phpBB

Code Changes

File: phpbb/auth/provider/oauth/token_storage.php

  Unmodified   Added   Modified   Removed
Line 12Line 12
*/

namespace phpbb\auth\provider\oauth;

*/

namespace phpbb\auth\provider\oauth;



 

use OAuth\OAuth1\Token\StdOAuth1Token;
use OAuth\Common\Token\TokenInterface;
use OAuth\Common\Storage\TokenStorageInterface;
use OAuth\Common\Storage\Exception\TokenNotFoundException;


use OAuth\OAuth1\Token\StdOAuth1Token;
use OAuth\Common\Token\TokenInterface;
use OAuth\Common\Storage\TokenStorageInterface;
use OAuth\Common\Storage\Exception\TokenNotFoundException;

 
use OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException;


/**
* OAuth storage wrapper for phpbb's cache


/**
* OAuth storage wrapper for phpbb's cache

Line 43Line 43
	*
* @var string
*/

	*
* @var string
*/

	protected $auth_provider_oauth_table;








	protected $oauth_token_table;

/**
* OAuth state table
*
* @var string
*/
protected $oauth_state_table;


/**
* @var object|TokenInterface
*/
protected $cachedToken;


/**
* @var object|TokenInterface
*/
protected $cachedToken;

 

/**
* @var string
*/
protected $cachedState;


/**
* Creates token storage for phpBB.
*
* @param \phpbb\db\driver\driver_interface $db
* @param \phpbb\user $user


/**
* Creates token storage for phpBB.
*
* @param \phpbb\db\driver\driver_interface $db
* @param \phpbb\user $user

	* @param	string			$auth_provider_oauth_table


	* @param	string			$oauth_token_table
* @param string $oauth_state_table

	*/

	*/

	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $auth_provider_oauth_table)

	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $oauth_token_table, $oauth_state_table)

	{
$this->db = $db;
$this->user = $user;

	{
$this->db = $db;
$this->user = $user;

		$this->auth_provider_oauth_table = $auth_provider_oauth_table;


		$this->oauth_token_table = $oauth_token_table;
$this->oauth_state_table = $oauth_state_table;

	}

/**

	}

/**

Line 98Line 112

$this->cachedToken = $token;



$this->cachedToken = $token;


 
		$data = array(
'oauth_token' => $this->json_encode_token($token),
);

$sql = 'UPDATE ' . $this->oauth_token_table . '
SET ' . $this->db->sql_build_array('UPDATE', $data) . '
WHERE user_id = ' . (int) $this->user->data['user_id'] . '
' . ((int) $this->user->data['user_id'] === ANONYMOUS ? "AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'" : '') . "
AND provider = '" . $this->db->sql_escape($service) . "'";
$this->db->sql_query($sql);

if (!$this->db->sql_affectedrows())
{

		$data = array(
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,

		$data = array(
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,

Line 105Line 132
			'session_id'	=> $this->user->data['session_id'],
);


			'session_id'	=> $this->user->data['session_id'],
);


		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . '
' . $this->db->sql_build_array('INSERT', $data);

			$sql = 'INSERT INTO ' . $this->oauth_token_table . $this->db->sql_build_array('INSERT', $data);


		$this->db->sql_query($sql);

		$this->db->sql_query($sql);

 
		}

return $this;

	}

/**

	}

/**

Line 117Line 147
	{
$service = $this->get_service_name_for_db($service);


	{
$service = $this->get_service_name_for_db($service);


		if ($this->cachedToken) {


		if ($this->cachedToken)
{

			return true;
}


			return true;
}


Line 143Line 174

$this->cachedToken = null;



$this->cachedToken = null;


		$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '

		$sql = 'DELETE FROM ' . $this->oauth_token_table . '

			WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND provider = '" . $this->db->sql_escape($service) . "'";


			WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND provider = '" . $this->db->sql_escape($service) . "'";


Line 153Line 184
		}

$this->db->sql_query($sql);

		}

$this->db->sql_query($sql);

 

return $this;

	}

/**

	}

/**

Line 162Line 195
	{
$this->cachedToken = null;


	{
$this->cachedToken = null;


		$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '

		$sql = 'DELETE FROM ' . $this->oauth_token_table . '

			WHERE user_id = ' . (int) $this->user->data['user_id'];

if ((int) $this->user->data['user_id'] === ANONYMOUS)

			WHERE user_id = ' . (int) $this->user->data['user_id'];

if ((int) $this->user->data['user_id'] === ANONYMOUS)

Line 171Line 204
		}

$this->db->sql_query($sql);

		}

$this->db->sql_query($sql);

 

return $this;
}

/**
* {@inheritdoc}
*/
public function storeAuthorizationState($service, $state)
{
$service = $this->get_service_name_for_db($service);

$this->cachedState = $state;

$data = array(
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
'oauth_state' => $state,
'session_id' => $this->user->data['session_id'],
);

$sql = 'INSERT INTO ' . $this->oauth_state_table . '
' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);

return $this;
}

/**
* {@inheritdoc}
*/
public function hasAuthorizationState($service)
{
$service = $this->get_service_name_for_db($service);

if ($this->cachedState)
{
return true;
}

$data = array(
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
);

if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}

return (bool) $this->get_state_row($data);
}

/**
* {@inheritdoc}
*/
public function retrieveAuthorizationState($service)
{
$service = $this->get_service_name_for_db($service);

if ($this->cachedState)
{
return $this->cachedState;
}

$data = array(
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
);

if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}

return $this->get_state_row($data);
}

/**
* {@inheritdoc}
*/
public function clearAuthorizationState($service)
{
$service = $this->get_service_name_for_db($service);

$this->cachedState = null;

$sql = 'DELETE FROM ' . $this->oauth_state_table . '
WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND provider = '" . $this->db->sql_escape($service) . "'";

if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}

$this->db->sql_query($sql);

return $this;
}

/**
* {@inheritdoc}
*/
public function clearAllAuthorizationStates()
{
$this->cachedState = null;

$sql = 'DELETE FROM ' . $this->oauth_state_table . '
WHERE user_id = ' . (int) $this->user->data['user_id'];

if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}

$this->db->sql_query($sql);

return $this;

	}

/**

	}

/**

Line 185Line 336
			return;
}


			return;
}


		$sql = 'UPDATE ' . $this->auth_provider_oauth_table . '

		$sql = 'UPDATE ' . $this->oauth_token_table . '

			SET ' . $this->db->sql_build_array('UPDATE', array(
'user_id' => (int) $user_id
)) . '

			SET ' . $this->db->sql_build_array('UPDATE', array(
'user_id' => (int) $user_id
)) . '

Line 215Line 366
		);

return $this->_has_acess_token($data);

		);

return $this->_has_acess_token($data);

 
	}

/**
* Checks to see if a state exists solely by the session_id of the user
*
* @param string $service The name of the OAuth service
* @return bool true if they have state, false if they don't
*/
public function has_state_by_session($service)
{
$service = $this->get_service_name_for_db($service);

if ($this->cachedState)
{
return true;
}

$data = array(
'session_id' => $this->user->data['session_id'],
'provider' => $service,
);

return (bool) $this->get_state_row($data);

	}

/**

	}

/**

Line 232Line 406
	{
$service = $this->get_service_name_for_db($service);


	{
$service = $this->get_service_name_for_db($service);


		if ($this->cachedToken instanceof TokenInterface) {


		if ($this->cachedToken instanceof TokenInterface)
{

			return $this->cachedToken;
}


			return $this->cachedToken;
}


Line 242Line 417
		);

return $this->_retrieve_access_token($data);

		);

return $this->_retrieve_access_token($data);

 
	}

public function retrieve_state_by_session($service)
{
$service = $this->get_service_name_for_db($service);

if ($this->cachedState)
{
return $this->cachedState;
}

$data = array(
'session_id' => $this->user->data['session_id'],
'provider' => $service,
);

return $this->_retrieve_state($data);

	}

/**

	}

/**

Line 272Line 464

$this->cachedToken = $token;
return $token;


$this->cachedToken = $token;
return $token;

 
	}

/**
* A helper function that performs the query for retrieve state functions
*
* @param array $data
* @return mixed
* @throws \OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException
*/
protected function _retrieve_state($data)
{
$row = $this->get_state_row($data);

if (!$row)
{
throw new AuthorizationStateNotFoundException();
}

$this->cachedState = $row['oauth_state'];
return $this->cachedState;

	}

/**

	}

/**

Line 282Line 494
	*/
protected function get_access_token_row($data)
{

	*/
protected function get_access_token_row($data)
{

		$sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . '


















		$sql = 'SELECT oauth_token FROM ' . $this->oauth_token_table . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);

return $row;
}

/**
* A helper function that performs the query for retrieving a state
*
* @param array $data
* @return mixed
*/
protected function get_state_row($data)
{
$sql = 'SELECT oauth_state FROM ' . $this->oauth_state_table . '

			WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);

			WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);