aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/auth/provider/oauth/oauth.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb/auth/provider/oauth/oauth.php')
-rw-r--r--phpBB/phpbb/auth/provider/oauth/oauth.php115
1 files changed, 100 insertions, 15 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
index c0ce3f1fba..8809a0c6b4 100644
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -63,6 +63,13 @@ class oauth extends \phpbb\auth\provider\base
protected $auth_provider_oauth_token_storage_table;
/**
+ * OAuth state table
+ *
+ * @var string
+ */
+ protected $auth_provider_oauth_state_table;
+
+ /**
* OAuth account association table
*
* @var string
@@ -98,6 +105,13 @@ class oauth extends \phpbb\auth\provider\base
protected $phpbb_container;
/**
+ * phpBB event dispatcher
+ *
+ * @var \phpbb\event\dispatcher_interface
+ */
+ protected $dispatcher;
+
+ /**
* phpBB root path
*
* @var string
@@ -120,14 +134,16 @@ class oauth extends \phpbb\auth\provider\base
* @param \phpbb\request\request_interface $request
* @param \phpbb\user $user
* @param string $auth_provider_oauth_token_storage_table
+ * @param string $auth_provider_oauth_state_table
* @param string $auth_provider_oauth_token_account_assoc
* @param \phpbb\di\service_collection $service_providers Contains \phpbb\auth\provider\oauth\service_interface
* @param string $users_table
* @param \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container DI container
+ * @param \phpbb\event\dispatcher_interface $dispatcher phpBB event dispatcher
* @param string $phpbb_root_path
* @param string $php_ext
*/
- public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext)
+ public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_state_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, \phpbb\event\dispatcher_interface $dispatcher, $phpbb_root_path, $php_ext)
{
$this->db = $db;
$this->config = $config;
@@ -135,10 +151,12 @@ class oauth extends \phpbb\auth\provider\base
$this->request = $request;
$this->user = $user;
$this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table;
+ $this->auth_provider_oauth_state_table = $auth_provider_oauth_state_table;
$this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc;
$this->service_providers = $service_providers;
$this->users_table = $users_table;
$this->phpbb_container = $phpbb_container;
+ $this->dispatcher = $dispatcher;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}
@@ -188,11 +206,12 @@ class oauth extends \phpbb\auth\provider\base
// Get the service credentials for the given service
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
- $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+ $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
$query = 'mode=login&login=external&oauth_service=' . $service_name_original;
$service = $this->get_service($service_name_original, $storage, $service_credentials, $query, $this->service_providers[$service_name]->get_auth_scope());
- if ($this->request->is_set('code', \phpbb\request\request_interface::GET))
+ if (($service::OAUTH_VERSION === 2 && $this->request->is_set('code', \phpbb\request\request_interface::GET))
+ || ($service::OAUTH_VERSION === 1 && $this->request->is_set('oauth_token', \phpbb\request\request_interface::GET)))
{
$this->service_providers[$service_name]->set_external_service_provider($service);
$unique_id = $this->service_providers[$service_name]->perform_auth_login();
@@ -208,6 +227,22 @@ class oauth extends \phpbb\auth\provider\base
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
+ /**
+ * Event is triggered before check if provider is already associated with an account
+ *
+ * @event core.oauth_login_after_check_if_provider_id_has_match
+ * @var array row User row
+ * @var array data Provider data
+ * @var \OAuth\Common\Service\ServiceInterface service OAuth service
+ * @since 3.2.3-RC1
+ */
+ $vars = array(
+ 'row',
+ 'data',
+ 'service',
+ );
+ extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars)));
+
if (!$row)
{
// The user does not yet exist, ask to link or create profile
@@ -238,6 +273,18 @@ class oauth extends \phpbb\auth\provider\base
// Update token storage to store the user_id
$storage->set_user_id($row['user_id']);
+ /**
+ * Event is triggered after user is successfuly logged in via OAuth.
+ *
+ * @event core.auth_oauth_login_after
+ * @var array row User row
+ * @since 3.1.11-RC1
+ */
+ $vars = array(
+ 'row',
+ );
+ extract($this->dispatcher->trigger_event('core.auth_oauth_login_after', compact($vars)));
+
// The user is now authenticated and can be logged in
return array(
'status' => LOGIN_SUCCESS,
@@ -247,7 +294,15 @@ class oauth extends \phpbb\auth\provider\base
}
else
{
- $url = $service->getAuthorizationUri();
+ if ($service::OAUTH_VERSION === 1)
+ {
+ $token = $service->requestRequestToken();
+ $url = $service->getAuthorizationUri(array('oauth_token' => $token->getRequestToken()));
+ }
+ else
+ {
+ $url = $service->getAuthorizationUri();
+ }
header('Location: ' . $url);
}
}
@@ -271,7 +326,13 @@ class oauth extends \phpbb\auth\provider\base
}
$uri_factory = new \OAuth\Common\Http\Uri\UriFactory();
- $current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(\phpbb\request\request_interface::SERVER));
+ $super_globals = $this->request->get_super_global(\phpbb\request\request_interface::SERVER);
+ if (!empty($super_globals['HTTP_X_FORWARDED_PROTO']) && $super_globals['HTTP_X_FORWARDED_PROTO'] === 'https')
+ {
+ $super_globals['HTTPS'] = 'on';
+ $super_globals['SERVER_PORT'] = 443;
+ }
+ $current_uri = $uri_factory->createFromSuperGlobalArray($super_globals);
$current_uri->setQuery($query);
$this->current_uri = $current_uri;
@@ -456,7 +517,7 @@ class oauth extends \phpbb\auth\provider\base
*/
protected function link_account_login_link(array $link_data, $service_name)
{
- $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+ $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
// Check for an access token, they should have one
if (!$storage->has_access_token_by_session($service_name))
@@ -499,13 +560,14 @@ class oauth extends \phpbb\auth\provider\base
*/
protected function link_account_auth_link(array $link_data, $service_name)
{
- $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+ $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
$query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']);
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
$scopes = $this->service_providers[$service_name]->get_auth_scope();
$service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $query, $scopes);
- if ($this->request->is_set('code', \phpbb\request\request_interface::GET))
+ if (($service::OAUTH_VERSION === 2 && $this->request->is_set('code', \phpbb\request\request_interface::GET))
+ || ($service::OAUTH_VERSION === 1 && $this->request->is_set('oauth_token', \phpbb\request\request_interface::GET)))
{
$this->service_providers[$service_name]->set_external_service_provider($service);
$unique_id = $this->service_providers[$service_name]->perform_auth_login();
@@ -521,7 +583,15 @@ class oauth extends \phpbb\auth\provider\base
}
else
{
- $url = $service->getAuthorizationUri();
+ if ($service::OAUTH_VERSION === 1)
+ {
+ $token = $service->requestRequestToken();
+ $url = $service->getAuthorizationUri(array('oauth_token' => $token->getRequestToken()));
+ }
+ else
+ {
+ $url = $service->getAuthorizationUri();
+ }
header('Location: ' . $url);
}
}
@@ -536,6 +606,18 @@ class oauth extends \phpbb\auth\provider\base
$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);
+
+ /**
+ * Event is triggered after user links account.
+ *
+ * @event core.auth_oauth_link_after
+ * @var array data User row
+ * @since 3.1.11-RC1
+ */
+ $vars = array(
+ 'data',
+ );
+ extract($this->dispatcher->trigger_event('core.auth_oauth_link_after', compact($vars)));
}
/**
@@ -544,7 +626,7 @@ class oauth extends \phpbb\auth\provider\base
public function logout($data, $new_session)
{
// Clear all tokens belonging to the user
- $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+ $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
$storage->clearAllTokens();
return;
@@ -553,13 +635,13 @@ class oauth extends \phpbb\auth\provider\base
/**
* {@inheritdoc}
*/
- public function get_auth_link_data()
+ public function get_auth_link_data($user_id = 0)
{
$block_vars = array();
// Get all external accounts tied to the current user
$data = array(
- 'user_id' => (int) $this->user->data['user_id'],
+ 'user_id' => ($user_id <= 0) ? (int) $this->user->data['user_id'] : (int) $user_id,
);
$sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
@@ -569,7 +651,7 @@ class oauth extends \phpbb\auth\provider\base
$oauth_user_ids = array();
- if ($rows !== false && sizeof($rows))
+ if ($rows !== false && count($rows))
{
foreach ($rows as $row)
{
@@ -616,15 +698,18 @@ class oauth extends \phpbb\auth\provider\base
return 'LOGIN_LINK_MISSING_DATA';
}
+ // Remove user specified in $link_data if possible
+ $user_id = isset($link_data['user_id']) ? $link_data['user_id'] : $this->user->data['user_id'];
+
// Remove the link
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "
WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'
- AND user_id = " . (int) $this->user->data['user_id'];
+ AND user_id = " . (int) $user_id;
$this->db->sql_query($sql);
// Clear all tokens belonging to the user on this servce
$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
- $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+ $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
$storage->clearToken($service_name);
}
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-28 17:46:53 +0000