ipsilon/providers/openid/store.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

#!/usr/bin/python
#
# Copyright (C) 2014  Ipsilon project Contributors, for licensee see COPYING

from ipsilon.util.data import Store

from openid import oidutil
from openid.association import Association
from openid.store.nonce import SKEW as NonceSKEW
from openid.store.interface import OpenIDStore as OpenIDStoreInterface

from time import time


class OpenIDStore(Store, OpenIDStoreInterface):
    def __init__(self, database_url):
        Store.__init__(self, database_url=database_url)

    def storeAssociation(self, server_url, assoc):
        iden = '%s-%s' % (server_url, assoc.handle)
        datum = {'secret': oidutil.toBase64(assoc.secret),
                 'issued': str(assoc.issued),
                 'lifetime': str(assoc.lifetime),
                 'assoc_type': assoc.assoc_type}

        data = {iden: datum}
        self.save_unique_data('association', data)

    def getAssociation(self, server_url, handle=None):
        iden = '%s-%s' % (server_url, handle)
        data = self.get_unique_data('association', iden)

        if len(data) < 1:
            return None

        datum = data[iden]
        assoc = Association(handle,
                            oidutil.fromBase64(datum['secret']),
                            int(datum['issued']),
                            int(datum['lifetime']),
                            datum['assoc_type'])

        if assoc.expiresIn == 0:
            self.del_unique_data('association', iden)
            return None

        return assoc

    def removeAssociation(self, server_url, handle):
        iden = '%s-%s' % (server_url, handle)
        self.del_unique_data('association', iden)

    def useNonce(self, server_url, timestamp, salt):
        if abs(timestamp - time()) > NonceSKEW:
            return False

        iden = '%s-%s-%s' % (server_url, timestamp, salt)
        data = self.get_unique_data('nonce', iden)

        if len(data) > 0:
            # This server_url, timestamp, salt combination is already seen
            return False

        datum = {'timestamp': timestamp}
        data = {iden: datum}
        self.save_unique_data('nonce', data)

        return True

    def cleanupNonces(self):
        nonces = self.get_unique_data('nonce')
        for iden in nonces:
            if nonces[iden]['timestamp'] < (time() - NonceSKEW):
                self.del_unique_data('nonce', iden)

    def cleanupAssociations(self):
        assocs = self.get_unique_data('association')
        for iden in assocs:
            if ((int(assocs[iden]['issued']) + int(assocs[iden]['lifetime']))
                    < time()):
                self.del_unique_data('association', iden)