mirror of
https://github.com/phpbb/phpbb.git
synced 2025-04-15 05:14:28 +02:00
[feature/oauth] Fix remaining issues with token storage
PHPBB3-11673
This commit is contained in:
Joseph Warner
parent
2bf97a01ce
commit
83515cd3d4
@ -16,6 +16,7 @@ if (!defined('IN_PHPBB'))
|
||||
}
|
||||
|
||||
|
||||
use OAuth\OAuth1\Token\StdOAuth1Token;
|
||||
use OAuth\Common\Token\TokenInterface;
|
||||
use OAuth\Common\Storage\TokenStorageInterface;
|
||||
use OAuth\Common\Storage\Exception\StorageException;
|
||||
@ -109,7 +110,7 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
|
||||
$data = array(
|
||||
'user_id' => $this->user->data['user_id'],
|
||||
'provider' => $this->service_name,
|
||||
'oauth_token' => serialize($token),
|
||||
'oauth_token' => $this->json_encode_token($token),
|
||||
'session_id' => $this->user->data['session_id'],
|
||||
);
|
||||
|
||||
@ -248,7 +249,7 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
|
||||
throw new TokenNotFoundException('Token not stored');
|
||||
}
|
||||
|
||||
$token = unserialize($row['oauth_token']);
|
||||
$token = $this->json_decode_token($row['oauth_token']);
|
||||
|
||||
// Ensure that the token was serialized/unserialized correctly
|
||||
if (!($token instanceof TokenInterface))
|
||||
@ -278,4 +279,56 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
|
||||
|
||||
return $row;
|
||||
}
|
||||
|
||||
public function json_encode_token(TokenInterface $token)
|
||||
{
|
||||
$members = array(
|
||||
'accessToken' => $token->getAccessToken(),
|
||||
'endOfLife' => $token->getEndOfLife(),
|
||||
'extraParams' => $token->getExtraParams(),
|
||||
'refreshToken' => $token->getRefreshToken(),
|
||||
|
||||
'token_class' => get_class($token),
|
||||
);
|
||||
|
||||
// Handle additional data needed for OAuth1 tokens
|
||||
if ($token instanceof StdOAuth1Token)
|
||||
{
|
||||
$members['requestToken'] = $token->getRequestToken();
|
||||
$members['requestTokenSecret'] = $token->getRequestTokenSecret();
|
||||
$members['accessTokenSecret'] = $token->getAccessTokenSecret();
|
||||
}
|
||||
|
||||
return json_encode($members);
|
||||
}
|
||||
|
||||
public function json_decode_token($json)
|
||||
{
|
||||
$token_data = json_decode($json, true);
|
||||
|
||||
if ($token_data === null)
|
||||
{
|
||||
throw new TokenNotFoundException('Token not stored correctly');
|
||||
}
|
||||
|
||||
$token_class = $token_data['token_class'];
|
||||
$access_token = $token_data['accessToken'];
|
||||
$refresh_token = $token_data['refreshToken'];
|
||||
$endOfLife = $token_data['endOfLife'];
|
||||
$extra_params = $token_data['extraParams'];
|
||||
|
||||
// Create the token
|
||||
$token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params);
|
||||
$token->setEndOfLife($endOfLife);
|
||||
|
||||
// Handle OAuth 1.0 specific elements
|
||||
if ($token instanceof StdOAuth1Token)
|
||||
{
|
||||
$token->setRequestToken($token_data['requestToken']);
|
||||
$token->setRequestTokenSecret($token_data['requestTokenSecret']);
|
||||
$token->setAccessTokenSecret($token_data['accessTokenSecret']);
|
||||
}
|
||||
|
||||
return $token;
|
||||
}
|
||||
}
|
||||
|
||||
@ -86,16 +86,8 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
|
||||
/**
|
||||
* @dataProvider retrieveAccessToken_data
|
||||
*/
|
||||
public function test_retrieve_access_token_by_session($cache_token, $db_token, $exception)
|
||||
public function test_retrieve_access_token_by_session($cache_token, $exception)
|
||||
{
|
||||
if ($db_token)
|
||||
{
|
||||
$temp_storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->service_name, $this->token_storage_table);
|
||||
$temp_storage->storeAccessToken($db_token);
|
||||
unset($temp_storage);
|
||||
$token = $db_token;
|
||||
}
|
||||
|
||||
if ($cache_token)
|
||||
{
|
||||
$this->token_storage->storeAccessToken($cache_token);
|
||||
@ -108,6 +100,19 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
|
||||
$this->assertEquals($token, $stored_token);
|
||||
}
|
||||
|
||||
public function test_retrieve_access_token_by_session_from_db()
|
||||
{
|
||||
$expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES);
|
||||
|
||||
// Store a token in the database
|
||||
$temp_storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->service_name, $this->token_storage_table);
|
||||
$temp_storage->storeAccessToken($expected_token);
|
||||
unset($temp_storage);
|
||||
|
||||
// Test to see if the token can be retrieved
|
||||
$stored_token = $this->token_storage->retrieve_access_token_by_session();
|
||||
$this->assertEquals($expected_token, $stored_token);
|
||||
}
|
||||
|
||||
public function test_storeAccessToken()
|
||||
{
|
||||
@ -122,7 +127,7 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
|
||||
$row = $this->get_token_row_by_session_id($this->session_id);
|
||||
|
||||
// The token is serialized before stored in the database
|
||||
$this->assertEquals(serialize($token), $row['oauth_token']);
|
||||
$this->assertEquals($this->token_storage->json_encode_token($token), $row['oauth_token']);
|
||||
}
|
||||
|
||||
public static function hasAccessToken_data()
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user