATION_TABLE_NAME), $this->databaseConnection->fullQuoteStr($association->handle, self::ASSOCIATION_TABLE_NAME), time());

170  $row = $this->databaseConnection->exec_SELECTgetSingleRow('COUNT(*) as assocCount', self::ASSOCIATION_TABLE_NAME, $where);

171  return $row['assocCount'] > 0;

172  }

173 

181  protected function updateExistingAssociation($serverUrl, \Auth_OpenID_Association $association) {

182  $where = sprintf('server_url=%s AND assoc_handle=%s AND expires>%d', $this->databaseConnection->fullQuoteStr($serverUrl, self::ASSOCIATION_TABLE_NAME), $this->databaseConnection->fullQuoteStr($association->handle, self::ASSOCIATION_TABLE_NAME), time());

183  $serializedAssociation = serialize($association);

184  $values = array(

185  'content' => base64_encode($serializedAssociation),

186  'tstamp' => time()

187  );

188  $this->databaseConnection->exec_UPDATEquery(self::ASSOCIATION_TABLE_NAME, $where, $values);

189  }

190 

198  protected function storeNewAssociation($serverUrl, $association) {

199  $serializedAssociation = serialize($association);

200  $values = array(

201  'assoc_handle' => $association->handle,

202  'content' => base64_encode($serializedAssociation),

203  'crdate' => $association->issued,

204  'tstamp' => time(),

205  'expires' => $association->issued + $association->lifetime - self::ASSOCIATION_EXPIRATION_SAFETY_INTERVAL,

206  'server_url' => $serverUrl

207  );

208  // In the next query we can get race conditions. sha1_hash prevents many

209  // asociations from being stored for one server

210  $this->databaseConnection->exec_INSERTquery(self::ASSOCIATION_TABLE_NAME, $values);

211  }

212 

219  protected function updateAssociationTimeStamp($recordId) {

220  $where = sprintf('uid=%d', $recordId);

221  $values = array(

222  'tstamp' => time()

223  );

224  $this->databaseConnection->exec_UPDATEquery(self::ASSOCIATION_TABLE_NAME, $where, $values);

225  }

226 

227 }