phpBB

Code Changes

File: phpbb/auth/provider/oauth/oauth.php

  Unmodified   Added   Modified   Removed
Line 61Line 61
	* @var string
*/
protected $auth_provider_oauth_token_storage_table;

	* @var string
*/
protected $auth_provider_oauth_token_storage_table;

 

/**
* OAuth state table
*
* @var string
*/
protected $auth_provider_oauth_state_table;


/**
* OAuth account association table


/**
* OAuth account association table

Line 96Line 103
	* @var \Symfony\Component\DependencyInjection\ContainerInterface
*/
protected $phpbb_container;

	* @var \Symfony\Component\DependencyInjection\ContainerInterface
*/
protected $phpbb_container;

 

/**
* phpBB event dispatcher
*
* @var \phpbb\event\dispatcher_interface
*/
protected $dispatcher;


/**
* phpBB root path


/**
* phpBB root path

Line 120Line 134
	* @param	\phpbb\request\request_interface	$request
* @param \phpbb\user $user
* @param string $auth_provider_oauth_token_storage_table

	* @param	\phpbb\request\request_interface	$request
* @param \phpbb\user $user
* @param string $auth_provider_oauth_token_storage_table

 
	* @param	string			$auth_provider_oauth_state_table

	* @param	string			$auth_provider_oauth_token_account_assoc
* @param \phpbb\di\service_collection $service_providers Contains \phpbb\auth\provider\oauth\service_interface
* @param string $users_table
* @param \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container DI container

	* @param	string			$auth_provider_oauth_token_account_assoc
* @param \phpbb\di\service_collection $service_providers Contains \phpbb\auth\provider\oauth\service_interface
* @param string $users_table
* @param \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container DI container

 
	* @param	\phpbb\event\dispatcher_interface $dispatcher phpBB event dispatcher

	* @param	string			$phpbb_root_path
* @param string $php_ext
*/

	* @param	string			$phpbb_root_path
* @param string $php_ext
*/

	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext)

	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request_interface $request, \phpbb\user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_state_table, $auth_provider_oauth_token_account_assoc, \phpbb\di\service_collection $service_providers, $users_table, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, \phpbb\event\dispatcher_interface $dispatcher, $phpbb_root_path, $php_ext)

	{
$this->db = $db;
$this->config = $config;

	{
$this->db = $db;
$this->config = $config;

Line 135Line 151
		$this->request = $request;
$this->user = $user;
$this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table;

		$this->request = $request;
$this->user = $user;
$this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table;

 
		$this->auth_provider_oauth_state_table = $auth_provider_oauth_state_table;

		$this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc;
$this->service_providers = $service_providers;
$this->users_table = $users_table;
$this->phpbb_container = $phpbb_container;

		$this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc;
$this->service_providers = $service_providers;
$this->users_table = $users_table;
$this->phpbb_container = $phpbb_container;

 
		$this->dispatcher = $dispatcher;

		$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}

		$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}

Line 188Line 206
		// Get the service credentials for the given service
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();


		// Get the service credentials for the given service
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();


		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);

		$query = 'mode=login&login=external&oauth_service=' . $service_name_original;
$service = $this->get_service($service_name_original, $storage, $service_credentials, $query, $this->service_providers[$service_name]->get_auth_scope());


		$query = 'mode=login&login=external&oauth_service=' . $service_name_original;
$service = $this->get_service($service_name_original, $storage, $service_credentials, $query, $this->service_providers[$service_name]->get_auth_scope());


		if ($this->request->is_set('code', \phpbb\request\request_interface::GET))


		if (($service::OAUTH_VERSION === 2 && $this->request->is_set('code', \phpbb\request\request_interface::GET))
|| ($service::OAUTH_VERSION === 1 && $this->request->is_set('oauth_token', \phpbb\request\request_interface::GET)))

		{
$this->service_providers[$service_name]->set_external_service_provider($service);
$unique_id = $this->service_providers[$service_name]->perform_auth_login();

		{
$this->service_providers[$service_name]->set_external_service_provider($service);
$unique_id = $this->service_providers[$service_name]->perform_auth_login();

Line 237Line 256

// Update token storage to store the user_id
$storage->set_user_id($row['user_id']);


// Update token storage to store the user_id
$storage->set_user_id($row['user_id']);

 

/**
* Event is triggered after user is successfuly logged in via OAuth.
*
* @event core.auth_oauth_login_after
* @var array row User row
* @since 3.1.11-RC1
*/
$vars = array(
'row',
);
extract($this->dispatcher->trigger_event('core.auth_oauth_login_after', compact($vars)));


// The user is now authenticated and can be logged in
return array(


// The user is now authenticated and can be logged in
return array(

Line 244Line 275
				'error_msg'		=> false,
'user_row' => $row,
);

				'error_msg'		=> false,
'user_row' => $row,
);

 
		}
else
{
if ($service::OAUTH_VERSION === 1)
{
$token = $service->requestRequestToken();
$url = $service->getAuthorizationUri(array('oauth_token' => $token->getRequestToken()));

		}
else
{
$url = $service->getAuthorizationUri();

		}
else
{
$url = $service->getAuthorizationUri();

 
			}

			header('Location: ' . $url);
}
}

			header('Location: ' . $url);
}
}

Line 271Line 310
		}

$uri_factory = new \OAuth\Common\Http\Uri\UriFactory();

		}

$uri_factory = new \OAuth\Common\Http\Uri\UriFactory();

		$current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(\phpbb\request\request_interface::SERVER));







		$super_globals = $this->request->get_super_global(\phpbb\request\request_interface::SERVER);
if (!empty($super_globals['HTTP_X_FORWARDED_PROTO']) && $super_globals['HTTP_X_FORWARDED_PROTO'] === 'https')
{
$super_globals['HTTPS'] = 'on';
$super_globals['SERVER_PORT'] = 443;
}
$current_uri = $uri_factory->createFromSuperGlobalArray($super_globals);

		$current_uri->setQuery($query);

$this->current_uri = $current_uri;

		$current_uri->setQuery($query);

$this->current_uri = $current_uri;

Line 456Line 501
	*/
protected function link_account_login_link(array $link_data, $service_name)
{

	*/
protected function link_account_login_link(array $link_data, $service_name)
{

		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);


// Check for an access token, they should have one
if (!$storage->has_access_token_by_session($service_name))


// Check for an access token, they should have one
if (!$storage->has_access_token_by_session($service_name))

Line 499Line 544
	*/
protected function link_account_auth_link(array $link_data, $service_name)
{

	*/
protected function link_account_auth_link(array $link_data, $service_name)
{

		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);

		$query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']);
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
$scopes = $this->service_providers[$service_name]->get_auth_scope();
$service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $query, $scopes);


		$query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']);
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
$scopes = $this->service_providers[$service_name]->get_auth_scope();
$service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $query, $scopes);


		if ($this->request->is_set('code', \phpbb\request\request_interface::GET))


		if (($service::OAUTH_VERSION === 2 && $this->request->is_set('code', \phpbb\request\request_interface::GET))
|| ($service::OAUTH_VERSION === 1 && $this->request->is_set('oauth_token', \phpbb\request\request_interface::GET)))

		{
$this->service_providers[$service_name]->set_external_service_provider($service);
$unique_id = $this->service_providers[$service_name]->perform_auth_login();

		{
$this->service_providers[$service_name]->set_external_service_provider($service);
$unique_id = $this->service_providers[$service_name]->perform_auth_login();

Line 518Line 564
			);

$this->link_account_perform_link($data);

			);

$this->link_account_perform_link($data);

 
		}
else
{
if ($service::OAUTH_VERSION === 1)
{
$token = $service->requestRequestToken();
$url = $service->getAuthorizationUri(array('oauth_token' => $token->getRequestToken()));

		}
else
{
$url = $service->getAuthorizationUri();

		}
else
{
$url = $service->getAuthorizationUri();

 
			}

			header('Location: ' . $url);
}
}

			header('Location: ' . $url);
}
}

Line 536Line 590
		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);

		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);

 

/**
* Event is triggered after user links account.
*
* @event core.auth_oauth_link_after
* @var array data User row
* @since 3.1.11-RC1
*/
$vars = array(
'data',
);
extract($this->dispatcher->trigger_event('core.auth_oauth_link_after', compact($vars)));

	}

/**

	}

/**

Line 544Line 610
	public function logout($data, $new_session)
{
// Clear all tokens belonging to the user

	public function logout($data, $new_session)
{
// Clear all tokens belonging to the user

		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);

		$storage->clearAllTokens();

return;

		$storage->clearAllTokens();

return;

Line 553Line 619
	/**
* {@inheritdoc}
*/

	/**
* {@inheritdoc}
*/

	public function get_auth_link_data()

	public function get_auth_link_data($user_id = 0)

	{
$block_vars = array();

// Get all external accounts tied to the current user
$data = array(

	{
$block_vars = array();

// Get all external accounts tied to the current user
$data = array(

			'user_id' => (int) $this->user->data['user_id'],

			'user_id' => ($user_id <= 0) ? (int) $this->user->data['user_id'] : (int) $user_id,

		);
$sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);

		);
$sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);

Line 615Line 681
		{
return 'LOGIN_LINK_MISSING_DATA';
}

		{
return 'LOGIN_LINK_MISSING_DATA';
}

 

// Remove user specified in $link_data if possible
$user_id = isset($link_data['user_id']) ? $link_data['user_id'] : $this->user->data['user_id'];


// Remove the link
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "
WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'


// Remove the link
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "
WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'

				AND user_id = " . (int) $this->user->data['user_id'];

				AND user_id = " . (int) $user_id;

		$this->db->sql_query($sql);

// Clear all tokens belonging to the user on this servce
$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);

		$this->db->sql_query($sql);

// Clear all tokens belonging to the user on this servce
$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);

		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);

		$storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table);

		$storage->clearToken($service_name);
}
}

		$storage->clearToken($service_name);
}
}