Subversion Repositories Applications.annuaire

Rev

Rev 42 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
42 aurelien 1
<?php
2
 
3
/**
4
 * This file supplies a dumb store backend for OpenID servers and
5
 * consumers.
6
 *
7
 * PHP versions 4 and 5
8
 *
9
 * LICENSE: See the COPYING file included in this distribution.
10
 *
11
 * @package OpenID
12
 * @author JanRain, Inc. <openid@janrain.com>
13
 * @copyright 2005 Janrain, Inc.
14
 * @license http://www.gnu.org/copyleft/lesser.html LGPL
15
 */
16
 
17
/**
18
 * Import the interface for creating a new store class.
19
 */
20
require_once 'Auth/OpenID/Interface.php';
21
require_once 'Auth/OpenID/HMACSHA1.php';
22
 
23
/**
24
 * This is a store for use in the worst case, when you have no way of
25
 * saving state on the consumer site. Using this store makes the
26
 * consumer vulnerable to replay attacks, as it's unable to use
27
 * nonces. Avoid using this store if it is at all possible.
28
 *
29
 * Most of the methods of this class are implementation details.
30
 * Users of this class need to worry only about the constructor.
31
 *
32
 * @package OpenID
33
 */
34
class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
35
 
36
    /**
37
     * Creates a new {@link Auth_OpenID_DumbStore} instance. For the security
38
     * of the tokens generated by the library, this class attempts to
39
     * at least have a secure implementation of getAuthKey.
40
     *
41
     * When you create an instance of this class, pass in a secret
42
     * phrase. The phrase is hashed with sha1 to make it the correct
43
     * length and form for an auth key. That allows you to use a long
44
     * string as the secret phrase, which means you can make it very
45
     * difficult to guess.
46
     *
47
     * Each {@link Auth_OpenID_DumbStore} instance that is created for use by
48
     * your consumer site needs to use the same $secret_phrase.
49
     *
50
     * @param string secret_phrase The phrase used to create the auth
51
     * key returned by getAuthKey
52
     */
53
    function Auth_OpenID_DumbStore($secret_phrase)
54
    {
55
        $this->auth_key = Auth_OpenID_SHA1($secret_phrase);
56
    }
57
 
58
    /**
59
     * This implementation does nothing.
60
     */
61
    function storeAssociation($server_url, $association)
62
    {
63
    }
64
 
65
    /**
66
     * This implementation always returns null.
67
     */
68
    function getAssociation($server_url, $handle = null)
69
    {
70
        return null;
71
    }
72
 
73
    /**
74
     * This implementation always returns false.
75
     */
76
    function removeAssociation($server_url, $handle)
77
    {
78
        return false;
79
    }
80
 
81
    /**
82
     * This implementation does nothing.
83
     */
84
    function storeNonce($nonce)
85
    {
86
    }
87
 
88
    /**
89
     * In a system truly limited to dumb mode, nonces must all be
90
     * accepted. This therefore always returns true, which makes
91
     * replay attacks feasible.
92
     */
93
    function useNonce($nonce)
94
    {
95
        return true;
96
    }
97
 
98
    /**
99
     * This method returns the auth key generated by the constructor.
100
     */
101
    function getAuthKey()
102
    {
103
        return $this->auth_key;
104
    }
105
 
106
    /**
107
     * This store is a dumb mode store, so this method is overridden
108
     * to return true.
109
     */
110
    function isDumb()
111
    {
112
        return true;
113
    }
114
}
115
 
116
?>