+ // If the auth provider wants us to link an empty account do so and redirect

+ if ($login['status'] == LOGIN_SUCCESS_LINK_PROFILE)

+ {

+ // If this status exists a fourth field is in the $login array called 'redirect_data'

+ // This data is passed along as GET data to the next page allow the account to be linked

+

+ $params = array('mode' => 'login_link');

+ $url = append_sid($phpbb_root_path . 'ucp.' . $phpEx, array_merge($params, $login['redirect_data']));

+

+ redirect($url);

+ }

+

+ public function get_login_data()

+ {

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_auth_link_data()

+ {

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+

+ /**

+ * {@inheritdoc}

+ */

+ public function login_link_has_necessary_data($login_link_data)

+ {

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function link_account(array $link_data)

+ {

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function unlink_account(array $link_data)

+ {

+ return;

+ }

+ * A fourth key of the array may be present:

+ * 'redirect_data' This key is only used when 'status' is

+ * equal to LOGIN_SUCCESS_LINK_PROFILE and its value is an

+ * associative array that is turned into GET variables on

+ * the redirect url.

+ * An optional third element may be added to this

+ * array: 'BLOCK_VAR_NAME'. If this is present,

+ * then its value should be a string that is used

+ * to designate the name of the loop used in the

+ * ACP template file. When this is present, an

+ * additional key named 'BLOCK_VARS' is required.

+ * This must be an array containing at least one

+ * array of variables that will be assigned during

+ * the loop in the template. An example of this is

+ * presented below:

+ * array(

+ * 'BLOCK_VAR_NAME' => string,

+ * 'BLOCK_VARS' => array(

+ * 'KEY IS UNIMPORTANT' => array(...),

+ * ),

+ * 'TEMPLATE_FILE' => string,

+ * 'TEMPLATE_VARS' => array(...),

+ * )

+ * Returns an array of data necessary to build custom elements on the login

+ * form.

+ *

+ * @return array|null If this function is not implemented on an auth

+ * provider then it returns null. If it is implemented

+ * it will return an array of up to four elements of

+ * which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is

+ * present then 'BLOCK_VARS' must also be present in

+ * the array. The fourth element 'VARS' is also

+ * optional. The array, with all four elements present

+ * looks like the following:

+ * array(

+ * 'TEMPLATE_FILE' => string,

+ * 'BLOCK_VAR_NAME' => string,

+ * 'BLOCK_VARS' => array(...),

+ * 'VARS' => array(...),

+ * )

+ */

+ public function get_login_data();

+

+ /**

+

+ /**

+ * Checks to see if $login_link_data contains all information except for the

+ * user_id of an account needed to successfully link an external account to

+ * a forum account.

+ *

+ * @param array $link_data Any data needed to link a phpBB account to

+ * an external account.

+ * @return string|null Returns a string with a language constant if there

+ * is data missing or null if there is no error.

+ */

+ public function login_link_has_necessary_data($login_link_data);

+

+ /**

+ * Links an external account to a phpBB account.

+ *

+ * @param array $link_data Any data needed to link a phpBB account to

+ * an external account.

+ */

+ public function link_account(array $link_data);

+

+ /**

+ * Returns an array of data necessary to build the ucp_auth_link page

+ *

+ * @return array|null If this function is not implemented on an auth

+ * provider then it returns null. If it is implemented

+ * it will return an array of up to four elements of

+ * which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is

+ * present then 'BLOCK_VARS' must also be present in

+ * the array. The fourth element 'VARS' is also

+ * optional. The array, with all four elements present

+ * looks like the following:

+ * array(

+ * 'TEMPLATE_FILE' => string,

+ * 'BLOCK_VAR_NAME' => string,

+ * 'BLOCK_VARS' => array(...),

+ * 'VARS' => array(...),

+ * )

+ */

+ public function get_auth_link_data();

+

+ /**

+ * Unlinks an external account from a phpBB account.

+ *

+ * @param array $link_data Any data needed to unlink a phpBB account

+ * from a phpbb account.

+ */

+ public function unlink_account(array $link_data);

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+use OAuth\Common\Consumer\Credentials;

+use OAuth\Common\Http\Uri\Uri;

+

+/**

+* OAuth authentication provider for phpBB3

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth extends phpbb_auth_provider_base

+{

+ /**

+ * Database driver

+ *

+ * @var phpbb_db_driver

+ */

+ protected $db;

+

+ /**

+ * phpBB config

+ *

+ * @var phpbb_config

+ */

+ protected $config;

+

+ /**

+ * phpBB request object

+ *

+ * @var phpbb_request

+ */

+ protected $request;

+

+ /**

+ * phpBB user

+ *

+ * @var phpbb_user

+ */

+ protected $user;

+

+ /**

+ * OAuth token table

+ *

+ * @var string

+ */

+ protected $auth_provider_oauth_token_storage_table;

+

+ /**

+ * OAuth account association table

+ *

+ * @var string

+ */

+ protected $auth_provider_oauth_token_account_assoc;

+

+ /**

+ * All OAuth service providers

+ *

+ * @var phpbb_di_service_collection Contains phpbb_auth_provider_oauth_service_interface

+ */

+ protected $service_providers;

+

+ /**

+ * Users table

+ *

+ * @var string

+ */

+ protected $users_table;

+

+ /**

+ * Cached current uri object

+ *

+ * @var \OAuth\Common\Http\Uri\UriInterface|null

+ */

+ protected $current_uri;

+

+ /**

+ * phpBB root path

+ *

+ * @var string

+ */

+ protected $phpbb_root_path;

+

+ /**

+ * PHP extenstion

+ *

+ * @var string

+ */

+ protected $php_ext;

+

+ /**

+ * OAuth Authentication Constructor

+ *

+ * @param phpbb_db_driver $db

+ * @param phpbb_config $config

+ * @param phpbb_request $request

+ * @param phpbb_user $user

+ * @param string $auth_provider_oauth_token_storage_table

+ * @param string $auth_provider_oauth_token_account_assoc

+ * @param phpbb_di_service_collection $service_providers Contains phpbb_auth_provider_oauth_service_interface

+ * @param string $users_table

+ * @param string $phpbb_root_path

+ * @param string $php_ext

+ */

+ public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_token_account_assoc, phpbb_di_service_collection $service_providers, $users_table, $phpbb_root_path, $php_ext)

+ {

+ $this->db = $db;

+ $this->config = $config;

+ $this->request = $request;

+ $this->user = $user;

+ $this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table;

+ $this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc;

+ $this->service_providers = $service_providers;

+ $this->users_table = $users_table;

+ $this->phpbb_root_path = $phpbb_root_path;

+ $this->php_ext = $php_ext;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function init()

+ {

+ // This does not test whether or not the key and secret provided are valid.

+ foreach ($this->service_providers as $service_provider)

+ {

+ $credentials = $service_provider->get_service_credentials();

+

+ if (($credentials['key'] && !$credentials['secret']) || (!$credentials['key'] && $credentials['secret']))

+ {

+ return $this->user->lang['AUTH_PROVIDER_OAUTH_ERROR_ELEMENT_MISSING'];

+ }

+ }

+ return false;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function login($username, $password)

+ {

+ // Temporary workaround for only having one authentication provider available

+ if (!$this->request->is_set('oauth_service'))

+ {

+ $provider = new phpbb_auth_provider_db($this->db, $this->config, $this->request, $this->user, $this->phpbb_root_path, $this->php_ext);

+ return $provider->login($username, $password);

+ }

+

+ // Requst the name of the OAuth service

+ $service_name_original = $this->request->variable('oauth_service', '', false);

+ $service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original);

+ if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers))

+ {

+ return array(

+ 'status' => LOGIN_ERROR_EXTERNAL_AUTH,

+ 'error_msg' => 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST',

+ 'user_row' => array('user_id' => ANONYMOUS),

+ );

+ }

+

+ // Get the service credentials for the given service

+ $service_credentials = $this->service_providers[$service_name]->get_service_credentials();

+

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+ $query = 'mode=login&login=external&oauth_service=' . $service_name_original;

+ $service = $this->get_service($service_name_original, $storage, $service_credentials, $this->service_providers[$service_name]->get_auth_scope(), $query);

+

+ if ($this->request->is_set('code', phpbb_request_interface::GET))

+ {

+ $this->service_providers[$service_name]->set_external_service_provider($service);

+ $unique_id = $this->service_providers[$service_name]->perform_auth_login();

+

+ // Check to see if this provider is already assosciated with an account

+ $data = array(

+ 'provider' => $service_name_original,

+ 'oauth_provider_id' => $unique_id

+ );

+ $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '

+ WHERE ' . $this->db->sql_build_array('SELECT', $data);

+ $result = $this->db->sql_query($sql);

+ $row = $this->db->sql_fetchrow($result);

+ $this->db->sql_freeresult($result);

+

+ if (!$row)

+ {

+ // The user does not yet exist, ask to link or create profile

+ return array(

+ 'status' => LOGIN_SUCCESS_LINK_PROFILE,

+ 'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED',

+ 'user_row' => array(),

+ 'redirect_data' => array(

+ 'auth_provider' => 'oauth',

+ 'login_link_oauth_service' => $service_name_original,

+ ),

+ );

+ }

+

+ // Retrieve the user's account

+ $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts

+ FROM ' . $this->users_table . '

+ WHERE user_id = ' . (int) $row['user_id'];

+ $result = $this->db->sql_query($sql);

+ $row = $this->db->sql_fetchrow($result);

+ $this->db->sql_freeresult($result);

+

+ if (!$row)

+ {

+ throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');

+ }

+

+ // Update token storage to store the user_id

+ $storage->set_user_id($row['user_id']);

+

+ // The user is now authenticated and can be logged in

+ return array(

+ 'status' => LOGIN_SUCCESS,

+ 'error_msg' => false,

+ 'user_row' => $row,

+ );

+ }

+ else

+ {

+ $url = $service->getAuthorizationUri();

+ header('Location: ' . $url);

+ }

+ }

+

+ /**

+ * Returns the cached current_uri object or creates and caches it if it is

+ * not already created. In each case the query string is updated based on

+ * the $query parameter.

+ *

+ * @param string $service_name The name of the service

+ * @param string $query The query string of the current_uri

+ * used in redirects

+ * @return \OAuth\Common\Http\Uri\UriInterface

+ */

+ protected function get_current_uri($service_name, $query)

+ {

+ if ($this->current_uri)

+ {

+ $this->current_uri->setQuery($query);

+ return $this->current_uri;

+ }

+

+ $uri_factory = new \OAuth\Common\Http\Uri\UriFactory();

+ $current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(phpbb_request_interface::SERVER));

+ $current_uri->setQuery($query);

+

+ $this->current_uri = $current_uri;

+ return $current_uri;

+ }

+

+ /**

+ * Returns a new service object

+ *

+ * @param string $service_name The name of the service

+ * @param phpbb_auth_oauth_token_storage $storage

+ * @param array $service_credentials {@see phpbb_auth_provider_oauth::get_service_credentials}

+ * @param array $scope The scope of the request against

+ * the api.

+ * @param string $query The query string of the

+ * current_uri used in redirection

+ * @return \OAuth\Common\Service\ServiceInterface

+ */

+ protected function get_service($service_name, phpbb_auth_provider_oauth_token_storage $storage, array $service_credentials, array $scopes = array(), $query)

+ {

+ $current_uri = $this->get_current_uri($service_name, $query);

+

+ // Setup the credentials for the requests

+ $credentials = new Credentials(

+ $service_credentials['key'],

+ $service_credentials['secret'],

+ $current_uri->getAbsoluteUri()

+ );

+

+ $service_factory = new \OAuth\ServiceFactory();

+ $service = $service_factory->createService($service_name, $credentials, $storage, $scopes);

+

+ if (!$service)

+ {

+ throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED');

+ }

+

+ return $service;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_login_data()

+ {

+ $login_data = array(

+ 'TEMPLATE_FILE' => 'login_body_oauth.html',

+ 'BLOCK_VAR_NAME' => 'oauth',

+ 'BLOCK_VARS' => array(),

+ );

+

+ foreach ($this->service_providers as $service_name => $service_provider)

+ {

+ // Only include data if the credentials are set

+ $credentials = $service_provider->get_service_credentials();

+ if ($credentials['key'] && $credentials['secret'])

+ {

+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

+ $redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name;

+ $login_data['BLOCK_VARS'][$service_name] = array(

+ 'REDIRECT_URL' => redirect($redirect_url, true),

+ 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],

+ );

+ }

+ }

+

+ return $login_data;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function acp()

+ {

+ $ret = array();

+

+ foreach ($this->service_providers as $service_name => $service_provider)

+ {

+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

+ $ret[] = 'auth_oauth_' . $actual_name . '_key';

+ $ret[] = 'auth_oauth_' . $actual_name . '_secret';

+ }

+

+ return $ret;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_acp_template($new_config)

+ {

+ $ret = array(

+ 'BLOCK_VAR_NAME' => 'oauth_services',

+ 'BLOCK_VARS' => array(),

+ 'TEMPLATE_FILE' => 'auth_provider_oauth.html',

+ 'TEMPLATE_VARS' => array(),

+ );

+

+ foreach ($this->service_providers as $service_name => $service_provider)

+ {

+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

+ $ret['BLOCK_VARS'][$actual_name] = array(

+ 'ACTUAL_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],

+ 'KEY' => $new_config['auth_oauth_' . $actual_name . '_key'],

+ 'NAME' => $actual_name,

+ 'SECRET' => $new_config['auth_oauth_' . $actual_name . '_secret'],

+ );

+ }

+

+ return $ret;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function login_link_has_necessary_data($login_link_data)

+ {

+ if (empty($login_link_data))

+ {

+ return 'LOGIN_LINK_NO_DATA_PROVIDED';

+ }

+

+ if (!array_key_exists('oauth_service', $login_link_data) || !$login_link_data['oauth_service'] ||

+ !array_key_exists('link_method', $login_link_data) || !$login_link_data['link_method'])

+ {

+ return 'LOGIN_LINK_MISSING_DATA';

+ }

+

+ return null;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function link_account(array $link_data)

+ {

+ // Check for a valid link method (auth_link or login_link)

+ if (!array_key_exists('link_method', $link_data) ||

+ !in_array($link_data['link_method'], array(

+ 'auth_link',

+ 'login_link',

+ )))

+ {

+ return 'LOGIN_LINK_MISSING_DATA';

+ }

+

+ // We must have an oauth_service listed, check for it two ways

+ if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])

+ {

+ $link_data['oauth_service'] = $this->request->variable('oauth_service', '');

+

+ if (!$link_data['oauth_service'])

+ {

+ return 'LOGIN_LINK_MISSING_DATA';

+ }

+ }

+

+ $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);

+ if (!array_key_exists($service_name, $this->service_providers))

+ {

+ return 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST';

+ }

+

+ switch ($link_data['link_method'])

+ {

+ case 'auth_link':

+ return $this->link_account_auth_link($link_data, $service_name);

+ case 'login_link':

+ return $this->link_account_login_link($link_data, $service_name);

+ }

+ }

+

+ /**

+ * Performs the account linking for login_link

+ *

+ * @param array $link_data The same variable given to {@see phpbb_auth_provider_interface::link_account}

+ * @param string $service_name The name of the service being used in

+ * linking.

+ * @return string|null Returns a language constant (string) if an error is

+ * encountered, or null on success.

+ */

+ protected function link_account_login_link(array $link_data, $service_name)

+ {

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+

+ // Check for an access token, they should have one

+ if (!$storage->has_access_token_by_session($service_name))

+ {

+ return 'LOGIN_LINK_ERROR_OAUTH_NO_ACCESS_TOKEN';

+ }

+

+ // Prepare the query string

+ $query = 'mode=login_link&login_link_oauth_service=' . strtolower($link_data['oauth_service']);

+

+ // Prepare for an authentication request

+ $service_credentials = $this->service_providers[$service_name]->get_service_credentials();

+ $scopes = $this->service_providers[$service_name]->get_auth_scope();

+ $service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $scopes, $query);

+ $this->service_providers[$service_name]->set_external_service_provider($service);

+

+ // The user has already authenticated successfully, request to authenticate again

+ $unique_id = $this->service_providers[$service_name]->perform_token_auth();

+

+ // Insert into table, they will be able to log in after this

+ $data = array(

+ 'user_id' => $link_data['user_id'],

+ 'provider' => strtolower($link_data['oauth_service']),

+ 'oauth_provider_id' => $unique_id,

+ );

+

+ $this->link_account_perform_link($data);

+ // Update token storage to store the user_id

+ $storage->set_user_id($link_data['user_id']);

+ }

+

+ /**

+ * Performs the account linking for auth_link

+ *

+ * @param array $link_data The same variable given to {@see phpbb_auth_provider_interface::link_account}

+ * @param string $service_name The name of the service being used in

+ * linking.

+ * @return string|null Returns a language constant (string) if an error is

+ * encountered, or null on success.

+ */

+ protected function link_account_auth_link(array $link_data, $service_name)

+ {

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+ $query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']);

+ $service_credentials = $this->service_providers[$service_name]->get_service_credentials();

+ $scopes = $this->service_providers[$service_name]->get_auth_scope();

+ $service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $scopes, $query);

+

+ if ($this->request->is_set('code', phpbb_request_interface::GET))

+ {

+ $this->service_providers[$service_name]->set_external_service_provider($service);

+ $unique_id = $this->service_providers[$service_name]->perform_auth_login();

+

+ // Insert into table, they will be able to log in after this

+ $data = array(

+ 'user_id' => $this->user->data['user_id'],

+ 'provider' => strtolower($link_data['oauth_service']),

+ 'oauth_provider_id' => $unique_id,

+ );

+

+ $this->link_account_perform_link($data);

+ }

+ else

+ {

+ $url = $service->getAuthorizationUri();

+ header('Location: ' . $url);

+ }

+ }

+

+ /**

+ * Performs the query that inserts an account link

+ *

+ * @param array $data This array is passed to db->sql_build_array

+ */

+ protected function link_account_perform_link(array $data)

+ {

+ $sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '

+ ' . $this->db->sql_build_array('INSERT', $data);

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function logout($data, $new_session)

+ {

+ // Clear all tokens belonging to the user

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+ $storage->clearAllTokens();

+

+ return;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_auth_link_data()

+ {

+ $block_vars = array();

+

+ // Get all external accounts tied to the current user

+ $data = array(

+ 'user_id' => (int) $this->user->data['user_id'],

+ );

+ $sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '

+ WHERE ' . $this->db->sql_build_array('SELECT', $data);

+ $result = $this->db->sql_query($sql);

+ $rows = $this->db->sql_fetchrowset($result);

+ $this->db->sql_freeresult($result);

+

+ $oauth_user_ids = array();

+

+ if ($rows !== false && sizeof($rows))

+ {

+ foreach ($rows as $row)

+ {

+ $oauth_user_ids[$row['provider']] = $row['oauth_provider_id'];

+ }

+ }

+ unset($rows);

+

+ foreach ($this->service_providers as $service_name => $service_provider)

+ {

+ // Only include data if the credentials are set

+ $credentials = $service_provider->get_service_credentials();

+ if ($credentials['key'] && $credentials['secret'])

+ {

+ $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);

+

+ $block_vars[$service_name] = array(

+ 'HIDDEN_FIELDS' => array(

+ 'link' => (!isset($oauth_user_ids[$actual_name])),

+ 'oauth_service' => $actual_name,

+ ),

+

+ 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],

+ 'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null,

+ );

+ }

+ }

+

+ return array(

+ 'BLOCK_VAR_NAME' => 'oauth',

+ 'BLOCK_VARS' => $block_vars,

+

+ 'TEMPLATE_FILE' => 'ucp_auth_link_oauth.html',

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function unlink_account(array $link_data)

+ {

+ if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])

+ {

+ return 'LOGIN_LINK_MISSING_DATA';

+ }

+

+ // Remove the link

+ $sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "

+ WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'

+ AND user_id = " . (int) $this->user->data['user_id'];

+ $this->db->sql_query($sql);

+

+ // Clear all tokens belonging to the user on this servce

+ $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);

+ $storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

+ $storage->clearToken($service_name);

+

+ return;

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* Base OAuth abstract class that all OAuth services should implement

+*

+* @package auth

+*/

+abstract class phpbb_auth_provider_oauth_service_base implements phpbb_auth_provider_oauth_service_interface

+{

+ /**

+ * External OAuth service provider

+ *

+ * @var \OAuth\Common\Service\ServiceInterface

+ */

+ protected $service_provider;

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_external_service_provider()

+ {

+ return $this->service_provider;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_auth_scope()

+ {

+ return array();

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider)

+ {

+ $this->service_provider = $service_provider;

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* Bitly OAuth service

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_service_bitly extends phpbb_auth_provider_oauth_service_base

+{

+ /**

+ * phpBB config

+ *

+ * @var phpbb_config

+ */

+ protected $config;

+

+ /**

+ * phpBB request

+ *

+ * @var phpbb_request

+ */

+ protected $request;

+

+ /**

+ * Constructor

+ *

+ * @param phpbb_config $config

+ * @param phpbb_request $request

+ */

+ public function __construct(phpbb_config $config, phpbb_request $request)

+ {

+ $this->config = $config;

+ $this->request = $request;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_service_credentials()

+ {

+ return array(

+ 'key' => $this->config['auth_oauth_bitly_key'],

+ 'secret' => $this->config['auth_oauth_bitly_secret'],

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_auth_login()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // This was a callback request from bitly, get the token

+ $this->service_provider->requestAccessToken($this->request->variable('code', ''));

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('user/info'), true);

+

+ // Return the unique identifier returned from bitly

+ return $result['data']['login'];

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_token_auth()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('user/info'), true);

+

+ // Return the unique identifier returned from bitly

+ return $result['data']['login'];

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* OAuth service exception class

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_service_exception extends RuntimeException

+{

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* Facebook OAuth service

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_service_facebook extends phpbb_auth_provider_oauth_service_base

+{

+ /**

+ * phpBB config

+ *

+ * @var phpbb_config

+ */

+ protected $config;

+

+ /**

+ * phpBB request

+ *

+ * @var phpbb_request

+ */

+ protected $request;

+

+ /**

+ * Constructor

+ *

+ * @param phpbb_config $config

+ * @param phpbb_request $request

+ */

+ public function __construct(phpbb_config $config, phpbb_request $request)

+ {

+ $this->config = $config;

+ $this->request = $request;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_service_credentials()

+ {

+ return array(

+ 'key' => $this->config['auth_oauth_facebook_key'],

+ 'secret' => $this->config['auth_oauth_facebook_secret'],

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_auth_login()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // This was a callback request, get the token

+ $this->service_provider->requestAccessToken($this->request->variable('code', ''));

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('/me'), true);

+

+ // Return the unique identifier

+ return $result['id'];

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_token_auth()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('/me'), true);

+

+ // Return the unique identifier

+ return $result['id'];

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* Google OAuth service

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_service_google extends phpbb_auth_provider_oauth_service_base

+{

+ /**

+ * phpBB config

+ *

+ * @var phpbb_config

+ */

+ protected $config;

+

+ /**

+ * phpBB request

+ *

+ * @var phpbb_request

+ */

+ protected $request;

+

+ /**

+ * Constructor

+ *

+ * @param phpbb_config $config

+ * @param phpbb_request $request

+ */

+ public function __construct(phpbb_config $config, phpbb_request $request)

+ {

+ $this->config = $config;

+ $this->request = $request;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_auth_scope()

+ {

+ return array(

+ 'userinfo_email',

+ 'userinfo_profile',

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_service_credentials()

+ {

+ return array(

+ 'key' => $this->config['auth_oauth_google_key'],

+ 'secret' => $this->config['auth_oauth_google_secret'],

+ );

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_auth_login()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // This was a callback request, get the token

+ $this->service_provider->requestAccessToken($this->request->variable('code', ''));

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);

+

+ // Return the unique identifier

+ return $result['id'];

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function perform_token_auth()

+ {

+ if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))

+ {

+ throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');

+ }

+

+ // Send a request with it

+ $result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);

+

+ // Return the unique identifier

+ return $result['id'];

+ }

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+/**

+* OAuth service interface

+*

+* @package auth

+*/

+interface phpbb_auth_provider_oauth_service_interface

+{

+ /**

+ * Returns an array of the scopes necessary for auth

+ *

+ * @return array An array of the required scopes

+ */

+ public function get_auth_scope();

+

+ /**

+ * Returns the external library service provider once it has been set

+ *

+ * @param \OAuth\Common\Service\ServiceInterface|null

+ */

+ public function get_external_service_provider();

+

+ /**

+ * Returns an array containing the service credentials belonging to requested

+ * service.

+ *

+ * @return array An array containing the 'key' and the 'secret' of the

+ * service in the form:

+ * array(

+ * 'key' => string

+ * 'secret' => string

+ * )

+ */

+ public function get_service_credentials();

+

+ /**

+ * Returns the results of the authentication in json format

+ *

+ * @throws phpbb_auth_provider_oauth_service_exception

+ * @return string The unique identifier returned by the service provider

+ * that is used to authenticate the user with phpBB.

+ */

+ public function perform_auth_login();

+

+ /**

+ * Returns the results of the authentication in json format

+ * Use this function when the user already has an access token

+ *

+ * @throws phpbb_auth_provider_oauth_service_exception

+ * @return string The unique identifier returned by the service provider

+ * that is used to authenticate the user with phpBB.

+ */

+ public function perform_token_auth();

+

+ /**

+ * Sets the external library service provider

+ *

+ * @param \OAuth\Common\Service\ServiceInterface $service

+ */

+ public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider);

+}

+<?php

+/**

+*

+* @package auth

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2

+*

+*/

+

+/**

+* @ignore

+*/

+if (!defined('IN_PHPBB'))

+{

+ exit;

+}

+

+

+use OAuth\OAuth1\Token\StdOAuth1Token;

+use OAuth\Common\Token\TokenInterface;

+use OAuth\Common\Storage\TokenStorageInterface;

+use OAuth\Common\Storage\Exception\StorageException;

+use OAuth\Common\Storage\Exception\TokenNotFoundException;

+

+/**

+* OAuth storage wrapper for phpbb's cache

+*

+* @package auth

+*/

+class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface

+{

+ /**

+ * Cache driver.

+ *

+ * @var phpbb_db_driver

+ */

+ protected $db;

+

+ /**

+ * phpBB user

+ *

+ * @var phpbb_user

+ */

+ protected $user;

+

+ /**

+ * OAuth token table

+ *

+ * @var string

+ */

+ protected $auth_provider_oauth_table;

+

+ /**

+ * @var object|TokenInterface

+ */

+ protected $cachedToken;

+

+ /**

+ * Creates token storage for phpBB.

+ *

+ * @param phpbb_db_driver $db

+ * @param phpbb_user $user

+ * @param string $auth_provider_oauth_table

+ */

+ public function __construct(phpbb_db_driver $db, phpbb_user $user, $auth_provider_oauth_table)

+ {

+ $this->db = $db;

+ $this->user = $user;

+ $this->auth_provider_oauth_table = $auth_provider_oauth_table;

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function retrieveAccessToken($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ if ($this->cachedToken instanceOf TokenInterface)

+ {

+ return $this->cachedToken;

+ }

+

+ $data = array(

+ 'user_id' => (int) $this->user->data['user_id'],

+ 'provider' => $service,

+ );

+

+ if ((int) $this->user->data['user_id'] === ANONYMOUS)

+ {

+ $data['session_id'] = $this->user->data['session_id'];

+ }

+

+ return $this->_retrieve_access_token($data);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function storeAccessToken($service, TokenInterface $token)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ $this->cachedToken = $token;

+

+ $data = array(

+ 'user_id' => (int) $this->user->data['user_id'],

+ 'provider' => $service,

+ 'oauth_token' => $this->json_encode_token($token),

+ 'session_id' => $this->user->data['session_id'],

+ );

+

+ $sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . '

+ ' . $this->db->sql_build_array('INSERT', $data);

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function hasAccessToken($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ if ($this->cachedToken) {

+ return true;

+ }

+

+ $data = array(

+ 'user_id' => (int) $this->user->data['user_id'],

+ 'provider' => $service,

+ );

+

+ if ((int) $this->user->data['user_id'] === ANONYMOUS)

+ {

+ $data['session_id'] = $this->user->data['session_id'];

+ }

+

+ return $this->_has_acess_token($data);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function clearToken($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ $this->cachedToken = null;

+

+ $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '

+ WHERE user_id = ' . (int) $this->user->data['user_id'] . "

+ AND provider = '" . $this->db->sql_escape($service) . "'";

+

+ if ((int) $this->user->data['user_id'] === ANONYMOUS)

+ {

+ $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";

+ }

+

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * {@inheritdoc}

+ */

+ public function clearAllTokens()

+ {

+ $this->cachedToken = null;

+

+ $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '

+ WHERE user_id = ' . (int) $this->user->data['user_id'];

+

+ if ((int) $this->user->data['user_id'] === ANONYMOUS)

+ {

+ $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";

+ }

+

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * Updates the user_id field in the database assosciated with the token

+ *

+ * @param int $user_id

+ */

+ public function set_user_id($user_id)

+ {

+ if (!$this->cachedToken)

+ {

+ return;

+ }

+

+ $sql = 'UPDATE ' . $this->auth_provider_oauth_table . '

+ SET ' . $this->db->sql_build_array('UPDATE', array(

+ 'user_id' => (int) $user_id

+ )) . '

+ WHERE user_id = ' . (int) $this->user->data['user_id'] . "

+ AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * Checks to see if an access token exists solely by the session_id of the user

+ *

+ * @return bool true if they have token, false if they don't

+ */

+ public function has_access_token_by_session($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ if ($this->cachedToken)

+ {

+ return true;

+ }

+

+ $data = array(

+ 'session_id' => $this->user->data['session_id'],

+ 'provider' => $service,

+ );

+

+ return $this->_has_acess_token($data);

+ }

+

+ /**

+ * A helper function that performs the query for has access token functions

+ *

+ * @param array $data

+ * @return bool

+ */

+ protected function _has_acess_token($data)

+ {

+ return (bool) $this->get_access_token_row($data);

+ }

+

+ public function retrieve_access_token_by_session($service)

+ {

+ $service = $this->get_service_name_for_db($service);

+

+ if ($this->cachedToken instanceOf TokenInterface) {

+ return $this->cachedToken;

+ }

+

+ $data = array(

+ 'session_id' => $this->user->data['session_id'],

+ 'provider' => $service,

+ );

+

+ return $this->_retrieve_access_token($data);

+ }

+

+ /**

+ * A helper function that performs the query for retrieve access token functions

+ * Also checks if the token is a valid token

+ *

+ * @param array $data

+ * @return mixed

+ */

+ protected function _retrieve_access_token($data)

+ {

+ $row = $this->get_access_token_row($data);

+

+ if (!$row)

+ {

+ throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_NOT_STORED');

+ }

+

+ $token = $this->json_decode_token($row['oauth_token']);

+

+ // Ensure that the token was serialized/unserialized correctly

+ if (!($token instanceof TokenInterface))

+ {

+ $this->clearToken();

+ throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');

+ }

+

+ $this->cachedToken = $token;

+ return $token;

+ }

+

+ /**

+ * A helper function that performs the query for retrieving an access token

+ *

+ * @param array $data

+ * @return mixed

+ */

+ protected function get_access_token_row($data)

+ {

+ $sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . '

+ WHERE ' . $this->db->sql_build_array('SELECT', $data);

+ $result = $this->db->sql_query($sql);

+ $row = $this->db->sql_fetchrow($result);

+ $this->db->sql_freeresult($result);

+

+ return $row;

+ }

+

+ public function json_encode_token(TokenInterface $token)

+ {

+ $members = array(

+ 'accessToken' => $token->getAccessToken(),

+ 'endOfLife' => $token->getEndOfLife(),

+ 'extraParams' => $token->getExtraParams(),

+ 'refreshToken' => $token->getRefreshToken(),

+

+ 'token_class' => get_class($token),

+ );

+

+ // Handle additional data needed for OAuth1 tokens

+ if ($token instanceof StdOAuth1Token)

+ {

+ $members['requestToken'] = $token->getRequestToken();

+ $members['requestTokenSecret'] = $token->getRequestTokenSecret();

+ $members['accessTokenSecret'] = $token->getAccessTokenSecret();

+ }

+

+ return json_encode($members);

+ }

+

+ public function json_decode_token($json)

+ {

+ $token_data = json_decode($json, true);

+

+ if ($token_data === null)

+ {

+ throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');

+ }

+

+ $token_class = $token_data['token_class'];

+ $access_token = $token_data['accessToken'];

+ $refresh_token = $token_data['refreshToken'];

+ $endOfLife = $token_data['endOfLife'];

+ $extra_params = $token_data['extraParams'];

+

+ // Create the token

+ $token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params);

+ $token->setEndOfLife($endOfLife);

+

+ // Handle OAuth 1.0 specific elements

+ if ($token instanceof StdOAuth1Token)

+ {

+ $token->setRequestToken($token_data['requestToken']);

+ $token->setRequestTokenSecret($token_data['requestTokenSecret']);

+ $token->setAccessTokenSecret($token_data['accessTokenSecret']);

+ }

+

+ return $token;

+ }

+

+ /**

+ * Returns the name of the service as it must be stored in the database.

+ *

+ * @param string $service The name of the OAuth service

+ * @return string The name of the OAuth service as it needs to be stored

+ * in the database.

+ */

+ protected function get_service_name_for_db($service)

+ {

+ // Enforce the naming convention for oauth services

+ if (strpos($service, 'auth.provider.oauth.service.') !== 0)

+ {

+ $service = 'auth.provider.oauth.service.' . strtolower($service);

+ }

+

+ return $service;

+ }

+}

+<?php

+/**

+*

+* @package migration

+* @copyright (c) 2013 phpBB Group

+* @license http://opensource.org/licenses/gpl-license.php GNU Public License v2

+*

+*/

+

+class phpbb_db_migration_data_310_auth_provider_oauth extends phpbb_db_migration

+{

+ public function effectively_installed()

+ {

+ return $this->db_tools->sql_table_exists($this->table_prefix . 'auth_provider_oauth');

+ }

+

+ public function update_schema()

+ {

+ return array(

+ 'add_tables' => array(

+ $this->table_prefix . 'oauth_tokens' => array(

+ 'COLUMNS' => array(

+ 'user_id' => array('UINT', 0), // phpbb_users.user_id

+ 'session_id' => array('CHAR:32', ''), // phpbb_sessions.session_id used only when user_id not set

+ 'provider' => array('VCHAR', ''), // Name of the OAuth provider

+ 'oauth_token' => array('MTEXT', ''), // Serialized token

+ ),

+ 'KEYS' => array(

+ 'user_id' => array('INDEX', 'user_id'),

+ 'provider' => array('INDEX', 'provider'),

+ ),

+ ),

+ $this->table_prefix . 'oauth_accounts' => array(

+ 'COLUMNS' => array(

+ 'user_id' => array('UINT', 0),

+ 'provider' => array('VCHAR', ''),

+ 'oauth_provider_id' => array('TEXT_UNI', ''),

+ ),

+ 'PRIMARY_KEY' => array(

+ 'user_id',

+ 'provider',

+ ),

+ ),

+ ),

+ );

+ }

+

+ public function revert_schema()

+ {

+ return array(

+ 'drop_tables' => array(

+ $this->table_prefix . 'oauth_tokens',

+ $this->table_prefix . 'oauth_accounts',

+ ),

+ );

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('module.add', array(

+ 'ucp',

+ 'UCP_AUTH_LINK',

+ array(

+ 'module_basename' => 'ucp_auth_link',

+ 'modes' => array('auth_link'),

+ ),

+ )),

+ );

+ }

+}

+

+ /**

+ * Returns the original array of the requested super global

+ *

+ * @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global

+ * The super global which will be returned

+ *

+ * @return array The original array of the requested super global.

+ */

+ public function get_super_global($super_global = phpbb_request_interface::REQUEST);

+

+ /**

+ * {@inheritdoc}

+ */

+ public function get_super_global($super_global = phpbb_request_interface::REQUEST)

+ {

+ return $this->input[$super_global];

+ }