aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--phpBB/includes/functions_user.php35
-rw-r--r--phpBB/phpbb/auth/provider/base.php2
-rw-r--r--phpBB/phpbb/auth/provider/oauth/oauth.php9
-rw-r--r--phpBB/phpbb/auth/provider/provider_interface.php6
-rw-r--r--tests/functions/fixtures/user_delete.xml46
-rw-r--r--tests/functions/user_delete_test.php112
-rw-r--r--tests/functions_user/delete_user_test.php10
7 files changed, 215 insertions, 5 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 85b6f2be62..b0f58ba680 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -502,6 +502,9 @@ function user_delete($mode, $user_ids, $retain_username = true)
$num_users_delta = 0;
+ // Get auth provider collection in case accounts might need to be unlinked
+ $provider_collection = $phpbb_container->get('auth.provider_collection');
+
// Some things need to be done in the loop (if the query changes based
// on which user is currently being deleted)
$added_guest_posts = 0;
@@ -512,6 +515,38 @@ function user_delete($mode, $user_ids, $retain_username = true)
avatar_delete('user', $user_row);
}
+ // Unlink accounts
+ foreach ($provider_collection as $provider_name => $auth_provider)
+ {
+ $provider_data = $auth_provider->get_auth_link_data($user_id);
+
+ if ($provider_data !== null)
+ {
+ $link_data = array(
+ 'user_id' => $user_id,
+ 'link_method' => 'user_delete',
+ );
+
+ // BLOCK_VARS might contain hidden fields necessary for unlinking accounts
+ if (isset($provider_data['BLOCK_VARS']) && is_array($provider_data['BLOCK_VARS']))
+ {
+ foreach ($provider_data['BLOCK_VARS'] as $provider_service)
+ {
+ if (!array_key_exists('HIDDEN_FIELDS', $provider_service))
+ {
+ $provider_service['HIDDEN_FIELDS'] = array();
+ }
+
+ $auth_provider->unlink_account(array_merge($link_data, $provider_service['HIDDEN_FIELDS']));
+ }
+ }
+ else
+ {
+ $auth_provider->unlink_account($link_data);
+ }
+ }
+ }
+
// Decrement number of users if this user is active
if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
{
diff --git a/phpBB/phpbb/auth/provider/base.php b/phpBB/phpbb/auth/provider/base.php
index 4c49070eaf..dea27ccc25 100644
--- a/phpBB/phpbb/auth/provider/base.php
+++ b/phpBB/phpbb/auth/provider/base.php
@@ -61,7 +61,7 @@ abstract class base implements \phpbb\auth\provider\provider_interface
/**
* {@inheritdoc}
*/
- public function get_auth_link_data()
+ public function get_auth_link_data($user_id = 0)
{
return;
}
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
index c0ce3f1fba..be0fbf5831 100644
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -553,13 +553,13 @@ class oauth extends \phpbb\auth\provider\base
/**
* {@inheritdoc}
*/
- public function get_auth_link_data()
+ public function get_auth_link_data($user_id = 0)
{
$block_vars = array();
// Get all external accounts tied to the current user
$data = array(
- 'user_id' => (int) $this->user->data['user_id'],
+ 'user_id' => ($user_id <= 0) ? (int) $this->user->data['user_id'] : (int) $user_id,
);
$sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
@@ -616,10 +616,13 @@ class oauth extends \phpbb\auth\provider\base
return 'LOGIN_LINK_MISSING_DATA';
}
+ // Remove user specified in $link_data if possible
+ $user_id = isset($link_data['user_id']) ? $link_data['user_id'] : $this->user->data['user_id'];
+
// Remove the link
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "
WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'
- AND user_id = " . (int) $this->user->data['user_id'];
+ AND user_id = " . (int) $user_id;
$this->db->sql_query($sql);
// Clear all tokens belonging to the user on this servce
diff --git a/phpBB/phpbb/auth/provider/provider_interface.php b/phpBB/phpbb/auth/provider/provider_interface.php
index 613297cefc..35e0f559a1 100644
--- a/phpBB/phpbb/auth/provider/provider_interface.php
+++ b/phpBB/phpbb/auth/provider/provider_interface.php
@@ -166,6 +166,10 @@ interface provider_interface
/**
* Returns an array of data necessary to build the ucp_auth_link page
*
+ * @param int $user_id User ID for whom the data should be retrieved.
+ * defaults to 0, which is not a valid ID. The method
+ * should fall back to the current user's ID in this
+ * case.
* @return array|null If this function is not implemented on an auth
* provider then it returns null. If it is implemented
* it will return an array of up to four elements of
@@ -181,7 +185,7 @@ interface provider_interface
* 'VARS' => array(...),
* )
*/
- public function get_auth_link_data();
+ public function get_auth_link_data($user_id = 0);
/**
* Unlinks an external account from a phpBB account.
diff --git a/tests/functions/fixtures/user_delete.xml b/tests/functions/fixtures/user_delete.xml
new file mode 100644
index 0000000000..4c4479d29b
--- /dev/null
+++ b/tests/functions/fixtures/user_delete.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+ <table name="phpbb_users">
+ <column>user_id</column>
+ <column>username_clean</column>
+ <column>username</column>
+ <column>user_permissions</column>
+ <column>user_sig</column>
+ <row>
+ <value>1</value>
+ <value>anonymous</value>
+ <value>anonymous</value>
+ <value></value>
+ <value></value>
+ </row>
+ <row>
+ <value>2</value>
+ <value>2</value>
+ <value>2</value>
+ <value></value>
+ <value></value>
+ </row>
+ </table>
+ <table name="phpbb_oauth_accounts">
+ <column>user_id</column>
+ <column>provider</column>
+ <column>oauth_provider_id</column>
+ <row>
+ <value>2</value>
+ <value>google</value>
+ <value>1234567890123456789</value>
+ </row>
+ </table>
+ <table name="phpbb_oauth_tokens">
+ <column>user_id</column>
+ <column>session_id</column>
+ <column>provider</column>
+ <column>oauth_token</column>
+ <row>
+ <value>2</value>
+ <value>897a897b797c8789997d7979879</value>
+ <value>auth.provider.oauth.service.google</value>
+ <value>{"accessToken":"ya29.YPHwCWVkrvwu1kgbYKiDNYaQ451ZuHy9OEQAGVME8if-WBzR-v7a9ftxbx41kaL)5VLEXB-6qJEvri","endOfLife":1429959670,"extraParams":{"token_type":"Bearer","id_token":"eyJhbGciOiJSUzI1NiIsImupZCI6IjE0YuRjNzc2MDQwYjUyNDZmNTI5OWFkZDVlMmQ1NWNOPTdjMDdlZTAifQ.eyJpc3MiOiJhY2NvdW90cy5nb78nbGUuY29tIiwic3ViIjoiMTExMDMwNwerNjM4MTM5NTQwMTM1IiwiYXpwIjoiOTk3MzUwMTY0NzE0LWhwOXJrYjZpcjM4MW80YjV1NjRpaGtmM29zMnRvbWxhLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJtYXJjLmFsZXhhbmRlci4zN0BnbWFpbC5jb20iLCJhdF9oYXNoIjoiWHk2b1JabnVZUWRfRTZDeDV0RkItdyIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdWQiOiI5OTczNTAxNjQ3MTQtaHA5cmtiNmlyMzgxbzRiNXU2NGloa2Yzb3MydG9tbGEuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJpYXQiOjE0Mjk5NTYwNzEsImV4cCI6MTQyOTk1OTY3MX0.C5gfSzjqwlRRvVMuTP6jfWIuEHMXn55oYHsSA3eh97n2BZL0TZHhUm4K206Fgucd6ufAphan4l0J7y6tMAHLZPr-kk6KDINxWnPG-up99reblGutay0lRYjMCcrhJAOql8EI1bi84GyliZFYHL67pE0ZtSf-CMb1CeH18TFe-Fk"},"refreshToken":null,"token_class":"OAuth\\\\OAuth2\\\\Token\\\\StdOAuth2Token"}</value>
+ </row>
+ </table>
+</dataset>
diff --git a/tests/functions/user_delete_test.php b/tests/functions/user_delete_test.php
new file mode 100644
index 0000000000..db52dcded7
--- /dev/null
+++ b/tests/functions/user_delete_test.php
@@ -0,0 +1,112 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php';
+
+class phpbb_functions_user_delete_test extends phpbb_database_test_case
+{
+ /** @var \phpbb\db\driver\driver_interface */
+ protected $db;
+
+ public function getDataSet()
+ {
+ return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/user_delete.xml');
+ }
+
+ protected function setUp()
+ {
+ parent::setUp();
+
+ global $cache, $config, $db, $phpbb_container, $phpbb_dispatcher, $user;
+
+ $this->db = $db = $this->new_dbal();
+ $user = new \phpbb\user('\phpbb\datetime');
+ $phpbb_dispatcher = new phpbb_mock_event_dispatcher();
+ $phpbb_container = new phpbb_mock_container_builder();
+ $config = new \phpbb\config\config(array(
+ 'auth_method' => 'oauth',
+ 'auth_oauth_google_key' => 'foo',
+ 'auth_oauth_google_secret' => 'bar',
+ ));
+ set_config_count('foobar', 0, false, $config);
+ $cache = new \phpbb\cache\driver\null();
+ $request = new phpbb_mock_request();
+ $notification_manager = new phpbb_mock_notification_manager();
+ $provider_collection = new \phpbb\auth\provider_collection($phpbb_container, $config);
+ $oauth_provider_google = new \phpbb\auth\provider\oauth\service\google($config, $request);
+ $oauth_provider_collection = new \phpbb\di\service_collection($phpbb_container);
+ $oauth_provider_collection->offsetSet('auth.provider.oauth.service.google', $oauth_provider_google);
+
+ $driver_helper = new \phpbb\passwords\driver\helper($config);
+ $passwords_drivers = array(
+ 'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
+ 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $driver_helper),
+ 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $driver_helper),
+ 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $driver_helper),
+ );
+
+ $passwords_helper = new \phpbb\passwords\helper;
+ // Set up passwords manager
+ $passwords_manager = new \phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, array_keys($passwords_drivers));
+
+ $oauth_provider = new \phpbb\auth\provider\oauth\oauth(
+ $db,
+ $config,
+ $passwords_manager,
+ $request,
+ $user,
+ 'phpbb_oauth_tokens',
+ 'phpbb_oauth_accounts',
+ $oauth_provider_collection,
+ 'phpbb_users',
+ $phpbb_container,
+ $this->phpbb_root_path,
+ $this->php_ext
+ );
+ $provider_collection->offsetSet('auth.provider.oauth', $oauth_provider);
+
+ $phpbb_container->set('auth.provider.oauth', $oauth_provider);
+ $phpbb_container->set('auth.provider.oauth.service.google', $oauth_provider_google);
+ $phpbb_container->set('auth.provider_collection', $provider_collection);
+ $phpbb_container->set('notification_manager', $notification_manager);
+ }
+
+ public function test_user_delete()
+ {
+ // Check that user is linked
+ $sql = 'SELECT ot.user_id AS user_id
+ FROM phpbb_oauth_accounts oa, phpbb_oauth_tokens ot
+ WHERE oa.user_id = 2
+ AND ot.user_id = oa.user_id';
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ $this->assertEquals(array('user_id' => '2'), $row);
+
+ // user_delete() should return false
+ $this->assertFalse(user_delete('remove', array(2)));
+
+ // Make sure user link was removed
+ $sql = 'SELECT ot.user_id AS user_id
+ FROM phpbb_oauth_accounts oa, phpbb_oauth_tokens ot
+ WHERE oa.user_id = 2
+ AND ot.user_id = oa.user_id';
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ $this->assertEmpty($row);
+ }
+}
diff --git a/tests/functions_user/delete_user_test.php b/tests/functions_user/delete_user_test.php
index 0cb171c885..9e2caf9d21 100644
--- a/tests/functions_user/delete_user_test.php
+++ b/tests/functions_user/delete_user_test.php
@@ -36,6 +36,16 @@ class phpbb_functions_user_delete_user_test extends phpbb_database_test_case
$phpbb_dispatcher = new phpbb_mock_event_dispatcher();
$phpbb_container = new phpbb_mock_container_builder();
$phpbb_container->set('notification_manager', new phpbb_mock_notification_manager());
+ $phpbb_container->set(
+ 'auth.provider.db',
+ new phpbb_mock_auth_provider()
+ );
+ $provider_collection = new \phpbb\auth\provider_collection($phpbb_container, $config);
+ $provider_collection->add('auth.provider.db');
+ $phpbb_container->set(
+ 'auth.provider_collection',
+ $provider_collection
+ );
}
public function first_last_post_data()