From b5544b2f471ce4c93b08d19919ab062725545ce8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gae=CC=88tan=20Muller?= Date: Sat, 3 Jan 2015 11:39:29 +0100 Subject: [ticket/13450] Type-hint return value of $phpbb_container->get() PHPBB3-13450 --- phpBB/phpbb/auth/auth.php | 1 + phpBB/phpbb/auth/provider/db.php | 1 + 2 files changed, 2 insertions(+) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php index b59f0e60ec..92c19fd5f7 100644 --- a/phpBB/phpbb/auth/auth.php +++ b/phpBB/phpbb/auth/auth.php @@ -929,6 +929,7 @@ class auth { global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; + /* @var $provider_collection \phpbb\auth\provider_collection */ $provider_collection = $phpbb_container->get('auth.provider_collection'); $provider = $provider_collection->get_provider(); diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index d8c5fb72de..1adf85ee05 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -155,6 +155,7 @@ class db extends \phpbb\auth\provider\base // Every auth module is able to define what to do by itself... if ($show_captcha) { + /* @var $captcha_factory \phpbb\captcha\factory */ $captcha_factory = $this->phpbb_container->get('captcha.factory'); $captcha = $captcha_factory->get_instance($this->config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); -- cgit v1.2.1 From 8ed59fb82a9381914a4ccce91c0c5fac44616556 Mon Sep 17 00:00:00 2001 From: Oliver Schramm Date: Fri, 23 Oct 2015 02:44:41 +0200 Subject: [ticket/14250] Change token_storage class to fit changed interface PHPBB3-14250 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 21 +- phpBB/phpbb/auth/provider/oauth/token_storage.php | 232 +++++++++++++++++++++- 2 files changed, 238 insertions(+), 15 deletions(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index be0fbf5831..bfeac2dd32 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -62,6 +62,13 @@ class oauth extends \phpbb\auth\provider\base */ protected $auth_provider_oauth_token_storage_table; + /** + * OAuth state table + * + * @var string + */ + protected $auth_provider_oauth_state_table; + /** * OAuth account association table * @@ -120,6 +127,7 @@ class oauth extends \phpbb\auth\provider\base * @param \phpbb\request\request_interface $request * @param \phpbb\user $user * @param string $auth_provider_oauth_token_storage_table + * @param string $auth_provider_oauth_state_table * @param string $auth_provider_oauth_token_account_assoc * @param \phpbb\di\service_collection $service_providers Contains \phpbb\auth\provider\oauth\service_interface * @param string $users_table @@ -127,7 +135,7 @@ class oauth extends \phpbb\auth\provider\base * @param string $phpbb_root_path * @param string $php_ext */ - public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_state_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext) { $this->db = $db; $this->config = $config; @@ -135,6 +143,7 @@ class oauth extends \phpbb\auth\provider\base $this->request = $request; $this->user = $user; $this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table; + $this->auth_provider_oauth_state_table = $auth_provider_oauth_state_table; $this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc; $this->service_providers = $service_providers; $this->users_table = $users_table; @@ -188,7 +197,7 @@ class oauth extends \phpbb\auth\provider\base // Get the service credentials for the given service $service_credentials = $this->service_providers[$service_name]->get_service_credentials(); - $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); + $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); $query = 'mode=login&login=external&oauth_service=' . $service_name_original; $service = $this->get_service($service_name_original, $storage, $service_credentials, $query, $this->service_providers[$service_name]->get_auth_scope()); @@ -456,7 +465,7 @@ class oauth extends \phpbb\auth\provider\base */ protected function link_account_login_link(array $link_data, $service_name) { - $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); + $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); // Check for an access token, they should have one if (!$storage->has_access_token_by_session($service_name)) @@ -499,7 +508,7 @@ class oauth extends \phpbb\auth\provider\base */ protected function link_account_auth_link(array $link_data, $service_name) { - $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); + $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); $query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']); $service_credentials = $this->service_providers[$service_name]->get_service_credentials(); $scopes = $this->service_providers[$service_name]->get_auth_scope(); @@ -544,7 +553,7 @@ class oauth extends \phpbb\auth\provider\base public function logout($data, $new_session) { // Clear all tokens belonging to the user - $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); + $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); $storage->clearAllTokens(); return; @@ -627,7 +636,7 @@ class oauth extends \phpbb\auth\provider\base // Clear all tokens belonging to the user on this servce $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']); - $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table); + $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); $storage->clearToken($service_name); } } diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php index 9b6afae255..e922342ef6 100644 --- a/phpBB/phpbb/auth/provider/oauth/token_storage.php +++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php @@ -17,6 +17,7 @@ use OAuth\OAuth1\Token\StdOAuth1Token; use OAuth\Common\Token\TokenInterface; use OAuth\Common\Storage\TokenStorageInterface; use OAuth\Common\Storage\Exception\TokenNotFoundException; +use OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException; /** * OAuth storage wrapper for phpbb's cache @@ -42,25 +43,39 @@ class token_storage implements TokenStorageInterface * * @var string */ - protected $auth_provider_oauth_table; + protected $oauth_token_table; + + /** + * OAuth state table + * + * @var string + */ + protected $oauth_state_table; /** * @var object|TokenInterface */ protected $cachedToken; + /** + * @var string + */ + protected $cachedState; + /** * Creates token storage for phpBB. * * @param \phpbb\db\driver\driver_interface $db * @param \phpbb\user $user - * @param string $auth_provider_oauth_table + * @param string $oauth_token_table + * @param string $oauth_state_table */ - public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $auth_provider_oauth_table) + public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $oauth_token_table, $oauth_state_table) { $this->db = $db; $this->user = $user; - $this->auth_provider_oauth_table = $auth_provider_oauth_table; + $this->oauth_token_table = $oauth_token_table; + $this->oauth_state_table = $oauth_state_table; } /** @@ -104,9 +119,11 @@ class token_storage implements TokenStorageInterface 'session_id' => $this->user->data['session_id'], ); - $sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . ' + $sql = 'INSERT INTO ' . $this->oauth_token_table . ' ' . $this->db->sql_build_array('INSERT', $data); $this->db->sql_query($sql); + + return $this; } /** @@ -143,7 +160,7 @@ class token_storage implements TokenStorageInterface $this->cachedToken = null; - $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' + $sql = 'DELETE FROM ' . $this->oauth_token_table . ' WHERE user_id = ' . (int) $this->user->data['user_id'] . " AND provider = '" . $this->db->sql_escape($service) . "'"; @@ -153,6 +170,8 @@ class token_storage implements TokenStorageInterface } $this->db->sql_query($sql); + + return $this; } /** @@ -162,7 +181,123 @@ class token_storage implements TokenStorageInterface { $this->cachedToken = null; - $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' + $sql = 'DELETE FROM ' . $this->oauth_token_table . ' + WHERE user_id = ' . (int) $this->user->data['user_id']; + + if ((int) $this->user->data['user_id'] === ANONYMOUS) + { + $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; + } + + $this->db->sql_query($sql); + + return $this; + } + + /** + * {@inheritdoc} + */ + public function storeAuthorizationState($service, $state) + { + $service = $this->get_service_name_for_db($service); + + $this->cachedState = $state; + + $data = array( + 'user_id' => (int) $this->user->data['user_id'], + 'provider' => $service, + 'oauth_state' => $state, + 'session_id' => $this->user->data['session_id'], + ); + + $sql = 'INSERT INTO ' . $this->oauth_state_table . ' + ' . $this->db->sql_build_array('INSERT', $data); + $this->db->sql_query($sql); + + return $this; + } + + /** + * {@inheritdoc} + */ + public function hasAuthorizationState($service) + { + $service = $this->get_service_name_for_db($service); + + if ($this->cachedState) + { + return true; + } + + $data = array( + 'user_id' => (int) $this->user->data['user_id'], + 'provider' => $service, + ); + + if ((int) $this->user->data['user_id'] === ANONYMOUS) + { + $data['session_id'] = $this->user->data['session_id']; + } + + return (bool) $this->get_state_row($data); + } + + /** + * {@inheritdoc} + */ + public function retrieveAuthorizationState($service) + { + $service = $this->get_service_name_for_db($service); + + if ($this->cachedState) + { + return $this->cachedState; + } + + $data = array( + 'user_id' => (int) $this->user->data['user_id'], + 'provider' => $service, + ); + + if ((int) $this->user->data['user_id'] === ANONYMOUS) + { + $data['session_id'] = $this->user->data['session_id']; + } + + return $this->get_state_row($data); + } + + /** + * {@inheritdoc} + */ + public function clearAuthorizationState($service) + { + $service = $this->get_service_name_for_db($service); + + $this->cachedState = null; + + $sql = 'DELETE FROM ' . $this->oauth_state_table . ' + WHERE user_id = ' . (int) $this->user->data['user_id'] . " + AND provider = '" . $this->db->sql_escape($service) . "'"; + + if ((int) $this->user->data['user_id'] === ANONYMOUS) + { + $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; + } + + $this->db->sql_query($sql); + + return $this; + } + + /** + * {@inheritdoc} + */ + public function clearAllAuthorizationStates() + { + $this->cachedState = null; + + $sql = 'DELETE FROM ' . $this->oauth_state_table . ' WHERE user_id = ' . (int) $this->user->data['user_id']; if ((int) $this->user->data['user_id'] === ANONYMOUS) @@ -171,6 +306,8 @@ class token_storage implements TokenStorageInterface } $this->db->sql_query($sql); + + return $this; } /** @@ -185,7 +322,7 @@ class token_storage implements TokenStorageInterface return; } - $sql = 'UPDATE ' . $this->auth_provider_oauth_table . ' + $sql = 'UPDATE ' . $this->oauth_token_table . ' SET ' . $this->db->sql_build_array('UPDATE', array( 'user_id' => (int) $user_id )) . ' @@ -217,6 +354,29 @@ class token_storage implements TokenStorageInterface return $this->_has_acess_token($data); } + /** + * Checks to see if a state exists solely by the session_id of the user + * + * @param string $service The name of the OAuth service + * @return bool true if they have state, false if they don't + */ + public function has_state_by_session($service) + { + $service = $this->get_service_name_for_db($service); + + if ($this->cachedState) + { + return true; + } + + $data = array( + 'session_id' => $this->user->data['session_id'], + 'provider' => $service, + ); + + return (bool) $this->get_state_row($data); + } + /** * A helper function that performs the query for has access token functions * @@ -245,6 +405,23 @@ class token_storage implements TokenStorageInterface return $this->_retrieve_access_token($data); } + public function retrieve_state_by_session($service) + { + $service = $this->get_service_name_for_db($service); + + if ($this->cachedState) + { + return $this->cachedState; + } + + $data = array( + 'session_id' => $this->user->data['session_id'], + 'provider' => $service, + ); + + return $this->_retrieve_state($data); + } + /** * A helper function that performs the query for retrieve access token functions * Also checks if the token is a valid token @@ -275,6 +452,26 @@ class token_storage implements TokenStorageInterface return $token; } + /** + * A helper function that performs the query for retrieve state functions + * + * @param array $data + * @return mixed + * @throws \OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException + */ + protected function _retrieve_state($data) + { + $row = $this->get_state_row($data); + + if (!$row) + { + throw new AuthorizationStateNotFoundException(); + } + + $this->cachedState = $row['oauth_state']; + return $this->cachedState; + } + /** * A helper function that performs the query for retrieving an access token * @@ -283,7 +480,24 @@ class token_storage implements TokenStorageInterface */ protected function get_access_token_row($data) { - $sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . ' + $sql = 'SELECT oauth_token FROM ' . $this->oauth_token_table . ' + WHERE ' . $this->db->sql_build_array('SELECT', $data); + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + return $row; + } + + /** + * A helper function that performs the query for retrieving a state + * + * @param array $data + * @return mixed + */ + protected function get_state_row($data) + { + $sql = 'SELECT oauth_state FROM ' . $this->oauth_state_table . ' WHERE ' . $this->db->sql_build_array('SELECT', $data); $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); -- cgit v1.2.1 From 33d1d19f9775242a260adbb33b0bfa4b5324dedf Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Sun, 22 May 2016 15:05:49 +0200 Subject: [ticket/14586] Add OAuth1 support PHPBB3-14586 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 26 +++++- .../phpbb/auth/provider/oauth/service/twitter.php | 102 +++++++++++++++++++++ phpBB/phpbb/auth/provider/oauth/token_storage.php | 24 ++++- 3 files changed, 143 insertions(+), 9 deletions(-) create mode 100644 phpBB/phpbb/auth/provider/oauth/service/twitter.php (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index dd7736db4e..04729d8453 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -201,7 +201,8 @@ class oauth extends \phpbb\auth\provider\base $query = 'mode=login&login=external&oauth_service=' . $service_name_original; $service = $this->get_service($service_name_original, $storage, $service_credentials, $query, $this->service_providers[$service_name]->get_auth_scope()); - if ($this->request->is_set('code', \phpbb\request\request_interface::GET)) + if (($service::OAUTH_VERSION === 2 && $this->request->is_set('code', \phpbb\request\request_interface::GET)) + || ($service::OAUTH_VERSION === 1 && $this->request->is_set('oauth_token', \phpbb\request\request_interface::GET))) { $this->service_providers[$service_name]->set_external_service_provider($service); $unique_id = $this->service_providers[$service_name]->perform_auth_login(); @@ -256,7 +257,15 @@ class oauth extends \phpbb\auth\provider\base } else { - $url = $service->getAuthorizationUri(); + if ($service::OAUTH_VERSION === 1) + { + $token = $service->requestRequestToken(); + $url = $service->getAuthorizationUri(array('oauth_token' => $token->getRequestToken())); + } + else + { + $url = $service->getAuthorizationUri(); + } header('Location: ' . $url); } } @@ -520,7 +529,8 @@ class oauth extends \phpbb\auth\provider\base $scopes = $this->service_providers[$service_name]->get_auth_scope(); $service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $query, $scopes); - if ($this->request->is_set('code', \phpbb\request\request_interface::GET)) + if (($service::OAUTH_VERSION === 2 && $this->request->is_set('code', \phpbb\request\request_interface::GET)) + || ($service::OAUTH_VERSION === 1 && $this->request->is_set('oauth_token', \phpbb\request\request_interface::GET))) { $this->service_providers[$service_name]->set_external_service_provider($service); $unique_id = $this->service_providers[$service_name]->perform_auth_login(); @@ -536,7 +546,15 @@ class oauth extends \phpbb\auth\provider\base } else { - $url = $service->getAuthorizationUri(); + if ($service::OAUTH_VERSION === 1) + { + $token = $service->requestRequestToken(); + $url = $service->getAuthorizationUri(array('oauth_token' => $token->getRequestToken())); + } + else + { + $url = $service->getAuthorizationUri(); + } header('Location: ' . $url); } } diff --git a/phpBB/phpbb/auth/provider/oauth/service/twitter.php b/phpBB/phpbb/auth/provider/oauth/service/twitter.php new file mode 100644 index 0000000000..06beac51e2 --- /dev/null +++ b/phpBB/phpbb/auth/provider/oauth/service/twitter.php @@ -0,0 +1,102 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\auth\provider\oauth\service; + +/** +* Twitter OAuth service +*/ +class twitter extends \phpbb\auth\provider\oauth\service\base +{ + /** + * phpBB config + * + * @var \phpbb\config\config + */ + protected $config; + + /** + * phpBB request + * + * @var \phpbb\request\request_interface + */ + protected $request; + + /** + * Constructor + * + * @param \phpbb\config\config $config + * @param \phpbb\request\request_interface $request + */ + public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request) + { + $this->config = $config; + $this->request = $request; + } + + /** + * {@inheritdoc} + */ + public function get_service_credentials() + { + return array( + 'key' => $this->config['auth_oauth_twitter_key'], + 'secret' => $this->config['auth_oauth_twitter_secret'], + ); + } + + /** + * {@inheritdoc} + */ + public function perform_auth_login() + { + if (!($this->service_provider instanceof \OAuth\OAuth1\Service\Twitter)) + { + throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE'); + } + + $storage = $this->service_provider->getStorage(); + $token = $storage->retrieveAccessToken('Twitter'); + $tokensecret = $token->getRequestTokenSecret(); + + // This was a callback request from twitter, get the token + $this->service_provider->requestAccessToken( + $this->request->variable('oauth_token', ''), + $this->request->variable('oauth_verifier', ''), + $tokensecret + ); + + // Send a request with it + $result = json_decode($this->service_provider->request('account/verify_credentials.json'), true); + + // Return the unique identifier returned from twitter + return $result['id']; + } + + /** + * {@inheritdoc} + */ + public function perform_token_auth() + { + if (!($this->service_provider instanceof \OAuth\OAuth1\Service\Twitter)) + { + throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE'); + } + + // Send a request with it + $result = json_decode($this->service_provider->request('account/verify_credentials.json'), true); + + // Return the unique identifier returned from twitter + return $result['id']; + } +} diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php index e922342ef6..b0c2fd0d62 100644 --- a/phpBB/phpbb/auth/provider/oauth/token_storage.php +++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php @@ -113,16 +113,30 @@ class token_storage implements TokenStorageInterface $this->cachedToken = $token; $data = array( - 'user_id' => (int) $this->user->data['user_id'], - 'provider' => $service, 'oauth_token' => $this->json_encode_token($token), - 'session_id' => $this->user->data['session_id'], ); - $sql = 'INSERT INTO ' . $this->oauth_token_table . ' - ' . $this->db->sql_build_array('INSERT', $data); + $sql = 'UPDATE ' . $this->oauth_token_table . ' + SET ' . $this->db->sql_build_array('UPDATE', $data) . ' + WHERE user_id = ' . (int) $this->user->data['user_id'] . ' + ' . ((int) $this->user->data['user_id'] === ANONYMOUS ? "AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'" : '') . " + AND provider = '" . $this->db->sql_escape($service) . "'"; $this->db->sql_query($sql); + if (!$this->db->sql_affectedrows()) + { + $data = array( + 'user_id' => (int) $this->user->data['user_id'], + 'provider' => $service, + 'oauth_token' => $this->json_encode_token($token), + 'session_id' => $this->user->data['session_id'], + ); + + $sql = 'INSERT INTO ' . $this->oauth_token_table . $this->db->sql_build_array('INSERT', $data); + + $this->db->sql_query($sql); + } + return $this; } -- cgit v1.2.1 From f8fbe3793680af1dae2db2829cfc84068831c52f Mon Sep 17 00:00:00 2001 From: rxu Date: Wed, 28 Jun 2017 00:58:03 +0700 Subject: [ticket/14972] replace all occurrences of sizeof() with the count() PHPBB3-14972 --- phpBB/phpbb/auth/auth.php | 10 +++++----- phpBB/phpbb/auth/provider/ldap.php | 4 ++-- phpBB/phpbb/auth/provider/oauth/oauth.php | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php index dbd83f1eb0..f46a21a8ae 100644 --- a/phpBB/phpbb/auth/auth.php +++ b/phpBB/phpbb/auth/auth.php @@ -72,8 +72,8 @@ class auth // Verify bitstring length with options provided... $renew = false; - $global_length = sizeof($this->acl_options['global']); - $local_length = sizeof($this->acl_options['local']); + $global_length = count($this->acl_options['global']); + $local_length = count($this->acl_options['local']); // Specify comparing length (bitstring is padded to 31 bits) $global_length = ($global_length % 31) ? ($global_length - ($global_length % 31) + 31) : $global_length; @@ -236,7 +236,7 @@ class auth $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE; - if (sizeof($this->acl)) + if (count($this->acl)) { $sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true); } @@ -278,7 +278,7 @@ class auth } // If we get forum_ids not having this permission, we need to fill the remaining parts - if ($negate && sizeof($this->acl_forum_ids)) + if ($negate && count($this->acl_forum_ids)) { foreach ($this->acl_forum_ids as $f) { @@ -455,7 +455,7 @@ class auth { $hold_str = ''; - if (sizeof($hold_ary)) + if (count($hold_ary)) { ksort($hold_ary); diff --git a/phpBB/phpbb/auth/provider/ldap.php b/phpBB/phpbb/auth/provider/ldap.php index c48b771ab0..0789a6234d 100644 --- a/phpBB/phpbb/auth/provider/ldap.php +++ b/phpBB/phpbb/auth/provider/ldap.php @@ -99,7 +99,7 @@ class ldap extends \phpbb\auth\provider\base @ldap_close($ldap); - if (!is_array($result) || sizeof($result) < 2) + if (!is_array($result) || count($result) < 2) { return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']); } @@ -192,7 +192,7 @@ class ldap extends \phpbb\auth\provider\base $ldap_result = @ldap_get_entries($ldap, $search); - if (is_array($ldap_result) && sizeof($ldap_result) > 1) + if (is_array($ldap_result) && count($ldap_result) > 1) { if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) { diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index fdc5f57df0..5587e69d3c 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -635,7 +635,7 @@ class oauth extends \phpbb\auth\provider\base $oauth_user_ids = array(); - if ($rows !== false && sizeof($rows)) + if ($rows !== false && count($rows)) { foreach ($rows as $row) { -- cgit v1.2.1 From 82adb1f4f54fa6d1ab299186956c046b20f7f195 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Tue, 23 Jan 2018 11:08:46 +0100 Subject: [ticket/15398] Add core.oauth_login_after_check_if_provider_id_has_match PHPBB3-15398 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 5587e69d3c..8809a0c6b4 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -227,6 +227,22 @@ class oauth extends \phpbb\auth\provider\base $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); + /** + * Event is triggered before check if provider is already associated with an account + * + * @event core.oauth_login_after_check_if_provider_id_has_match + * @var array row User row + * @var array data Provider data + * @var \OAuth\Common\Service\ServiceInterface service OAuth service + * @since 3.2.3-RC1 + */ + $vars = array( + 'row', + 'data', + 'service', + ); + extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars))); + if (!$row) { // The user does not yet exist, ask to link or create profile -- cgit v1.2.1 From ca7d63d4d76c19125dbbfb53066b77c6149d6dad Mon Sep 17 00:00:00 2001 From: 3D-I Date: Mon, 25 Mar 2019 15:37:48 +0100 Subject: [ticket/16001] Append data to the OAuth's redirect URL PHPBB3-16001 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 8809a0c6b4..73cca3961a 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -221,24 +221,33 @@ class oauth extends \phpbb\auth\provider\base 'provider' => $service_name_original, 'oauth_provider_id' => $unique_id ); + $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' WHERE ' . $this->db->sql_build_array('SELECT', $data); $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); + $redirect_data = array( + 'auth_provider' => 'oauth', + 'login_link_oauth_service' => $service_name_original, + ); + /** * Event is triggered before check if provider is already associated with an account * * @event core.oauth_login_after_check_if_provider_id_has_match - * @var array row User row - * @var array data Provider data - * @var \OAuth\Common\Service\ServiceInterface service OAuth service + * @var array row User row + * @var array data Provider data + * @var array redirect_data Data to be appended to the redirect url + * @var \OAuth\Common\Service\ServiceInterface service OAuth service * @since 3.2.3-RC1 + * @changed 3.2.6-RC1 Added redirect_data */ $vars = array( 'row', 'data', + 'redirect_data', 'service', ); extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars))); @@ -250,10 +259,7 @@ class oauth extends \phpbb\auth\provider\base 'status' => LOGIN_SUCCESS_LINK_PROFILE, 'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED', 'user_row' => array(), - 'redirect_data' => array( - 'auth_provider' => 'oauth', - 'login_link_oauth_service' => $service_name_original, - ), + 'redirect_data' => $redirect_data, ); } -- cgit v1.2.1 From af994e7a390eea1125d63a6d0e2ef7b945549669 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Tue, 2 Apr 2019 10:59:36 +0200 Subject: [ticket/16006] Create unique ID's for OAuth (un)linking PHPBB3-16006 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 8809a0c6b4..3e9b424e8d 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -674,6 +674,7 @@ class oauth extends \phpbb\auth\provider\base 'oauth_service' => $actual_name, ), + 'SERVICE_ID' => $actual_name, 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)], 'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null, ); -- cgit v1.2.1 From 68434e6dbc1b87f2bacb246b463d86ebc157473f Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Tue, 2 Apr 2019 15:12:52 +0200 Subject: [ticket/16007] Show ban message for OAuth login PHPBB3-16007 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 8809a0c6b4..28fa7a6be4 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -191,7 +191,7 @@ class oauth extends \phpbb\auth\provider\base return $provider->login($username, $password); } - // Requst the name of the OAuth service + // Request the name of the OAuth service $service_name_original = $this->request->variable('oauth_service', '', false); $service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original); if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers)) @@ -270,11 +270,36 @@ class oauth extends \phpbb\auth\provider\base throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'); } + /** + * Check if the user is banned. + * The fourth parameter, return, has to be true, + * otherwise the OAuth login is still called and + * an uncaught exception is thrown as there is no + * token stored in the database. + */ + $ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true); + if ($ban !== false) + { + $till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : ''; + $message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; + + $contact_link = phpbb_get_board_contact_link($this->config, $this->phpbb_root_path, $this->php_ext); + $message = $this->user->lang($message, $till_date, '', ''); + $message .= !empty($ban['ban_give_reason']) ? '

' . $this->user->lang('BOARD_BAN_REASON', $ban['ban_give_reason']) : ''; + $message .= !empty($ban['ban_triggered_by']) ? '

' . $this->user->lang('BAN_TRIGGERED_BY_' . strtoupper($ban['ban_triggered_by'])) . '' : ''; + + return array( + 'status' => LOGIN_BREAK, + 'error_msg' => $message, + 'user_row' => $row, + ); + } + // Update token storage to store the user_id $storage->set_user_id($row['user_id']); /** - * Event is triggered after user is successfuly logged in via OAuth. + * Event is triggered after user is successfully logged in via OAuth. * * @event core.auth_oauth_login_after * @var array row User row @@ -707,7 +732,7 @@ class oauth extends \phpbb\auth\provider\base AND user_id = " . (int) $user_id; $this->db->sql_query($sql); - // Clear all tokens belonging to the user on this servce + // Clear all tokens belonging to the user on this service $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']); $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); $storage->clearToken($service_name); -- cgit v1.2.1 From fc625387332c50bc92253a1822ad0607594af736 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Tue, 2 Apr 2019 17:25:00 +0200 Subject: [ticket/16007] No strict comparison against "false" PHPBB3-16007 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 28fa7a6be4..f3dfd07ae8 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -278,7 +278,7 @@ class oauth extends \phpbb\auth\provider\base * token stored in the database. */ $ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true); - if ($ban !== false) + if (!empty($ban)) { $till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : ''; $message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; -- cgit v1.2.1 From 72be8e08705fa103adc6482af9712077cdceb8cc Mon Sep 17 00:00:00 2001 From: 3D-I Date: Thu, 16 May 2019 21:53:20 +0200 Subject: [ticket/16055] Fix Oauth's redirects Via forum, memberlist, topic or post etc.. PHPBB3-16055 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 93419d2915..5e8cb3dea8 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -423,7 +423,7 @@ class oauth extends \phpbb\auth\provider\base if ($credentials['key'] && $credentials['secret']) { $actual_name = str_replace('auth.provider.oauth.service.', '', $service_name); - $redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name; + $redirect_url = generate_board_url() . '/ucp.' . $this->php_ext . '?mode=login&login=external&oauth_service=' . $actual_name; $login_data['BLOCK_VARS'][$service_name] = array( 'REDIRECT_URL' => redirect($redirect_url, true), 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)], -- cgit v1.2.1 From bba9de8c9cdcb612936e165150e1440c188c8d3e Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Thu, 23 May 2019 09:14:45 +0200 Subject: [ticket/16065] Add user_ip to SQL query PHPBB3-16065 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 93419d2915..b16e74ad34 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -264,7 +264,7 @@ class oauth extends \phpbb\auth\provider\base } // Retrieve the user's account - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_ip, user_type, user_login_attempts FROM ' . $this->users_table . ' WHERE user_id = ' . (int) $row['user_id']; $result = $this->db->sql_query($sql); -- cgit v1.2.1 From c01e604998a42ebf7ee6fb3f81db6599157cc9d9 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Fri, 24 May 2019 14:43:10 +0200 Subject: [ticket/16068] Adjust DocBlock @param's PHPBB3-16068 --- phpBB/phpbb/auth/provider/provider_interface.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/provider_interface.php b/phpBB/phpbb/auth/provider/provider_interface.php index 35e0f559a1..463324ff46 100644 --- a/phpBB/phpbb/auth/provider/provider_interface.php +++ b/phpBB/phpbb/auth/provider/provider_interface.php @@ -71,9 +71,10 @@ interface provider_interface * options with whatever configuraton values are passed to it as an array. * It then returns the name of the acp file related to this authentication * provider. - * @param array $new_config Contains the new configuration values that - * have been set in acp_board. - * @return array|null Returns null if not implemented or an array with + * + * @param \phpbb\config\config $new_config Contains the new configuration values + * that have been set in acp_board. + * @return array|null Returns null if not implemented or an array with * the template file name and an array of the vars * that the template needs that must conform to the * following example: -- cgit v1.2.1 From ecb39bc435946afc930ef68c86bb5ec441e9e3c0 Mon Sep 17 00:00:00 2001 From: rubencm Date: Wed, 14 Aug 2019 06:48:11 +0000 Subject: [ticket/13175] Check if account is already linked when using OAuth PHPBB3-13175 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 1a3083d42e..0d94acfbca 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -634,6 +634,21 @@ class oauth extends \phpbb\auth\provider\base */ protected function link_account_perform_link(array $data) { + // Check if the external account is already associated with other user + $sql = 'SELECT user_id + FROM ' . $this->auth_provider_oauth_token_account_assoc . " + WHERE provider = '" . $this->db->sql_escape($data['provider']) . "' + AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + if ($row) + { + trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'); + } + + // Link account $sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . ' ' . $this->db->sql_build_array('INSERT', $data); $this->db->sql_query($sql); -- cgit v1.2.1 From 1f669a31a08a817c5614386658d01f8827bb4372 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Tue, 8 Oct 2019 20:12:24 +0200 Subject: [ticket/16181] Enforce string data type PHPBB3-16181 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 0d94acfbca..8352fb649d 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base $this->service_providers[$service_name]->set_external_service_provider($service); $unique_id = $this->service_providers[$service_name]->perform_auth_login(); - // Check to see if this provider is already assosciated with an account + /** + * Check to see if this provider is already assosciated with an account. + * + * Enforcing a data type to make sure it are strings and not integers, + * so values are quoted in the SQL WHERE statement. + */ $data = array( - 'provider' => $service_name_original, - 'oauth_provider_id' => $unique_id + 'provider' => (string) $service_name_original, + 'oauth_provider_id' => (string) $unique_id ); $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' -- cgit v1.2.1 From 29957a92ef14a368a1a53a9620955f34eb8536f8 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Tue, 8 Oct 2019 20:19:46 +0200 Subject: [ticket/16181] Fix spelling mistake in associated PHPBB3-16181 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 8352fb649d..1609128b92 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -217,7 +217,7 @@ class oauth extends \phpbb\auth\provider\base $unique_id = $this->service_providers[$service_name]->perform_auth_login(); /** - * Check to see if this provider is already assosciated with an account. + * Check to see if this provider is already associated with an account. * * Enforcing a data type to make sure it are strings and not integers, * so values are quoted in the SQL WHERE statement. -- cgit v1.2.1 From ebdb38857c5409e63853cd4d24906f18cb64267d Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 20 Oct 2019 20:54:39 +0200 Subject: [ticket/16181] Fix typo in comment PHPBB3-16181 --- phpBB/phpbb/auth/provider/oauth/oauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/auth') diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 1609128b92..e3f8394bba 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -219,7 +219,7 @@ class oauth extends \phpbb\auth\provider\base /** * Check to see if this provider is already associated with an account. * - * Enforcing a data type to make sure it are strings and not integers, + * Enforcing a data type to make data contains strings and not integers, * so values are quoted in the SQL WHERE statement. */ $data = array( -- cgit v1.2.1