Merge pull request #2598 from Nicofuma/ticket/12716

[ticket/12716] Add the missing parameters in the call of clearToken * Nicofuma/ticket/12716: [ticket/12716] Use a string as session_id [ticket/12716] Add regression test [ticket/12716] Add the missing parameters in the call of clearToken
2025-06-07 15:05:43 +02:00 · 2014-06-27 16:00:29 +02:00 · 2014-06-27 16:00:29 +02:00 · 404c2f1144
commit 404c2f1144
parent 919e1a6bc8 2ebd86611a
4 changed files with 48 additions and 1 deletions
--- a/phpBB/phpbb/auth/provider/oauth/token_storage.php
+++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php
@ -266,7 +266,7 @@ class token_storage implements TokenStorageInterface
 		// Ensure that the token was serialized/unserialized correctly
 		if (!($token instanceof TokenInterface))
 		{
-			$this->clearToken();
+			$this->clearToken($data['provider']);
 			throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
 		}

--- a/tests/auth/fixtures/oauth_tokens.xml
+++ b/tests/auth/fixtures/oauth_tokens.xml
@ -5,6 +5,12 @@
 		<column>session_id</column>
 		<column>provider</column>
 		<column>oauth_token</column>
+		<row>
+			<value>1</value>
+			<value>abcd</value>
+			<value>auth.provider.oauth.service.testing</value>
+			<value>{"token_class":"phpbb_not_a_token","accessToken":"error","refreshToken":0,"endOfLife":null,"extraParams":null}</value>
+		</row>
 	</table>
 </dataset>

--- a/tests/auth/phpbb_not_a_token.php
+++ b/tests/auth/phpbb_not_a_token.php
@ -0,0 +1,23 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class phpbb_not_a_token
+{
+	public function __construct($param1, $param2, $param3, $param4)
+	{
+	}
+
+	public function setEndOfLife()
+	{
+	}
+}
--- a/tests/auth/provider_oauth_token_storage_test.php
+++ b/tests/auth/provider_oauth_token_storage_test.php
@ -13,6 +13,8 @@

 use OAuth\OAuth2\Token\StdOAuth2Token;

+require_once dirname(__FILE__) . '/phpbb_not_a_token.php';
+
 class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_case
 {
 	protected $db;
@ -73,6 +75,22 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
 		$this->assertEquals($token, $stored_token);
 	}

+	public function test_retrieveAccessToken_wrong_token()
+	{
+		$this->user->data['session_id'] = 'abcd';
+		try
+		{
+			$this->token_storage->retrieveAccessToken($this->service_name);
+			$this->fail('The token can not be deserialized and an exception should be thrown.');
+		}
+		catch (\OAuth\Common\Storage\Exception\TokenNotFoundException $e)
+		{
+		}
+
+		$row = $this->get_token_row_by_session_id('abcd');
+		$this->assertFalse($row);
+	}
+
 	public function test_retrieveAccessToken_from_db()
 	{
 		$expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES);