diff options
| author | Nils Adermann <naderman@naderman.de> | 2013-09-16 01:24:05 +0200 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2013-09-16 01:24:05 +0200 |
| commit | 21bbb5850349326464204bdb1bea7ecf5a88c10a (patch) | |
| tree | c2e2ce66583cf94367301fab73e308c9dd8eddb9 /phpBB/phpbb/auth/provider/oauth/token_storage.php | |
| parent | bb395bbc50df53bf2e005d95d45f34c7c8934ff0 (diff) | |
| parent | ae6f37d559a71fb115cdb954452ebab5fb8fc69f (diff) | |
| download | forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar.gz forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar.bz2 forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar.xz forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.zip | |
Merge remote-tracking branch 'github-phpbb/develop' into ticket/11700
* github-phpbb/develop: (586 commits)
[ticket/11735] Display disabled checkbox in subsilver for read notifications
[ticket/11735] Display disabled checkbox when notification is already read
[ticket/11844] update acp/authentication language var
[ticket/11795] Remove PM popup
[ticket/11795] Remove outdated comment from forum_fn.js
[ticket/11795] Move find user JS to forum_fn
[ticket/11795] Replace TWIG with phpBB syntax in ACP
[ticket/11795] Move MSN scripts to forum_fn.js
[ticket/11795] Use phpBB template syntax instead of TWIG
[ticket/11795] Move PM popup JS to forum_fn.js
[ticket/11795] Get rid of pagination JS variables
[ticket/11795] Get rid of onload_functions
[ticket/11795] Use data-reset-on-edit attr to reset elements
[ticket/11795] Redo form elements auto-focus
[ticket/11811] Remove outline on :focus
[ticket/11836] Fix subsilver fatal error
[ticket/11837] Replace escaped single quote with utf-8 single quote
[ticket/11836] Fix fatal error on unsupported provider for auth link
[ticket/11837] Translate UCP_AUTH_LINK_NOT_SUPPORTED
[ticket/11809] Ensure code.js is first script included after jQuery
...
Conflicts:
phpBB/config/services.yml
phpBB/develop/create_schema_files.php
phpBB/develop/mysql_upgrader.php
phpBB/download/file.php
phpBB/includes/bbcode.php
phpBB/includes/functions_container.php
phpBB/install/database_update.php
phpBB/install/index.php
phpBB/phpbb/controller/helper.php
phpBB/phpbb/controller/resolver.php
phpBB/phpbb/request/request_interface.php
phpBB/phpbb/session.php
phpBB/phpbb/style/extension_path_provider.php
phpBB/phpbb/style/path_provider.php
phpBB/phpbb/style/path_provider_interface.php
phpBB/phpbb/style/resource_locator.php
phpBB/phpbb/style/style.php
phpBB/phpbb/template/locator.php
phpBB/phpbb/template/template.php
phpBB/phpbb/template/twig/node/includeasset.php
phpBB/phpbb/template/twig/node/includecss.php
phpBB/phpbb/template/twig/node/includejs.php
phpBB/phpbb/template/twig/twig.php
tests/controller/helper_url_test.php
tests/di/create_container_test.php
tests/extension/style_path_provider_test.php
tests/notification/notification_test.php
tests/session/continue_test.php
tests/session/creation_test.php
tests/template/template_events_test.php
tests/template/template_test_case.php
tests/template/template_test_case_with_tree.php
tests/test_framework/phpbb_functional_test_case.php
Diffstat (limited to 'phpBB/phpbb/auth/provider/oauth/token_storage.php')
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/token_storage.php | 366 |
1 files changed, 366 insertions, 0 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php new file mode 100644 index 0000000000..d21deb8999 --- /dev/null +++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php @@ -0,0 +1,366 @@ +<?php +/** +* +* @package auth +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @ignore +*/ +if (!defined('IN_PHPBB')) +{ + exit; +} + + +use OAuth\OAuth1\Token\StdOAuth1Token; +use OAuth\Common\Token\TokenInterface; +use OAuth\Common\Storage\TokenStorageInterface; +use OAuth\Common\Storage\Exception\StorageException; +use OAuth\Common\Storage\Exception\TokenNotFoundException; + +/** +* OAuth storage wrapper for phpbb's cache +* +* @package auth +*/ +class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface +{ + /** + * Cache driver. + * + * @var phpbb_db_driver + */ + protected $db; + + /** + * phpBB user + * + * @var phpbb_user + */ + protected $user; + + /** + * OAuth token table + * + * @var string + */ + protected $auth_provider_oauth_table; + + /** + * @var object|TokenInterface + */ + protected $cachedToken; + + /** + * Creates token storage for phpBB. + * + * @param phpbb_db_driver $db + * @param phpbb_user $user + * @param string $auth_provider_oauth_table + */ + public function __construct(phpbb_db_driver $db, phpbb_user $user, $auth_provider_oauth_table) + { + $this->db = $db; + $this->user = $user; + $this->auth_provider_oauth_table = $auth_provider_oauth_table; + } + + /** + * {@inheritdoc} + */ + public function retrieveAccessToken($service) + { + $service = $this->get_service_name_for_db($service); + + if ($this->cachedToken instanceOf TokenInterface) + { + return $this->cachedToken; + } + + $data = array( + 'user_id' => (int) $this->user->data['user_id'], + 'provider' => $service, + ); + + if ((int) $this->user->data['user_id'] === ANONYMOUS) + { + $data['session_id'] = $this->user->data['session_id']; + } + + return $this->_retrieve_access_token($data); + } + + /** + * {@inheritdoc} + */ + public function storeAccessToken($service, TokenInterface $token) + { + $service = $this->get_service_name_for_db($service); + + $this->cachedToken = $token; + + $data = array( + 'user_id' => (int) $this->user->data['user_id'], + 'provider' => $service, + 'oauth_token' => $this->json_encode_token($token), + 'session_id' => $this->user->data['session_id'], + ); + + $sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . ' + ' . $this->db->sql_build_array('INSERT', $data); + $this->db->sql_query($sql); + } + + /** + * {@inheritdoc} + */ + public function hasAccessToken($service) + { + $service = $this->get_service_name_for_db($service); + + if ($this->cachedToken) { + return true; + } + + $data = array( + 'user_id' => (int) $this->user->data['user_id'], + 'provider' => $service, + ); + + if ((int) $this->user->data['user_id'] === ANONYMOUS) + { + $data['session_id'] = $this->user->data['session_id']; + } + + return $this->_has_acess_token($data); + } + + /** + * {@inheritdoc} + */ + public function clearToken($service) + { + $service = $this->get_service_name_for_db($service); + + $this->cachedToken = null; + + $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' + WHERE user_id = ' . (int) $this->user->data['user_id'] . " + AND provider = '" . $this->db->sql_escape($service) . "'"; + + if ((int) $this->user->data['user_id'] === ANONYMOUS) + { + $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; + } + + $this->db->sql_query($sql); + } + + /** + * {@inheritdoc} + */ + public function clearAllTokens() + { + $this->cachedToken = null; + + $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' + WHERE user_id = ' . (int) $this->user->data['user_id']; + + if ((int) $this->user->data['user_id'] === ANONYMOUS) + { + $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; + } + + $this->db->sql_query($sql); + } + + /** + * Updates the user_id field in the database assosciated with the token + * + * @param int $user_id + */ + public function set_user_id($user_id) + { + if (!$this->cachedToken) + { + return; + } + + $sql = 'UPDATE ' . $this->auth_provider_oauth_table . ' + SET ' . $this->db->sql_build_array('UPDATE', array( + 'user_id' => (int) $user_id + )) . ' + WHERE user_id = ' . (int) $this->user->data['user_id'] . " + AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; + $this->db->sql_query($sql); + } + + /** + * Checks to see if an access token exists solely by the session_id of the user + * + * @return bool true if they have token, false if they don't + */ + public function has_access_token_by_session($service) + { + $service = $this->get_service_name_for_db($service); + + if ($this->cachedToken) + { + return true; + } + + $data = array( + 'session_id' => $this->user->data['session_id'], + 'provider' => $service, + ); + + return $this->_has_acess_token($data); + } + + /** + * A helper function that performs the query for has access token functions + * + * @param array $data + * @return bool + */ + protected function _has_acess_token($data) + { + return (bool) $this->get_access_token_row($data); + } + + public function retrieve_access_token_by_session($service) + { + $service = $this->get_service_name_for_db($service); + + if ($this->cachedToken instanceOf TokenInterface) { + return $this->cachedToken; + } + + $data = array( + 'session_id' => $this->user->data['session_id'], + 'provider' => $service, + ); + + return $this->_retrieve_access_token($data); + } + + /** + * A helper function that performs the query for retrieve access token functions + * Also checks if the token is a valid token + * + * @param array $data + * @return mixed + */ + protected function _retrieve_access_token($data) + { + $row = $this->get_access_token_row($data); + + if (!$row) + { + throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_NOT_STORED'); + } + + $token = $this->json_decode_token($row['oauth_token']); + + // Ensure that the token was serialized/unserialized correctly + if (!($token instanceof TokenInterface)) + { + $this->clearToken(); + throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED'); + } + + $this->cachedToken = $token; + return $token; + } + + /** + * A helper function that performs the query for retrieving an access token + * + * @param array $data + * @return mixed + */ + protected function get_access_token_row($data) + { + $sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . ' + WHERE ' . $this->db->sql_build_array('SELECT', $data); + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + return $row; + } + + public function json_encode_token(TokenInterface $token) + { + $members = array( + 'accessToken' => $token->getAccessToken(), + 'endOfLife' => $token->getEndOfLife(), + 'extraParams' => $token->getExtraParams(), + 'refreshToken' => $token->getRefreshToken(), + + 'token_class' => get_class($token), + ); + + // Handle additional data needed for OAuth1 tokens + if ($token instanceof StdOAuth1Token) + { + $members['requestToken'] = $token->getRequestToken(); + $members['requestTokenSecret'] = $token->getRequestTokenSecret(); + $members['accessTokenSecret'] = $token->getAccessTokenSecret(); + } + + return json_encode($members); + } + + public function json_decode_token($json) + { + $token_data = json_decode($json, true); + + if ($token_data === null) + { + throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED'); + } + + $token_class = $token_data['token_class']; + $access_token = $token_data['accessToken']; + $refresh_token = $token_data['refreshToken']; + $endOfLife = $token_data['endOfLife']; + $extra_params = $token_data['extraParams']; + + // Create the token + $token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params); + $token->setEndOfLife($endOfLife); + + // Handle OAuth 1.0 specific elements + if ($token instanceof StdOAuth1Token) + { + $token->setRequestToken($token_data['requestToken']); + $token->setRequestTokenSecret($token_data['requestTokenSecret']); + $token->setAccessTokenSecret($token_data['accessTokenSecret']); + } + + return $token; + } + + /** + * Returns the name of the service as it must be stored in the database. + * + * @param string $service The name of the OAuth service + * @return string The name of the OAuth service as it needs to be stored + * in the database. + */ + protected function get_service_name_for_db($service) + { + // Enforce the naming convention for oauth services + if (strpos($service, 'auth.provider.oauth.service.') !== 0) + { + $service = 'auth.provider.oauth.service.' . strtolower($service); + } + + return $service; + } +} |