Talenttic_survey/CATI_Tool
2
0
Fork 0
mirror of https://github.com/ACSPRI/queXS synced 2024-04-02 12:12:16 +00:00
Code Issues Releases Activity

New version of PHPCAS

Browse Source
This commit is contained in:
Adam Zammit
2023-04-26 14:48:43 +10:00
parent 9280cc7e3e
commit e81372bbca
87 changed files with 15936 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

222
include/phpCAS/CAS/PGTStorage/AbstractStorage.php Normal file
View File

@@ -0,0 +1,222 @@
<?php
/**
* Licensed to Jasig under one or more contributor license
* agreements. See the NOTICE file distributed with this work for
* additional information regarding copyright ownership.
*
* Jasig licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* PHP Version 7
*
* @file CAS/PGTStorage/AbstractStorage.php
* @category Authentication
* @package PhpCAS
* @author Pascal Aubry <pascal.aubry@univ-rennes1.fr>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://wiki.jasig.org/display/CASC/phpCAS
*/
/**
* Basic class for PGT storage
* The CAS_PGTStorage_AbstractStorage class is a generic class for PGT storage.
* This class should not be instanciated itself but inherited by specific PGT
* storage classes.
*
* @class CAS_PGTStorage_AbstractStorage
* @category Authentication
* @package PhpCAS
* @author Pascal Aubry <pascal.aubry@univ-rennes1.fr>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://wiki.jasig.org/display/CASC/phpCAS
*
* @ingroup internalPGTStorage
*/
abstract class CAS_PGTStorage_AbstractStorage
{
/**
* @addtogroup internalPGTStorage
* @{
*/
// ########################################################################
// CONSTRUCTOR
// ########################################################################
/**
* The constructor of the class, should be called only by inherited classes.
*
* @param CAS_Client $cas_parent the CAS _client instance that creates the
* current object.
*
* @return void
*
* @protected
*/
function __construct($cas_parent)
{
phpCAS::traceBegin();
if ( !$cas_parent->isProxy() ) {
phpCAS::error(
'defining PGT storage makes no sense when not using a CAS proxy'
);
}
phpCAS::traceEnd();
}
// ########################################################################
// DEBUGGING
// ########################################################################
/**
* This virtual method returns an informational string giving the type of storage
* used by the object (used for debugging purposes).
*
* @return string
*
* @public
*/
function getStorageType()
{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
/**
* This virtual method returns an informational string giving informations on the
* parameters of the storage.(used for debugging purposes).
*
* @return string
*
* @public
*/
function getStorageInfo()
{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
// ########################################################################
// ERROR HANDLING
// ########################################################################
/**
* string used to store an error message. Written by
* PGTStorage::setErrorMessage(), read by PGTStorage::getErrorMessage().
*
* @hideinitializer
* @deprecated not used.
*/
var $_error_message=false;
/**
* This method sets en error message, which can be read later by
* PGTStorage::getErrorMessage().
*
* @param string $error_message an error message
*
* @return void
*
* @deprecated not used.
*/
function setErrorMessage($error_message)
{
$this->_error_message = $error_message;
}
/**
* This method returns an error message set by PGTStorage::setErrorMessage().
*
* @return string an error message when set by PGTStorage::setErrorMessage(), FALSE
* otherwise.
*
* @deprecated not used.
*/
function getErrorMessage()
{
return $this->_error_message;
}
// ########################################################################
// INITIALIZATION
// ########################################################################
/**
* a boolean telling if the storage has already been initialized. Written by
* PGTStorage::init(), read by PGTStorage::isInitialized().
*
* @hideinitializer
*/
var $_initialized = false;
/**
* This method tells if the storage has already been intialized.
*
* @return bool
*
* @protected
*/
function isInitialized()
{
return $this->_initialized;
}
/**
* This virtual method initializes the object.
*
* @return void
*/
function init()
{
$this->_initialized = true;
}
// ########################################################################
// PGT I/O
// ########################################################################
/**
* This virtual method stores a PGT and its corresponding PGT Iuo.
*
* @param string $pgt the PGT
* @param string $pgt_iou the PGT iou
*
* @return void
*
* @note Should never be called.
*
*/
function write($pgt,$pgt_iou)
{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
/**
* This virtual method reads a PGT corresponding to a PGT Iou and deletes
* the corresponding storage entry.
*
* @param string $pgt_iou the PGT iou
*
* @return string
*
* @note Should never be called.
*/
function read($pgt_iou)
{
phpCAS::error(__CLASS__.'::'.__FUNCTION__.'() should never be called');
}
/** @} */
}
?>

440
include/phpCAS/CAS/PGTStorage/Db.php Normal file
View File

@@ -0,0 +1,440 @@
<?php
/**
* Licensed to Jasig under one or more contributor license
* agreements. See the NOTICE file distributed with this work for
* additional information regarding copyright ownership.
*
* Jasig licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* PHP Version 7
*
* @file CAS/PGTStorage/Db.php
* @category Authentication
* @package PhpCAS
* @author Daniel Frett <daniel.frett@gmail.com>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://wiki.jasig.org/display/CASC/phpCAS
*/
define('CAS_PGT_STORAGE_DB_DEFAULT_TABLE', 'cas_pgts');
/**
* Basic class for PGT database storage
* The CAS_PGTStorage_Db class is a class for PGT database storage.
*
* @class CAS_PGTStorage_Db
* @category Authentication
* @package PhpCAS
* @author Daniel Frett <daniel.frett@gmail.com>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://wiki.jasig.org/display/CASC/phpCAS
*
* @ingroup internalPGTStorageDb
*/
class CAS_PGTStorage_Db extends CAS_PGTStorage_AbstractStorage
{
/**
* @addtogroup internalCAS_PGTStorageDb
* @{
*/
/**
* the PDO object to use for database interactions
*/
private $_pdo;
/**
* This method returns the PDO object to use for database interactions.
*
* @return PDO object
*/
private function _getPdo()
{
return $this->_pdo;
}
/**
* database connection options to use when creating a new PDO object
*/
private $_dsn;
private $_username;
private $_password;
private $_driver_options;
/**
* @var string the table to use for storing/retrieving pgt's
*/
private $_table;
/**
* This method returns the table to use when storing/retrieving PGT's
*
* @return string the name of the pgt storage table.
*/
private function _getTable()
{
return $this->_table;
}
// ########################################################################
// DEBUGGING
// ########################################################################
/**
* This method returns an informational string giving the type of storage
* used by the object (used for debugging purposes).
*
* @return string an informational string.
*/
public function getStorageType()
{
return "db";
}
/**
* This method returns an informational string giving informations on the
* parameters of the storage.(used for debugging purposes).
*
* @return string an informational string.
* @public
*/
public function getStorageInfo()
{
return 'table=`'.$this->_getTable().'\'';
}
// ########################################################################
// CONSTRUCTOR
// ########################################################################
/**
* The class constructor.
*
* @param CAS_Client $cas_parent the CAS_Client instance that creates
* the object.
* @param string $dsn_or_pdo a dsn string to use for creating a PDO
* object or a PDO object
* @param string $username the username to use when connecting to
* the database
* @param string $password the password to use when connecting to
* the database
* @param string $table the table to use for storing and
* retrieving PGT's
* @param string $driver_options any driver options to use when
* connecting to the database
*/
public function __construct(
$cas_parent, $dsn_or_pdo, $username='', $password='', $table='',
$driver_options=null
) {
phpCAS::traceBegin();
// call the ancestor's constructor
parent::__construct($cas_parent);
// set default values
if ( empty($table) ) {
$table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE;
}
if ( !is_array($driver_options) ) {
$driver_options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
}
// store the specified parameters
if ($dsn_or_pdo instanceof PDO) {
$this->_pdo = $dsn_or_pdo;
} else {
$this->_dsn = $dsn_or_pdo;
$this->_username = $username;
$this->_password = $password;
$this->_driver_options = $driver_options;
}
// store the table name
$this->_table = $table;
phpCAS::traceEnd();
}
// ########################################################################
// INITIALIZATION
// ########################################################################
/**
* This method is used to initialize the storage. Halts on error.
*
* @return void
*/
public function init()
{
phpCAS::traceBegin();
// if the storage has already been initialized, return immediatly
if ($this->isInitialized()) {
return;
}
// initialize the base object
parent::init();
// create the PDO object if it doesn't exist already
if (!($this->_pdo instanceof PDO)) {
try {
$this->_pdo = new PDO(
$this->_dsn, $this->_username, $this->_password,
$this->_driver_options
);
}
catch(PDOException $e) {
phpCAS::error('Database connection error: ' . $e->getMessage());
}
}
phpCAS::traceEnd();
}
// ########################################################################
// PDO database interaction
// ########################################################################
/**
* attribute that stores the previous error mode for the PDO handle while
* processing a transaction
*/
private $_errMode;
/**
* This method will enable the Exception error mode on the PDO object
*
* @return void
*/
private function _setErrorMode()
{
// get PDO object and enable exception error mode
$pdo = $this->_getPdo();
$this->_errMode = $pdo->getAttribute(PDO::ATTR_ERRMODE);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
/**
* this method will reset the error mode on the PDO object
*
* @return void
*/
private function _resetErrorMode()
{
// get PDO object and reset the error mode to what it was originally
$pdo = $this->_getPdo();
$pdo->setAttribute(PDO::ATTR_ERRMODE, $this->_errMode);
}
// ########################################################################
// database queries
// ########################################################################
// these queries are potentially unsafe because the person using this library
// can set the table to use, but there is no reliable way to escape SQL
// fieldnames in PDO yet
/**
* This method returns the query used to create a pgt storage table
*
* @return string the create table SQL, no bind params in query
*/
protected function createTableSql()
{
return 'CREATE TABLE ' . $this->_getTable()
. ' (pgt_iou VARCHAR(255) NOT NULL PRIMARY KEY, pgt VARCHAR(255) NOT NULL)';
}
/**
* This method returns the query used to store a pgt
*
* @return string the store PGT SQL, :pgt and :pgt_iou are the bind params contained
* in the query
*/
protected function storePgtSql()
{
return 'INSERT INTO ' . $this->_getTable()
. ' (pgt_iou, pgt) VALUES (:pgt_iou, :pgt)';
}
/**
* This method returns the query used to retrieve a pgt. the first column
* of the first row should contain the pgt
*
* @return string the retrieve PGT SQL, :pgt_iou is the only bind param contained
* in the query
*/
protected function retrievePgtSql()
{
return 'SELECT pgt FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou';
}
/**
* This method returns the query used to delete a pgt.
*
* @return string the delete PGT SQL, :pgt_iou is the only bind param contained in
* the query
*/
protected function deletePgtSql()
{
return 'DELETE FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou';
}
// ########################################################################
// PGT I/O
// ########################################################################
/**
* This method creates the database table used to store pgt's and pgtiou's
*
* @return void
*/
public function createTable()
{
phpCAS::traceBegin();
// initialize this PGTStorage object if it hasn't been initialized yet
if ( !$this->isInitialized() ) {
$this->init();
}
// initialize the PDO object for this method
$pdo = $this->_getPdo();
$this->_setErrorMode();
try {
$pdo->beginTransaction();
$query = $pdo->query($this->createTableSQL());
$query->closeCursor();
$pdo->commit();
}
catch(PDOException $e) {
// attempt rolling back the transaction before throwing a phpCAS error
try {
$pdo->rollBack();
}
catch(PDOException $e) {
}
phpCAS::error('error creating PGT storage table: ' . $e->getMessage());
}
// reset the PDO object
$this->_resetErrorMode();
phpCAS::traceEnd();
}
/**
* This method stores a PGT and its corresponding PGT Iou in the database.
* Echoes a warning on error.
*
* @param string $pgt the PGT
* @param string $pgt_iou the PGT iou
*
* @return void
*/
public function write($pgt, $pgt_iou)
{
phpCAS::traceBegin();
// initialize the PDO object for this method
$pdo = $this->_getPdo();
$this->_setErrorMode();
try {
$pdo->beginTransaction();
$query = $pdo->prepare($this->storePgtSql());
$query->bindValue(':pgt', $pgt, PDO::PARAM_STR);
$query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
$query->execute();
$query->closeCursor();
$pdo->commit();
}
catch(PDOException $e) {
// attempt rolling back the transaction before throwing a phpCAS error
try {
$pdo->rollBack();
}
catch(PDOException $e) {
}
phpCAS::error('error writing PGT to database: ' . $e->getMessage());
}
// reset the PDO object
$this->_resetErrorMode();
phpCAS::traceEnd();
}
/**
* This method reads a PGT corresponding to a PGT Iou and deletes the
* corresponding db entry.
*
* @param string $pgt_iou the PGT iou
*
* @return string|false the corresponding PGT, or FALSE on error
*/
public function read($pgt_iou)
{
phpCAS::traceBegin();
$pgt = false;
// initialize the PDO object for this method
$pdo = $this->_getPdo();
$this->_setErrorMode();
try {
$pdo->beginTransaction();
// fetch the pgt for the specified pgt_iou
$query = $pdo->prepare($this->retrievePgtSql());
$query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
$query->execute();
$pgt = $query->fetchColumn(0);
$query->closeCursor();
// delete the specified pgt_iou from the database
$query = $pdo->prepare($this->deletePgtSql());
$query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
$query->execute();
$query->closeCursor();
$pdo->commit();
}
catch(PDOException $e) {
// attempt rolling back the transaction before throwing a phpCAS error
try {
$pdo->rollBack();
}
catch(PDOException $e) {
}
phpCAS::trace('error reading PGT from database: ' . $e->getMessage());
}
// reset the PDO object
$this->_resetErrorMode();
phpCAS::traceEnd();
return $pgt;
}
/** @} */
}
?>

261
include/phpCAS/CAS/PGTStorage/File.php Normal file
View File

@@ -0,0 +1,261 @@
<?php
/**
* Licensed to Jasig under one or more contributor license
* agreements. See the NOTICE file distributed with this work for
* additional information regarding copyright ownership.
*
* Jasig licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* PHP Version 7
*
* @file CAS/PGTStorage/AbstractStorage.php
* @category Authentication
* @package PhpCAS
* @author Pascal Aubry <pascal.aubry@univ-rennes1.fr>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://wiki.jasig.org/display/CASC/phpCAS
*/
/**
* The CAS_PGTStorage_File class is a class for PGT file storage. An instance of
* this class is returned by CAS_Client::SetPGTStorageFile().
*
* @class CAS_PGTStorage_File
* @category Authentication
* @package PhpCAS
* @author Pascal Aubry <pascal.aubry@univ-rennes1.fr>
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
* @link https://wiki.jasig.org/display/CASC/phpCAS
*
*
* @ingroup internalPGTStorageFile
*/
class CAS_PGTStorage_File extends CAS_PGTStorage_AbstractStorage
{
/**
* @addtogroup internalPGTStorageFile
* @{
*/
/**
* a string telling where PGT's should be stored on the filesystem. Written by
* PGTStorageFile::PGTStorageFile(), read by getPath().
*
* @private
*/
var $_path;
/**
* This method returns the name of the directory where PGT's should be stored
* on the filesystem.
*
* @return string the name of a directory (with leading and trailing '/')
*
* @private
*/
function getPath()
{
return $this->_path;
}
// ########################################################################
// DEBUGGING
// ########################################################################
/**
* This method returns an informational string giving the type of storage
* used by the object (used for debugging purposes).
*
* @return string an informational string.
* @public
*/
function getStorageType()
{
return "file";
}
/**
* This method returns an informational string giving informations on the
* parameters of the storage.(used for debugging purposes).
*
* @return string an informational string.
* @public
*/
function getStorageInfo()
{
return 'path=`'.$this->getPath().'\'';
}
// ########################################################################
// CONSTRUCTOR
// ########################################################################
/**
* The class constructor, called by CAS_Client::SetPGTStorageFile().
*
* @param CAS_Client $cas_parent the CAS_Client instance that creates the object.
* @param string $path the path where the PGT's should be stored
*
* @return void
*
* @public
*/
function __construct($cas_parent,$path)
{
phpCAS::traceBegin();
// call the ancestor's constructor
parent::__construct($cas_parent);
if (empty($path)) {
$path = CAS_PGT_STORAGE_FILE_DEFAULT_PATH;
}
// check that the path is an absolute path
if (getenv("OS")=="Windows_NT" || strtoupper(substr(PHP_OS,0,3)) == 'WIN') {
if (!preg_match('`^[a-zA-Z]:`', $path)) {
phpCAS::error('an absolute path is needed for PGT storage to file');
}
} else {
if ( $path[0] != '/' ) {
phpCAS::error('an absolute path is needed for PGT storage to file');
}
// store the path (with a leading and trailing '/')
$path = preg_replace('|[/]*$|', '/', $path);
$path = preg_replace('|^[/]*|', '/', $path);
}
$this->_path = $path;
phpCAS::traceEnd();
}
// ########################################################################
// INITIALIZATION
// ########################################################################
/**
* This method is used to initialize the storage. Halts on error.
*
* @return void
* @public
*/
function init()
{
phpCAS::traceBegin();
// if the storage has already been initialized, return immediatly
if ($this->isInitialized()) {
return;
}
// call the ancestor's method (mark as initialized)
parent::init();
phpCAS::traceEnd();
}
// ########################################################################
// PGT I/O
// ########################################################################
/**
* This method returns the filename corresponding to a PGT Iou.
*
* @param string $pgt_iou the PGT iou.
*
* @return string a filename
* @private
*/
function getPGTIouFilename($pgt_iou)
{
phpCAS::traceBegin();
$filename = $this->getPath()."phpcas-".hash("sha256", $pgt_iou);
// $filename = $this->getPath().$pgt_iou.'.plain';
phpCAS::trace("Sha256 filename:" . $filename);
phpCAS::traceEnd();
return $filename;
}
/**
* This method stores a PGT and its corresponding PGT Iou into a file. Echoes a
* warning on error.
*
* @param string $pgt the PGT
* @param string $pgt_iou the PGT iou
*
* @return void
*
* @public
*/
function write($pgt,$pgt_iou)
{
phpCAS::traceBegin();
$fname = $this->getPGTIouFilename($pgt_iou);
if (!file_exists($fname)) {
touch($fname);
// Chmod will fail on windows
@chmod($fname, 0600);
if ($f=fopen($fname, "w")) {
if (fputs($f, $pgt) === false) {
phpCAS::error('could not write PGT to `'.$fname.'\'');
}
phpCAS::trace('Successful write of PGT to `'.$fname.'\'');
fclose($f);
} else {
phpCAS::error('could not open `'.$fname.'\'');
}
} else {
phpCAS::error('File exists: `'.$fname.'\'');
}
phpCAS::traceEnd();
}
/**
* This method reads a PGT corresponding to a PGT Iou and deletes the
* corresponding file.
*
* @param string $pgt_iou the PGT iou
*
* @return string|false the corresponding PGT, or FALSE on error
*
* @public
*/
function read($pgt_iou)
{
phpCAS::traceBegin();
$pgt = false;
$fname = $this->getPGTIouFilename($pgt_iou);
if (file_exists($fname)) {
if (!($f=fopen($fname, "r"))) {
phpCAS::error('could not open `'.$fname.'\'');
} else {
if (($pgt=fgets($f)) === false) {
phpCAS::error('could not read PGT from `'.$fname.'\'');
}
phpCAS::trace('Successful read of PGT to `'.$fname.'\'');
fclose($f);
}
// delete the PGT file
@unlink($fname);
} else {
phpCAS::error('No such file `'.$fname.'\'');
}
phpCAS::traceEnd($pgt);
return $pgt;
}
/** @} */
}
?>