9683_v2.diff

Administrator Admin, 2009-11-26 10:28

Download (15.5 KB)

View differences:

typo3/sysext/openid/ext_tables.sql (working copy)
2 2
# Table structure for table 'be_users'
3 3
#
4 4
CREATE TABLE be_users (
5
	tx_openid_openid varchar(255) DEFAULT '' NOT NULL
5
	tx_openid_openid varchar(255) DEFAULT '' NOT NULL,
6 6
);
7 7

  
8 8
#
9 9
# Table structure for table 'fe_users'
10 10
#
11 11
CREATE TABLE fe_users (
12
	tx_openid_openid varchar(255) DEFAULT '' NOT NULL
13
);
12
	tx_openid_openid varchar(255) DEFAULT '' NOT NULL,
13
);
14

  
15
#
16
# Table structure for table 'tx_openid_assoc_store'.
17
#
18
CREATE TABLE tx_openid_assoc_store (
19
	uid int(11) unsigned NOT NULL auto_increment,
20
	pid int(11) unsigned DEFAULT '0' NOT NULL,
21
	crdate int(11) unsigned DEFAULT '0' NOT NULL,
22
	tstamp int(11) unsigned DEFAULT '0' NOT NULL,
23
	expires int(11) unsigned DEFAULT '0' NOT NULL,
24
	server_url varchar(2047) DEFAULT '' NOT NULL,
25
	assoc_handle varchar(255) DEFAULT '' NOT NULL,
26
	content blob,
27

  
28
	PRIMARY KEY (uid),
29
	KEY assoc_handle (assoc_handle(8)),
30
	KEY expires (expires)
31
) ENGINE=InnoDB;
32

  
33
#
34
# Table structure for table 'tx_openid_nonce_store'.
35
#
36
CREATE TABLE tx_openid_nonce_store (
37
	uid int(11) unsigned NOT NULL auto_increment,
38
	pid int(11) unsigned DEFAULT '0' NOT NULL,
39
	crdate int(11) unsigned DEFAULT '0' NOT NULL,
40
	tstamp int(11) unsigned DEFAULT '0' NOT NULL,
41
	server_url varchar(2047) DEFAULT '' NOT NULL,
42
	salt char(40) DEFAULT '' NOT NULL,
43

  
44
	PRIMARY KEY (uid),
45
	UNIQUE KEY nonce (server_url(255),tstamp,salt),
46
	KEY crdate (crdate)
47
) ENGINE=InnoDB;
typo3/sysext/openid/TODO (working copy)
1

  
2
* use DB (the sessions or the caching framework) instead of the filesystem to store OpenID data (class.tx_openid_sv1.php)
1
None
typo3/sysext/openid/sv1/class.tx_openid_store.php (revision 0)
1
<?php
2
/***************************************************************
3
*  Copyright notice
4
*
5
*  (c) 2009 Dmitry Dulepov (dmitry.dulepov@gmail.com)
6
*  All rights reserved
7
*
8
*  This script is part of the Typo3 project. The Typo3 project is
9
*  free software; you can redistribute it and/or modify
10
*  it under the terms of the GNU General Public License as published by
11
*  the Free Software Foundation; either version 2 of the License, or
12
*  (at your option) any later version.
13
*
14
*  The GNU General Public License can be found at
15
*  http://www.gnu.org/copyleft/gpl.html.
16
*
17
*  This script is distributed in the hope that it will be useful,
18
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
19
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20
*  GNU General Public License for more details.
21
*
22
*  This copyright notice MUST APPEAR in all copies of the script!
23
***************************************************************/
24
/**
25
 * $Id$
26
 */
27

  
28
require_once(t3lib_extMgm::extPath('openid', 'lib/php-openid/Auth/OpenID/Interface.php'));
29

  
30
/**
31
  * This class is a TYPO3-specific OpenID store.
32
  *
33
  * @author Dmitry Dulepov <dmitry.dulepov@gmail.com>
34
  * @package TYPO3
35
  * @subpackage tx_openid
36
  */
37
class tx_openid_store extends Auth_OpenID_OpenIDStore {
38

  
39
	const ASSOCIATION_TABLE_NAME = 'tx_openid_assoc_store';
40

  
41
	const ASSOCIATION_EXPIRATION_SAFETY_INTERVAL = 120; /* 2 minutes */
42

  
43
	const NONCE_TABLE_NAME = 'tx_openid_nonce_store';
44

  
45
	const NONCE_STORAGE_TIME = 864000; /* 10 days */
46

  
47
	/**
48
	 * Sores the association for future use
49
	 *
50
	 * @param string $serverUrl Server URL
51
	 * @param Auth_OpenID_Association $association OpenID association
52
	 * @return void
53
	 */
54
	public function storeAssociation($serverUrl, $association) {
55
		/* @var $association Auth_OpenID_Association */
56
		$GLOBALS['TYPO3_DB']->sql_query('START TRANSACTION');
57

  
58
		if ($this->doesAssociationExist($serverUrl, $association->handle)) {
59
			$this->updateExistingAssociation($serverUrl, $association);
60
		}
61
		else {
62
			$this->storeNewAssociation($serverUrl, $association);
63
		}
64

  
65
		$GLOBALS['TYPO3_DB']->sql_query('COMMIT');
66
	}
67

  
68
	/**
69
	 * Removes all expired associations.
70
	 *
71
	 * @return int A number of removed associations
72
	 */
73
	public function cleanupAssociations() {
74
		$where = sprintf('expires<=%d', time());
75
		$GLOBALS['TYPO3_DB']->exec_DELETEquery(self::ASSOCIATION_TABLE_NAME, $where);
76
		return $GLOBALS['TYPO3_DB']->sql_affected_rows();
77
	}
78

  
79
	/**
80
	 * Obtains the association to the server
81
	 *
82
	 * @param string $serverUrl Server URL
83
	 * @param string $handle Association handle (optional)
84
	 * @return Auth_OpenID_Association
85
	 */
86
	public function getAssociation($serverUrl, $handle = null) {
87
		$this->cleanupAssociations();
88

  
89
		$where = sprintf('server_url=%s AND expires>%d',
90
			$GLOBALS['TYPO3_DB']->fullQuoteStr($serverUrl, self::ASSOCIATION_TABLE_NAME),
91
			time());
92
		if ($handle != null) {
93
			$where .= sprintf(' AND assoc_handle=%s',
94
				$GLOBALS['TYPO3_DB']->fullQuoteStr($handle, self::ASSOCIATION_TABLE_NAME));
95
			$sort = '';
96
		}
97
		else {
98
			$sort = 'tstamp DESC';
99
		}
100
		list($row) = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid,content',
101
			self::ASSOCIATION_TABLE_NAME, $where, '', $sort, '1');
102

  
103
		$result = null;
104
		if (is_array($row)) {
105
			$result = @unserialize($row['content']);
106
			$this->updateAssociationTimeStamp($row['tstamp']);
107
		}
108
		return $result;
109
	}
110

  
111
	/**
112
	 * Removes the association
113
	 *
114
	 * @param string $serverUrl Server URL
115
	 * @param string $handle Association handle (optional)
116
	 * @return boolean true if the association existed
117
	 */
118
	function removeAssociation($serverUrl, $handle) {
119
		$where = sprintf('server_url=%s AND assoc_handle=%s',
120
			$GLOBALS['TYPO3_DB']->fullQuoteStr($serverUrl, self::ASSOCIATION_TABLE_NAME),
121
			$GLOBALS['TYPO3_DB']->fullQuoteStr($handle, self::ASSOCIATION_TABLE_NAME));
122
		$GLOBALS['TYPO3_DB']->exec_DELETEquery(self::ASSOCIATION_TABLE_NAME, $where);
123
		$deletedCount = $GLOBALS['TYPO3_DB']->sql_affected_rows();
124
		return ($deletedCount > 0);
125
	}
126

  
127
	/**
128
	 * Removes old nonces
129
	 *
130
	 * @return void
131
	 */
132
	public function cleanupNonces() {
133
		$where = sprintf('crdate<%d', time() - self::NONCE_STORAGE_TIME);
134
		$GLOBALS['TYPO3_DB']->exec_DELETEquery(self::NONCE_TABLE_NAME, $where);
135
	}
136

  
137
	/**
138
	 * Checks if this nonce was already used
139
	 * @param $serverUrl Server URL
140
	 * @param $timestamp Time stamp
141
	 * @param $salt Nonce value
142
	 * @return boolean true if nonce was not used before anc can be used now
143
	 */
144
	public function useNonce($serverUrl, $timestamp, $salt) {
145
		$result = false;
146

  
147
		if (abs($timestamp - time()) < $GLOBALS['Auth_OpenID_SKEW']) {
148
			$values = array(
149
				'crdate' => time(),
150
				'salt' => $salt,
151
				'server_url' => $serverUrl,
152
				'tstamp' => $timestamp
153
			);
154
			$GLOBALS['TYPO3_DB']->exec_INSERTquery(self::NONCE_TABLE_NAME,
155
				$values);
156
			$affectedRows = $GLOBALS['TYPO3_DB']->sql_affected_rows();
157
			$result = ($affectedRows > 0);
158
		}
159

  
160
		return $result;
161
	}
162

  
163
	/**
164
	 * Resets the store by removing all data in it
165
	 *
166
	 * @return void
167
	 */
168
	public function reset() {
169
		$GLOBALS['TYPO3_DB']->exec_DELETEquery(self::ASSOCIATION_TABLE_NAME, '1=1');
170
		$GLOBALS['TYPO3_DB']->exec_DELETEquery(self::NONCE_TABLE_NAME, '1=1');
171
	}
172

  
173
	/**
174
	 * Checks if such association exists.
175
	 *
176
	 * @param string $serverUrl Server URL
177
	 * @param Auth_OpenID_Association $association OpenID association
178
	 * @return boolean
179
	 */
180
	protected function doesAssociationExist($serverUrl, $association) {
181
		$where = sprintf('server_url=%s AND assoc_handle=%s AND expires>%d',
182
			$GLOBALS['TYPO3_DB']->fullQuoteStr($serverUrl, self::ASSOCIATION_TABLE_NAME),
183
			$GLOBALS['TYPO3_DB']->fullQuoteStr($association->handle, self::ASSOCIATION_TABLE_NAME),
184
			time());
185
		list($row) = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
186
			'COUNT(*) as assocCount', self::ASSOCIATION_TABLE_NAME, $where);
187
		return ($row['assocCount'] > 0);
188
	}
189

  
190
	/**
191
	 * Updates existing association.
192
	 *
193
	 * @param string $serverUrl Server URL
194
	 * @param Auth_OpenID_Association $association OpenID association
195
	 * @return void
196
	 */
197
	protected function updateExistingAssociation($serverUrl, Auth_OpenID_Association $association) {
198
		$where = sprintf('server_url=%s AND assoc_handle=%s AND expires>%d',
199
			$GLOBALS['TYPO3_DB']->fullQuoteStr($serverUrl, self::ASSOCIATION_TABLE_NAME),
200
			$GLOBALS['TYPO3_DB']->fullQuoteStr($association->handle, self::ASSOCIATION_TABLE_NAME),
201
			time());
202
		$serializedAssociation = serialize($association);
203
		$values = array(
204
			'content' => $serializedAssociation,
205
			'tstamp' => time(),
206
		);
207
		$GLOBALS['TYPO3_DB']->exec_UPDATEquery(self::ASSOCIATION_TABLE_NAME, $where, $values);
208
	}
209

  
210
	/**
211
	 * Stores new association to the database.
212
	 *
213
	 * @param $serverUrl Server URL
214
	 * @param $association OpenID association
215
	 * @return void
216
	 */
217
	protected function storeNewAssociation($serverUrl, $association) {
218
		$serializedAssociation = serialize($association);
219
		$values = array(
220
			'assoc_handle' => $association->handle,
221
			'content' => $serializedAssociation,
222
			'crdate' => $association->issued,
223
			'tstamp' => time(),
224
			'expires' => $association->issued + $association->lifetime - self::ASSOCIATION_EXPIRATION_SAFETY_INTERVAL,
225
			'server_url' => $serverUrl
226
		);
227
		// In the next query we can get race conditions. sha1_hash prevents many
228
		// asociations from being stored for one server
229
		$GLOBALS['TYPO3_DB']->exec_INSERTquery(self::ASSOCIATION_TABLE_NAME, $values);
230
	}
231

  
232
	/**
233
	 * Updates association time stamp.
234
	 *
235
	 * @param $recordId Association record id in the database
236
	 * @return void
237
	 */
238
	protected function updateAssociationTimeStamp($recordId) {
239
		$where = sprintf('uid=%d', $recordId);
240
		$values = array(
241
			'tstamp' => time()
242
		);
243
		$GLOBALS['TYPO3_DB']->exec_UPDATEquery(self::ASSOCIATION_TABLE_NAME, $where, $values);
244
	}
245
}
246

  
247
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/openid/class.tx_openid_store.php'])	{
248
	include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/openid/class.tx_openid_store.php']);
249
}
250

  
251
?>
typo3/sysext/openid/sv1/class.tx_openid_sv1.php (working copy)
44 44
 */
45 45

  
46 46
require_once(PATH_t3lib . 'class.t3lib_svbase.php');
47
require_once(t3lib_extMgm::extPath('openid', 'sv1/class.tx_openid_store.php'));
47 48

  
48 49
/**
49 50
 * Service "OpenID Authentication" for the "openid" extension.
......
276 277

  
277 278
			// Include files
278 279
			require_once($phpOpenIDLibPath . '/Auth/OpenID/Consumer.php');
279
			require_once($phpOpenIDLibPath . '/Auth/OpenID/FileStore.php');
280 280

  
281 281
			// Restore path
282 282
			@set_include_path($oldIncludePath);
......
319 319
	 * @return	Auth_OpenID_Consumer		Consumer instance
320 320
	 */
321 321
	protected function getOpenIDConsumer() {
322
		// TODO Change this to a TYPO3-specific database-based store in future.
323
		// File-based store is ineffective and insecure. After changing
324
		// get rid of the FileStore include in includePHPOpenIDLibrary()
325
		$openIDStorePath = PATH_site . 'typo3temp' . DIRECTORY_SEPARATOR . 'tx_openid';
322
		$openIDStore = t3lib_div::makeInstance('tx_openid_store');
323
		/* @var $openIDStore tx_openid_store */
324
		$openIDStore->cleanup();
326 325

  
327
		// For now we just prevent any web access to these files
328
		if (!file_exists($openIDStorePath . '/.htaccess')) {
329
			file_put_contents($openIDStorePath . '/.htaccess', 'deny from all');
330
		}
331
		$openIDStore = new Auth_OpenID_FileStore($openIDStorePath);
332 326
		return new Auth_OpenID_Consumer($openIDStore);
333 327
	}
334 328

  
typo3/sysext/openid/ext_emconf.php (working copy)
24 24
	'state' => 'beta',
25 25
	'internal' => '',
26 26
	'uploadfolder' => 0,
27
	'createDirs' => 'typo3temp/tx_openid',
27
	'createDirs' => '',
28 28
	'modify_tables' => 'fe_users,be_users',
29 29
	'clearCacheOnLoad' => 0,
30 30
	'lockType' => 'system',
31 31
	'author_company' => 'TYPO3 core team',
32
	'version' => '0.1.0',
32
	'version' => '1.0.0',
33 33
	'constraints' => array(
34 34
		'depends' => array(
35 35
			'typo3' => '4.3.0-0.0.0',
......
47 47
	'_md5_values_when_last_written' => 'a:56:{s:4:"TODO";s:4:"977e";s:23:"class.tx_openid_eid.php";s:4:"e8aa";s:29:"class.tx_openid_mod_setup.php";s:4:"1c9d";s:26:"class.tx_openid_return.php";s:4:"b508";s:12:"ext_icon.gif";s:4:"f1e1";s:17:"ext_localconf.php";s:4:"20c4";s:14:"ext_tables.php";s:4:"20c5";s:14:"ext_tables.sql";s:4:"f309";s:17:"locallang_csh.xml";s:4:"7e8a";s:21:"locallang_csh_mod.xml";s:4:"fe98";s:16:"locallang_db.xml";s:4:"0952";s:14:"doc/manual.sxw";s:4:"05d1";s:22:"lib/php-openid/COPYING";s:4:"3b83";s:25:"lib/php-openid/README.txt";s:4:"eb02";s:37:"lib/php-openid/php-openid-typo3.patch";s:4:"b2fb";s:30:"lib/php-openid/Auth/OpenID.php";s:4:"3be9";s:33:"lib/php-openid/Auth/OpenID/AX.php";s:4:"b68e";s:42:"lib/php-openid/Auth/OpenID/Association.php";s:4:"9b1e";s:38:"lib/php-openid/Auth/OpenID/BigMath.php";s:4:"a56d";s:39:"lib/php-openid/Auth/OpenID/Consumer.php";s:4:"94cd";s:40:"lib/php-openid/Auth/OpenID/CryptUtil.php";s:4:"6276";s:49:"lib/php-openid/Auth/OpenID/DatabaseConnection.php";s:4:"660d";s:44:"lib/php-openid/Auth/OpenID/DiffieHellman.php";s:4:"1a0b";s:39:"lib/php-openid/Auth/OpenID/Discover.php";s:4:"1a9b";s:40:"lib/php-openid/Auth/OpenID/DumbStore.php";s:4:"c1e9";s:40:"lib/php-openid/Auth/OpenID/Extension.php";s:4:"5aae";s:40:"lib/php-openid/Auth/OpenID/FileStore.php";s:4:"69da";s:35:"lib/php-openid/Auth/OpenID/HMAC.php";s:4:"a0a3";s:40:"lib/php-openid/Auth/OpenID/Interface.php";s:4:"421b";s:37:"lib/php-openid/Auth/OpenID/KVForm.php";s:4:"3c7c";s:45:"lib/php-openid/Auth/OpenID/MemcachedStore.php";s:4:"cb6d";s:38:"lib/php-openid/Auth/OpenID/Message.php";s:4:"413e";s:41:"lib/php-openid/Auth/OpenID/MySQLStore.php";s:4:"4607";s:36:"lib/php-openid/Auth/OpenID/Nonce.php";s:4:"2738";s:35:"lib/php-openid/Auth/OpenID/PAPE.php";s:4:"decb";s:36:"lib/php-openid/Auth/OpenID/Parse.php";s:4:"28c9";s:46:"lib/php-openid/Auth/OpenID/PostgreSQLStore.php";s:4:"a2da";s:39:"lib/php-openid/Auth/OpenID/SQLStore.php";s:4:"29d2";s:42:"lib/php-openid/Auth/OpenID/SQLiteStore.php";s:4:"4855";s:35:"lib/php-openid/Auth/OpenID/SReg.php";s:4:"ae70";s:37:"lib/php-openid/Auth/OpenID/Server.php";s:4:"8121";s:44:"lib/php-openid/Auth/OpenID/ServerRequest.php";s:4:"d29d";s:40:"lib/php-openid/Auth/OpenID/TrustRoot.php";s:4:"2866";s:38:"lib/php-openid/Auth/OpenID/URINorm.php";s:4:"e4fb";s:41:"lib/php-openid/Auth/Yadis/HTTPFetcher.php";s:4:"bdaa";s:37:"lib/php-openid/Auth/Yadis/Manager.php";s:4:"ee7d";s:34:"lib/php-openid/Auth/Yadis/Misc.php";s:4:"65f6";s:49:"lib/php-openid/Auth/Yadis/ParanoidHTTPFetcher.php";s:4:"170e";s:39:"lib/php-openid/Auth/Yadis/ParseHTML.php";s:4:"d8f8";s:46:"lib/php-openid/Auth/Yadis/PlainHTTPFetcher.php";s:4:"6d0f";s:33:"lib/php-openid/Auth/Yadis/XML.php";s:4:"09f1";s:34:"lib/php-openid/Auth/Yadis/XRDS.php";s:4:"4bcd";s:33:"lib/php-openid/Auth/Yadis/XRI.php";s:4:"5eca";s:36:"lib/php-openid/Auth/Yadis/XRIRes.php";s:4:"9b44";s:35:"lib/php-openid/Auth/Yadis/Yadis.php";s:4:"d6ee";s:27:"sv1/class.tx_openid_sv1.php";s:4:"f697";}',
48 48
);
49 49

  
50
?>
50
?>