diff options
| -rw-r--r-- | phpBB/includes/ucp/ucp_auth_link.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_login_link.php | 3 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/oauth.php | 13 |
3 files changed, 19 insertions, 2 deletions
diff --git a/phpBB/includes/ucp/ucp_auth_link.php b/phpBB/includes/ucp/ucp_auth_link.php index 213fbfdbb5..43d69be901 100644 --- a/phpBB/includes/ucp/ucp_auth_link.php +++ b/phpBB/includes/ucp/ucp_auth_link.php @@ -54,7 +54,10 @@ class ucp_auth_link // The current user_id is also necessary $link_data['user_id'] = $user->data['user_id']; - if ($request->variable('link', false, false, phpbb_request_interface::POST)) + // Tell the provider that the method is auth_link not login_link + $link_data['link_method'] = 'auth_link'; + + if ($request->variable('link', null)) { $error[] = $auth_provider->link_account($link_data); } diff --git a/phpBB/includes/ucp/ucp_login_link.php b/phpBB/includes/ucp/ucp_login_link.php index 9f2fa6330a..b09415623b 100644 --- a/phpBB/includes/ucp/ucp_login_link.php +++ b/phpBB/includes/ucp/ucp_login_link.php @@ -73,6 +73,9 @@ class ucp_login_link // Give the user_id to the data $data['user_id'] = $login_result['user_row']['user_id']; + // Set the link_method to login_link + $data['link_method'] = 'login_link'; + // The user is now logged in, attempt to link the user to the external account $result = $auth_provider->link_account($data); diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index d2f7eb5527..36e605d8fc 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -364,7 +364,8 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base return 'LOGIN_LINK_NO_DATA_PROVIDED'; } - if (!array_key_exists('oauth_service', $login_link_data) || !$login_link_data['oauth_service']) + if (!array_key_exists('oauth_service', $login_link_data) || !$login_link_data['oauth_service'] || + !array_key_exists('link_method', $login_link_data) || !$login_link_data['link_method']) { return 'LOGIN_LINK_MISSING_DATA'; } @@ -377,6 +378,16 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base */ public function link_account(array $link_data) { + // Check for a valid link method (auth_link or login_link) + if (!array_key_exists('link_method', $link_data) || + !in_array($link_data['link_method'], array( + 'auth_link', + 'login_link', + ))) + { + return 'LOGIN_LINK_MISSING_DATA'; + } + // We must have an oauth_service listed, check for it two ways if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service']) { |