2 files changed, 70 insertions, 12 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php
index 313ad7661b..ff1887fce7 100644
--- a/phpBB/phpbb/auth/provider/oauth/token_storage.php
+++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php
@@ -16,6 +16,7 @@ if (!defined('IN_PHPBB'))
 }
 
 
+use OAuth\OAuth1\Token\StdOAuth1Token;
 use OAuth\Common\Token\TokenInterface;
 use OAuth\Common\Storage\TokenStorageInterface;
 use OAuth\Common\Storage\Exception\StorageException;
@@ -109,7 +110,7 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
 		$data = array(
 			'user_id'		=> $this->user->data['user_id'],
 			'provider'		=> $this->service_name,
-			'oauth_token'	=> serialize($token),
+			'oauth_token'	=> $this->json_encode_token($token),
 			'session_id'	=> $this->user->data['session_id'],
 		);
 
@@ -248,7 +249,7 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
 			throw new TokenNotFoundException('Token not stored');
 		}
 
-		$token = unserialize($row['oauth_token']);
+		$token = $this->json_decode_token($row['oauth_token']);
 
 		// Ensure that the token was serialized/unserialized correctly
 		if (!($token instanceof TokenInterface))
@@ -278,4 +279,56 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
 
 		return $row;
 	}
+
+	public function json_encode_token(TokenInterface $token)
+	{
+		$members = array(
+			'accessToken'	=> $token->getAccessToken(),
+			'endOfLife'		=> $token->getEndOfLife(),
+			'extraParams'	=> $token->getExtraParams(),
+			'refreshToken'	=> $token->getRefreshToken(),
+
+			'token_class'	=> get_class($token),
+		);
+
+		// Handle additional data needed for OAuth1 tokens
+		if ($token instanceof StdOAuth1Token)
+		{
+			$members['requestToken']		= $token->getRequestToken();
+			$members['requestTokenSecret']	= $token->getRequestTokenSecret();
+			$members['accessTokenSecret']	= $token->getAccessTokenSecret();
+		}
+
+		return json_encode($members);
+	}
+
+	public function json_decode_token($json)
+	{
+		$token_data = json_decode($json, true);
+
+		if ($token_data === null)
+		{
+			throw new TokenNotFoundException('Token not stored correctly');
+		}
+
+		$token_class	= $token_data['token_class'];
+		$access_token	= $token_data['accessToken'];
+		$refresh_token	= $token_data['refreshToken'];
+		$endOfLife		= $token_data['endOfLife'];
+		$extra_params	= $token_data['extraParams'];
+
+		// Create the token
+		$token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params);
+		$token->setEndOfLife($endOfLife);
+
+		// Handle OAuth 1.0 specific elements
+		if ($token instanceof StdOAuth1Token)
+		{
+			$token->setRequestToken($token_data['requestToken']);
+			$token->setRequestTokenSecret($token_data['requestTokenSecret']);
+			$token->setAccessTokenSecret($token_data['accessTokenSecret']);
+		}
+
+		return $token;
+	}
 }
diff --git a/tests/auth/provider_oauth_token_storage_test.php b/tests/auth/provider_oauth_token_storage_test.php
index f47f3652b6..026a539285 100644
--- a/tests/auth/provider_oauth_token_storage_test.php
+++ b/tests/auth/provider_oauth_token_storage_test.php
@@ -86,16 +86,8 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
 	/**
 	* @dataProvider retrieveAccessToken_data
 	*/
-	public function test_retrieve_access_token_by_session($cache_token, $db_token, $exception)
+	public function test_retrieve_access_token_by_session($cache_token, $exception)
 	{
-		if ($db_token)
-		{
-			$temp_storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->service_name, $this->token_storage_table);
-			$temp_storage->storeAccessToken($db_token);
-			unset($temp_storage);
-			$token = $db_token;
-		}
-
 		if ($cache_token)
 		{
 			$this->token_storage->storeAccessToken($cache_token);
@@ -108,6 +100,19 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
 		$this->assertEquals($token, $stored_token);
 	}
 
+	public function test_retrieve_access_token_by_session_from_db()
+	{
+		$expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES);
+
+		// Store a token in the database
+		$temp_storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->service_name, $this->token_storage_table);
+		$temp_storage->storeAccessToken($expected_token);
+		unset($temp_storage);
+
+		// Test to see if the token can be retrieved
+		$stored_token = $this->token_storage->retrieve_access_token_by_session();
+		$this->assertEquals($expected_token, $stored_token);
+	}
 
 	public function test_storeAccessToken()
 	{
@@ -122,7 +127,7 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
 		$row = $this->get_token_row_by_session_id($this->session_id);
 
 		// The token is serialized before stored in the database
-		$this->assertEquals(serialize($token), $row['oauth_token']);
+		$this->assertEquals($this->token_storage->json_encode_token($token), $row['oauth_token']);
 	}
 
 	public static function hasAccessToken_data()