1 files changed, 73 insertions, 10 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
index fdc5f57df0..0d94acfbca 100644
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -191,7 +191,7 @@ class oauth extends \phpbb\auth\provider\base
 			return $provider->login($username, $password);
 		}
 
-		// Requst the name of the OAuth service
+		// Request the name of the OAuth service
 		$service_name_original = $this->request->variable('oauth_service', '', false);
 		$service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original);
 		if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers))
@@ -221,12 +221,37 @@ class oauth extends \phpbb\auth\provider\base
 				'provider'	=> $service_name_original,
 				'oauth_provider_id'	=> $unique_id
 			);
+
 			$sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '
 				WHERE ' . $this->db->sql_build_array('SELECT', $data);
 			$result = $this->db->sql_query($sql);
 			$row = $this->db->sql_fetchrow($result);
 			$this->db->sql_freeresult($result);
 
+			$redirect_data = array(
+				'auth_provider'				=> 'oauth',
+				'login_link_oauth_service'	=> $service_name_original,
+			);
+
+			/**
+			* Event is triggered before check if provider is already associated with an account
+			*
+			* @event core.oauth_login_after_check_if_provider_id_has_match
+			* @var	array									row				User row
+			* @var	array									data			Provider data
+			* @var	array									redirect_data	Data to be appended to the redirect url
+			* @var	\OAuth\Common\Service\ServiceInterface	service			OAuth service
+			* @since 3.2.3-RC1
+			* @changed 3.2.6-RC1 Added redirect_data
+			*/
+			$vars = array(
+				'row',
+				'data',
+				'redirect_data',
+				'service',
+			);
+			extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars)));
+
 			if (!$row)
 			{
 				// The user does not yet exist, ask to link or create profile
@@ -234,15 +259,12 @@ class oauth extends \phpbb\auth\provider\base
 					'status'		=> LOGIN_SUCCESS_LINK_PROFILE,
 					'error_msg'		=> 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED',
 					'user_row'		=> array(),
-					'redirect_data'	=> array(
-						'auth_provider'				=> 'oauth',
-						'login_link_oauth_service'	=> $service_name_original,
-					),
+					'redirect_data'	=> $redirect_data,
 				);
 			}
 
 			// Retrieve the user's account
-			$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
+			$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_ip, user_type, user_login_attempts
 				FROM ' . $this->users_table . '
 					WHERE user_id = ' . (int) $row['user_id'];
 			$result = $this->db->sql_query($sql);
@@ -254,11 +276,36 @@ class oauth extends \phpbb\auth\provider\base
 				throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');
 			}
 
+			/**
+			 * Check if the user is banned.
+			 * The fourth parameter, return, has to be true,
+			 * otherwise the OAuth login is still called and
+			 * an uncaught exception is thrown as there is no
+			 * token stored in the database.
+			 */
+			$ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true);
+			if (!empty($ban))
+			{
+				$till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : '';
+				$message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';
+
+				$contact_link = phpbb_get_board_contact_link($this->config, $this->phpbb_root_path, $this->php_ext);
+				$message = $this->user->lang($message, $till_date, '<a href="' . $contact_link . '">', '</a>');
+				$message .= !empty($ban['ban_give_reason']) ? '<br /><br />' . $this->user->lang('BOARD_BAN_REASON', $ban['ban_give_reason']) : '';
+				$message .= !empty($ban['ban_triggered_by']) ? '<br /><br /><em>' . $this->user->lang('BAN_TRIGGERED_BY_' . strtoupper($ban['ban_triggered_by'])) . '</em>' : '';
+
+				return array(
+					'status'	=> LOGIN_BREAK,
+					'error_msg'	=> $message,
+					'user_row'	=> $row,
+				);
+			}
+
 			// Update token storage to store the user_id
 			$storage->set_user_id($row['user_id']);
 
 			/**
-			* Event is triggered after user is successfuly logged in via OAuth.
+			* Event is triggered after user is successfully logged in via OAuth.
 			*
 			* @event core.auth_oauth_login_after
 			* @var    array    row    User row
@@ -376,7 +423,7 @@ class oauth extends \phpbb\auth\provider\base
 			if ($credentials['key'] && $credentials['secret'])
 			{
 				$actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
-				$redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name;
+				$redirect_url = generate_board_url() . '/ucp.' . $this->php_ext . '?mode=login&login=external&oauth_service=' . $actual_name;
 				$login_data['BLOCK_VARS'][$service_name] = array(
 					'REDIRECT_URL'	=> redirect($redirect_url, true),
 					'SERVICE_NAME'	=> $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
@@ -587,6 +634,21 @@ class oauth extends \phpbb\auth\provider\base
 	*/
 	protected function link_account_perform_link(array $data)
 	{
+		// Check if the external account is already associated with other user
+		$sql = 'SELECT user_id
+			FROM ' . $this->auth_provider_oauth_token_account_assoc . "
+			WHERE provider = '" . $this->db->sql_escape($data['provider']) . "'
+				AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'";
+		$result = $this->db->sql_query($sql);
+		$row = $this->db->sql_fetchrow($result);
+		$this->db->sql_freeresult($result);
+
+		if ($row)
+		{
+			trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED');
+		}
+
+		// Link account
 		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
 			' . $this->db->sql_build_array('INSERT', $data);
 		$this->db->sql_query($sql);
@@ -635,7 +697,7 @@ class oauth extends \phpbb\auth\provider\base
 
 		$oauth_user_ids = array();
 
-		if ($rows !== false && sizeof($rows))
+		if ($rows !== false && count($rows))
 		{
 			foreach ($rows as $row)
 			{
@@ -658,6 +720,7 @@ class oauth extends \phpbb\auth\provider\base
 						'oauth_service' => $actual_name,
 					),
 
+					'SERVICE_ID'	=> $actual_name,
 					'SERVICE_NAME'	=> $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
 					'UNIQUE_ID'		=> (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null,
 				);
@@ -691,7 +754,7 @@ class oauth extends \phpbb\auth\provider\base
 				AND user_id = " . (int) $user_id;
 		$this->db->sql_query($sql);
 
-		// Clear all tokens belonging to the user on this servce
+		// Clear all tokens belonging to the user on this service
 		$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
 		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);
 		$storage->clearToken($service_name);