Uncaught exceptions
In the UCP you can link an OAuth provider with your phpBB account. After a successful link, the page refreshes and the link is now toggled for the link button. However, the URL in the address bar of the browser is also updated. Obviously this is needed to confirm the successful link. However, now when you refresh the page you get prompted with an uncaught exception from the OAuth provider.
This leads to the problem in general: uncaught exceptions. There are quite a few occurrences in the OAuth providers where exceptions are not caught. While almost all of those exceptions should really never occurre, it is still possible. They should be caught and a proper error message should be displayed. Or atleast something along the lines of the error messages for AJAX requests:
"Something went wrong when processing your OAuth request. Orignial error message:
$e->getMessage()".strtolower
A little back information:
Currently OAuth services in phpBB are registered through yaml as
auth.provider.oauth.service.google:.The last part, the part behind
auth.provider.oauth.service., is considered the "service name", for example google or github.Then that service name is turned into an OAuth service:
Code: Select all
$service = $this->get_service(strtolower($link_data['oauth_service']), ...);Code: Select all
$service_factory = new \OAuth\ServiceFactory();
$service = $service_factory->createService($service_name, ...);Code: Select all
private function getFullyQualifiedServiceName($serviceName, $type)
{
$serviceName = ucfirst($serviceName);
if (isset($this->serviceClassMap[$type][$serviceName])) {
return $this->serviceClassMap[$type][$serviceName];
}
return '\\OAuth\\' . $type . '\\Service\\' . $serviceName;
}google or github) is pulled through a strtolower, send to the ServiceFactory and there put through a ucfirst. This means, we will always end up with Google or Github. Unfortunately, the OAuth library uses PascalCase, meaning that files and services are registered as GitHub or SoundCloud, etc. And while on most localhosts this is not an issue as Windows and Apple have a case insensitive filesystem, webservers often do not. Linux is case sensitive. This means that the class OAuth\OAuth2\Services\Github is not found, while OAuth\OAuth2\Services\GitHub is.This is currently not an issue for the core as all services provided by phpBB only have the first letter capitalised: Bitly, Facebook, Google, Twitter. However, this makes extending it rather limited.
I think an easy solution would be, that OAuth services in phpBB have a function that will return the 'Service name', eg
Google or GitHub, and that is used through out. Instead of using the last part of the service declaration and putting it through a strtolower.Registering new services
Now this is purely an enhancement, but the ServiceFactory allows you to add custom classes, which are checked before creating the above mentioned class. We can provide an option where registering additional classes is possible aswell, to prevent extension authors having to use weird autoload files.
Miscellaneous
Server settings: Have not looked into this one yet, but listing it for completeness: PHPBB3-16008
Code style: The entire
oauth.php could do with some clean up.
