209 lines
		
	
	
		
			6.0 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
		
		
			
		
	
	
			209 lines
		
	
	
		
			6.0 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
|   | <?php | ||
|  | 
 | ||
|  | /** | ||
|  |  * Supplies Redis server store backend for OpenID servers and consumers. | ||
|  |  * Uses Predis library {@see https://github.com/nrk/predis}. | ||
|  |  * Requires PHP >= 5.3. | ||
|  |  * | ||
|  |  * LICENSE: See the COPYING file included in this distribution. | ||
|  |  * | ||
|  |  * @package OpenID | ||
|  |  * @author Ville Mattila <ville@eventio.fi> | ||
|  |  * @copyright 2008 JanRain Inc., 2013 Eventio Oy / Ville Mattila | ||
|  |  * @license http://www.apache.org/licenses/LICENSE-2.0 Apache | ||
|  |  * Contributed by Eventio Oy <http://www.eventio.fi/> | ||
|  |  */ | ||
|  | 
 | ||
|  | /** | ||
|  |  * Import the interface for creating a new store class. | ||
|  |  */ | ||
|  | require_once 'Auth/OpenID/Interface.php'; | ||
|  | 
 | ||
|  | /** | ||
|  |  * Supplies Redis server store backend for OpenID servers and consumers. | ||
|  |  * Uses Predis library {@see https://github.com/nrk/predis}. | ||
|  |  * Requires PHP >= 5.3. | ||
|  |  *  | ||
|  |  * @package OpenID | ||
|  |  */ | ||
|  | class Auth_OpenID_PredisStore extends Auth_OpenID_OpenIDStore { | ||
|  | 
 | ||
|  |     /** | ||
|  |      * @var \Predis\Client | ||
|  |      */ | ||
|  |     protected $redis; | ||
|  | 
 | ||
|  |     /** | ||
|  |      * Prefix for Redis keys | ||
|  |      * @var string | ||
|  |      */ | ||
|  |     protected $prefix; | ||
|  | 
 | ||
|  |     /** | ||
|  |      * Initializes a new {@link Auth_OpenID_PredisStore} instance. | ||
|  |      * | ||
|  |      * @param \Predis\Client $redis  Predis client object | ||
|  |      * @param string         $prefix Prefix for all keys stored to the Redis | ||
|  |      */ | ||
|  |     function Auth_OpenID_PredisStore(\Predis\Client $redis, $prefix = '') | ||
|  |     { | ||
|  |         $this->prefix = $prefix; | ||
|  |         $this->redis = $redis; | ||
|  |     } | ||
|  | 
 | ||
|  |     /** | ||
|  |      * Store association until its expiration time in Redis server.  | ||
|  |      * Overwrites any existing association with same server_url and  | ||
|  |      * handle. Handles list of associations for every server.  | ||
|  |      */ | ||
|  |     function storeAssociation($server_url, $association) | ||
|  |     { | ||
|  |         // create Redis keys for association itself 
 | ||
|  |         // and list of associations for this server
 | ||
|  |         $associationKey = $this->associationKey($server_url,  | ||
|  |             $association->handle); | ||
|  |         $serverKey = $this->associationServerKey($server_url); | ||
|  |          | ||
|  |         // save association to server's associations' keys list
 | ||
|  |         $this->redis->lpush( | ||
|  |             $serverKey, | ||
|  |             $associationKey | ||
|  |         ); | ||
|  | 
 | ||
|  |         // Will touch the association list expiration, to avoid filling up
 | ||
|  |         $newExpiration = ($association->issued + $association->lifetime); | ||
|  | 
 | ||
|  |         $expirationKey = $serverKey.'_expires_at'; | ||
|  |         $expiration = $this->redis->get($expirationKey); | ||
|  |         if (!$expiration || $newExpiration > $expiration) { | ||
|  |             $this->redis->set($expirationKey, $newExpiration); | ||
|  |             $this->redis->expireat($serverKey, $newExpiration); | ||
|  |             $this->redis->expireat($expirationKey, $newExpiration); | ||
|  |         } | ||
|  | 
 | ||
|  |         // save association itself, will automatically expire
 | ||
|  |         $this->redis->setex( | ||
|  |             $associationKey, | ||
|  |             $newExpiration - time(), | ||
|  |             serialize($association) | ||
|  |         ); | ||
|  |     } | ||
|  | 
 | ||
|  |     /** | ||
|  |      * Read association from Redis. If no handle given  | ||
|  |      * and multiple associations found, returns latest issued | ||
|  |      */ | ||
|  |     function getAssociation($server_url, $handle = null) | ||
|  |     { | ||
|  |         // simple case: handle given
 | ||
|  |         if ($handle !== null) { | ||
|  |             return $this->getAssociationFromServer( | ||
|  |                 $this->associationKey($server_url, $handle) | ||
|  |             ); | ||
|  |         } | ||
|  |          | ||
|  |         // no handle given, receiving the latest issued
 | ||
|  |         $serverKey = $this->associationServerKey($server_url); | ||
|  |         $lastKey = $this->redis->lpop($serverKey); | ||
|  |         if (!$lastKey) { return null; } | ||
|  | 
 | ||
|  |         // get association, return null if failed
 | ||
|  |         return $this->getAssociationFromServer($lastKey); | ||
|  |     } | ||
|  |      | ||
|  |     /** | ||
|  |      * Function to actually receive and unserialize the association | ||
|  |      * from the server. | ||
|  |      */ | ||
|  |     private function getAssociationFromServer($associationKey) | ||
|  |     { | ||
|  |         $association = $this->redis->get($associationKey); | ||
|  |         return $association ? unserialize($association) : null; | ||
|  |     } | ||
|  | 
 | ||
|  |     /** | ||
|  |      * Immediately delete association from Redis. | ||
|  |      */ | ||
|  |     function removeAssociation($server_url, $handle) | ||
|  |     { | ||
|  |         // create Redis keys
 | ||
|  |         $serverKey = $this->associationServerKey($server_url); | ||
|  |         $associationKey = $this->associationKey($server_url,  | ||
|  |             $handle); | ||
|  |          | ||
|  |         // Removing the association from the server's association list
 | ||
|  |         $removed = $this->redis->lrem($serverKey, 0, $associationKey); | ||
|  |         if ($removed < 1) { | ||
|  |             return false; | ||
|  |         } | ||
|  | 
 | ||
|  |         // Delete the association itself
 | ||
|  |         return $this->redis->del($associationKey); | ||
|  |     } | ||
|  | 
 | ||
|  |     /** | ||
|  |      * Create nonce for server and salt, expiring after  | ||
|  |      * $Auth_OpenID_SKEW seconds. | ||
|  |      */ | ||
|  |     function useNonce($server_url, $timestamp, $salt) | ||
|  |     { | ||
|  |         global $Auth_OpenID_SKEW; | ||
|  |          | ||
|  |         // save one request to memcache when nonce obviously expired 
 | ||
|  |         if (abs($timestamp - time()) > $Auth_OpenID_SKEW) { | ||
|  |             return false; | ||
|  |         } | ||
|  |          | ||
|  |         // SETNX will set the value only of the key doesn't exist yet.
 | ||
|  |         $nonceKey = $this->nonceKey($server_url, $salt); | ||
|  |         $added = $this->predis->setnx($nonceKey); | ||
|  |         if ($added) { | ||
|  |             // Will set expiration
 | ||
|  |             $this->predis->expire($nonceKey, $Auth_OpenID_SKEW); | ||
|  |             return true; | ||
|  |         } else { | ||
|  |             return false; | ||
|  |         } | ||
|  |     } | ||
|  |      | ||
|  |     /** | ||
|  |      * Build up nonce key | ||
|  |      */ | ||
|  |     private function nonceKey($server_url, $salt) | ||
|  |     { | ||
|  |         return $this->prefix . | ||
|  |                'openid_nonce_' . | ||
|  |                sha1($server_url) . '_' . sha1($salt); | ||
|  |     } | ||
|  |      | ||
|  |     /** | ||
|  |      * Key is prefixed with $prefix and 'openid_association_' string | ||
|  |      */ | ||
|  |     function associationKey($server_url, $handle = null)  | ||
|  |     { | ||
|  |         return $this->prefix . | ||
|  |                'openid_association_' . | ||
|  |                sha1($server_url) . '_' . sha1($handle); | ||
|  |     } | ||
|  |      | ||
|  |     /** | ||
|  |      * Key is prefixed with $prefix and 'openid_association_server_' string | ||
|  |      */ | ||
|  |     function associationServerKey($server_url)  | ||
|  |     { | ||
|  |         return $this->prefix . | ||
|  |                'openid_association_server_' . | ||
|  |                sha1($server_url); | ||
|  |     } | ||
|  |      | ||
|  |     /** | ||
|  |      * Report that this storage doesn't support cleanup | ||
|  |      */ | ||
|  |     function supportsCleanup() | ||
|  |     { | ||
|  |         return false; | ||
|  |     } | ||
|  | 
 | ||
|  | } | ||
|  | 
 |