aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb/auth/provider/oauth
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb/auth/provider/oauth')
-rw-r--r--phpBB/phpbb/auth/provider/oauth/oauth.php618
-rw-r--r--phpBB/phpbb/auth/provider/oauth/service/base.php55
-rw-r--r--phpBB/phpbb/auth/provider/oauth/service/bitly.php98
-rw-r--r--phpBB/phpbb/auth/provider/oauth/service/exception.php25
-rw-r--r--phpBB/phpbb/auth/provider/oauth/service/facebook.php98
-rw-r--r--phpBB/phpbb/auth/provider/oauth/service/google.php109
-rw-r--r--phpBB/phpbb/auth/provider/oauth/service/interface.php77
-rw-r--r--phpBB/phpbb/auth/provider/oauth/token_storage.php366
8 files changed, 1446 insertions, 0 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
new file mode 100644
index 0000000000..be0b8bb7d6
--- /dev/null
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -0,0 +1,618 @@
+<?php
+/**
+*
+* @package auth
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+use OAuth\Common\Consumer\Credentials;
+use OAuth\Common\Http\Uri\Uri;
+
+/**
+* OAuth authentication provider for phpBB3
+*
+* @package auth
+*/
+class phpbb_auth_provider_oauth extends phpbb_auth_provider_base
+{
+ /**
+ * Database driver
+ *
+ * @var phpbb_db_driver
+ */
+ protected $db;
+
+ /**
+ * phpBB config
+ *
+ * @var phpbb_config
+ */
+ protected $config;
+
+ /**
+ * phpBB request object
+ *
+ * @var phpbb_request
+ */
+ protected $request;
+
+ /**
+ * phpBB user
+ *
+ * @var phpbb_user
+ */
+ protected $user;
+
+ /**
+ * OAuth token table
+ *
+ * @var string
+ */
+ protected $auth_provider_oauth_token_storage_table;
+
+ /**
+ * OAuth account association table
+ *
+ * @var string
+ */
+ protected $auth_provider_oauth_token_account_assoc;
+
+ /**
+ * All OAuth service providers
+ *
+ * @var phpbb_di_service_collection Contains phpbb_auth_provider_oauth_service_interface
+ */
+ protected $service_providers;
+
+ /**
+ * Users table
+ *
+ * @var string
+ */
+ protected $users_table;
+
+ /**
+ * Cached current uri object
+ *
+ * @var \OAuth\Common\Http\Uri\UriInterface|null
+ */
+ protected $current_uri;
+
+ /**
+ * phpBB root path
+ *
+ * @var string
+ */
+ protected $phpbb_root_path;
+
+ /**
+ * PHP extenstion
+ *
+ * @var string
+ */
+ protected $php_ext;
+
+ /**
+ * OAuth Authentication Constructor
+ *
+ * @param phpbb_db_driver $db
+ * @param phpbb_config $config
+ * @param phpbb_request $request
+ * @param phpbb_user $user
+ * @param string $auth_provider_oauth_token_storage_table
+ * @param string $auth_provider_oauth_token_account_assoc
+ * @param phpbb_di_service_collection $service_providers Contains phpbb_auth_provider_oauth_service_interface
+ * @param string $users_table
+ * @param string $phpbb_root_path
+ * @param string $php_ext
+ */
+ public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_token_account_assoc, phpbb_di_service_collection $service_providers, $users_table, $phpbb_root_path, $php_ext)
+ {
+ $this->db = $db;
+ $this->config = $config;
+ $this->request = $request;
+ $this->user = $user;
+ $this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table;
+ $this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc;
+ $this->service_providers = $service_providers;
+ $this->users_table = $users_table;
+ $this->phpbb_root_path = $phpbb_root_path;
+ $this->php_ext = $php_ext;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function init()
+ {
+ // This does not test whether or not the key and secret provided are valid.
+ foreach ($this->service_providers as $service_provider)
+ {
+ $credentials = $service_provider->get_service_credentials();
+
+ if (($credentials['key'] && !$credentials['secret']) || (!$credentials['key'] && $credentials['secret']))
+ {
+ return $this->user->lang['AUTH_PROVIDER_OAUTH_ERROR_ELEMENT_MISSING'];
+ }
+ }
+ return false;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function login($username, $password)
+ {
+ // Temporary workaround for only having one authentication provider available
+ if (!$this->request->is_set('oauth_service'))
+ {
+ $provider = new phpbb_auth_provider_db($this->db, $this->config, $this->request, $this->user, $this->phpbb_root_path, $this->php_ext);
+ return $provider->login($username, $password);
+ }
+
+ // Requst the name of the OAuth service
+ $service_name_original = $this->request->variable('oauth_service', '', false);
+ $service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original);
+ if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers))
+ {
+ return array(
+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,
+ 'error_msg' => 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST',
+ 'user_row' => array('user_id' => ANONYMOUS),
+ );
+ }
+
+ // Get the service credentials for the given service
+ $service_credentials = $this->service_providers[$service_name]->get_service_credentials();
+
+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+ $query = 'mode=login&login=external&oauth_service=' . $service_name_original;
+ $service = $this->get_service($service_name_original, $storage, $service_credentials, $this->service_providers[$service_name]->get_auth_scope(), $query);
+
+ if ($this->request->is_set('code', phpbb_request_interface::GET))
+ {
+ $this->service_providers[$service_name]->set_external_service_provider($service);
+ $unique_id = $this->service_providers[$service_name]->perform_auth_login();
+
+ // Check to see if this provider is already assosciated with an account
+ $data = array(
+ 'provider' => $service_name_original,
+ 'oauth_provider_id' => $unique_id
+ );
+ $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '
+ WHERE ' . $this->db->sql_build_array('SELECT', $data);
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ if (!$row)
+ {
+ // The user does not yet exist, ask to link or create profile
+ return array(
+ 'status' => LOGIN_SUCCESS_LINK_PROFILE,
+ 'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED',
+ 'user_row' => array(),
+ 'redirect_data' => array(
+ 'auth_provider' => 'oauth',
+ 'login_link_oauth_service' => $service_name_original,
+ ),
+ );
+ }
+
+ // Retrieve the user's account
+ $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
+ FROM ' . $this->users_table . '
+ WHERE user_id = ' . (int) $row['user_id'];
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ if (!$row)
+ {
+ throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');
+ }
+
+ // Update token storage to store the user_id
+ $storage->set_user_id($row['user_id']);
+
+ // The user is now authenticated and can be logged in
+ return array(
+ 'status' => LOGIN_SUCCESS,
+ 'error_msg' => false,
+ 'user_row' => $row,
+ );
+ }
+ else
+ {
+ $url = $service->getAuthorizationUri();
+ header('Location: ' . $url);
+ }
+ }
+
+ /**
+ * Returns the cached current_uri object or creates and caches it if it is
+ * not already created. In each case the query string is updated based on
+ * the $query parameter.
+ *
+ * @param string $service_name The name of the service
+ * @param string $query The query string of the current_uri
+ * used in redirects
+ * @return \OAuth\Common\Http\Uri\UriInterface
+ */
+ protected function get_current_uri($service_name, $query)
+ {
+ if ($this->current_uri)
+ {
+ $this->current_uri->setQuery($query);
+ return $this->current_uri;
+ }
+
+ $uri_factory = new \OAuth\Common\Http\Uri\UriFactory();
+ $current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(phpbb_request_interface::SERVER));
+ $current_uri->setQuery($query);
+
+ $this->current_uri = $current_uri;
+ return $current_uri;
+ }
+
+ /**
+ * Returns a new service object
+ *
+ * @param string $service_name The name of the service
+ * @param phpbb_auth_oauth_token_storage $storage
+ * @param array $service_credentials {@see phpbb_auth_provider_oauth::get_service_credentials}
+ * @param array $scope The scope of the request against
+ * the api.
+ * @param string $query The query string of the
+ * current_uri used in redirection
+ * @return \OAuth\Common\Service\ServiceInterface
+ */
+ protected function get_service($service_name, phpbb_auth_provider_oauth_token_storage $storage, array $service_credentials, array $scopes = array(), $query)
+ {
+ $current_uri = $this->get_current_uri($service_name, $query);
+
+ // Setup the credentials for the requests
+ $credentials = new Credentials(
+ $service_credentials['key'],
+ $service_credentials['secret'],
+ $current_uri->getAbsoluteUri()
+ );
+
+ $service_factory = new \OAuth\ServiceFactory();
+ $service = $service_factory->createService($service_name, $credentials, $storage, $scopes);
+
+ if (!$service)
+ {
+ throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED');
+ }
+
+ return $service;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function get_login_data()
+ {
+ $login_data = array(
+ 'TEMPLATE_FILE' => 'login_body_oauth.html',
+ 'BLOCK_VAR_NAME' => 'oauth',
+ 'BLOCK_VARS' => array(),
+ );
+
+ foreach ($this->service_providers as $service_name => $service_provider)
+ {
+ // Only include data if the credentials are set
+ $credentials = $service_provider->get_service_credentials();
+ if ($credentials['key'] && $credentials['secret'])
+ {
+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
+ $redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name;
+ $login_data['BLOCK_VARS'][$service_name] = array(
+ 'REDIRECT_URL' => redirect($redirect_url, true),
+ 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
+ );
+ }
+ }
+
+ return $login_data;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function acp()
+ {
+ $ret = array();
+
+ foreach ($this->service_providers as $service_name => $service_provider)
+ {
+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
+ $ret[] = 'auth_oauth_' . $actual_name . '_key';
+ $ret[] = 'auth_oauth_' . $actual_name . '_secret';
+ }
+
+ return $ret;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function get_acp_template($new_config)
+ {
+ $ret = array(
+ 'BLOCK_VAR_NAME' => 'oauth_services',
+ 'BLOCK_VARS' => array(),
+ 'TEMPLATE_FILE' => 'auth_provider_oauth.html',
+ 'TEMPLATE_VARS' => array(),
+ );
+
+ foreach ($this->service_providers as $service_name => $service_provider)
+ {
+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
+ $ret['BLOCK_VARS'][$actual_name] = array(
+ 'ACTUAL_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
+ 'KEY' => $new_config['auth_oauth_' . $actual_name . '_key'],
+ 'NAME' => $actual_name,
+ 'SECRET' => $new_config['auth_oauth_' . $actual_name . '_secret'],
+ );
+ }
+
+ return $ret;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function login_link_has_necessary_data($login_link_data)
+ {
+ if (empty($login_link_data))
+ {
+ return 'LOGIN_LINK_NO_DATA_PROVIDED';
+ }
+
+ if (!array_key_exists('oauth_service', $login_link_data) || !$login_link_data['oauth_service'] ||
+ !array_key_exists('link_method', $login_link_data) || !$login_link_data['link_method'])
+ {
+ return 'LOGIN_LINK_MISSING_DATA';
+ }
+
+ return null;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function link_account(array $link_data)
+ {
+ // Check for a valid link method (auth_link or login_link)
+ if (!array_key_exists('link_method', $link_data) ||
+ !in_array($link_data['link_method'], array(
+ 'auth_link',
+ 'login_link',
+ )))
+ {
+ return 'LOGIN_LINK_MISSING_DATA';
+ }
+
+ // We must have an oauth_service listed, check for it two ways
+ if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])
+ {
+ $link_data['oauth_service'] = $this->request->variable('oauth_service', '');
+
+ if (!$link_data['oauth_service'])
+ {
+ return 'LOGIN_LINK_MISSING_DATA';
+ }
+ }
+
+ $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
+ if (!array_key_exists($service_name, $this->service_providers))
+ {
+ return 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST';
+ }
+
+ switch ($link_data['link_method'])
+ {
+ case 'auth_link':
+ return $this->link_account_auth_link($link_data, $service_name);
+ case 'login_link':
+ return $this->link_account_login_link($link_data, $service_name);
+ }
+ }
+
+ /**
+ * Performs the account linking for login_link
+ *
+ * @param array $link_data The same variable given to {@see phpbb_auth_provider_interface::link_account}
+ * @param string $service_name The name of the service being used in
+ * linking.
+ * @return string|null Returns a language constant (string) if an error is
+ * encountered, or null on success.
+ */
+ protected function link_account_login_link(array $link_data, $service_name)
+ {
+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+
+ // Check for an access token, they should have one
+ if (!$storage->has_access_token_by_session($service_name))
+ {
+ return 'LOGIN_LINK_ERROR_OAUTH_NO_ACCESS_TOKEN';
+ }
+
+ // Prepare the query string
+ $query = 'mode=login_link&login_link_oauth_service=' . strtolower($link_data['oauth_service']);
+
+ // Prepare for an authentication request
+ $service_credentials = $this->service_providers[$service_name]->get_service_credentials();
+ $scopes = $this->service_providers[$service_name]->get_auth_scope();
+ $service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $scopes, $query);
+ $this->service_providers[$service_name]->set_external_service_provider($service);
+
+ // The user has already authenticated successfully, request to authenticate again
+ $unique_id = $this->service_providers[$service_name]->perform_token_auth();
+
+ // Insert into table, they will be able to log in after this
+ $data = array(
+ 'user_id' => $link_data['user_id'],
+ 'provider' => strtolower($link_data['oauth_service']),
+ 'oauth_provider_id' => $unique_id,
+ );
+
+ $this->link_account_perform_link($data);
+ // Update token storage to store the user_id
+ $storage->set_user_id($link_data['user_id']);
+ }
+
+ /**
+ * Performs the account linking for auth_link
+ *
+ * @param array $link_data The same variable given to {@see phpbb_auth_provider_interface::link_account}
+ * @param string $service_name The name of the service being used in
+ * linking.
+ * @return string|null Returns a language constant (string) if an error is
+ * encountered, or null on success.
+ */
+ protected function link_account_auth_link(array $link_data, $service_name)
+ {
+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+ $query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']);
+ $service_credentials = $this->service_providers[$service_name]->get_service_credentials();
+ $scopes = $this->service_providers[$service_name]->get_auth_scope();
+ $service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $scopes, $query);
+
+ if ($this->request->is_set('code', phpbb_request_interface::GET))
+ {
+ $this->service_providers[$service_name]->set_external_service_provider($service);
+ $unique_id = $this->service_providers[$service_name]->perform_auth_login();
+
+ // Insert into table, they will be able to log in after this
+ $data = array(
+ 'user_id' => $this->user->data['user_id'],
+ 'provider' => strtolower($link_data['oauth_service']),
+ 'oauth_provider_id' => $unique_id,
+ );
+
+ $this->link_account_perform_link($data);
+ }
+ else
+ {
+ $url = $service->getAuthorizationUri();
+ header('Location: ' . $url);
+ }
+ }
+
+ /**
+ * Performs the query that inserts an account link
+ *
+ * @param array $data This array is passed to db->sql_build_array
+ */
+ protected function link_account_perform_link(array $data)
+ {
+ $sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
+ ' . $this->db->sql_build_array('INSERT', $data);
+ $this->db->sql_query($sql);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function logout($data, $new_session)
+ {
+ // Clear all tokens belonging to the user
+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+ $storage->clearAllTokens();
+
+ return;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function get_auth_link_data()
+ {
+ $block_vars = array();
+
+ // Get all external accounts tied to the current user
+ $data = array(
+ 'user_id' => (int) $this->user->data['user_id'],
+ );
+ $sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
+ WHERE ' . $this->db->sql_build_array('SELECT', $data);
+ $result = $this->db->sql_query($sql);
+ $rows = $this->db->sql_fetchrowset($result);
+ $this->db->sql_freeresult($result);
+
+ $oauth_user_ids = array();
+
+ if ($rows !== false && sizeof($rows))
+ {
+ foreach ($rows as $row)
+ {
+ $oauth_user_ids[$row['provider']] = $row['oauth_provider_id'];
+ }
+ }
+ unset($rows);
+
+ foreach ($this->service_providers as $service_name => $service_provider)
+ {
+ // Only include data if the credentials are set
+ $credentials = $service_provider->get_service_credentials();
+ if ($credentials['key'] && $credentials['secret'])
+ {
+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
+
+ $block_vars[$service_name] = array(
+ 'HIDDEN_FIELDS' => array(
+ 'link' => (!isset($oauth_user_ids[$actual_name])),
+ 'oauth_service' => $actual_name,
+ ),
+
+ 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
+ 'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null,
+ );
+ }
+ }
+
+ return array(
+ 'BLOCK_VAR_NAME' => 'oauth',
+ 'BLOCK_VARS' => $block_vars,
+
+ 'TEMPLATE_FILE' => 'ucp_auth_link_oauth.html',
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function unlink_account(array $link_data)
+ {
+ if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])
+ {
+ return 'LOGIN_LINK_MISSING_DATA';
+ }
+
+ // Remove the link
+ $sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "
+ WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'
+ AND user_id = " . (int) $this->user->data['user_id'];
+ $this->db->sql_query($sql);
+
+ // Clear all tokens belonging to the user on this servce
+ $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
+ $storage->clearToken($service_name);
+
+ return;
+ }
+}
diff --git a/phpBB/phpbb/auth/provider/oauth/service/base.php b/phpBB/phpbb/auth/provider/oauth/service/base.php
new file mode 100644
index 0000000000..1eb49b4265
--- /dev/null
+++ b/phpBB/phpbb/auth/provider/oauth/service/base.php
@@ -0,0 +1,55 @@
+<?php
+/**
+*
+* @package auth
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+/**
+* Base OAuth abstract class that all OAuth services should implement
+*
+* @package auth
+*/
+abstract class phpbb_auth_provider_oauth_service_base implements phpbb_auth_provider_oauth_service_interface
+{
+ /**
+ * External OAuth service provider
+ *
+ * @var \OAuth\Common\Service\ServiceInterface
+ */
+ protected $service_provider;
+
+ /**
+ * {@inheritdoc}
+ */
+ public function get_external_service_provider()
+ {
+ return $this->service_provider;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function get_auth_scope()
+ {
+ return array();
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider)
+ {
+ $this->service_provider = $service_provider;
+ }
+}
diff --git a/phpBB/phpbb/auth/provider/oauth/service/bitly.php b/phpBB/phpbb/auth/provider/oauth/service/bitly.php
new file mode 100644
index 0000000000..3bafdd59ce
--- /dev/null
+++ b/phpBB/phpbb/auth/provider/oauth/service/bitly.php
@@ -0,0 +1,98 @@
+<?php
+/**
+*
+* @package auth
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+/**
+* Bitly OAuth service
+*
+* @package auth
+*/
+class phpbb_auth_provider_oauth_service_bitly extends phpbb_auth_provider_oauth_service_base
+{
+ /**
+ * phpBB config
+ *
+ * @var phpbb_config
+ */
+ protected $config;
+
+ /**
+ * phpBB request
+ *
+ * @var phpbb_request
+ */
+ protected $request;
+
+ /**
+ * Constructor
+ *
+ * @param phpbb_config $config
+ * @param phpbb_request $request
+ */
+ public function __construct(phpbb_config $config, phpbb_request $request)
+ {
+ $this->config = $config;
+ $this->request = $request;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function get_service_credentials()
+ {
+ return array(
+ 'key' => $this->config['auth_oauth_bitly_key'],
+ 'secret' => $this->config['auth_oauth_bitly_secret'],
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function perform_auth_login()
+ {
+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))
+ {
+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+ }
+
+ // This was a callback request from bitly, get the token
+ $this->service_provider->requestAccessToken($this->request->variable('code', ''));
+
+ // Send a request with it
+ $result = json_decode($this->service_provider->request('user/info'), true);
+
+ // Return the unique identifier returned from bitly
+ return $result['data']['login'];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function perform_token_auth()
+ {
+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))
+ {
+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+ }
+
+ // Send a request with it
+ $result = json_decode($this->service_provider->request('user/info'), true);
+
+ // Return the unique identifier returned from bitly
+ return $result['data']['login'];
+ }
+}
diff --git a/phpBB/phpbb/auth/provider/oauth/service/exception.php b/phpBB/phpbb/auth/provider/oauth/service/exception.php
new file mode 100644
index 0000000000..23d3387951
--- /dev/null
+++ b/phpBB/phpbb/auth/provider/oauth/service/exception.php
@@ -0,0 +1,25 @@
+<?php
+/**
+*
+* @package auth
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+/**
+* OAuth service exception class
+*
+* @package auth
+*/
+class phpbb_auth_provider_oauth_service_exception extends RuntimeException
+{
+}
diff --git a/phpBB/phpbb/auth/provider/oauth/service/facebook.php b/phpBB/phpbb/auth/provider/oauth/service/facebook.php
new file mode 100644
index 0000000000..49206b7654
--- /dev/null
+++ b/phpBB/phpbb/auth/provider/oauth/service/facebook.php
@@ -0,0 +1,98 @@
+<?php
+/**
+*
+* @package auth
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+/**
+* Facebook OAuth service
+*
+* @package auth
+*/
+class phpbb_auth_provider_oauth_service_facebook extends phpbb_auth_provider_oauth_service_base
+{
+ /**
+ * phpBB config
+ *
+ * @var phpbb_config
+ */
+ protected $config;
+
+ /**
+ * phpBB request
+ *
+ * @var phpbb_request
+ */
+ protected $request;
+
+ /**
+ * Constructor
+ *
+ * @param phpbb_config $config
+ * @param phpbb_request $request
+ */
+ public function __construct(phpbb_config $config, phpbb_request $request)
+ {
+ $this->config = $config;
+ $this->request = $request;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function get_service_credentials()
+ {
+ return array(
+ 'key' => $this->config['auth_oauth_facebook_key'],
+ 'secret' => $this->config['auth_oauth_facebook_secret'],
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function perform_auth_login()
+ {
+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))
+ {
+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+ }
+
+ // This was a callback request, get the token
+ $this->service_provider->requestAccessToken($this->request->variable('code', ''));
+
+ // Send a request with it
+ $result = json_decode($this->service_provider->request('/me'), true);
+
+ // Return the unique identifier
+ return $result['id'];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function perform_token_auth()
+ {
+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))
+ {
+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+ }
+
+ // Send a request with it
+ $result = json_decode($this->service_provider->request('/me'), true);
+
+ // Return the unique identifier
+ return $result['id'];
+ }
+}
diff --git a/phpBB/phpbb/auth/provider/oauth/service/google.php b/phpBB/phpbb/auth/provider/oauth/service/google.php
new file mode 100644
index 0000000000..d4ef6e1d42
--- /dev/null
+++ b/phpBB/phpbb/auth/provider/oauth/service/google.php
@@ -0,0 +1,109 @@
+<?php
+/**
+*
+* @package auth
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+/**
+* Google OAuth service
+*
+* @package auth
+*/
+class phpbb_auth_provider_oauth_service_google extends phpbb_auth_provider_oauth_service_base
+{
+ /**
+ * phpBB config
+ *
+ * @var phpbb_config
+ */
+ protected $config;
+
+ /**
+ * phpBB request
+ *
+ * @var phpbb_request
+ */
+ protected $request;
+
+ /**
+ * Constructor
+ *
+ * @param phpbb_config $config
+ * @param phpbb_request $request
+ */
+ public function __construct(phpbb_config $config, phpbb_request $request)
+ {
+ $this->config = $config;
+ $this->request = $request;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function get_auth_scope()
+ {
+ return array(
+ 'userinfo_email',
+ 'userinfo_profile',
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function get_service_credentials()
+ {
+ return array(
+ 'key' => $this->config['auth_oauth_google_key'],
+ 'secret' => $this->config['auth_oauth_google_secret'],
+ );
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function perform_auth_login()
+ {
+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))
+ {
+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+ }
+
+ // This was a callback request, get the token
+ $this->service_provider->requestAccessToken($this->request->variable('code', ''));
+
+ // Send a request with it
+ $result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
+
+ // Return the unique identifier
+ return $result['id'];
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function perform_token_auth()
+ {
+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))
+ {
+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+ }
+
+ // Send a request with it
+ $result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
+
+ // Return the unique identifier
+ return $result['id'];
+ }
+}
diff --git a/phpBB/phpbb/auth/provider/oauth/service/interface.php b/phpBB/phpbb/auth/provider/oauth/service/interface.php
new file mode 100644
index 0000000000..3bba7c0e2c
--- /dev/null
+++ b/phpBB/phpbb/auth/provider/oauth/service/interface.php
@@ -0,0 +1,77 @@
+<?php
+/**
+*
+* @package auth
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+/**
+* OAuth service interface
+*
+* @package auth
+*/
+interface phpbb_auth_provider_oauth_service_interface
+{
+ /**
+ * Returns an array of the scopes necessary for auth
+ *
+ * @return array An array of the required scopes
+ */
+ public function get_auth_scope();
+
+ /**
+ * Returns the external library service provider once it has been set
+ *
+ * @param \OAuth\Common\Service\ServiceInterface|null
+ */
+ public function get_external_service_provider();
+
+ /**
+ * Returns an array containing the service credentials belonging to requested
+ * service.
+ *
+ * @return array An array containing the 'key' and the 'secret' of the
+ * service in the form:
+ * array(
+ * 'key' => string
+ * 'secret' => string
+ * )
+ */
+ public function get_service_credentials();
+
+ /**
+ * Returns the results of the authentication in json format
+ *
+ * @throws phpbb_auth_provider_oauth_service_exception
+ * @return string The unique identifier returned by the service provider
+ * that is used to authenticate the user with phpBB.
+ */
+ public function perform_auth_login();
+
+ /**
+ * Returns the results of the authentication in json format
+ * Use this function when the user already has an access token
+ *
+ * @throws phpbb_auth_provider_oauth_service_exception
+ * @return string The unique identifier returned by the service provider
+ * that is used to authenticate the user with phpBB.
+ */
+ public function perform_token_auth();
+
+ /**
+ * Sets the external library service provider
+ *
+ * @param \OAuth\Common\Service\ServiceInterface $service
+ */
+ public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider);
+}
diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php
new file mode 100644
index 0000000000..d21deb8999
--- /dev/null
+++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php
@@ -0,0 +1,366 @@
+<?php
+/**
+*
+* @package auth
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+ exit;
+}
+
+
+use OAuth\OAuth1\Token\StdOAuth1Token;
+use OAuth\Common\Token\TokenInterface;
+use OAuth\Common\Storage\TokenStorageInterface;
+use OAuth\Common\Storage\Exception\StorageException;
+use OAuth\Common\Storage\Exception\TokenNotFoundException;
+
+/**
+* OAuth storage wrapper for phpbb's cache
+*
+* @package auth
+*/
+class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
+{
+ /**
+ * Cache driver.
+ *
+ * @var phpbb_db_driver
+ */
+ protected $db;
+
+ /**
+ * phpBB user
+ *
+ * @var phpbb_user
+ */
+ protected $user;
+
+ /**
+ * OAuth token table
+ *
+ * @var string
+ */
+ protected $auth_provider_oauth_table;
+
+ /**
+ * @var object|TokenInterface
+ */
+ protected $cachedToken;
+
+ /**
+ * Creates token storage for phpBB.
+ *
+ * @param phpbb_db_driver $db
+ * @param phpbb_user $user
+ * @param string $auth_provider_oauth_table
+ */
+ public function __construct(phpbb_db_driver $db, phpbb_user $user, $auth_provider_oauth_table)
+ {
+ $this->db = $db;
+ $this->user = $user;
+ $this->auth_provider_oauth_table = $auth_provider_oauth_table;
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function retrieveAccessToken($service)
+ {
+ $service = $this->get_service_name_for_db($service);
+
+ if ($this->cachedToken instanceOf TokenInterface)
+ {
+ return $this->cachedToken;
+ }
+
+ $data = array(
+ 'user_id' => (int) $this->user->data['user_id'],
+ 'provider' => $service,
+ );
+
+ if ((int) $this->user->data['user_id'] === ANONYMOUS)
+ {
+ $data['session_id'] = $this->user->data['session_id'];
+ }
+
+ return $this->_retrieve_access_token($data);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function storeAccessToken($service, TokenInterface $token)
+ {
+ $service = $this->get_service_name_for_db($service);
+
+ $this->cachedToken = $token;
+
+ $data = array(
+ 'user_id' => (int) $this->user->data['user_id'],
+ 'provider' => $service,
+ 'oauth_token' => $this->json_encode_token($token),
+ 'session_id' => $this->user->data['session_id'],
+ );
+
+ $sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . '
+ ' . $this->db->sql_build_array('INSERT', $data);
+ $this->db->sql_query($sql);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function hasAccessToken($service)
+ {
+ $service = $this->get_service_name_for_db($service);
+
+ if ($this->cachedToken) {
+ return true;
+ }
+
+ $data = array(
+ 'user_id' => (int) $this->user->data['user_id'],
+ 'provider' => $service,
+ );
+
+ if ((int) $this->user->data['user_id'] === ANONYMOUS)
+ {
+ $data['session_id'] = $this->user->data['session_id'];
+ }
+
+ return $this->_has_acess_token($data);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function clearToken($service)
+ {
+ $service = $this->get_service_name_for_db($service);
+
+ $this->cachedToken = null;
+
+ $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '
+ WHERE user_id = ' . (int) $this->user->data['user_id'] . "
+ AND provider = '" . $this->db->sql_escape($service) . "'";
+
+ if ((int) $this->user->data['user_id'] === ANONYMOUS)
+ {
+ $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
+ }
+
+ $this->db->sql_query($sql);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function clearAllTokens()
+ {
+ $this->cachedToken = null;
+
+ $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '
+ WHERE user_id = ' . (int) $this->user->data['user_id'];
+
+ if ((int) $this->user->data['user_id'] === ANONYMOUS)
+ {
+ $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
+ }
+
+ $this->db->sql_query($sql);
+ }
+
+ /**
+ * Updates the user_id field in the database assosciated with the token
+ *
+ * @param int $user_id
+ */
+ public function set_user_id($user_id)
+ {
+ if (!$this->cachedToken)
+ {
+ return;
+ }
+
+ $sql = 'UPDATE ' . $this->auth_provider_oauth_table . '
+ SET ' . $this->db->sql_build_array('UPDATE', array(
+ 'user_id' => (int) $user_id
+ )) . '
+ WHERE user_id = ' . (int) $this->user->data['user_id'] . "
+ AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
+ $this->db->sql_query($sql);
+ }
+
+ /**
+ * Checks to see if an access token exists solely by the session_id of the user
+ *
+ * @return bool true if they have token, false if they don't
+ */
+ public function has_access_token_by_session($service)
+ {
+ $service = $this->get_service_name_for_db($service);
+
+ if ($this->cachedToken)
+ {
+ return true;
+ }
+
+ $data = array(
+ 'session_id' => $this->user->data['session_id'],
+ 'provider' => $service,
+ );
+
+ return $this->_has_acess_token($data);
+ }
+
+ /**
+ * A helper function that performs the query for has access token functions
+ *
+ * @param array $data
+ * @return bool
+ */
+ protected function _has_acess_token($data)
+ {
+ return (bool) $this->get_access_token_row($data);
+ }
+
+ public function retrieve_access_token_by_session($service)
+ {
+ $service = $this->get_service_name_for_db($service);
+
+ if ($this->cachedToken instanceOf TokenInterface) {
+ return $this->cachedToken;
+ }
+
+ $data = array(
+ 'session_id' => $this->user->data['session_id'],
+ 'provider' => $service,
+ );
+
+ return $this->_retrieve_access_token($data);
+ }
+
+ /**
+ * A helper function that performs the query for retrieve access token functions
+ * Also checks if the token is a valid token
+ *
+ * @param array $data
+ * @return mixed
+ */
+ protected function _retrieve_access_token($data)
+ {
+ $row = $this->get_access_token_row($data);
+
+ if (!$row)
+ {
+ throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_NOT_STORED');
+ }
+
+ $token = $this->json_decode_token($row['oauth_token']);
+
+ // Ensure that the token was serialized/unserialized correctly
+ if (!($token instanceof TokenInterface))
+ {
+ $this->clearToken();
+ throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
+ }
+
+ $this->cachedToken = $token;
+ return $token;
+ }
+
+ /**
+ * A helper function that performs the query for retrieving an access token
+ *
+ * @param array $data
+ * @return mixed
+ */
+ protected function get_access_token_row($data)
+ {
+ $sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . '
+ WHERE ' . $this->db->sql_build_array('SELECT', $data);
+ $result = $this->db->sql_query($sql);
+ $row = $this->db->sql_fetchrow($result);
+ $this->db->sql_freeresult($result);
+
+ return $row;
+ }
+
+ public function json_encode_token(TokenInterface $token)
+ {
+ $members = array(
+ 'accessToken' => $token->getAccessToken(),
+ 'endOfLife' => $token->getEndOfLife(),
+ 'extraParams' => $token->getExtraParams(),
+ 'refreshToken' => $token->getRefreshToken(),
+
+ 'token_class' => get_class($token),
+ );
+
+ // Handle additional data needed for OAuth1 tokens
+ if ($token instanceof StdOAuth1Token)
+ {
+ $members['requestToken'] = $token->getRequestToken();
+ $members['requestTokenSecret'] = $token->getRequestTokenSecret();
+ $members['accessTokenSecret'] = $token->getAccessTokenSecret();
+ }
+
+ return json_encode($members);
+ }
+
+ public function json_decode_token($json)
+ {
+ $token_data = json_decode($json, true);
+
+ if ($token_data === null)
+ {
+ throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
+ }
+
+ $token_class = $token_data['token_class'];
+ $access_token = $token_data['accessToken'];
+ $refresh_token = $token_data['refreshToken'];
+ $endOfLife = $token_data['endOfLife'];
+ $extra_params = $token_data['extraParams'];
+
+ // Create the token
+ $token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params);
+ $token->setEndOfLife($endOfLife);
+
+ // Handle OAuth 1.0 specific elements
+ if ($token instanceof StdOAuth1Token)
+ {
+ $token->setRequestToken($token_data['requestToken']);
+ $token->setRequestTokenSecret($token_data['requestTokenSecret']);
+ $token->setAccessTokenSecret($token_data['accessTokenSecret']);
+ }
+
+ return $token;
+ }
+
+ /**
+ * Returns the name of the service as it must be stored in the database.
+ *
+ * @param string $service The name of the OAuth service
+ * @return string The name of the OAuth service as it needs to be stored
+ * in the database.
+ */
+ protected function get_service_name_for_db($service)
+ {
+ // Enforce the naming convention for oauth services
+ if (strpos($service, 'auth.provider.oauth.service.') !== 0)
+ {
+ $service = 'auth.provider.oauth.service.' . strtolower($service);
+ }
+
+ return $service;
+ }
+}