gnu-social/vendor/apereo/phpcas/source/CAS/PGTStorage/Db.php

441 lines
13 KiB
PHP

<?php
/**
* Licensed to Jasig under one or more contributor license
* agreements. See the NOTICE file distributed with this work for
* additional information regarding copyright ownership.
*
* Jasig licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* PHP Version 5
*
* @file CAS/PGTStorage/Db.php
* @category Authentication
* @package PhpCAS
* @author Daniel Frett <daniel.frett@gmail.com>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://wiki.jasig.org/display/CASC/phpCAS
*/
define('CAS_PGT_STORAGE_DB_DEFAULT_TABLE', 'cas_pgts');
/**
* Basic class for PGT database storage
* The CAS_PGTStorage_Db class is a class for PGT database storage.
*
* @class CAS_PGTStorage_Db
* @category Authentication
* @package PhpCAS
* @author Daniel Frett <daniel.frett@gmail.com>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://wiki.jasig.org/display/CASC/phpCAS
*
* @ingroup internalPGTStorageDb
*/
class CAS_PGTStorage_Db extends CAS_PGTStorage_AbstractStorage
{
/**
* @addtogroup internalCAS_PGTStorageDb
* @{
*/
/**
* the PDO object to use for database interactions
*/
private $_pdo;
/**
* This method returns the PDO object to use for database interactions.
*
* @return PDO object
*/
private function _getPdo()
{
return $this->_pdo;
}
/**
* database connection options to use when creating a new PDO object
*/
private $_dsn;
private $_username;
private $_password;
private $_driver_options;
/**
* @var string the table to use for storing/retrieving pgt's
*/
private $_table;
/**
* This method returns the table to use when storing/retrieving PGT's
*
* @return string the name of the pgt storage table.
*/
private function _getTable()
{
return $this->_table;
}
// ########################################################################
// DEBUGGING
// ########################################################################
/**
* This method returns an informational string giving the type of storage
* used by the object (used for debugging purposes).
*
* @return string an informational string.
*/
public function getStorageType()
{
return "db";
}
/**
* This method returns an informational string giving informations on the
* parameters of the storage.(used for debugging purposes).
*
* @return string an informational string.
* @public
*/
public function getStorageInfo()
{
return 'table=`'.$this->_getTable().'\'';
}
// ########################################################################
// CONSTRUCTOR
// ########################################################################
/**
* The class constructor.
*
* @param CAS_Client $cas_parent the CAS_Client instance that creates
* the object.
* @param string $dsn_or_pdo a dsn string to use for creating a PDO
* object or a PDO object
* @param string $username the username to use when connecting to
* the database
* @param string $password the password to use when connecting to
* the database
* @param string $table the table to use for storing and
* retrieving PGT's
* @param string $driver_options any driver options to use when
* connecting to the database
*/
public function __construct(
$cas_parent, $dsn_or_pdo, $username='', $password='', $table='',
$driver_options=null
) {
phpCAS::traceBegin();
// call the ancestor's constructor
parent::__construct($cas_parent);
// set default values
if ( empty($table) ) {
$table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE;
}
if ( !is_array($driver_options) ) {
$driver_options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
}
// store the specified parameters
if ($dsn_or_pdo instanceof PDO) {
$this->_pdo = $dsn_or_pdo;
} else {
$this->_dsn = $dsn_or_pdo;
$this->_username = $username;
$this->_password = $password;
$this->_driver_options = $driver_options;
}
// store the table name
$this->_table = $table;
phpCAS::traceEnd();
}
// ########################################################################
// INITIALIZATION
// ########################################################################
/**
* This method is used to initialize the storage. Halts on error.
*
* @return void
*/
public function init()
{
phpCAS::traceBegin();
// if the storage has already been initialized, return immediatly
if ($this->isInitialized()) {
return;
}
// initialize the base object
parent::init();
// create the PDO object if it doesn't exist already
if (!($this->_pdo instanceof PDO)) {
try {
$this->_pdo = new PDO(
$this->_dsn, $this->_username, $this->_password,
$this->_driver_options
);
}
catch(PDOException $e) {
phpCAS::error('Database connection error: ' . $e->getMessage());
}
}
phpCAS::traceEnd();
}
// ########################################################################
// PDO database interaction
// ########################################################################
/**
* attribute that stores the previous error mode for the PDO handle while
* processing a transaction
*/
private $_errMode;
/**
* This method will enable the Exception error mode on the PDO object
*
* @return void
*/
private function _setErrorMode()
{
// get PDO object and enable exception error mode
$pdo = $this->_getPdo();
$this->_errMode = $pdo->getAttribute(PDO::ATTR_ERRMODE);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
/**
* this method will reset the error mode on the PDO object
*
* @return void
*/
private function _resetErrorMode()
{
// get PDO object and reset the error mode to what it was originally
$pdo = $this->_getPdo();
$pdo->setAttribute(PDO::ATTR_ERRMODE, $this->_errMode);
}
// ########################################################################
// database queries
// ########################################################################
// these queries are potentially unsafe because the person using this library
// can set the table to use, but there is no reliable way to escape SQL
// fieldnames in PDO yet
/**
* This method returns the query used to create a pgt storage table
*
* @return string the create table SQL, no bind params in query
*/
protected function createTableSql()
{
return 'CREATE TABLE ' . $this->_getTable()
. ' (pgt_iou VARCHAR(255) NOT NULL PRIMARY KEY, pgt VARCHAR(255) NOT NULL)';
}
/**
* This method returns the query used to store a pgt
*
* @return string the store PGT SQL, :pgt and :pgt_iou are the bind params contained
* in the query
*/
protected function storePgtSql()
{
return 'INSERT INTO ' . $this->_getTable()
. ' (pgt_iou, pgt) VALUES (:pgt_iou, :pgt)';
}
/**
* This method returns the query used to retrieve a pgt. the first column
* of the first row should contain the pgt
*
* @return string the retrieve PGT SQL, :pgt_iou is the only bind param contained
* in the query
*/
protected function retrievePgtSql()
{
return 'SELECT pgt FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou';
}
/**
* This method returns the query used to delete a pgt.
*
* @return string the delete PGT SQL, :pgt_iou is the only bind param contained in
* the query
*/
protected function deletePgtSql()
{
return 'DELETE FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou';
}
// ########################################################################
// PGT I/O
// ########################################################################
/**
* This method creates the database table used to store pgt's and pgtiou's
*
* @return void
*/
public function createTable()
{
phpCAS::traceBegin();
// initialize this PGTStorage object if it hasn't been initialized yet
if ( !$this->isInitialized() ) {
$this->init();
}
// initialize the PDO object for this method
$pdo = $this->_getPdo();
$this->_setErrorMode();
try {
$pdo->beginTransaction();
$query = $pdo->query($this->createTableSQL());
$query->closeCursor();
$pdo->commit();
}
catch(PDOException $e) {
// attempt rolling back the transaction before throwing a phpCAS error
try {
$pdo->rollBack();
}
catch(PDOException $e) {
}
phpCAS::error('error creating PGT storage table: ' . $e->getMessage());
}
// reset the PDO object
$this->_resetErrorMode();
phpCAS::traceEnd();
}
/**
* This method stores a PGT and its corresponding PGT Iou in the database.
* Echoes a warning on error.
*
* @param string $pgt the PGT
* @param string $pgt_iou the PGT iou
*
* @return void
*/
public function write($pgt, $pgt_iou)
{
phpCAS::traceBegin();
// initialize the PDO object for this method
$pdo = $this->_getPdo();
$this->_setErrorMode();
try {
$pdo->beginTransaction();
$query = $pdo->prepare($this->storePgtSql());
$query->bindValue(':pgt', $pgt, PDO::PARAM_STR);
$query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
$query->execute();
$query->closeCursor();
$pdo->commit();
}
catch(PDOException $e) {
// attempt rolling back the transaction before throwing a phpCAS error
try {
$pdo->rollBack();
}
catch(PDOException $e) {
}
phpCAS::error('error writing PGT to database: ' . $e->getMessage());
}
// reset the PDO object
$this->_resetErrorMode();
phpCAS::traceEnd();
}
/**
* This method reads a PGT corresponding to a PGT Iou and deletes the
* corresponding db entry.
*
* @param string $pgt_iou the PGT iou
*
* @return string|false the corresponding PGT, or FALSE on error
*/
public function read($pgt_iou)
{
phpCAS::traceBegin();
$pgt = false;
// initialize the PDO object for this method
$pdo = $this->_getPdo();
$this->_setErrorMode();
try {
$pdo->beginTransaction();
// fetch the pgt for the specified pgt_iou
$query = $pdo->prepare($this->retrievePgtSql());
$query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
$query->execute();
$pgt = $query->fetchColumn(0);
$query->closeCursor();
// delete the specified pgt_iou from the database
$query = $pdo->prepare($this->deletePgtSql());
$query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
$query->execute();
$query->closeCursor();
$pdo->commit();
}
catch(PDOException $e) {
// attempt rolling back the transaction before throwing a phpCAS error
try {
$pdo->rollBack();
}
catch(PDOException $e) {
}
phpCAS::trace('error reading PGT from database: ' . $e->getMessage());
}
// reset the PDO object
$this->_resetErrorMode();
phpCAS::traceEnd();
return $pgt;
}
/** @} */
}
?>