Class: OpenID::Store::Filesystem

Inherits:

Interface

• Object
• Interface
• OpenID::Store::Filesystem

Defined in:

lib/openid/store/filesystem.rb

Constant Summary

@@FILENAME_ALLOWED =

"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-".split("")

Instance Method Summary

• #_get_association(filename) ⇒ Object
• #cleanup ⇒ Object

  Remove expired entries from the database.

• #cleanup_associations ⇒ Object
• #cleanup_nonces ⇒ Object
• #get_association(server_url, handle = nil) ⇒ Object

  Retrieve an association.

• #get_association_filename(server_url, handle) ⇒ Object

  Create a unique filename for a given server url and handle.

• #initialize(directory) ⇒ Filesystem constructor

  Create a Filesystem store instance, putting all data in directory.

• #remove_association(server_url, handle) ⇒ Object

  Remove an association if it exists, otherwise do nothing.

• #store_association(server_url, association) ⇒ Object

  Store an association in the assoc directory.

• #use_nonce(server_url, timestamp, salt) ⇒ Object

  Return whether the nonce is valid.

Constructor Details

#initialize(directory) ⇒ Filesystem

Create a Filesystem store instance, putting all data in directory.

# File 'lib/openid/store/filesystem.rb', line 17

def initialize(directory)
  @nonce_dir = File.join(directory, "nonces")
  @association_dir = File.join(directory, "associations")
  @temp_dir = File.join(directory, "temp")

  ensure_dir(@nonce_dir)
  ensure_dir(@association_dir)
  ensure_dir(@temp_dir)
end

Instance Method Details

#_get_association(filename) ⇒ Object

# File 'lib/openid/store/filesystem.rb', line 97

def _get_association(filename)
  assoc_file = File.open(filename, "r")
rescue Errno::ENOENT
  nil
else
  begin
    assoc_s = assoc_file.read
  ensure
    assoc_file.close
  end

  begin
    association = Association.deserialize(assoc_s)
  rescue StandardError
    remove_if_present(filename)
    return
  end

  # clean up expired associations
  return association unless association.expires_in == 0

  remove_if_present(filename)
  nil
end

#cleanup ⇒ Object

Remove expired entries from the database. This is potentially expensive, so only run when it is acceptable to take time.

# File 'lib/openid/store/filesystem.rb', line 163

def cleanup
  cleanup_associations
  cleanup_nonces
end

#cleanup_associations ⇒ Object

# File 'lib/openid/store/filesystem.rb', line 168

def cleanup_associations
  association_filenames = Dir[File.join(@association_dir, "*")]
  count = 0
  association_filenames.each do |af|
    f = File.open(af, "r")
  rescue Errno::ENOENT
    next
  else
    begin
      assoc_s = f.read
    ensure
      f.close
    end
    begin
      association = OpenID::Association.deserialize(assoc_s)
    rescue StandardError
      remove_if_present(af)
      next
    else
      if association.expires_in == 0
        remove_if_present(af)
        count += 1
      end
    end
  end
  count
end

#cleanup_nonces ⇒ Object

# File 'lib/openid/store/filesystem.rb', line 196

def cleanup_nonces
  nonces = Dir[File.join(@nonce_dir, "*")]
  now = Time.now.to_i

  count = 0
  nonces.each do |filename|
    nonce = filename.split("/")[-1]
    timestamp = nonce.split("-", 2)[0].to_i(16)
    nonce_age = (timestamp - now).abs
    if nonce_age > Nonce.skew
      remove_if_present(filename)
      count += 1
    end
  end
  count
end

#get_association(server_url, handle = nil) ⇒ Object

Retrieve an association

# File 'lib/openid/store/filesystem.rb', line 77

def get_association(server_url, handle = nil)
  # the filename with empty handle is the prefix for the associations
  # for a given server url
  filename = get_association_filename(server_url, handle)
  return _get_association(filename) if handle

  assoc_filenames = Dir.glob(filename.to_s + "*")

  assocs = assoc_filenames.collect do |f|
    _get_association(f)
  end

  assocs = assocs.find_all { |a| !a.nil? }
  assocs = assocs.sort_by { |a| a.issued }

  return if assocs.empty?

  assocs[-1]
end

#get_association_filename(server_url, handle) ⇒ Object

Create a unique filename for a given server url and handle. The filename that is returned will contain the domain name from the server URL for ease of human inspection of the data dir.

Raises:

• (ArgumentError)

# File 'lib/openid/store/filesystem.rb', line 30

def get_association_filename(server_url, handle)
  raise ArgumentError, "Bad server URL: #{server_url}" unless server_url.index("://")

  proto, rest = server_url.split("://", 2)
  domain = filename_escape(rest.split("/", 2)[0])
  url_hash = safe64(server_url)
  handle_hash = if handle
    safe64(handle)
  else
    ""
  end
  filename = [proto, domain, url_hash, handle_hash].join("-")
  File.join(@association_dir, filename)
end

#remove_association(server_url, handle) ⇒ Object

Remove an association if it exists, otherwise do nothing.

# File 'lib/openid/store/filesystem.rb', line 123

def remove_association(server_url, handle)
  assoc = get_association(server_url, handle)

  return false if assoc.nil?

  filename = get_association_filename(server_url, handle)
  remove_if_present(filename)
end

#store_association(server_url, association) ⇒ Object

Store an association in the assoc directory

# File 'lib/openid/store/filesystem.rb', line 46

def store_association(server_url, association)
  assoc_s = association.serialize
  filename = get_association_filename(server_url, association.handle)
  f, tmp = mktemp

  begin
    begin
      f.write(assoc_s)
      f.fsync
    ensure
      f.close
    end

    begin
      File.rename(tmp, filename)
    rescue Errno::EEXIST
      begin
        File.unlink(filename)
      rescue Errno::ENOENT
        # do nothing
      end

      File.rename(tmp, filename)
    end
  rescue StandardError
    remove_if_present(tmp)
    raise
  end
end

#use_nonce(server_url, timestamp, salt) ⇒ Object

Return whether the nonce is valid

# File 'lib/openid/store/filesystem.rb', line 133

def use_nonce(server_url, timestamp, salt)
  return false if (timestamp - Time.now.to_i).abs > Nonce.skew

  if server_url and !server_url.empty?
    proto, rest = server_url.split("://", 2)
  else
    proto = ""
    rest = ""
  end
  raise "Bad server URL" unless proto && rest

  domain = filename_escape(rest.split("/", 2)[0])
  url_hash = safe64(server_url)
  salt_hash = safe64(salt)

  nonce_fn = format("%08x-%s-%s-%s-%s", timestamp, proto, domain, url_hash, salt_hash)

  filename = File.join(@nonce_dir, nonce_fn)

  begin
    fd = File.new(filename, File::CREAT | File::EXCL | File::WRONLY, 0o200)
    fd.close
    true
  rescue Errno::EEXIST
    false
  end
end