+<h2>{L_AUTH_PROVIDER_OAUTH_TITLE}</h2>

+

+<p>{L_AUTH_PROVIDER_OAUTH_EXPLAIN}</p>

+

+<!-- BEGIN oauth_services -->

+<fieldset>

+ <legend>{oauth_services.ACTUAL_NAME}</legend>

+ <dl>

+ <dt><label for="oauth_service_{oauth_services.NAME}_key">{L_AUTH_PROVIDER_OAUTH_KEY}{L_COLON}</label></dt>

+ <dd><input type="text" id="oauth_service_{oauth_services.NAME}_key" size="40" name="config[auth_oauth_{oauth_services.NAME}_key]" value="{oauth_services.KEY}" /></dd>

+ </dl>

+ <dl>

+ <dt><label for="oauth_service_{oauth_services.NAME}_secret">{L_AUTH_PROVIDER_OAUTH_SECRET}{L_COLON}</label></dt>

+ <dd><input type="text" id="oauth_service_{oauth_services.NAME}_secret" size="40" name="config[auth_oauth_{oauth_services.NAME}_secret]" value="{oauth_services.SECRET}" /></dd>

+ </dl>

+</fieldset>

+<!-- END oauth_services -->

+ "lusitanian/oauth": "0.2.*",

+ "hash": "a14960de85feb64fdb19eabd165cc09b",

+ "name": "lusitanian/oauth",

+ "version": "v0.2.1",

+ "source": {

+ "type": "git",

+ "url": "https://github.com/Lusitanian/PHPoAuthLib.git",

+ "reference": "00c667d93058e983fc1b7d3d1cebdb1bc03fb043"

+ },

+ "dist": {

+ "type": "zip",

+ "url": "https://api.github.com/repos/Lusitanian/PHPoAuthLib/zipball/00c667d93058e983fc1b7d3d1cebdb1bc03fb043",

+ "reference": "00c667d93058e983fc1b7d3d1cebdb1bc03fb043",

+ "shasum": ""

+ },

+ "require": {

+ "php": ">=5.3.0"

+ },

+ "require-dev": {

+ "phpunit/phpunit": "3.7.*",

+ "predis/predis": "0.8.*@dev",

+ "symfony/http-foundation": "~2.1"

+ },

+ "suggest": {

+ "predis/predis": "Allows using the Redis storage backend.",

+ "symfony/http-foundation": "Allows using the Symfony Session storage backend."

+ },

+ "type": "library",

+ "extra": {

+ "branch-alias": {

+ "dev-master": "0.1-dev"

+ }

+ },

+ "autoload": {

+ "psr-0": {

+ "OAuth": "src",

+ "OAuth\\Unit": "tests"

+ }

+ },

+ "notification-url": "https://packagist.org/downloads/",

+ "license": [

+ "MIT"

+ ],

+ "authors": [

+ {

+ "name": "David Desberg",

+ "email": "david@daviddesberg.com"

+ },

+ {

+ "name": "Pieter Hordijk",

+ "email": "info@pieterhordijk.com",

+ "homepage": "https://pieterhordijk.com",

+ "role": "developer"

+ }

+ ],

+ "description": "PHP 5.3+ oAuth 1/2 Library",

+ "keywords": [

+ "Authentication",

+ "authorization",

+ "oauth",

+ "security"

+ ],

+ "time": "2013-08-29 21:40:04"

+ },

+ {

+ "url": "https://github.com/fabpot/Goutte",

+ "reference": "v0.1.0"

+ "url": "https://github.com/fabpot/Goutte/archive/v0.1.0.zip",

+ "reference": "v0.1.0",

+ "url": "https://github.com/guzzle/guzzle",

+ "reference": "v3.0.7"

+ "url": "https://github.com/guzzle/guzzle/archive/v3.0.7.zip",

+ "reference": "v3.0.7",

+ "url": "https://github.com/phingofficial/phing",

+ "reference": "2.4.14"

+ "url": "https://github.com/phingofficial/phing/archive/2.4.14.zip",

+ "reference": "2.4.14",

+ "reference": "1.2.3"

+ "url": "https://api.github.com/repos/sebastianbergmann/dbunit/zipball/1.2.3",

+ "reference": "1.2.3",

+ "reference": "1.2.12"

+ "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/1.2.12",

+ "reference": "1.2.12",

+ "url": "git://github.com/sebastianbergmann/php-file-iterator.git",

+ "reference": "1.3.3"

+ "url": "https://github.com/sebastianbergmann/php-file-iterator/zipball/1.3.3",

+ "reference": "1.3.3",

+ "time": "2012-10-11 04:44:38"

+ "url": "git://github.com/sebastianbergmann/php-text-template.git",

+ "reference": "1.1.4"

+ "url": "https://github.com/sebastianbergmann/php-text-template/zipball/1.1.4",

+ "reference": "1.1.4",

+ "time": "2012-10-31 11:15:28"

+ "url": "git://github.com/sebastianbergmann/phpunit-mock-objects.git",

+ "reference": "1.2.3"

+ "url": "https://github.com/sebastianbergmann/phpunit-mock-objects/archive/1.2.3.zip",

+ "reference": "1.2.3",

+ auth.provider.oauth:

+ class: phpbb_auth_provider_oauth

+ arguments:

+ - @dbal.conn

+ - @config

+ - @request

+ - @user

+ - %tables.auth_provider_oauth_token_storage%

+ - %tables.auth_provider_oauth_account_assoc%

+ - @auth.provider.oauth.service_collection

+ - %tables.users%

+ - %core.root_path%

+ - %core.php_ext%

+ tags:

+ - { name: auth.provider }

+ auth.provider.oauth.service_collection:

+ class: phpbb_di_service_collection

+ arguments:

+ - @service_container

+ tags:

+ - { name: service_collection, tag: auth.provider.oauth.service }

+ auth.provider.oauth.service.bitly:

+ class: phpbb_auth_provider_oauth_service_bitly

+ arguments:

+ - @config

+ - @request

+ tags:

+ - { name: auth.provider.oauth.service }

+ auth.provider.oauth.service.facebook:

+ class: phpbb_auth_provider_oauth_service_facebook

+ arguments:

+ - @config

+ - @request

+ tags:

+ - { name: auth.provider.oauth.service }

+ auth.provider.oauth.service.google:

+ class: phpbb_auth_provider_oauth_service_google

+ arguments:

+ - @config

+ - @request

+ tags:

+ - { name: auth.provider.oauth.service }

+ tables.auth_provider_oauth_token_storage: %core.table_prefix%oauth_tokens

+ tables.auth_provider_oauth_account_assoc: %core.table_prefix%oauth_accounts

+ if (array_key_exists('BLOCK_VAR_NAME', $auth_tpl))

+ {

+ foreach ($auth_tpl['BLOCK_VARS'] as $block_vars)

+ {

+ $template->assign_block_vars($auth_tpl['BLOCK_VAR_NAME'], $block_vars);

+ }

+ }

+define('LOGIN_SUCCESS_LINK_PROFILE', 21);

+$schema_data['phpbb_oauth_accounts'] = array(

+ 'COLUMNS' => array(

+ 'user_id' => array('UINT', 0),

+ 'provider' => array('VCHAR', ''),

+ 'oauth_provider_id' => array('TEXT_UNI', ''),

+ ),

+ 'PRIMARY_KEY' => array(

+ 'user_id',

+ 'provider',

+ ),

+);

+

+$schema_data['phpbb_oauth_tokens'] = array(

+ 'COLUMNS' => array(

+ 'user_id' => array('UINT', 0), // phpbb_users.user_id

+ 'session_id' => array('CHAR:32', ''), // phpbb_sessions.session_id used only when user_id not set

+ 'provider' => array('VCHAR', ''), // Name of the OAuth provider

+ 'oauth_token' => array('MTEXT', ''), // Serialized token

+ ),

+ 'KEYS' => array(

+ 'user_id' => array('INDEX', 'user_id'),

+ 'provider' => array('INDEX', 'provider'),

+ ),

+);

+

+ global $request, $phpbb_container;

+ if ($request->is_set_post('login') || ($request->is_set('login') && $request->variable('login', '') == 'external'))

+ $auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']);

+

+ $auth_provider_data = $auth_provider->get_login_data();

+ if ($auth_provider_data)

+ {

+ if (isset($auth_provider_data['VARS']))

+ {

+ $template->assign_vars($auth_provider_data['VARS']);

+ }

+

+ if (isset($auth_provider_data['BLOCK_VAR_NAME']))

+ {

+ foreach ($auth_provider_data['BLOCK_VARS'] as $block_vars)

+ {

+ $template->assign_block_vars($auth_provider_data['BLOCK_VAR_NAME'], $block_vars);

+ }

+ }

+

+ $template->assign_vars(array(

+ 'PROVIDER_TEMPLATE_FILE' => $auth_provider_data['TEMPLATE_FILE'],

+ ));

+ }

+

+<?php

+/**

+*

+* @package ucp

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @package module_install

+*/

+class ucp_auth_link_info

+{

+ function module()

+ {

+ return array(

+ 'filename' => 'ucp_auth_link',

+ 'title' => 'UCP_AUTH_LINK',

+ 'version' => '1.0.0',

+ 'modes' => array(

+ 'auth_link' => array('title' => 'UCP_AUTH_LINK_MANAGE', 'auth' => '', 'cat' => array('UCP_PROFILE')),

+ ),

+ );

+ }

+

+ function install()

+ {

+ }

+

+ function uninstall()

+ {

+ }

+}

+<?php

+/**

+*

+* @package ucp

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+class ucp_auth_link

+{

+ /**

+ * @var string

+ */

+ public $u_action;

+

+ /**

+ * Generates the ucp_auth_link page and handles the auth link process

+ *

+ * @param int $id

+ * @param string $mode

+ */

+ public function main($id, $mode)

+ {

+ global $config, $request, $template, $phpbb_container, $user;

+

+ $error = array();

+

+ $auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']);

+

+ // confirm that the auth provider supports this page

+ $provider_data = $auth_provider->get_auth_link_data();

+ if ($provider_data === null)

+ {

+ $error[] = 'UCP_AUTH_LINK_NOT_SUPPORTED';

+ }

+

+ $s_hidden_fields = array();

+ add_form_key('ucp_auth_link');

+

+ $submit = $request->variable('submit', false, false, phpbb_request_interface::POST);

+

+ // This path is only for primary actions

+ if (!sizeof($error) && $submit)

+ {

+ if (!check_form_key('ucp_auth_link'))

+ {

+ $error[] = 'FORM_INVALID';

+ }

+

+ if (!sizeof($error))

+ {

+ // Any post data could be necessary for auth (un)linking

+ $link_data = $request->get_super_global(phpbb_request_interface::POST);

+

+ // The current user_id is also necessary

+ $link_data['user_id'] = $user->data['user_id'];

+

+ // Tell the provider that the method is auth_link not login_link

+ $link_data['link_method'] = 'auth_link';

+

+ if ($request->variable('link', 0, false, phpbb_request_interface::POST))

+ {

+ $error[] = $auth_provider->link_account($link_data);

+ }

+ else

+ {

+ $error[] = $auth_provider->unlink_account($link_data);

+ }

+

+ // Template data may have changed, get new data

+ $provider_data = $auth_provider->get_auth_link_data();

+ }

+ }

+

+ // In some cases, a request to an external server may be required. In

+ // these cases, the GET parameter 'link' should exist and should be true

+ if ($request->variable('link', false))

+ {

+ // In this case the link data should only be populated with the

+ // link_method as the provider dictates how data is returned to it.

+ $link_data = array('link_method' => 'auth_link');

+

+ $error[] = $auth_provider->link_account($link_data);

+

+ // Template data may have changed, get new data

+ $provider_data = $auth_provider->get_auth_link_data();

+ }

+

+ if (isset($provider_data['VARS']))

+ {

+ // Handle hidden fields separately

+ if (isset($provider_data['VARS']['HIDDEN_FIELDS']))

+ {

+ $s_hidden_fields = array_merge($s_hidden_fields, $provider_data['VARS']['HIDDEN_FIELDS']);

+ unset($provider_data['VARS']['HIDDEN_FIELDS']);

+ }

+

+ $template->assign_vars($provider_data['VARS']);

+ }

+

+ if (isset($provider_data['BLOCK_VAR_NAME']))

+ {

+ foreach ($provider_data['BLOCK_VARS'] as $block_vars)

+ {

+ // See if there are additional hidden fields. This should be an associative array

+ if (isset($block_vars['HIDDEN_FIELDS']))

+ {

+ $block_vars['HIDDEN_FIELDS'] = build_hidden_fields($block_vars['HIDDEN_FIELDS']);

+ }

+

+ $template->assign_block_vars($provider_data['BLOCK_VAR_NAME'], $block_vars);

+ }

+ }

+

+ $s_hidden_fields = build_hidden_fields($s_hidden_fields);

+

+ // Replace "error" strings with their real, localised form

+ $error = array_map(array($user, 'lang'), $error);

+ $error = implode('<br />', $error);

+

+ $template->assign_vars(array(

+ 'ERROR' => $error,

+

+ 'PROVIDER_TEMPLATE_FILE' => $provider_data['TEMPLATE_FILE'],

+

+ 'S_HIDDEN_FIELDS' => $s_hidden_fields,

+ 'S_UCP_ACTION' => $this->u_action,

+ ));

+

+ $this->tpl_name = 'ucp_auth_link';

+ $this->page_title = 'UCP_AUTH_LINK';

+ }

+}

+<?php

+/**

+*

+* @package ucp

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* ucp_login_link

+* Allows users of external accounts link those accounts to their phpBB accounts

+* during an attempted login.

+* @package ucp

+*/

+class ucp_login_link

+{

+ /**

+ * @var string

+ */

+ public $u_action;

+

+ /**

+ * Generates the ucp_login_link page and handles login link process

+ *

+ * @param int $id

+ * @param string $mode

+ */

+ function main($id, $mode)

+ {

+ global $config, $phpbb_container, $request, $template, $user;

+ global $phpbb_root_path, $phpEx;

+

+ // Initialize necessary variables

+ $login_error = null;

+ $login_link_error = null;

+ $login_username = null;

+

+ // Build the data array

+ $data = $this->get_login_link_data_array();

+

+ // Ensure the person was sent here with login_link data

+ if (empty($data))

+ {

+ $login_link_error = $user->lang['LOGIN_LINK_NO_DATA_PROVIDED'];

+ }

+

+ // Use the auth_provider requested even if different from configured

+ $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']);

+ $auth_provider = $phpbb_container->get($auth_provider);

+

+ // Set the link_method to login_link

+ $data['link_method'] = 'login_link';

+

+ // Have the authentication provider check that all necessary data is available

+ $result = $auth_provider->login_link_has_necessary_data($data);

+ if ($result !== null)

+ {

+ $login_link_error = $user->lang[$result];

+ }

+

+ // Perform link action if there is no error

+ if (!$login_link_error)

+ {

+ if ($request->is_set_post('login'))

+ {

+ $login_username = $request->variable('login_username', '', false, phpbb_request_interface::POST);

+ $login_password = $request->untrimmed_variable('login_password', '', true, phpbb_request_interface::POST);

+

+ $login_result = $auth_provider->login($login_username, $login_password);

+

+ // We only care if there is or is not an error

+ $login_error = $this->process_login_result($login_result);

+

+ if (!$login_error)

+ {

+ // Give the user_id to the data

+ $data['user_id'] = $login_result['user_row']['user_id'];

+

+ // The user is now logged in, attempt to link the user to the external account

+ $result = $auth_provider->link_account($data);

+

+ if ($result)

+ {

+ $login_link_error = $user->lang[$result];

+ }

+ else

+ {

+ // Finish login

+ $result = $user->session_create($login_result['user_row']['user_id'], false, false, true);

+

+ // Perform a redirect as the account has been linked

+ $this->perform_redirect();

+ }

+ }

+ }

+ }

+

+ $template->assign_vars(array(

+ // Common template elements

+ 'LOGIN_LINK_ERROR' => $login_link_error,

+ 'PASSWORD_CREDENTIAL' => 'login_password',

+ 'USERNAME_CREDENTIAL' => 'login_username',

+ 'S_HIDDEN_FIELDS' => $this->get_hidden_fields($data),

+

+ // Registration elements

+ 'REGISTER_ACTION' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),

+

+ // Login elements

+ 'LOGIN_ERROR' => $login_error,

+ 'LOGIN_USERNAME' => $login_username,

+ ));

+

+ $this->tpl_name = 'ucp_login_link';

+ $this->page_title = 'UCP_LOGIN_LINK';

+ }

+

+ /**

+ * Builds the hidden fields string from the data array.

+ *

+ * @param array $data This function only includes data in the array

+ * that has a key that begins with 'login_link_'

+ * @return string A string of hidden fields that can be included in the

+ * template

+ */

+ protected function get_hidden_fields($data)

+ {

+ $fields = array();

+

+ foreach ($data as $key => $value)

+ {

+ $fields['login_link_' . $key] = $value;

+ }

+

+ return build_hidden_fields($fields);

+ }

+

+ /**

+ * Builds the login_link data array

+ *

+ * @return array All login_link data. This is all GET data whose names

+ * begin with 'login_link_'

+ */

+ protected function get_login_link_data_array()

+ {

+ global $request;

+

+ $var_names = $request->variable_names(phpbb_request_interface::GET);

+ $login_link_data = array();

+ $string_start_length = strlen('login_link_');

+

+ foreach ($var_names as $var_name)

+ {

+ if (strpos($var_name, 'login_link_') === 0)

+ {

+ $key_name = substr($var_name, $string_start_length);

+ $login_link_data[$key_name] = $request->variable($var_name, '', false, phpbb_request_interface::GET);

+ }

+ }

+

+ return $login_link_data;

+ }

+

+ /**

+ * Processes the result array from the login process

+ * @param array $result The login result array

+ * @return string|null If there was an error in the process, a string is

+ * returned. If the login was successful, then null is

+ * returned.

+ */

+ protected function process_login_result($result)

+ {

+ global $config, $request, $template, $user;

+

+ $login_error = null;

+

+ if ($result['status'] != LOGIN_SUCCESS)

+ {

+ // Handle all errors first

+ if ($result['status'] == LOGIN_BREAK)

+ {

+ trigger_error($result['error_msg']);

+ }

+

+ switch ($result['status'])

+ {

+ case LOGIN_ERROR_ATTEMPTS:

+

+ $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);

+ $captcha->init(CONFIRM_LOGIN);

+

+ $template->assign_vars(array(

+ 'CAPTCHA_TEMPLATE' => $captcha->get_template(),

+ ));

+

+ $login_error = $user->lang[$result['error_msg']];

+ break;

+

+ case LOGIN_ERROR_PASSWORD_CONVERT:

+ $login_error = sprintf(

+ $user->lang[$result['error_msg']],

+ ($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',

+ ($config['email_enable']) ? '</a>' : '',

+ ($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',

+ ($config['board_contact']) ? '</a>' : ''

+ );

+ break;

+

+ // Username, password, etc...

+ default:

+ $login_error = $user->lang[$result['error_msg']];

+

+ // Assign admin contact to some error messages

+ if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')

+ {

+ $login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');

+ }

+

+ break;

+ }

+ }

+

+ return $login_error;

+ }

+

+ /**

+ * Performs a post login redirect

+ */

+ protected function perform_redirect()

+ {

+ global $phpbb_root_path, $phpEx;

+ $url = append_sid($phpbb_root_path . 'index.' . $phpEx);

+ redirect($url);

+ }

+}

+ global $request, $phpbb_container;

+ $s_hidden_fields = array();

+

+ // Handle login_link data added to $_hidden_fields

+ $login_link_data = $this->get_login_link_data_array();

+

+ if (!empty($login_link_data))

+ {

+ // Confirm that we have all necessary data

+ $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']);

+ $auth_provider = $phpbb_container->get($auth_provider);

+

+ $result = $auth_provider->login_link_has_necessary_data($login_link_data);

+ if ($result !== null)

+ {

+ $error[] = $user->lang[$result];

+ }

+

+ $s_hidden_fields = array_merge($s_hidden_fields, $this->get_login_link_data_for_hidden_fields($login_link_data));

+ }

+ $s_hidden_fields = array_merge($s_hidden_fields, array(

+ ));

+ // Perform account linking if necessary

+ if (!empty($login_link_data))

+ {

+ $login_link_data['user_id'] = $user_id;

+

+ $result = $auth_provider->link_account($login_link_data);

+

+ if ($result)

+ {

+ $message = $message . '<br /><br />' . $user->lang[$result];

+ }

+ }

+

+ $s_hidden_fields = array_merge($s_hidden_fields, array(

+ ));

+

+ /**

+ * Creates the login_link data array

+ *

+ * @return array Returns an array of all POST paramaters whose names

+ * begin with 'login_link_'

+ */

+ protected function get_login_link_data_array()

+ {

+ global $request;

+

+ $var_names = $request->variable_names(phpbb_request_interface::POST);

+ $login_link_data = array();

+ $string_start_length = strlen('login_link_');

+

+ foreach ($var_names as $var_name)

+ {

+ if (strpos($var_name, 'login_link_') === 0)

+ {

+ $key_name = substr($var_name, $string_start_length);

+ $login_link_data[$key_name] = $request->variable($var_name, '', false, phpbb_request_interface::POST);

+ }

+ }

+

+ return $login_link_data;

+ }

+

+ /**

+ * Prepends they key names of an associative array with 'login_link_' for

+ * inclusion on the page as hidden fields.

+ *

+ * @param array $data The array to be modified

+ * @return array The modified array

+ */

+ protected function get_login_link_data_for_hidden_fields($data)

+ {

+ $new_data = array();

+

+ foreach ($data as $key => $value)

+ {

+ $new_data['login_link_' . $key] = $value;

+ }

+

+ return $new_data;

+ }

+# Table: 'phpbb_oauth_tokens'

+CREATE TABLE phpbb_oauth_tokens (

+ user_id INTEGER DEFAULT 0 NOT NULL,

+ session_id CHAR(32) CHARACTER SET NONE DEFAULT '' NOT NULL,

+ provider VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL,

+ oauth_token BLOB SUB_TYPE TEXT CHARACTER SET NONE DEFAULT '' NOT NULL

+);;

+

+CREATE INDEX phpbb_oauth_tokens_user_id ON phpbb_oauth_tokens(user_id);;

+CREATE INDEX phpbb_oauth_tokens_provider ON phpbb_oauth_tokens(provider);;

+

+# Table: 'phpbb_oauth_accounts'

+CREATE TABLE phpbb_oauth_accounts (

+ user_id INTEGER DEFAULT 0 NOT NULL,

+ provider VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL,

+ oauth_provider_id BLOB SUB_TYPE TEXT CHARACTER SET UTF8 DEFAULT '' NOT NULL

+);;

+

+ALTER TABLE phpbb_oauth_accounts ADD PRIMARY KEY (user_id, provider);;

+

+

+ Table: 'phpbb_oauth_tokens'

+*/

+CREATE TABLE [phpbb_oauth_tokens] (

+ [user_id] [int] DEFAULT (0) NOT NULL ,

+ [session_id] [char] (32) DEFAULT ('') NOT NULL ,

+ [provider] [varchar] (255) DEFAULT ('') NOT NULL ,

+ [oauth_token] [text] DEFAULT ('') NOT NULL

+) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]

+GO

+

+CREATE INDEX [user_id] ON [phpbb_oauth_tokens]([user_id]) ON [PRIMARY]

+GO

+

+CREATE INDEX [provider] ON [phpbb_oauth_tokens]([provider]) ON [PRIMARY]

+GO

+

+

+/*

+ Table: 'phpbb_oauth_accounts'

+*/

+CREATE TABLE [phpbb_oauth_accounts] (

+ [user_id] [int] DEFAULT (0) NOT NULL ,

+ [provider] [varchar] (255) DEFAULT ('') NOT NULL ,

+ [oauth_provider_id] [varchar] (4000) DEFAULT ('') NOT NULL

+) ON [PRIMARY]

+GO

+

+ALTER TABLE [phpbb_oauth_accounts] WITH NOCHECK ADD

+ CONSTRAINT [PK_phpbb_oauth_accounts] PRIMARY KEY CLUSTERED

+ (

+ [user_id],

+ [provider]

+ ) ON [PRIMARY]

+GO

+

+

+/*

+# Table: 'phpbb_oauth_tokens'

+CREATE TABLE phpbb_oauth_tokens (

+ user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,

+ session_id binary(32) DEFAULT '' NOT NULL,

+ provider varbinary(255) DEFAULT '' NOT NULL,

+ oauth_token mediumblob NOT NULL,

+ KEY user_id (user_id),

+ KEY provider (provider)

+);

+

+

+# Table: 'phpbb_oauth_accounts'

+CREATE TABLE phpbb_oauth_accounts (

+ user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,

+ provider varbinary(255) DEFAULT '' NOT NULL,

+ oauth_provider_id blob NOT NULL,

+ PRIMARY KEY (user_id, provider)

+);

+

+

+# Table: 'phpbb_oauth_tokens'

+CREATE TABLE phpbb_oauth_tokens (

+ user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,

+ session_id char(32) DEFAULT '' NOT NULL,

+ provider varchar(255) DEFAULT '' NOT NULL,

+ oauth_token mediumtext NOT NULL,

+ KEY user_id (user_id),

+ KEY provider (provider)

+) CHARACTER SET `utf8` COLLATE `utf8_bin`;

+

+

+# Table: 'phpbb_oauth_accounts'

+CREATE TABLE phpbb_oauth_accounts (

+ user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,

+ provider varchar(255) DEFAULT '' NOT NULL,

+ oauth_provider_id text NOT NULL,

+ PRIMARY KEY (user_id, provider)

+) CHARACTER SET `utf8` COLLATE `utf8_bin`;

+

+

+ Table: 'phpbb_oauth_tokens'

+*/

+CREATE TABLE phpbb_oauth_tokens (

+ user_id number(8) DEFAULT '0' NOT NULL,

+ session_id char(32) DEFAULT '' ,

+ provider varchar2(255) DEFAULT '' ,

+ oauth_token clob DEFAULT ''

+)

+/

+

+CREATE INDEX phpbb_oauth_tokens_user_id ON phpbb_oauth_tokens (user_id)

+/

+CREATE INDEX phpbb_oauth_tokens_provider ON phpbb_oauth_tokens (provider)

+/

+

+/*

+ Table: 'phpbb_oauth_accounts'

+*/

+CREATE TABLE phpbb_oauth_accounts (

+ user_id number(8) DEFAULT '0' NOT NULL,

+ provider varchar2(255) DEFAULT '' ,

+ oauth_provider_id clob DEFAULT '' ,

+ CONSTRAINT pk_phpbb_oauth_accounts PRIMARY KEY (user_id, provider)

+)

+/

+

+

+/*

+ Table: 'phpbb_oauth_tokens'

+*/

+CREATE TABLE phpbb_oauth_tokens (

+ user_id INT4 DEFAULT '0' NOT NULL CHECK (user_id >= 0),

+ session_id char(32) DEFAULT '' NOT NULL,

+ provider varchar(255) DEFAULT '' NOT NULL,

+ oauth_token TEXT DEFAULT '' NOT NULL

+);

+

+CREATE INDEX phpbb_oauth_tokens_user_id ON phpbb_oauth_tokens (user_id);

+CREATE INDEX phpbb_oauth_tokens_provider ON phpbb_oauth_tokens (provider);

+

+/*

+ Table: 'phpbb_oauth_accounts'

+*/

+CREATE TABLE phpbb_oauth_accounts (

+ user_id INT4 DEFAULT '0' NOT NULL CHECK (user_id >= 0),

+ provider varchar(255) DEFAULT '' NOT NULL,

+ oauth_provider_id varchar(4000) DEFAULT '' NOT NULL,

+ PRIMARY KEY (user_id, provider)

+);

+

+

+/*

+# Table: 'phpbb_oauth_tokens'

+CREATE TABLE phpbb_oauth_tokens (

+ user_id INTEGER UNSIGNED NOT NULL DEFAULT '0',

+ session_id char(32) NOT NULL DEFAULT '',

+ provider varchar(255) NOT NULL DEFAULT '',

+ oauth_token mediumtext(16777215) NOT NULL DEFAULT ''

+);

+

+CREATE INDEX phpbb_oauth_tokens_user_id ON phpbb_oauth_tokens (user_id);

+CREATE INDEX phpbb_oauth_tokens_provider ON phpbb_oauth_tokens (provider);

+

+# Table: 'phpbb_oauth_accounts'

+CREATE TABLE phpbb_oauth_accounts (

+ user_id INTEGER UNSIGNED NOT NULL DEFAULT '0',

+ provider varchar(255) NOT NULL DEFAULT '',

+ oauth_provider_id text(65535) NOT NULL DEFAULT '',

+ PRIMARY KEY (user_id, provider)

+);

+

+

+ 'AUTH_PROVIDER_OAUTH_ERROR_ELEMENT_MISSING' => 'Both the key and secret of each enabled OAuth service provider must be provided. Only one was provided for an OAuth service provider.',

+ 'AUTH_PROVIDER_OAUTH_EXPLAIN' => 'Each OAuth provider requires a unique secret and key in order to authenticate with the external server.<br />These should be supplied by the OAuth service when you register your website with them and should be entered exactly as provided to you.<br />Any service that does not have both a key and a secret entered here will not be available for use by the forum users.',

+ 'AUTH_PROVIDER_OAUTH_KEY' => 'Key',

+ 'AUTH_PROVIDER_OAUTH_TITLE' => 'OAuth',

+ 'AUTH_PROVIDER_OAUTH_SECRET' => 'Secret',

+

+ 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.',

+ 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.',

+ 'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created',

+ 'AUTH_PROVIDER_OAUTH_SERVICE_BITLY' => 'Bitly',

+ 'AUTH_PROVIDER_OAUTH_SERVICE_FACEBOOK' => 'Facebook',

+ 'AUTH_PROVIDER_OAUTH_SERVICE_GOOGLE' => 'Google',

+ 'AUTH_PROVIDER_OAUTH_TOKEN_ERROR_NOT_STORED' => 'OAuth token not stored.',

+ 'AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED' => 'OAuth token incorrectly stored.',

+ 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST' => 'A non-existant OAuth service has been requested.',

+ 'LOGIN_LINK' => 'Link or register your account on an external service with your board account',

+ 'LOGIN_LINK_EXPLAIN' => 'You have attempted to login with an external service that is not yet connected to an account on this board. You must now either link this account to an existing account or create a new account.',

+ 'LOGIN_LINK_MISSING_DATA' => 'Data that is necessary to link your account with an external service is not available. Please restart the login process.',

+ 'LOGIN_LINK_NO_DATA_PROVIDED' => 'No data has been provided to this page to link an external account to a forum account. Please contact the board administrator if you continue to experience problems.',

+ 'UCP_AUTH_LINK' => 'External accounts',

+ 'UCP_AUTH_LINK_ASK' => 'You currently have no account associated with this external service. Click the button below to link your board account to an account with this external service.',

+ 'UCP_AUTH_LINK_ID' => 'Unique identifier',

+ 'UCP_AUTH_LINK_LINK' => 'Link',

+ 'UCP_AUTH_LINK_MANAGE' => 'Manage external account associations',

+ 'UCP_AUTH_LINK_TITLE' => 'Manage your external account associations',

+ 'UCP_AUTH_LINK_UNLINK' => 'Unlink',

+ 'UCP_LOGIN_LINK' => 'Set up an external account association',

+ // If the auth provider wants us to link an empty account do so and redirect

+ if ($login['status'] == LOGIN_SUCCESS_LINK_PROFILE)

+ {

+ // If this status exists a fourth field is in the $login array called 'redirect_data'

+ // This data is passed along as GET data to the next page allow the account to be linked

+

+ $params = array('mode' => 'login_link');

+ $url = append_sid($phpbb_root_path . 'ucp.' . $phpEx, array_merge($params, $login['redirect_data']));

+

+ redirect($url);

+ }

+

+ public function get_login_data()

+ {

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_auth_link_data()

+ {

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+

+ /**

+ * {@inheritdoc}

+ */

+ public function login_link_has_necessary_data($login_link_data)

+ {

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function link_account(array $link_data)

+ {

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function unlink_account(array $link_data)

+ {

+ return;

+ }

+ * A fourth key of the array may be present:

+ * 'redirect_data' This key is only used when 'status' is

+ * equal to LOGIN_SUCCESS_LINK_PROFILE and its value is an

+ * associative array that is turned into GET variables on

+ * the redirect url.

+ * An optional third element may be added to this

+ * array: 'BLOCK_VAR_NAME'. If this is present,

+ * then its value should be a string that is used

+ * to designate the name of the loop used in the

+ * ACP template file. When this is present, an

+ * additional key named 'BLOCK_VARS' is required.

+ * This must be an array containing at least one

+ * array of variables that will be assigned during

+ * the loop in the template. An example of this is

+ * presented below:

+ * array(

+ * 'BLOCK_VAR_NAME' => string,

+ * 'BLOCK_VARS' => array(

+ * 'KEY IS UNIMPORTANT' => array(...),

+ * ),

+ * 'TEMPLATE_FILE' => string,

+ * 'TEMPLATE_VARS' => array(...),

+ * )

+ * Returns an array of data necessary to build custom elements on the login

+ * form.

+ *

+ * @return array|null If this function is not implemented on an auth

+ * provider then it returns null. If it is implemented

+ * it will return an array of up to four elements of

+ * which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is

+ * present then 'BLOCK_VARS' must also be present in

+ * the array. The fourth element 'VARS' is also

+ * optional. The array, with all four elements present

+ * looks like the following:

+ * array(

+ * 'TEMPLATE_FILE' => string,

+ * 'BLOCK_VAR_NAME' => string,

+ * 'BLOCK_VARS' => array(...),

+ * 'VARS' => array(...),

+ * )

+ */

+ public function get_login_data();

+

+ /**

+

+ /**

+ * Checks to see if $login_link_data contains all information except for the

+ * user_id of an account needed to successfully link an external account to

+ * a forum account.

+ *

+ * @param array $link_data Any data needed to link a phpBB account to

+ * an external account.

+ * @return string|null Returns a string with a language constant if there

+ * is data missing or null if there is no error.

+ */

+ public function login_link_has_necessary_data($login_link_data);

+

+ /**

+ * Links an external account to a phpBB account.

+ *

+ * @param array $link_data Any data needed to link a phpBB account to

+ * an external account.

+ */

+ public function link_account(array $link_data);

+

+ /**

+ * Returns an array of data necessary to build the ucp_auth_link page

+ *

+ * @return array|null If this function is not implemented on an auth

+ * provider then it returns null. If it is implemented

+ * it will return an array of up to four elements of

+ * which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is

+ * present then 'BLOCK_VARS' must also be present in

+ * the array. The fourth element 'VARS' is also

+ * optional. The array, with all four elements present

+ * looks like the following:

+ * array(

+ * 'TEMPLATE_FILE' => string,

+ * 'BLOCK_VAR_NAME' => string,

+ * 'BLOCK_VARS' => array(...),

+ * 'VARS' => array(...),

+ * )

+ */

+ public function get_auth_link_data();

+

+ /**

+ * Unlinks an external account from a phpBB account.

+ *

+ * @param array $link_data Any data needed to unlink a phpBB account

+ * from a phpbb account.

+ */

+ public function unlink_account(array $link_data);

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+use OAuth\Common\Consumer\Credentials;

+use OAuth\Common\Http\Uri\Uri;

+

+/**

+* OAuth authentication provider for phpBB3

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth extends phpbb_auth_provider_base

+{

+ /**

+ * Database driver

+ *

+ * @var phpbb_db_driver

+ */

+ protected $db;

+

+ /**

+ * phpBB config

+ *

+ * @var phpbb_config

+ */

+ protected $config;

+

+ /**

+ * phpBB request object

+ *

+ * @var phpbb_request

+ */

+ protected $request;

+

+ /**

+ * phpBB user

+ *

+ * @var phpbb_user

+ */

+ protected $user;

+

+ /**

+ * OAuth token table

+ *

+ * @var string

+ */

+ protected $auth_provider_oauth_token_storage_table;

+

+ /**

+ * OAuth account association table

+ *

+ * @var string

+ */

+ protected $auth_provider_oauth_token_account_assoc;

+

+ /**

+ * All OAuth service providers

+ *

+ * @var phpbb_di_service_collection Contains phpbb_auth_provider_oauth_service_interface

+ */

+ protected $service_providers;

+

+ /**

+ * Users table

+ *

+ * @var string

+ */

+ protected $users_table;

+

+ /**

+ * Cached current uri object

+ *

+ * @var \OAuth\Common\Http\Uri\UriInterface|null

+ */

+ protected $current_uri;

+

+ /**

+ * phpBB root path

+ *

+ * @var string

+ */

+ protected $phpbb_root_path;

+

+ /**

+ * PHP extenstion

+ *

+ * @var string

+ */

+ protected $php_ext;

+

+ /**

+ * OAuth Authentication Constructor

+ *

+ * @param phpbb_db_driver $db

+ * @param phpbb_config $config

+ * @param phpbb_request $request

+ * @param phpbb_user $user

+ * @param string $auth_provider_oauth_token_storage_table

+ * @param string $auth_provider_oauth_token_account_assoc

+ * @param phpbb_di_service_collection $service_providers Contains phpbb_auth_provider_oauth_service_interface

+ * @param string $users_table

+ * @param string $phpbb_root_path

+ * @param string $php_ext

+ */

+ public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_token_account_assoc, phpbb_di_service_collection $service_providers, $users_table, $phpbb_root_path, $php_ext)

+ {

+ $this->db = $db;

+ $this->config = $config;

+ $this->request = $request;

+ $this->user = $user;

+ $this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table;

+ $this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc;

+ $this->service_providers = $service_providers;

+ $this->users_table = $users_table;

+ $this->phpbb_root_path = $phpbb_root_path;

+ $this->php_ext = $php_ext;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function init()

+ {

+ // This does not test whether or not the key and secret provided are valid.

+ foreach ($this->service_providers as $service_provider)

+ {

+ $credentials = $service_provider->get_service_credentials();

+

+ if (($credentials['key'] && !$credentials['secret']) || (!$credentials['key'] && $credentials['secret']))

+ {

+ return $this->user->lang['AUTH_PROVIDER_OAUTH_ERROR_ELEMENT_MISSING'];

+ }

+ }

+ return false;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function login($username, $password)

+ {

+ // Temporary workaround for only having one authentication provider available

+ if (!$this->request->is_set('oauth_service'))

+ {

+ $provider = new phpbb_auth_provider_db($this->db, $this->config, $this->request, $this->user, $this->phpbb_root_path, $this->php_ext);

+ return $provider->login($username, $password);

+ }

+

+ // Requst the name of the OAuth service

+ $service_name_original = $this->request->variable('oauth_service', '', false);

+ $service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original);

+ if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers))

+ {

+ return array(

+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,

+ 'error_msg' => 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST',

+ 'user_row' => array('user_id' => ANONYMOUS),

+ );

+ }

+

+ // Get the service credentials for the given service

+ $service_credentials = $this->service_providers[$service_name]->get_service_credentials();

+

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+ $query = 'mode=login&login=external&oauth_service=' . $service_name_original;

+ $service = $this->get_service($service_name_original, $storage, $service_credentials, $this->service_providers[$service_name]->get_auth_scope(), $query);

+

+ if ($this->request->is_set('code', phpbb_request_interface::GET))

+ {

+ $this->service_providers[$service_name]->set_external_service_provider($service);

+ $unique_id = $this->service_providers[$service_name]->perform_auth_login();

+

+ // Check to see if this provider is already assosciated with an account

+ $data = array(

+ 'provider' => $service_name_original,

+ 'oauth_provider_id' => $unique_id

+ );

+ $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '

+ WHERE ' . $this->db->sql_build_array('SELECT', $data);

+ $result = $this->db->sql_query($sql);

+ $row = $this->db->sql_fetchrow($result);

+ $this->db->sql_freeresult($result);

+

+ if (!$row)

+ {

+ // The user does not yet exist, ask to link or create profile

+ return array(

+ 'status' => LOGIN_SUCCESS_LINK_PROFILE,

+ 'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED',

+ 'user_row' => array(),

+ 'redirect_data' => array(

+ 'auth_provider' => 'oauth',

+ 'login_link_oauth_service' => $service_name_original,

+ ),

+ );

+ }

+

+ // Retrieve the user's account

+ $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts

+ FROM ' . $this->users_table . '

+ WHERE user_id = ' . (int) $row['user_id'];

+ $result = $this->db->sql_query($sql);

+ $row = $this->db->sql_fetchrow($result);

+ $this->db->sql_freeresult($result);

+

+ if (!$row)

+ {

+ throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');

+ }

+

+ // Update token storage to store the user_id

+ $storage->set_user_id($row['user_id']);

+

+ // The user is now authenticated and can be logged in

+ return array(

+ 'status' => LOGIN_SUCCESS,

+ 'error_msg' => false,

+ 'user_row' => $row,

+ );

+ }

+ else

+ {

+ $url = $service->getAuthorizationUri();

+ header('Location: ' . $url);

+ }

+ }

+

+ /**

+ * Returns the cached current_uri object or creates and caches it if it is

+ * not already created. In each case the query string is updated based on

+ * the $query parameter.

+ *

+ * @param string $service_name The name of the service

+ * @param string $query The query string of the current_uri

+ * used in redirects

+ * @return \OAuth\Common\Http\Uri\UriInterface

+ */

+ protected function get_current_uri($service_name, $query)

+ {

+ if ($this->current_uri)

+ {

+ $this->current_uri->setQuery($query);

+ return $this->current_uri;

+ }

+

+ $uri_factory = new \OAuth\Common\Http\Uri\UriFactory();

+ $current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(phpbb_request_interface::SERVER));

+ $current_uri->setQuery($query);

+

+ $this->current_uri = $current_uri;

+ return $current_uri;

+ }

+

+ /**

+ * Returns a new service object

+ *

+ * @param string $service_name The name of the service

+ * @param phpbb_auth_oauth_token_storage $storage

+ * @param array $service_credentials {@see phpbb_auth_provider_oauth::get_service_credentials}

+ * @param array $scope The scope of the request against

+ * the api.

+ * @param string $query The query string of the

+ * current_uri used in redirection

+ * @return \OAuth\Common\Service\ServiceInterface

+ */

+ protected function get_service($service_name, phpbb_auth_provider_oauth_token_storage $storage, array $service_credentials, array $scopes = array(), $query)

+ {

+ $current_uri = $this->get_current_uri($service_name, $query);

+

+ // Setup the credentials for the requests

+ $credentials = new Credentials(

+ $service_credentials['key'],

+ $service_credentials['secret'],

+ $current_uri->getAbsoluteUri()

+ );

+

+ $service_factory = new \OAuth\ServiceFactory();

+ $service = $service_factory->createService($service_name, $credentials, $storage, $scopes);

+

+ if (!$service)

+ {

+ throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED');

+ }

+

+ return $service;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_login_data()

+ {

+ $login_data = array(

+ 'TEMPLATE_FILE' => 'login_body_oauth.html',

+ 'BLOCK_VAR_NAME' => 'oauth',

+ 'BLOCK_VARS' => array(),

+ );

+

+ foreach ($this->service_providers as $service_name => $service_provider)

+ {

+ // Only include data if the credentials are set

+ $credentials = $service_provider->get_service_credentials();

+ if ($credentials['key'] && $credentials['secret'])

+ {

+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

+ $redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name;

+ $login_data['BLOCK_VARS'][$service_name] = array(

+ 'REDIRECT_URL' => redirect($redirect_url, true),

+ 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],

+ );

+ }

+ }

+

+ return $login_data;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function acp()

+ {

+ $ret = array();

+

+ foreach ($this->service_providers as $service_name => $service_provider)

+ {

+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

+ $ret[] = 'auth_oauth_' . $actual_name . '_key';

+ $ret[] = 'auth_oauth_' . $actual_name . '_secret';

+ }

+

+ return $ret;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_acp_template($new_config)

+ {

+ $ret = array(

+ 'BLOCK_VAR_NAME' => 'oauth_services',

+ 'BLOCK_VARS' => array(),

+ 'TEMPLATE_FILE' => 'auth_provider_oauth.html',

+ 'TEMPLATE_VARS' => array(),

+ );

+

+ foreach ($this->service_providers as $service_name => $service_provider)

+ {

+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

+ $ret['BLOCK_VARS'][$actual_name] = array(

+ 'ACTUAL_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],

+ 'KEY' => $new_config['auth_oauth_' . $actual_name . '_key'],

+ 'NAME' => $actual_name,

+ 'SECRET' => $new_config['auth_oauth_' . $actual_name . '_secret'],

+ );

+ }

+

+ return $ret;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function login_link_has_necessary_data($login_link_data)

+ {

+ if (empty($login_link_data))

+ {

+ return 'LOGIN_LINK_NO_DATA_PROVIDED';

+ }

+

+ if (!array_key_exists('oauth_service', $login_link_data) || !$login_link_data['oauth_service'] ||

+ !array_key_exists('link_method', $login_link_data) || !$login_link_data['link_method'])

+ {

+ return 'LOGIN_LINK_MISSING_DATA';

+ }

+

+ return null;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function link_account(array $link_data)

+ {

+ // Check for a valid link method (auth_link or login_link)

+ if (!array_key_exists('link_method', $link_data) ||

+ !in_array($link_data['link_method'], array(

+ 'auth_link',

+ 'login_link',

+ )))

+ {

+ return 'LOGIN_LINK_MISSING_DATA';

+ }

+

+ // We must have an oauth_service listed, check for it two ways

+ if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])

+ {

+ $link_data['oauth_service'] = $this->request->variable('oauth_service', '');

+

+ if (!$link_data['oauth_service'])

+ {

+ return 'LOGIN_LINK_MISSING_DATA';

+ }

+ }

+

+ $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);

+ if (!array_key_exists($service_name, $this->service_providers))

+ {

+ return 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST';

+ }

+

+ switch ($link_data['link_method'])

+ {

+ case 'auth_link':

+ return $this->link_account_auth_link($link_data, $service_name);

+ case 'login_link':

+ return $this->link_account_login_link($link_data, $service_name);

+ }

+ }

+

+ /**

+ * Performs the account linking for login_link

+ *

+ * @param array $link_data The same variable given to {@see phpbb_auth_provider_interface::link_account}

+ * @param string $service_name The name of the service being used in

+ * linking.

+ * @return string|null Returns a language constant (string) if an error is

+ * encountered, or null on success.

+ */

+ protected function link_account_login_link(array $link_data, $service_name)

+ {

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+

+ // Check for an access token, they should have one

+ if (!$storage->has_access_token_by_session($service_name))

+ {

+ return 'LOGIN_LINK_ERROR_OAUTH_NO_ACCESS_TOKEN';

+ }

+

+ // Prepare the query string

+ $query = 'mode=login_link&login_link_oauth_service=' . strtolower($link_data['oauth_service']);

+

+ // Prepare for an authentication request

+ $service_credentials = $this->service_providers[$service_name]->get_service_credentials();

+ $scopes = $this->service_providers[$service_name]->get_auth_scope();

+ $service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $scopes, $query);

+ $this->service_providers[$service_name]->set_external_service_provider($service);

+

+ // The user has already authenticated successfully, request to authenticate again

+ $unique_id = $this->service_providers[$service_name]->perform_token_auth();

+

+ // Insert into table, they will be able to log in after this

+ $data = array(

+ 'user_id' => $link_data['user_id'],

+ 'provider' => strtolower($link_data['oauth_service']),

+ 'oauth_provider_id' => $unique_id,

+ );

+

+ $this->link_account_perform_link($data);

+ // Update token storage to store the user_id

+ $storage->set_user_id($link_data['user_id']);

+ }

+

+ /**

+ * Performs the account linking for auth_link

+ *

+ * @param array $link_data The same variable given to {@see phpbb_auth_provider_interface::link_account}

+ * @param string $service_name The name of the service being used in

+ * linking.

+ * @return string|null Returns a language constant (string) if an error is

+ * encountered, or null on success.

+ */

+ protected function link_account_auth_link(array $link_data, $service_name)

+ {

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+ $query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']);

+ $service_credentials = $this->service_providers[$service_name]->get_service_credentials();

+ $scopes = $this->service_providers[$service_name]->get_auth_scope();

+ $service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $scopes, $query);

+

+ if ($this->request->is_set('code', phpbb_request_interface::GET))

+ {

+ $this->service_providers[$service_name]->set_external_service_provider($service);

+ $unique_id = $this->service_providers[$service_name]->perform_auth_login();

+

+ // Insert into table, they will be able to log in after this

+ $data = array(

+ 'user_id' => $this->user->data['user_id'],

+ 'provider' => strtolower($link_data['oauth_service']),

+ 'oauth_provider_id' => $unique_id,

+ );

+

+ $this->link_account_perform_link($data);

+ }

+ else

+ {

+ $url = $service->getAuthorizationUri();

+ header('Location: ' . $url);

+ }

+ }

+

+ /**

+ * Performs the query that inserts an account link

+ *

+ * @param array $data This array is passed to db->sql_build_array

+ */

+ protected function link_account_perform_link(array $data)

+ {

+ $sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '

+ ' . $this->db->sql_build_array('INSERT', $data);

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function logout($data, $new_session)

+ {

+ // Clear all tokens belonging to the user

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+ $storage->clearAllTokens();

+

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_auth_link_data()

+ {

+ $block_vars = array();

+

+ // Get all external accounts tied to the current user

+ $data = array(

+ 'user_id' => (int) $this->user->data['user_id'],

+ );

+ $sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '

+ WHERE ' . $this->db->sql_build_array('SELECT', $data);

+ $result = $this->db->sql_query($sql);

+ $rows = $this->db->sql_fetchrowset($result);

+ $this->db->sql_freeresult($result);

+

+ $oauth_user_ids = array();

+

+ if ($rows !== false && sizeof($rows))

+ {

+ foreach ($rows as $row)

+ {

+ $oauth_user_ids[$row['provider']] = $row['oauth_provider_id'];

+ }

+ }

+ unset($rows);

+

+ foreach ($this->service_providers as $service_name => $service_provider)

+ {

+ // Only include data if the credentials are set

+ $credentials = $service_provider->get_service_credentials();

+ if ($credentials['key'] && $credentials['secret'])

+ {

+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

+

+ $block_vars[$service_name] = array(

+ 'HIDDEN_FIELDS' => array(

+ 'link' => (!isset($oauth_user_ids[$actual_name])),

+ 'oauth_service' => $actual_name,

+ ),

+

+ 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],

+ 'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null,

+ );

+ }

+ }

+

+ return array(

+ 'BLOCK_VAR_NAME' => 'oauth',

+ 'BLOCK_VARS' => $block_vars,

+

+ 'TEMPLATE_FILE' => 'ucp_auth_link_oauth.html',

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function unlink_account(array $link_data)

+ {

+ if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])

+ {

+ return 'LOGIN_LINK_MISSING_DATA';

+ }

+

+ // Remove the link

+ $sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "

+ WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'

+ AND user_id = " . (int) $this->user->data['user_id'];

+ $this->db->sql_query($sql);

+

+ // Clear all tokens belonging to the user on this servce

+ $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+ $storage->clearToken($service_name);

+

+ return;

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* Base OAuth abstract class that all OAuth services should implement

+*

+* @package auth

+*/

+abstract class phpbb_auth_provider_oauth_service_base implements phpbb_auth_provider_oauth_service_interface

+{

+ /**

+ * External OAuth service provider

+ *

+ * @var \OAuth\Common\Service\ServiceInterface

+ */

+ protected $service_provider;

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_external_service_provider()

+ {

+ return $this->service_provider;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_auth_scope()

+ {

+ return array();

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider)

+ {

+ $this->service_provider = $service_provider;

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* Bitly OAuth service

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_service_bitly extends phpbb_auth_provider_oauth_service_base

+{

+ /**

+ * phpBB config

+ *

+ * @var phpbb_config

+ */

+ protected $config;

+

+ /**

+ * phpBB request

+ *

+ * @var phpbb_request

+ */

+ protected $request;

+

+ /**

+ * Constructor

+ *

+ * @param phpbb_config $config

+ * @param phpbb_request $request

+ */

+ public function __construct(phpbb_config $config, phpbb_request $request)

+ {

+ $this->config = $config;

+ $this->request = $request;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_service_credentials()

+ {

+ return array(

+ 'key' => $this->config['auth_oauth_bitly_key'],

+ 'secret' => $this->config['auth_oauth_bitly_secret'],

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_auth_login()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // This was a callback request from bitly, get the token

+ $this->service_provider->requestAccessToken($this->request->variable('code', ''));

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('user/info'), true);

+

+ // Return the unique identifier returned from bitly

+ return $result['data']['login'];

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_token_auth()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('user/info'), true);

+

+ // Return the unique identifier returned from bitly

+ return $result['data']['login'];

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* OAuth service exception class

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_service_exception extends RuntimeException

+{

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* Facebook OAuth service

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_service_facebook extends phpbb_auth_provider_oauth_service_base

+{

+ /**

+ * phpBB config

+ *

+ * @var phpbb_config

+ */

+ protected $config;

+

+ /**

+ * phpBB request

+ *

+ * @var phpbb_request

+ */

+ protected $request;

+

+ /**

+ * Constructor

+ *

+ * @param phpbb_config $config

+ * @param phpbb_request $request

+ */

+ public function __construct(phpbb_config $config, phpbb_request $request)

+ {

+ $this->config = $config;

+ $this->request = $request;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_service_credentials()

+ {

+ return array(

+ 'key' => $this->config['auth_oauth_facebook_key'],

+ 'secret' => $this->config['auth_oauth_facebook_secret'],

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_auth_login()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // This was a callback request, get the token

+ $this->service_provider->requestAccessToken($this->request->variable('code', ''));

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('/me'), true);

+

+ // Return the unique identifier

+ return $result['id'];

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_token_auth()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('/me'), true);

+

+ // Return the unique identifier

+ return $result['id'];

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* Google OAuth service

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_service_google extends phpbb_auth_provider_oauth_service_base

+{

+ /**

+ * phpBB config

+ *

+ * @var phpbb_config

+ */

+ protected $config;

+

+ /**

+ * phpBB request

+ *

+ * @var phpbb_request

+ */

+ protected $request;

+

+ /**

+ * Constructor

+ *

+ * @param phpbb_config $config

+ * @param phpbb_request $request

+ */

+ public function __construct(phpbb_config $config, phpbb_request $request)

+ {

+ $this->config = $config;

+ $this->request = $request;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_auth_scope()

+ {

+ return array(

+ 'userinfo_email',

+ 'userinfo_profile',

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_service_credentials()

+ {

+ return array(

+ 'key' => $this->config['auth_oauth_google_key'],

+ 'secret' => $this->config['auth_oauth_google_secret'],

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_auth_login()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // This was a callback request, get the token

+ $this->service_provider->requestAccessToken($this->request->variable('code', ''));

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);

+

+ // Return the unique identifier

+ return $result['id'];

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_token_auth()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);

+

+ // Return the unique identifier

+ return $result['id'];

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* OAuth service interface

+*

+* @package auth

+*/

+interface phpbb_auth_provider_oauth_service_interface

+{

+ /**

+ * Returns an array of the scopes necessary for auth

+ *

+ * @return array An array of the required scopes

+ */

+ public function get_auth_scope();

+

+ /**

+ * Returns the external library service provider once it has been set

+ *

+ * @param \OAuth\Common\Service\ServiceInterface|null

+ */

+ public function get_external_service_provider();

+

+ /**

+ * Returns an array containing the service credentials belonging to requested

+ * service.

+ *

+ * @return array An array containing the 'key' and the 'secret' of the

+ * service in the form:

+ * array(

+ * 'key' => string

+ * 'secret' => string

+ * )

+ */

+ public function get_service_credentials();

+

+ /**

+ * Returns the results of the authentication in json format

+ *

+ * @throws phpbb_auth_provider_oauth_service_exception

+ * @return string The unique identifier returned by the service provider

+ * that is used to authenticate the user with phpBB.

+ */

+ public function perform_auth_login();

+

+ /**

+ * Returns the results of the authentication in json format

+ * Use this function when the user already has an access token

+ *

+ * @throws phpbb_auth_provider_oauth_service_exception

+ * @return string The unique identifier returned by the service provider

+ * that is used to authenticate the user with phpBB.

+ */

+ public function perform_token_auth();

+

+ /**

+ * Sets the external library service provider

+ *

+ * @param \OAuth\Common\Service\ServiceInterface $service

+ */

+ public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider);

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+

+use OAuth\OAuth1\Token\StdOAuth1Token;

+use OAuth\Common\Token\TokenInterface;

+use OAuth\Common\Storage\TokenStorageInterface;

+use OAuth\Common\Storage\Exception\StorageException;

+use OAuth\Common\Storage\Exception\TokenNotFoundException;

+

+/**

+* OAuth storage wrapper for phpbb's cache

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface

+{

+ /**

+ * Cache driver.

+ *

+ * @var phpbb_db_driver

+ */

+ protected $db;

+

+ /**

+ * phpBB user

+ *

+ * @var phpbb_user

+ */

+ protected $user;

+

+ /**

+ * OAuth token table

+ *

+ * @var string

+ */

+ protected $auth_provider_oauth_table;

+

+ /**

+ * @var object|TokenInterface

+ */

+ protected $cachedToken;

+

+ /**

+ * Creates token storage for phpBB.

+ *

+ * @param phpbb_db_driver $db

+ * @param phpbb_user $user

+ * @param string $auth_provider_oauth_table

+ */

+ public function __construct(phpbb_db_driver $db, phpbb_user $user, $auth_provider_oauth_table)

+ {

+ $this->db = $db;

+ $this->user = $user;

+ $this->auth_provider_oauth_table = $auth_provider_oauth_table;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function retrieveAccessToken($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ if ($this->cachedToken instanceOf TokenInterface)

+ {

+ return $this->cachedToken;

+ }

+

+ $data = array(

+ 'user_id' => (int) $this->user->data['user_id'],

+ 'provider' => $service,

+ );

+

+ if ((int) $this->user->data['user_id'] === ANONYMOUS)

+ {

+ $data['session_id'] = $this->user->data['session_id'];

+ }

+

+ return $this->_retrieve_access_token($data);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function storeAccessToken($service, TokenInterface $token)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ $this->cachedToken = $token;

+

+ $data = array(

+ 'user_id' => (int) $this->user->data['user_id'],

+ 'provider' => $service,

+ 'oauth_token' => $this->json_encode_token($token),

+ 'session_id' => $this->user->data['session_id'],

+ );

+

+ $sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . '

+ ' . $this->db->sql_build_array('INSERT', $data);

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function hasAccessToken($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ if ($this->cachedToken) {

+ return true;

+ }

+

+ $data = array(

+ 'user_id' => (int) $this->user->data['user_id'],

+ 'provider' => $service,

+ );

+

+ if ((int) $this->user->data['user_id'] === ANONYMOUS)

+ {

+ $data['session_id'] = $this->user->data['session_id'];

+ }

+

+ return $this->_has_acess_token($data);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function clearToken($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ $this->cachedToken = null;

+

+ $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '

+ WHERE user_id = ' . (int) $this->user->data['user_id'] . "

+ AND provider = '" . $this->db->sql_escape($service) . "'";

+

+ if ((int) $this->user->data['user_id'] === ANONYMOUS)

+ {

+ $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";

+ }

+

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function clearAllTokens()

+ {

+ $this->cachedToken = null;

+

+ $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '

+ WHERE user_id = ' . (int) $this->user->data['user_id'];

+

+ if ((int) $this->user->data['user_id'] === ANONYMOUS)

+ {

+ $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";

+ }

+

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * Updates the user_id field in the database assosciated with the token

+ *

+ * @param int $user_id

+ */

+ public function set_user_id($user_id)

+ {

+ if (!$this->cachedToken)

+ {

+ return;

+ }

+

+ $sql = 'UPDATE ' . $this->auth_provider_oauth_table . '

+ SET ' . $this->db->sql_build_array('UPDATE', array(

+ 'user_id' => (int) $user_id

+ )) . '

+ WHERE user_id = ' . (int) $this->user->data['user_id'] . "

+ AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * Checks to see if an access token exists solely by the session_id of the user

+ *

+ * @return bool true if they have token, false if they don't

+ */

+ public function has_access_token_by_session($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ if ($this->cachedToken)

+ {

+ return true;

+ }

+

+ $data = array(

+ 'session_id' => $this->user->data['session_id'],

+ 'provider' => $service,

+ );

+

+ return $this->_has_acess_token($data);

+ }

+

+ /**

+ * A helper function that performs the query for has access token functions

+ *

+ * @param array $data

+ * @return bool

+ */

+ protected function _has_acess_token($data)

+ {

+ return (bool) $this->get_access_token_row($data);

+ }

+

+ public function retrieve_access_token_by_session($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ if ($this->cachedToken instanceOf TokenInterface) {

+ return $this->cachedToken;

+ }

+

+ $data = array(

+ 'session_id' => $this->user->data['session_id'],

+ 'provider' => $service,

+ );

+

+ return $this->_retrieve_access_token($data);

+ }

+

+ /**

+ * A helper function that performs the query for retrieve access token functions

+ * Also checks if the token is a valid token

+ *

+ * @param array $data

+ * @return mixed

+ */

+ protected function _retrieve_access_token($data)

+ {

+ $row = $this->get_access_token_row($data);

+

+ if (!$row)

+ {

+ throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_NOT_STORED');

+ }

+

+ $token = $this->json_decode_token($row['oauth_token']);

+

+ // Ensure that the token was serialized/unserialized correctly

+ if (!($token instanceof TokenInterface))

+ {

+ $this->clearToken();

+ throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');

+ }

+

+ $this->cachedToken = $token;

+ return $token;

+ }

+

+ /**

+ * A helper function that performs the query for retrieving an access token

+ *

+ * @param array $data

+ * @return mixed

+ */

+ protected function get_access_token_row($data)

+ {

+ $sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . '

+ WHERE ' . $this->db->sql_build_array('SELECT', $data);

+ $result = $this->db->sql_query($sql);

+ $row = $this->db->sql_fetchrow($result);

+ $this->db->sql_freeresult($result);

+

+ return $row;

+ }

+

+ public function json_encode_token(TokenInterface $token)

+ {

+ $members = array(

+ 'accessToken' => $token->getAccessToken(),

+ 'endOfLife' => $token->getEndOfLife(),

+ 'extraParams' => $token->getExtraParams(),

+ 'refreshToken' => $token->getRefreshToken(),

+

+ 'token_class' => get_class($token),

+ );

+

+ // Handle additional data needed for OAuth1 tokens

+ if ($token instanceof StdOAuth1Token)

+ {

+ $members['requestToken'] = $token->getRequestToken();

+ $members['requestTokenSecret'] = $token->getRequestTokenSecret();

+ $members['accessTokenSecret'] = $token->getAccessTokenSecret();

+ }

+

+ return json_encode($members);

+ }

+

+ public function json_decode_token($json)

+ {

+ $token_data = json_decode($json, true);

+

+ if ($token_data === null)

+ {

+ throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');

+ }

+

+ $token_class = $token_data['token_class'];

+ $access_token = $token_data['accessToken'];

+ $refresh_token = $token_data['refreshToken'];

+ $endOfLife = $token_data['endOfLife'];

+ $extra_params = $token_data['extraParams'];

+

+ // Create the token

+ $token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params);

+ $token->setEndOfLife($endOfLife);

+

+ // Handle OAuth 1.0 specific elements

+ if ($token instanceof StdOAuth1Token)

+ {

+ $token->setRequestToken($token_data['requestToken']);

+ $token->setRequestTokenSecret($token_data['requestTokenSecret']);

+ $token->setAccessTokenSecret($token_data['accessTokenSecret']);

+ }

+

+ return $token;

+ }

+

+ /**

+ * Returns the name of the service as it must be stored in the database.

+ *

+ * @param string $service The name of the OAuth service

+ * @return string The name of the OAuth service as it needs to be stored

+ * in the database.

+ */

+ protected function get_service_name_for_db($service)

+ {

+ // Enforce the naming convention for oauth services

+ if (strpos($service, 'auth.provider.oauth.service.') !== 0)

+ {

+ $service = 'auth.provider.oauth.service.' . strtolower($service);

+ }

+

+ return $service;

+ }

+}

+<?php

+/**

+*

+* @package migration

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License v2

+*

+*/

+

+class phpbb_db_migration_data_310_auth_provider_oauth extends phpbb_db_migration

+{

+ public function effectively_installed()

+ {

+ return $this->db_tools->sql_table_exists($this->table_prefix . 'auth_provider_oauth');

+ }

+

+ public function update_schema()

+ {

+ return array(

+ 'add_tables' => array(

+ $this->table_prefix . 'oauth_tokens' => array(

+ 'COLUMNS' => array(

+ 'user_id' => array('UINT', 0), // phpbb_users.user_id

+ 'session_id' => array('CHAR:32', ''), // phpbb_sessions.session_id used only when user_id not set

+ 'provider' => array('VCHAR', ''), // Name of the OAuth provider

+ 'oauth_token' => array('MTEXT', ''), // Serialized token

+ ),

+ 'KEYS' => array(

+ 'user_id' => array('INDEX', 'user_id'),

+ 'provider' => array('INDEX', 'provider'),

+ ),

+ ),

+ $this->table_prefix . 'oauth_accounts' => array(

+ 'COLUMNS' => array(

+ 'user_id' => array('UINT', 0),

+ 'provider' => array('VCHAR', ''),

+ 'oauth_provider_id' => array('TEXT_UNI', ''),

+ ),

+ 'PRIMARY_KEY' => array(

+ 'user_id',

+ 'provider',

+ ),

+ ),

+ ),

+ );

+ }

+

+ public function revert_schema()

+ {

+ return array(

+ 'drop_tables' => array(

+ $this->table_prefix . 'oauth_tokens',

+ $this->table_prefix . 'oauth_accounts',

+ ),

+ );

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('module.add', array(

+ 'ucp',

+ 'UCP_AUTH_LINK',

+ array(

+ 'module_basename' => 'ucp_auth_link',

+ 'modes' => array('auth_link'),

+ ),

+ )),

+ );

+ }

+}

+

+ /**

+ * Returns the original array of the requested super global

+ *

+ * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global

+ * The super global which will be returned

+ *

+ * @return array The original array of the requested super global.

+ */

+ public function get_super_global($super_global = phpbb_request_interface::REQUEST);

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_super_global($super_global = phpbb_request_interface::REQUEST)

+ {

+ return $this->input[$super_global];

+ }

+

+ <!-- IF not S_ADMIN_AUTH and PROVIDER_TEMPLATE_FILE -->

+ <!-- INCLUDE {PROVIDER_TEMPLATE_FILE} -->

+ <!-- ENDIF -->

+<div class="content">

+ <!-- BEGIN oauth -->

+ <dl>

+ <dt>&nbsp;</dt>

+ <dd><a href="{oauth.REDIRECT_URL}" class="button2">{oauth.SERVICE_NAME}</a></dd>

+ </dl>

+ <!-- END oauth -->

+</div>

+<!-- INCLUDE ucp_header.html -->

+

+<h2>{L_UCP_AUTH_LINK_TITLE}</h2>

+

+<div class="panel">

+ <div class="inner">

+ <!-- IF ERROR --><dl><dd class="error">{ERROR}</dd></dl><!-- ENDIF -->

+

+ <!-- INCLUDE {PROVIDER_TEMPLATE_FILE} -->

+ </div>

+</div>

+

+<!-- INCLUDE ucp_footer.html -->

+<!-- BEGIN oauth -->

+ <form id="ucp" method="post" action="{S_UCP_ACTION}">

+ <h3>{oauth.SERVICE_NAME}</h3>

+

+ <fieldset class="fields2">

+ <!-- IF oauth.UNIQUE_ID -->

+ <dl>

+ <dt>{L_UCP_AUTH_LINK_ID}{L_COLON}</dt>

+ <dd>{oauth.UNIQUE_ID}</dd>

+ </dl>

+ <dl>

+ <dt>&nbsp;</dt>

+ <dd><input type="submit" name="submit" tabindex="6" value="{L_UCP_AUTH_LINK_UNLINK}" class="button1" /></dd>

+ </dl>

+ <!-- ELSE -->

+ <dl>

+ <dd>{L_UCP_AUTH_LINK_ASK}</dd>

+ </dl>

+ <dl>

+ <dt>&nbsp;</dt>

+ <dd><input type="submit" name="submit" tabindex="6" value="{L_UCP_AUTH_LINK_LINK}" class="button1" /></dd>

+ </dl>

+ <!-- ENDIF-->

+ </fieldset>

+ {oauth.HIDDEN_FIELDS}

+ {S_HIDDEN_FIELDS}

+ {S_FORM_TOKEN}

+ </form>

+<!-- END oauth -->

+<!-- INCLUDE overall_header.html -->

+

+<div class="panel">

+ <div class="inner">

+

+ <h2>{SITENAME} - {L_LOGIN_LINK}</h2>

+

+ <p>{L_LOGIN_LINK_EXPLAIN}</p>

+

+ <!-- IF LOGIN_LINK_ERROR --><div class="content">

+ <div class="error">{LOGIN_LINK_ERROR}</div>

+ </div><!-- ENDIF -->

+

+ <div class="content">

+ <h2>{L_REGISTER}</h2>

+

+ <form action="{REGISTER_ACTION}" method="post" id="register">

+ <fieldset class="fields1">

+ <dl>

+ <dt>&nbsp;</dt>

+ <dd>{S_HIDDEN_FIELDS}<input type="submit" name="register" tabindex="1" value="{L_REGISTER}" class="button1" /></dd>

+ </dl>

+ </fieldset>

+ </form>

+ </div>

+

+ <div class="content">

+ <h2>{L_LOGIN}</h2>

+

+ <form action="{LOGIN_ACTION}" method="post" id="login">

+ <fieldset class="fields1">

+ <!-- IF LOGIN_ERROR --><div class="error">{LOGIN_ERROR}</div><!-- ENDIF -->

+ <dl>

+ <dt><label for="{USERNAME_CREDENTIAL}">{L_USERNAME}{L_COLON}</label></dt>

+ <dd><input type="text" tabindex="2" name="{USERNAME_CREDENTIAL}" id="{USERNAME_CREDENTIAL}" size="25" value="{LOGIN_USERNAME}" class="inputbox autowidth" /></dd>

+ </dl>

+ <dl>

+ <dt><label for="{PASSWORD_CREDENTIAL}">{L_PASSWORD}{L_COLON}</label></dt>

+ <dd><input type="password" tabindex="3" id="{PASSWORD_CREDENTIAL}" name="{PASSWORD_CREDENTIAL}" size="25" class="inputbox autowidth" /></dd>

+ </dl>

+ <!-- IF CAPTCHA_TEMPLATE and S_CONFIRM_CODE -->

+ <!-- DEFINE $CAPTCHA_TAB_INDEX = 4 -->

+ <!-- INCLUDE {CAPTCHA_TEMPLATE} -->

+ <!-- ENDIF -->

+

+ {S_LOGIN_REDIRECT}

+ <dl>

+ <dt>&nbsp;</dt>

+ <dd>{S_HIDDEN_FIELDS}<input type="submit" name="login" tabindex="5" value="{L_LOGIN}" class="button1" /></dd>

+ </dl>

+ </fieldset>

+ </form>

+ </div>

+

+ </div>

+</div>

+

+<!-- INCLUDE overall_footer.html -->

+ <!-- IF not S_ADMIN_AUTH and PROVIDER_TEMPLATE_FILE -->

+ <!-- INCLUDE {PROVIDER_TEMPLATE_FILE} -->

+ <!-- ENDIF -->

+<!-- BEGIN oauth -->

+ <tr>

+ <td>

+ <a href="{oauth.REDIRECT_URL}">{oauth.SERVICE_NAME}</a>

+ </td>

+ </tr>

+<!-- END oauth -->

+<!-- INCLUDE ucp_header.html -->

+

+<table class="tablebg" width="100%" cellspacing="1">

+ <tr>

+ <th colspan="4">{L_UCP_AUTH_LINK_TITLE}</th>

+ </tr>

+

+ <!-- IF ERROR -->

+ <tr>

+ <td class="row1" colspan="2" align="center"><span class="genmed error">{ERROR}</span></td>

+ </tr>

+ <!-- ENDIF -->

+

+ <!-- INCLUDE {PROVIDER_TEMPLATE_FILE} -->

+</table>

+

+<!-- INCLUDE ucp_footer.html -->

+<!-- BEGIN oauth -->

+ <tr>

+ <th>{oauth.SERVICE_NAME}</th>

+ </tr>

+

+ <tr>

+ <td class="row1">

+ <form id="ucp" method="post" action="{S_UCP_ACTION}">

+ <table>

+ <!-- IF oauth.UNIQUE_ID -->

+ <tr>

+ <td class="row1">{L_UCP_AUTH_LINK_ID}{L_COLON}</td>

+ <td class="row1">{oauth.UNIQUE_ID}</td>

+ </tr>

+ <tr>

+ <td class="row1">&nbsp;</td>

+ <td class="row1"><input type="submit" name="submit" tabindex="6" value="{L_UCP_AUTH_LINK_UNLINK}" class="button1" /></td>

+ </tr>

+ <!-- ELSE -->

+ <tr>

+ <td class="row1">{L_UCP_AUTH_LINK_ASK}</td>

+ </tr>

+ <tr>

+ <td class="row1"><input type="submit" name="submit" tabindex="6" value="{L_UCP_AUTH_LINK_LINK}" class="button1" /></td>

+ </tr>

+ <!-- ENDIF-->

+ </table>

+ {oauth.HIDDEN_FIELDS}

+ {S_HIDDEN_FIELDS}

+ {S_FORM_TOKEN}

+ </form>

+ </td>

+ </tr>

+<!-- END oauth -->

+<!-- INCLUDE overall_header.html -->

+

+<table class="tablebg" width="100%" cellspacing="1">

+ <tr>

+ <th>{SITENAME} - {L_LOGIN_LINK}</th>

+ </tr>

+

+ <tr>

+ <td class="row1" align="center"><span class="genmed">{L_LOGIN_LINK_EXPLAIN}</span></td>

+ </tr>

+

+ <!-- IF LOGIN_LINK_ERROR -->

+ <tr>

+ <td class="row1" align="center"><span class="genmed error">{LOGIN_LINK_ERROR}</span></td>

+ </tr>

+ <!-- ENDIF -->

+

+ <tr>

+ <td class="row1">

+ <form action="{REGISTER_ACTION}" method="post" id="register">

+ <table width="100%" cellspacing="1">

+ <tr>

+ <th colspan="2">{L_REGISTER}</th>

+ </tr>

+

+ <tr>

+ <td>{S_HIDDEN_FIELDS}<input type="submit" name="register" tabindex="1" value="{L_REGISTER}" class="button1" /></td>

+ </tr>

+ </table>

+ </form>

+ </td>

+ </tr>

+

+ <tr>

+ <td class="row1">

+ <form action="{LOGIN_ACTION}" method="post" id="login">

+ <table width="100%" cellspacing="1">

+ <tr>

+ <th colspan="2">{L_LOGIN}</th>

+ </tr>

+

+ <!-- IF LOGIN_ERROR -->

+ <tr>

+ <td class="row1" align="center" colspan="2"><span class="genmed error">{LOGIN_ERROR}</span></td>

+ </tr>

+ <!-- ENDIF -->

+

+ <tr>

+ <td><label for="{USERNAME_CREDENTIAL}">{L_USERNAME}{L_COLON}</label></td>

+ <td><input type="text" tabindex="2" name="{USERNAME_CREDENTIAL}" id="{USERNAME_CREDENTIAL}" size="25" value="{LOGIN_USERNAME}" class="inputbox autowidth" /></td>

+ </tr>

+

+ <tr>

+ <td><label for="{PASSWORD_CREDENTIAL}">{L_PASSWORD}{L_COLON}</label></td>

+ <td><input type="password" tabindex="3" id="{PASSWORD_CREDENTIAL}" name="{PASSWORD_CREDENTIAL}" size="25" class="inputbox autowidth" /></td>

+ </tr>

+

+ <!-- IF CAPTCHA_TEMPLATE and S_CONFIRM_CODE -->

+ <!-- DEFINE $CAPTCHA_TAB_INDEX = 4 -->

+ <!-- INCLUDE {CAPTCHA_TEMPLATE} -->

+ <!-- ENDIF -->

+

+ {S_LOGIN_REDIRECT}

+ <tr>

+ <td>&nbsp;</td>

+ <td>{S_HIDDEN_FIELDS}<input type="submit" name="login" tabindex="5" value="{L_LOGIN}" class="button1" /></td>

+ </tr>

+ </table>

+ </form>

+ </td>

+ </tr>

+</table>

+

+<!-- INCLUDE overall_footer.html -->

+if (in_array($mode, array('login', 'login_link', 'logout', 'confirm', 'sendpassword', 'activate')))

+ case 'login_link':

+ if ($user->data['is_registered'])

+ {

+ redirect(append_sid("{$phpbb_root_path}index.$phpEx"));

+ }

+

+ $module->load('ucp', 'login_link');

+ $module->display($user->lang['UCP_LOGIN_LINK']);

+ break;

+

+<?xml version="1.0" encoding="UTF-8" ?>

+<dataset>

+ <table name="phpbb_oauth_tokens">

+ <column>user_id</column>

+ <column>session_id</column>

+ <column>provider</column>

+ <column>oauth_token</column>

+ </table>

+</dataset>

+

+<?php

+/**

+*

+* @package testing

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+use OAuth\OAuth2\Token\StdOAuth2Token;

+

+class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_case

+{

+ protected $db;

+ protected $service_name;

+ protected $session_id;

+ protected $token_storage;

+ protected $token_storage_table;

+ protected $user;

+

+ protected function setup()

+ {

+ parent::setUp();

+

+ global $phpbb_root_path, $phpEx;

+

+ $this->db = $this->new_dbal();

+ $this->user = $this->getMock('phpbb_user');

+ $this->service_name = 'auth.provider.oauth.service.testing';

+ $this->token_storage_table = 'phpbb_oauth_tokens';

+

+ // Give the user a session_id that we will remember

+ $this->session_id = '12345';

+ $this->user->data['session_id'] = $this->session_id;

+

+ // Set the user id to anonymous

+ $this->user->data['user_id'] = ANONYMOUS;

+

+ $this->token_storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->token_storage_table);

+ }

+

+ public function getDataSet()

+ {

+ return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/oauth_tokens.xml');

+ }

+

+ public static function retrieveAccessToken_data()

+ {

+ return array(

+ array(new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES, array('extra' => 'param')), null),

+ array(null, 'OAuth\Common\Storage\Exception\TokenNotFoundException'),

+ );

+ }

+

+ /**

+ * @dataProvider retrieveAccessToken_data

+ */

+ public function test_retrieveAccessToken($cache_token, $exception)

+ {

+ if ($cache_token)

+ {

+ $this->token_storage->storeAccessToken($this->service_name, $cache_token);

+ $token = $cache_token;

+ }

+

+ $this->setExpectedException($exception);

+

+ $stored_token = $this->token_storage->retrieveAccessToken($this->service_name);

+ $this->assertEquals($token, $stored_token);

+ }

+

+ public function test_retrieveAccessToken_from_db()

+ {

+ $expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES);

+

+ // Store a token in the database

+ $temp_storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->token_storage_table);

+ $temp_storage->storeAccessToken($this->service_name, $expected_token);

+ unset($temp_storage);

+

+ // Test to see if the token can be retrieved

+ $stored_token = $this->token_storage->retrieveAccessToken($this->service_name);

+ $this->assertEquals($expected_token, $stored_token);

+ }

+

+ /**

+ * @dataProvider retrieveAccessToken_data

+ */

+ public function test_retrieve_access_token_by_session($cache_token, $exception)

+ {

+ if ($cache_token)

+ {

+ $this->token_storage->storeAccessToken($this->service_name, $cache_token);

+ $token = $cache_token;

+ }

+

+ $this->setExpectedException($exception);

+

+ $stored_token = $this->token_storage->retrieve_access_token_by_session($this->service_name);

+ $this->assertEquals($token, $stored_token);

+ }

+

+ public function test_retrieve_access_token_by_session_from_db()

+ {

+ $expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES);

+

+ // Store a token in the database

+ $temp_storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->token_storage_table);

+ $temp_storage->storeAccessToken($this->service_name, $expected_token);

+ unset($temp_storage);

+

+ // Test to see if the token can be retrieved

+ $stored_token = $this->token_storage->retrieve_access_token_by_session($this->service_name);

+ $this->assertEquals($expected_token, $stored_token);

+ }

+

+ public function test_storeAccessToken()

+ {

+ $token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES, array('extra' => 'param') );

+ $this->token_storage->storeAccessToken($this->service_name, $token);

+

+ // Confirm that the token is cached

+ $extraParams = $this->token_storage->retrieveAccessToken($this->service_name)->getExtraParams();

+ $this->assertEquals( 'param', $extraParams['extra'] );

+ $this->assertEquals( 'access', $this->token_storage->retrieveAccessToken($this->service_name)->getAccessToken() );

+

+ $row = $this->get_token_row_by_session_id($this->session_id);

+

+ // The token is serialized before stored in the database

+ $this->assertEquals($this->token_storage->json_encode_token($token), $row['oauth_token']);

+ }

+

+ public static function hasAccessToken_data()

+ {

+ return array(

+ array(null, false),

+ array(new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES, array('extra' => 'param') ), true),

+ );

+ }

+

+ /**

+ * @dataProvider hasAccessToken_data

+ */

+ public function test_hasAccessToken($token, $expected)

+ {

+ if ($token)

+ {

+ $this->token_storage->storeAccessToken($this->service_name, $token);

+ }

+

+ $has_access_token = $this->token_storage->hasAccessToken($this->service_name);

+ $this->assertEquals($expected, $has_access_token);

+ }

+

+ /**

+ * @dataProvider hasAccessToken_data

+ */

+ public function test_has_access_token_by_session($token, $expected)

+ {

+ if ($token)

+ {

+ $this->token_storage->storeAccessToken($this->service_name, $token);

+ }

+

+ $has_access_token = $this->token_storage->has_access_token_by_session($this->service_name);

+ $this->assertEquals($expected, $has_access_token);

+ }

+

+ public function test_clearToken()

+ {

+ $token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES, array('extra' => 'param') );

+ $this->token_storage->storeAccessToken($this->service_name, $token);

+

+ $this->token_storage->clearToken($this->service_name);

+

+ // Check that the database has been cleared

+ $row = $this->get_token_row_by_session_id($this->session_id);

+ $this->assertFalse($row);

+

+ // Check that the token is no longer in memory

+ $this->assertFalse($this->token_storage->hasAccessToken($this->service_name));

+ }

+

+ public function test_set_user_id()

+ {

+ $token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES, array('extra' => 'param') );

+ $this->token_storage->storeAccessToken($this->service_name, $token);

+

+ $new_user_id = ANONYMOUS + 1;

+ $this->token_storage->set_user_id($new_user_id);

+

+ $row = $this->get_token_row_by_session_id($this->session_id);

+ $this->assertEquals($new_user_id, $row['user_id']);

+ }

+

+ protected function get_token_row_by_session_id($session_id)

+ {

+ // Test that the token is stored in the database

+ $sql = 'SELECT * FROM phpbb_oauth_tokens

+ WHERE session_id = \'' . $this->db->sql_escape($session_id) . '\'';

+ $result = $this->db->sql_query($sql);

+ $row = $this->db->sql_fetchrow($result);

+ $this->db->sql_freeresult($result);

+

+ return $row;

+ }

+}

+ public function get_super_global($super_global = phpbb_request_interface::REQUEST)

+ {

+ return $this->data[$super_global];

+ }

+