diff options
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/token_storage.php | 2 | ||||
| -rw-r--r-- | tests/auth/fixtures/oauth_tokens.xml | 6 | ||||
| -rw-r--r-- | tests/auth/phpbb_not_a_token.php | 23 | ||||
| -rw-r--r-- | tests/auth/provider_oauth_token_storage_test.php | 18 |
4 files changed, 48 insertions, 1 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php index fe1a376cfe..023cf402ca 100644 --- a/phpBB/phpbb/auth/provider/oauth/token_storage.php +++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php @@ -266,7 +266,7 @@ class token_storage implements TokenStorageInterface // Ensure that the token was serialized/unserialized correctly if (!($token instanceof TokenInterface)) { - $this->clearToken(); + $this->clearToken($data['provider']); throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED'); } diff --git a/tests/auth/fixtures/oauth_tokens.xml b/tests/auth/fixtures/oauth_tokens.xml index 9bfb5a4422..6c82e94e62 100644 --- a/tests/auth/fixtures/oauth_tokens.xml +++ b/tests/auth/fixtures/oauth_tokens.xml @@ -5,6 +5,12 @@ <column>session_id</column> <column>provider</column> <column>oauth_token</column> + <row> + <value>1</value> + <value>abcd</value> + <value>auth.provider.oauth.service.testing</value> + <value>{"token_class":"phpbb_not_a_token","accessToken":"error","refreshToken":0,"endOfLife":null,"extraParams":null}</value> + </row> </table> </dataset> diff --git a/tests/auth/phpbb_not_a_token.php b/tests/auth/phpbb_not_a_token.php new file mode 100644 index 0000000000..61cc14fa10 --- /dev/null +++ b/tests/auth/phpbb_not_a_token.php @@ -0,0 +1,23 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +class phpbb_not_a_token +{ + public function __construct($param1, $param2, $param3, $param4) + { + } + + public function setEndOfLife() + { + } +} diff --git a/tests/auth/provider_oauth_token_storage_test.php b/tests/auth/provider_oauth_token_storage_test.php index ec28e546bd..45daa9816b 100644 --- a/tests/auth/provider_oauth_token_storage_test.php +++ b/tests/auth/provider_oauth_token_storage_test.php @@ -13,6 +13,8 @@ use OAuth\OAuth2\Token\StdOAuth2Token; +require_once dirname(__FILE__) . '/phpbb_not_a_token.php'; + class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_case { protected $db; @@ -73,6 +75,22 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c $this->assertEquals($token, $stored_token); } + public function test_retrieveAccessToken_wrong_token() + { + $this->user->data['session_id'] = 'abcd'; + try + { + $this->token_storage->retrieveAccessToken($this->service_name); + $this->fail('The token can not be deserialized and an exception should be thrown.'); + } + catch (\OAuth\Common\Storage\Exception\TokenNotFoundException $e) + { + } + + $row = $this->get_token_row_by_session_id('abcd'); + $this->assertFalse($row); + } + public function test_retrieveAccessToken_from_db() { $expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES); |