1<?php
2
3/**
4 * Licensed to Jasig under one or more contributor license
5 * agreements. See the NOTICE file distributed with this work for
6 * additional information regarding copyright ownership.
7 *
8 * Jasig licenses this file to you under the Apache License,
9 * Version 2.0 (the "License"); you may not use this file except in
10 * compliance with the License. You may obtain a copy of the License at:
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 *
20 * PHP Version 7
21 *
22 * @file     CAS/PGTStorage/Db.php
23 * @category Authentication
24 * @package  PhpCAS
25 * @author   Daniel Frett <daniel.frett@gmail.com>
26 * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
27 * @link     https://wiki.jasig.org/display/CASC/phpCAS
28 */
29
30define('CAS_PGT_STORAGE_DB_DEFAULT_TABLE', 'cas_pgts');
31
32/**
33 * Basic class for PGT database storage
34 * The CAS_PGTStorage_Db class is a class for PGT database storage.
35 *
36 * @class    CAS_PGTStorage_Db
37 * @category Authentication
38 * @package  PhpCAS
39 * @author   Daniel Frett <daniel.frett@gmail.com>
40 * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
41 * @link     https://wiki.jasig.org/display/CASC/phpCAS
42 *
43 * @ingroup internalPGTStorageDb
44 */
45
46class CAS_PGTStorage_Db extends CAS_PGTStorage_AbstractStorage
47{
48    /**
49     * @addtogroup internalCAS_PGTStorageDb
50     * @{
51     */
52
53    /**
54     * the PDO object to use for database interactions
55     */
56    private $_pdo;
57
58    /**
59     * This method returns the PDO object to use for database interactions.
60     *
61     * @return PDO object
62     */
63    private function _getPdo()
64    {
65        return $this->_pdo;
66    }
67
68    /**
69     * database connection options to use when creating a new PDO object
70     */
71    private $_dsn;
72    private $_username;
73    private $_password;
74    private $_driver_options;
75
76    /**
77     * @var string the table to use for storing/retrieving pgt's
78     */
79    private $_table;
80
81    /**
82     * This method returns the table to use when storing/retrieving PGT's
83     *
84     * @return string the name of the pgt storage table.
85     */
86    private function _getTable()
87    {
88        return $this->_table;
89    }
90
91    // ########################################################################
92    //  DEBUGGING
93    // ########################################################################
94
95    /**
96     * This method returns an informational string giving the type of storage
97     * used by the object (used for debugging purposes).
98     *
99     * @return string an informational string.
100     */
101    public function getStorageType()
102    {
103        return "db";
104    }
105
106    /**
107     * This method returns an informational string giving informations on the
108     * parameters of the storage.(used for debugging purposes).
109     *
110     * @return string an informational string.
111     * @public
112     */
113    public function getStorageInfo()
114    {
115        return 'table=`'.$this->_getTable().'\'';
116    }
117
118    // ########################################################################
119    //  CONSTRUCTOR
120    // ########################################################################
121
122    /**
123     * The class constructor.
124     *
125     * @param CAS_Client $cas_parent     the CAS_Client instance that creates
126     * the object.
127     * @param string     $dsn_or_pdo     a dsn string to use for creating a PDO
128     * object or a PDO object
129     * @param string     $username       the username to use when connecting to
130     * the database
131     * @param string     $password       the password to use when connecting to
132     * the database
133     * @param string     $table          the table to use for storing and
134     * retrieving PGT's
135     * @param string     $driver_options any driver options to use when
136     * connecting to the database
137     */
138    public function __construct(
139        $cas_parent, $dsn_or_pdo, $username='', $password='', $table='',
140        $driver_options=null
141    ) {
142        phpCAS::traceBegin();
143        // call the ancestor's constructor
144        parent::__construct($cas_parent);
145
146        // set default values
147        if ( empty($table) ) {
148            $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE;
149        }
150        if ( !is_array($driver_options) ) {
151            $driver_options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
152        }
153
154        // store the specified parameters
155        if ($dsn_or_pdo instanceof PDO) {
156            $this->_pdo = $dsn_or_pdo;
157        } else {
158            $this->_dsn = $dsn_or_pdo;
159            $this->_username = $username;
160            $this->_password = $password;
161            $this->_driver_options = $driver_options;
162        }
163
164        // store the table name
165        $this->_table = $table;
166
167        phpCAS::traceEnd();
168    }
169
170    // ########################################################################
171    //  INITIALIZATION
172    // ########################################################################
173
174    /**
175     * This method is used to initialize the storage. Halts on error.
176     *
177     * @return void
178     */
179    public function init()
180    {
181        phpCAS::traceBegin();
182        // if the storage has already been initialized, return immediatly
183        if ($this->isInitialized()) {
184            return;
185        }
186
187        // initialize the base object
188        parent::init();
189
190        // create the PDO object if it doesn't exist already
191        if (!($this->_pdo instanceof PDO)) {
192            try {
193                $this->_pdo = new PDO(
194                    $this->_dsn, $this->_username, $this->_password,
195                    $this->_driver_options
196                );
197            }
198            catch(PDOException $e) {
199                phpCAS::error('Database connection error: ' . $e->getMessage());
200            }
201        }
202
203        phpCAS::traceEnd();
204    }
205
206    // ########################################################################
207    //  PDO database interaction
208    // ########################################################################
209
210    /**
211     * attribute that stores the previous error mode for the PDO handle while
212     * processing a transaction
213     */
214    private $_errMode;
215
216    /**
217     * This method will enable the Exception error mode on the PDO object
218     *
219     * @return void
220     */
221    private function _setErrorMode()
222    {
223        // get PDO object and enable exception error mode
224        $pdo = $this->_getPdo();
225        $this->_errMode = $pdo->getAttribute(PDO::ATTR_ERRMODE);
226        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
227    }
228
229    /**
230     * this method will reset the error mode on the PDO object
231     *
232     * @return void
233     */
234    private function _resetErrorMode()
235    {
236        // get PDO object and reset the error mode to what it was originally
237        $pdo = $this->_getPdo();
238        $pdo->setAttribute(PDO::ATTR_ERRMODE, $this->_errMode);
239    }
240
241    // ########################################################################
242    //  database queries
243    // ########################################################################
244    // these queries are potentially unsafe because the person using this library
245    // can set the table to use, but there is no reliable way to escape SQL
246    // fieldnames in PDO yet
247
248    /**
249     * This method returns the query used to create a pgt storage table
250     *
251     * @return string the create table SQL, no bind params in query
252     */
253    protected function createTableSql()
254    {
255        return 'CREATE TABLE ' . $this->_getTable()
256            . ' (pgt_iou VARCHAR(255) NOT NULL PRIMARY KEY, pgt VARCHAR(255) NOT NULL)';
257    }
258
259    /**
260     * This method returns the query used to store a pgt
261     *
262     * @return string the store PGT SQL, :pgt and :pgt_iou are the bind params contained
263     *         in the query
264     */
265    protected function storePgtSql()
266    {
267        return 'INSERT INTO ' . $this->_getTable()
268            . ' (pgt_iou, pgt) VALUES (:pgt_iou, :pgt)';
269    }
270
271    /**
272     * This method returns the query used to retrieve a pgt. the first column
273     * of the first row should contain the pgt
274     *
275     * @return string the retrieve PGT SQL, :pgt_iou is the only bind param contained
276     *         in the query
277     */
278    protected function retrievePgtSql()
279    {
280        return 'SELECT pgt FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou';
281    }
282
283    /**
284     * This method returns the query used to delete a pgt.
285     *
286     * @return string the delete PGT SQL, :pgt_iou is the only bind param contained in
287     *         the query
288     */
289    protected function deletePgtSql()
290    {
291        return 'DELETE FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou';
292    }
293
294    // ########################################################################
295    //  PGT I/O
296    // ########################################################################
297
298    /**
299     * This method creates the database table used to store pgt's and pgtiou's
300     *
301     * @return void
302     */
303    public function createTable()
304    {
305        phpCAS::traceBegin();
306
307        // initialize this PGTStorage object if it hasn't been initialized yet
308        if ( !$this->isInitialized() ) {
309            $this->init();
310        }
311
312        // initialize the PDO object for this method
313        $pdo = $this->_getPdo();
314        $this->_setErrorMode();
315
316        try {
317            $pdo->beginTransaction();
318
319            $query = $pdo->query($this->createTableSQL());
320            $query->closeCursor();
321
322            $pdo->commit();
323        }
324        catch(PDOException $e) {
325            // attempt rolling back the transaction before throwing a phpCAS error
326            try {
327                $pdo->rollBack();
328            }
329            catch(PDOException $e) {
330            }
331            phpCAS::error('error creating PGT storage table: ' . $e->getMessage());
332        }
333
334        // reset the PDO object
335        $this->_resetErrorMode();
336
337        phpCAS::traceEnd();
338    }
339
340    /**
341     * This method stores a PGT and its corresponding PGT Iou in the database.
342     * Echoes a warning on error.
343     *
344     * @param string $pgt     the PGT
345     * @param string $pgt_iou the PGT iou
346     *
347     * @return void
348     */
349    public function write($pgt, $pgt_iou)
350    {
351        phpCAS::traceBegin();
352
353        // initialize the PDO object for this method
354        $pdo = $this->_getPdo();
355        $this->_setErrorMode();
356
357        try {
358            $pdo->beginTransaction();
359
360            $query = $pdo->prepare($this->storePgtSql());
361            $query->bindValue(':pgt', $pgt, PDO::PARAM_STR);
362            $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
363            $query->execute();
364            $query->closeCursor();
365
366            $pdo->commit();
367        }
368        catch(PDOException $e) {
369            // attempt rolling back the transaction before throwing a phpCAS error
370            try {
371                $pdo->rollBack();
372            }
373            catch(PDOException $e) {
374            }
375            phpCAS::error('error writing PGT to database: ' . $e->getMessage());
376        }
377
378        // reset the PDO object
379        $this->_resetErrorMode();
380
381        phpCAS::traceEnd();
382    }
383
384    /**
385     * This method reads a PGT corresponding to a PGT Iou and deletes the
386     * corresponding db entry.
387     *
388     * @param string $pgt_iou the PGT iou
389     *
390     * @return string|false the corresponding PGT, or FALSE on error
391     */
392    public function read($pgt_iou)
393    {
394        phpCAS::traceBegin();
395        $pgt = false;
396
397        // initialize the PDO object for this method
398        $pdo = $this->_getPdo();
399        $this->_setErrorMode();
400
401        try {
402            $pdo->beginTransaction();
403
404            // fetch the pgt for the specified pgt_iou
405            $query = $pdo->prepare($this->retrievePgtSql());
406            $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
407            $query->execute();
408            $pgt = $query->fetchColumn(0);
409            $query->closeCursor();
410
411            // delete the specified pgt_iou from the database
412            $query = $pdo->prepare($this->deletePgtSql());
413            $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
414            $query->execute();
415            $query->closeCursor();
416
417            $pdo->commit();
418        }
419        catch(PDOException $e) {
420            // attempt rolling back the transaction before throwing a phpCAS error
421            try {
422                $pdo->rollBack();
423            }
424            catch(PDOException $e) {
425            }
426            phpCAS::trace('error reading PGT from database: ' . $e->getMessage());
427        }
428
429        // reset the PDO object
430        $this->_resetErrorMode();
431
432        phpCAS::traceEnd();
433        return $pgt;
434    }
435
436    /** @} */
437
438}
439
440?>
441