diff options
Diffstat (limited to 'phpBB/phpbb/auth')
| -rw-r--r-- | phpBB/phpbb/auth/auth.php | 1 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/db.php | 1 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/oauth.php | 21 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/token_storage.php | 232 | 
4 files changed, 240 insertions, 15 deletions
| diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php index b7634e04ce..fc7cc1a0b1 100644 --- a/phpBB/phpbb/auth/auth.php +++ b/phpBB/phpbb/auth/auth.php @@ -930,6 +930,7 @@ class auth  		global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container;  		global $phpbb_dispatcher; +		/* @var $provider_collection \phpbb\auth\provider_collection */  		$provider_collection = $phpbb_container->get('auth.provider_collection');  		$provider = $provider_collection->get_provider(); diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index d8c5fb72de..1adf85ee05 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -155,6 +155,7 @@ class db extends \phpbb\auth\provider\base  		// Every auth module is able to define what to do by itself...  		if ($show_captcha)  		{ +			/* @var $captcha_factory \phpbb\captcha\factory */  			$captcha_factory = $this->phpbb_container->get('captcha.factory');  			$captcha = $captcha_factory->get_instance($this->config['captcha_plugin']);  			$captcha->init(CONFIRM_LOGIN); diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index be0fbf5831..bfeac2dd32 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -63,6 +63,13 @@ class oauth extends \phpbb\auth\provider\base  	protected $auth_provider_oauth_token_storage_table;  	/** +	* OAuth state table +	* +	* @var string +	*/ +	protected $auth_provider_oauth_state_table; + +	/**  	* OAuth account association table  	*  	* @var string @@ -120,6 +127,7 @@ class oauth extends \phpbb\auth\provider\base  	* @param	\phpbb\request\request_interface	$request  	* @param	\phpbb\user		$user  	* @param	string			$auth_provider_oauth_token_storage_table +	* @param	string			$auth_provider_oauth_state_table  	* @param	string			$auth_provider_oauth_token_account_assoc  	* @param	\phpbb\di\service_collection	$service_providers Contains \phpbb\auth\provider\oauth\service_interface  	* @param	string			$users_table @@ -127,7 +135,7 @@ class oauth extends \phpbb\auth\provider\base  	* @param	string			$phpbb_root_path  	* @param	string			$php_ext  	*/ -	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext) +	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_state_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext)  	{  		$this->db = $db;  		$this->config = $config; @@ -135,6 +143,7 @@ class oauth extends \phpbb\auth\provider\base  		$this->request = $request;  		$this->user = $user;  		$this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table; +		$this->auth_provider_oauth_state_table = $auth_provider_oauth_state_table;  		$this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc;  		$this->service_providers = $service_providers;  		$this->users_table = $users_table; @@ -188,7 +197,7 @@ class oauth extends \phpbb\auth\provider\base  		// Get the service credentials for the given service  		$service_credentials = $this->service_providers[$service_name]->get_service_credentials(); -		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); +		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);  		$query = 'mode=login&login=external&oauth_service=' . $service_name_original;  		$service = $this->get_service($service_name_original, $storage, $service_credentials, $query, $this->service_providers[$service_name]->get_auth_scope()); @@ -456,7 +465,7 @@ class oauth extends \phpbb\auth\provider\base  	*/  	protected function link_account_login_link(array $link_data, $service_name)  	{ -		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); +		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);  		// Check for an access token, they should have one  		if (!$storage->has_access_token_by_session($service_name)) @@ -499,7 +508,7 @@ class oauth extends \phpbb\auth\provider\base  	*/  	protected function link_account_auth_link(array $link_data, $service_name)  	{ -		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); +		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);  		$query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']);  		$service_credentials = $this->service_providers[$service_name]->get_service_credentials();  		$scopes = $this->service_providers[$service_name]->get_auth_scope(); @@ -544,7 +553,7 @@ class oauth extends \phpbb\auth\provider\base  	public function logout($data, $new_session)  	{  		// Clear all tokens belonging to the user -		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); +		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);  		$storage->clearAllTokens();  		return; @@ -627,7 +636,7 @@ class oauth extends \phpbb\auth\provider\base  		// Clear all tokens belonging to the user on this servce  		$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']); -		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); +		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);  		$storage->clearToken($service_name);  	}  } diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php index 9b6afae255..e922342ef6 100644 --- a/phpBB/phpbb/auth/provider/oauth/token_storage.php +++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php @@ -17,6 +17,7 @@ use OAuth\OAuth1\Token\StdOAuth1Token;  use OAuth\Common\Token\TokenInterface;  use OAuth\Common\Storage\TokenStorageInterface;  use OAuth\Common\Storage\Exception\TokenNotFoundException; +use OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException;  /**  * OAuth storage wrapper for phpbb's cache @@ -42,7 +43,14 @@ class token_storage implements TokenStorageInterface  	*  	* @var string  	*/ -	protected $auth_provider_oauth_table; +	protected $oauth_token_table; + +	/** +	* OAuth state table +	* +	* @var string +	*/ +	protected $oauth_state_table;  	/**  	* @var object|TokenInterface @@ -50,17 +58,24 @@ class token_storage implements TokenStorageInterface  	protected $cachedToken;  	/** +	* @var string +	*/ +	protected $cachedState; + +	/**  	* Creates token storage for phpBB.  	*  	* @param	\phpbb\db\driver\driver_interface	$db  	* @param	\phpbb\user		$user -	* @param	string			$auth_provider_oauth_table +	* @param	string			$oauth_token_table +	* @param	string			$oauth_state_table  	*/ -	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $auth_provider_oauth_table) +	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $oauth_token_table, $oauth_state_table)  	{  		$this->db = $db;  		$this->user = $user; -		$this->auth_provider_oauth_table = $auth_provider_oauth_table; +		$this->oauth_token_table = $oauth_token_table; +		$this->oauth_state_table = $oauth_state_table;  	}  	/** @@ -104,9 +119,11 @@ class token_storage implements TokenStorageInterface  			'session_id'	=> $this->user->data['session_id'],  		); -		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . ' +		$sql = 'INSERT INTO ' . $this->oauth_token_table . '  			' . $this->db->sql_build_array('INSERT', $data);  		$this->db->sql_query($sql); + +		return $this;  	}  	/** @@ -143,7 +160,7 @@ class token_storage implements TokenStorageInterface  		$this->cachedToken = null; -		$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' +		$sql = 'DELETE FROM ' . $this->oauth_token_table . '  			WHERE user_id = ' . (int) $this->user->data['user_id'] . "  				AND provider = '" . $this->db->sql_escape($service) . "'"; @@ -153,6 +170,8 @@ class token_storage implements TokenStorageInterface  		}  		$this->db->sql_query($sql); + +		return $this;  	}  	/** @@ -162,7 +181,123 @@ class token_storage implements TokenStorageInterface  	{  		$this->cachedToken = null; -		$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' +		$sql = 'DELETE FROM ' . $this->oauth_token_table . ' +			WHERE user_id = ' . (int) $this->user->data['user_id']; + +		if ((int) $this->user->data['user_id'] === ANONYMOUS) +		{ +			$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; +		} + +		$this->db->sql_query($sql); + +		return $this; +	} + +	/** +	* {@inheritdoc} +	*/ +	public function storeAuthorizationState($service, $state) +	{ +		$service = $this->get_service_name_for_db($service); + +		$this->cachedState = $state; + +		$data = array( +			'user_id'		=> (int) $this->user->data['user_id'], +			'provider'		=> $service, +			'oauth_state'	=> $state, +			'session_id'	=> $this->user->data['session_id'], +		); + +		$sql = 'INSERT INTO ' . $this->oauth_state_table . ' +			' . $this->db->sql_build_array('INSERT', $data); +		$this->db->sql_query($sql); + +		return $this; +	} + +	/** +	* {@inheritdoc} +	*/ +	public function hasAuthorizationState($service) +	{ +		$service = $this->get_service_name_for_db($service); + +		if ($this->cachedState) +		{ +			return true; +		} + +		$data = array( +			'user_id'	=> (int) $this->user->data['user_id'], +			'provider'	=> $service, +		); + +		if ((int) $this->user->data['user_id'] === ANONYMOUS) +		{ +			$data['session_id']	= $this->user->data['session_id']; +		} + +		return (bool) $this->get_state_row($data); +	} + +	/** +	* {@inheritdoc} +	*/ +	public function retrieveAuthorizationState($service) +	{ +		$service = $this->get_service_name_for_db($service); + +		if ($this->cachedState) +		{ +			return $this->cachedState; +		} + +		$data = array( +			'user_id'	=> (int) $this->user->data['user_id'], +			'provider'	=> $service, +		); + +		if ((int) $this->user->data['user_id'] === ANONYMOUS) +		{ +			$data['session_id']	= $this->user->data['session_id']; +		} + +		return $this->get_state_row($data); +	} + +	/** +	* {@inheritdoc} +	*/ +	public function clearAuthorizationState($service) +	{ +		$service = $this->get_service_name_for_db($service); + +		$this->cachedState = null; + +		$sql = 'DELETE FROM ' . $this->oauth_state_table . ' +			WHERE user_id = ' . (int) $this->user->data['user_id'] . " +				AND provider = '" . $this->db->sql_escape($service) . "'"; + +		if ((int) $this->user->data['user_id'] === ANONYMOUS) +		{ +			$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; +		} + +		$this->db->sql_query($sql); + +		return $this; +	} + +	/** +	* {@inheritdoc} +	*/ +	public function clearAllAuthorizationStates() +	{ +		$this->cachedState = null; + +		$sql = 'DELETE FROM ' . $this->oauth_state_table . '  			WHERE user_id = ' . (int) $this->user->data['user_id'];  		if ((int) $this->user->data['user_id'] === ANONYMOUS) @@ -171,6 +306,8 @@ class token_storage implements TokenStorageInterface  		}  		$this->db->sql_query($sql); + +		return $this;  	}  	/** @@ -185,7 +322,7 @@ class token_storage implements TokenStorageInterface  			return;  		} -		$sql = 'UPDATE ' . $this->auth_provider_oauth_table . ' +		$sql = 'UPDATE ' . $this->oauth_token_table . '  			SET ' . $this->db->sql_build_array('UPDATE', array(  					'user_id' => (int) $user_id  				)) . ' @@ -218,6 +355,29 @@ class token_storage implements TokenStorageInterface  	}  	/** +	* Checks to see if a state exists solely by the session_id of the user +	* +	* @param	string	$service	The name of the OAuth service +	* @return	bool	true if they have state, false if they don't +	*/ +	public function has_state_by_session($service) +	{ +		$service = $this->get_service_name_for_db($service); + +		if ($this->cachedState) +		{ +			return true; +		} + +		$data = array( +			'session_id'	=> $this->user->data['session_id'], +			'provider'		=> $service, +		); + +		return (bool) $this->get_state_row($data); +	} + +	/**  	* A helper function that performs the query for has access token functions  	*  	* @param	array	$data @@ -245,6 +405,23 @@ class token_storage implements TokenStorageInterface  		return $this->_retrieve_access_token($data);  	} +	public function retrieve_state_by_session($service) +	{ +		$service = $this->get_service_name_for_db($service); + +		if ($this->cachedState) +		{ +			return $this->cachedState; +		} + +		$data = array( +			'session_id'	=> $this->user->data['session_id'], +			'provider'	=> $service, +		); + +		return $this->_retrieve_state($data); +	} +  	/**  	* A helper function that performs the query for retrieve access token functions  	* Also checks if the token is a valid token @@ -276,6 +453,26 @@ class token_storage implements TokenStorageInterface  	}  	/** +	 * A helper function that performs the query for retrieve state functions +	 * +	 * @param	array	$data +	 * @return	mixed +	 * @throws \OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException +	 */ +	protected function _retrieve_state($data) +	{ +		$row = $this->get_state_row($data); + +		if (!$row) +		{ +			throw new AuthorizationStateNotFoundException(); +		} + +		$this->cachedState = $row['oauth_state']; +		return $this->cachedState; +	} + +	/**  	* A helper function that performs the query for retrieving an access token  	*  	* @param	array	$data @@ -283,7 +480,24 @@ class token_storage implements TokenStorageInterface  	*/  	protected function get_access_token_row($data)  	{ -		$sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . ' +		$sql = 'SELECT oauth_token FROM ' . $this->oauth_token_table . ' +			WHERE ' . $this->db->sql_build_array('SELECT', $data); +		$result = $this->db->sql_query($sql); +		$row = $this->db->sql_fetchrow($result); +		$this->db->sql_freeresult($result); + +		return $row; +	} + +	/** +	 * A helper function that performs the query for retrieving a state +	 * +	 * @param	array	$data +	 * @return	mixed +	 */ +	protected function get_state_row($data) +	{ +		$sql = 'SELECT oauth_state FROM ' . $this->oauth_state_table . '  			WHERE ' . $this->db->sql_build_array('SELECT', $data);  		$result = $this->db->sql_query($sql);  		$row = $this->db->sql_fetchrow($result); | 
