mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

[feature/oauth] OAuth init method to minimally validate entered data

Browse Source 
PHPBB3-11673
This commit is contained in:
Joseph Warner
2013-07-23 15:26:33 -04:00
parent 77c3264543
commit 9805927fac
2 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
phpBB/language/en/acp/board.php
View File

@@ -394,13 +394,14 @@ $lang = array_merge($lang, array(
'AUTH_METHOD' => 'Select an authentication method',
'AUTH_PROVIDER_OAUTH_EXPLAIN' => 'Each OAuth provider requires a unique secret and key in order to authenticate with the external server.<br />These should be supplied by the OAuth service when you register your website with them and should be entered exactly as provided to you.<br />Any service that does not have both a key and a secret entered here will not be available for use by the forum users.',
'AUTH_PROVIDER_OAUTH_KEY' => 'Key',
'AUTH_PROVIDER_OAUTH_SERVICE_BITLY' => 'Bitly',
'AUTH_PROVIDER_OAUTH_SERVICE_FACEBOOK' => 'Facebook',
'AUTH_PROVIDER_OAUTH_SERVICE_GOOGLE' => 'Google',
'AUTH_PROVIDER_OAUTH_TITLE' => 'OAuth',
'AUTH_PROVIDER_OAUTH_SECRET' => 'Secret',
'AUTH_PROVIDER_OAUTH_ERROR_ELEMENT_MISSING' => 'Both the key and secret of each enabled OAuth service provider must be provided. Only one was provided for an OAuth service provider.',
'AUTH_PROVIDER_OAUTH_EXPLAIN' => 'Each OAuth provider requires a unique secret and key in order to authenticate with the external server.<br />These should be supplied by the OAuth service when you register your website with them and should be entered exactly as provided to you.<br />Any service that does not have both a key and a secret entered here will not be available for use by the forum users.',
'AUTH_PROVIDER_OAUTH_KEY' => 'Key',
'AUTH_PROVIDER_OAUTH_SERVICE_BITLY' => 'Bitly',
'AUTH_PROVIDER_OAUTH_SERVICE_FACEBOOK' => 'Facebook',
'AUTH_PROVIDER_OAUTH_SERVICE_GOOGLE' => 'Google',
'AUTH_PROVIDER_OAUTH_TITLE' => 'OAuth',
'AUTH_PROVIDER_OAUTH_SECRET' => 'Secret',
'APACHE_SETUP_BEFORE_USE' => 'You have to setup apache authentication before you switch phpBB to this authentication method. Keep in mind that the username you use for apache authentication has to be the same as your phpBB username. Apache authentication can only be used with mod_php (not with a CGI version) and safe_mode disabled.',

18
phpBB/phpbb/auth/provider/oauth/oauth.php
View File

@@ -103,6 +103,24 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base
$this->service_providers = $service_providers;
}
/**
* {@inheritdoc}
*/
public function init()
{
// This does not test whether or not the key and secret provided are valid.
foreach ($this->service_providers as $service_provider)
{
$credentials = $service_provider->get_service_credentials();
if (($credentials['key'] && !$credentials['secret']) || (!$credentials['key'] && $credentials['secret']))
{
return $this->user->lang['AUTH_PROVIDER_OAUTH_ERROR_ELEMENT_MISSING'];
}
}
return false;
}
/**
* {@inheritdoc}
*/