1<?php
2
3/**
4 * This file supplies a dumb store backend for OpenID servers and
5 * consumers.
6 *
7 * PHP versions 4 and 5
8 *
9 * LICENSE: See the COPYING file included in this distribution.
10 *
11 * @package OpenID
12 * @author JanRain, Inc. <openid@janrain.com>
13 * @copyright 2005-2008 Janrain, Inc.
14 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
15 */
16
17/**
18 * Import the interface for creating a new store class.
19 */
20require_once 'Auth/OpenID/Interface.php';
21require_once 'Auth/OpenID/HMAC.php';
22
23/**
24 * This is a store for use in the worst case, when you have no way of
25 * saving state on the consumer site. Using this store makes the
26 * consumer vulnerable to replay attacks, as it's unable to use
27 * nonces. Avoid using this store if it is at all possible.
28 *
29 * Most of the methods of this class are implementation details.
30 * Users of this class need to worry only about the constructor.
31 *
32 * @package OpenID
33 */
34class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
35    protected $auth_key;
36
37    /**
38     * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security
39     * of the tokens generated by the library, this class attempts to
40     * at least have a secure implementation of getAuthKey.
41     *
42     * When you create an instance of this class, pass in a secret
43     * phrase. The phrase is hashed with sha1 to make it the correct
44     * length and form for an auth key. That allows you to use a long
45     * string as the secret phrase, which means you can make it very
46     * difficult to guess.
47     *
48     * Each {@link Auth_OpenID_DumbStore} instance that is created for use by
49     * your consumer site needs to use the same $secret_phrase.
50     *
51     * @param string $secret_phrase The phrase used to create the auth
52     * key returned by getAuthKey
53     */
54    function __construct($secret_phrase)
55    {
56        $this->auth_key = Auth_OpenID_SHA1($secret_phrase);
57    }
58
59    /**
60     * This implementation does nothing.
61     *
62     * @param string $server_url
63     * @param Auth_OpenID_Association $association
64     */
65    function storeAssociation($server_url, $association)
66    {
67    }
68
69    /**
70     * This implementation always returns null.
71     *
72     * @param string $server_url
73     * @param null $handle
74     * @return Auth_OpenID_Association|null
75     */
76    function getAssociation($server_url, $handle = null)
77    {
78        return null;
79    }
80
81    /**
82     * This implementation always returns false.
83     *
84     * @param string $server_url
85     * @param string $handle
86     * @return bool|mixed
87     */
88    function removeAssociation($server_url, $handle)
89    {
90        return false;
91    }
92
93    /**
94     * In a system truly limited to dumb mode, nonces must all be
95     * accepted. This therefore always returns true, which makes
96     * replay attacks feasible.
97     *
98     * @param string $server_url
99     * @param int $timestamp
100     * @param string $salt
101     * @return bool
102     */
103    function useNonce($server_url, $timestamp, $salt)
104    {
105        return true;
106    }
107
108    /**
109     * This method returns the auth key generated by the constructor.
110     */
111    function getAuthKey()
112    {
113        return $this->auth_key;
114    }
115}
116
117