Merge branch 'develop' of github.com:phpbb/phpbb3 into ticket/11832

# By Joseph Warner (187) and others
# Via Andreas Fischer (2) and others
* 'develop' of github.com:phpbb/phpbb3: (189 commits)
  [ticket/11835] Fix ucp_auth_link adding in migration
  [prep-release-3.0.12] Remove changelog entry for ticket that was not resolved.
  [feature/oauth] Fix tabindex
  [feature/oauth] Fix bug on ucp_auth_link related to error display
  [feature/oauth] More small fixes
  [feature/oauth] More minor changes from review
  [feature/oauth] Fix small bug introduced by update in OAuth library
  [feature/oauth] Fix small issues on ucp pages
  [feature/oauth] Fix typo in OAuth logout method
  [feature/oauth] Make token storage service ignorant
  [feature/oauth] Update oauth::logout() to use clearAllTokens()
  [feature/oauth] Update storage implementation due to inteface change
  [feature/oauth] Update lusitanian/oauth to stable branch
  [feature/oauth] Update comment on oauth service exception
  [feature/oauth] Forgot to remove placeholder comment
  [feature/oauth] OAuth service exception
  [feature/oauth] A few more minor changes
  [feature/oauth] Changes due to code review
  [feature/oauth] Fix redirects
  [feature/oauth] Fix issues on ucp_login_link from review
  ...

phpBB/includes/acp/acp_board.php

@@ -658,6 +658,13 @@ class acp_board
 				$auth_tpl = $provider->get_acp_template($this->new_config);
 				if ($auth_tpl)
 				{
+					if (array_key_exists('BLOCK_VAR_NAME', $auth_tpl))
+					{
+						foreach ($auth_tpl['BLOCK_VARS'] as $block_vars)
+						{
+							$template->assign_block_vars($auth_tpl['BLOCK_VAR_NAME'], $block_vars);
+						}
+					}
 					$template->assign_vars($auth_tpl['TEMPLATE_VARS']);
 					$template->assign_block_vars('auth_tpl', array(
 						'TEMPLATE_FILE'	=> $auth_tpl['TEMPLATE_FILE'],

phpBB/includes/constants.php

@@ -61,6 +61,7 @@ define('LOGIN_CONTINUE', 1);
 define('LOGIN_BREAK', 2);
 define('LOGIN_SUCCESS', 3);
 define('LOGIN_SUCCESS_CREATE_PROFILE', 20);
+define('LOGIN_SUCCESS_LINK_PROFILE', 21);
 define('LOGIN_ERROR_USERNAME', 10);
 define('LOGIN_ERROR_PASSWORD', 11);
 define('LOGIN_ERROR_ACTIVE', 12);

phpBB/includes/db/schema_data.php

@@ -573,6 +573,31 @@ $schema_data['phpbb_notifications'] = array(
 	),
 );
 
+$schema_data['phpbb_oauth_accounts'] = array(
+	'COLUMNS' => array(
+		'user_id'			=> array('UINT', 0),
+		'provider'			=> array('VCHAR', ''),
+		'oauth_provider_id'	=> array('TEXT_UNI', ''),
+	),
+	'PRIMARY_KEY' => array(
+		'user_id',
+		'provider',
+	),
+);
+
+$schema_data['phpbb_oauth_tokens'] = array(
+	'COLUMNS' => array(
+		'user_id'			=> array('UINT', 0), // phpbb_users.user_id
+		'session_id'		=> array('CHAR:32', ''), // phpbb_sessions.session_id used only when user_id not set
+		'provider'			=> array('VCHAR', ''), // Name of the OAuth provider
+		'oauth_token'		=> array('MTEXT', ''), // Serialized token
+	),
+	'KEYS' => array(
+		'user_id'			=> array('INDEX', 'user_id'),
+		'provider'			=> array('INDEX', 'provider'),
+	),
+);
+
 $schema_data['phpbb_poll_options'] = array(
 	'COLUMNS'		=> array(
 		'poll_option_id'		=> array('TINT:4', 0),

phpBB/includes/functions.php

@@ -3204,7 +3204,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
 function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
 {
 	global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
-	global $request;
+	global $request, $phpbb_container;
 
 	if (!class_exists('phpbb_captcha_factory', false))
 	{
@@ -3231,7 +3231,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		trigger_error('NO_AUTH_ADMIN');
 	}
 
-	if (isset($_POST['login']))
+	if ($request->is_set_post('login') || ($request->is_set('login') && $request->variable('login', '') == 'external'))
 	{
 		// Get credential
 		if ($admin)
@@ -3372,6 +3372,29 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		$s_hidden_fields['credential'] = $credential;
 	}
 
+	$auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']);
+
+	$auth_provider_data = $auth_provider->get_login_data();
+	if ($auth_provider_data)
+	{
+		if (isset($auth_provider_data['VARS']))
+		{
+			$template->assign_vars($auth_provider_data['VARS']);
+		}
+
+		if (isset($auth_provider_data['BLOCK_VAR_NAME']))
+		{
+			foreach ($auth_provider_data['BLOCK_VARS'] as $block_vars)
+			{
+				$template->assign_block_vars($auth_provider_data['BLOCK_VAR_NAME'], $block_vars);
+			}
+		}
+
+		$template->assign_vars(array(
+			'PROVIDER_TEMPLATE_FILE' => $auth_provider_data['TEMPLATE_FILE'],
+		));
+	}
+
 	$s_hidden_fields = build_hidden_fields($s_hidden_fields);
 
 	$template->assign_vars(array(

phpBB/includes/ucp/info/ucp_auth_link.php

@@ -0,0 +1,34 @@
+<?php
+/**
+*
+* @package ucp
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @package module_install
+*/
+class ucp_auth_link_info
+{
+	function module()
+	{
+		return array(
+			'filename'	=> 'ucp_auth_link',
+			'title'		=> 'UCP_AUTH_LINK',
+			'version'	=> '1.0.0',
+			'modes'		=> array(
+				'auth_link'	=> array('title' => 'UCP_AUTH_LINK_MANAGE', 'auth' => '', 'cat' => array('UCP_PROFILE')),
+			),
+		);
+	}
+
+	function install()
+	{
+	}
+
+	function uninstall()
+	{
+	}
+}

phpBB/includes/ucp/ucp_auth_link.php

@@ -0,0 +1,142 @@
+<?php
+/**
+*
+* @package ucp
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+class ucp_auth_link
+{
+	/**
+	* @var string
+	*/
+	public $u_action;
+
+	/**
+	* Generates the ucp_auth_link page and handles the auth link process
+	*
+	* @param	int		$id
+	* @param	string	$mode
+	*/
+	public function main($id, $mode)
+	{
+		global $config, $request, $template, $phpbb_container, $user;
+
+		$error = array();
+
+		$auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']);
+
+		// confirm that the auth provider supports this page
+		$provider_data = $auth_provider->get_auth_link_data();
+		if ($provider_data === null)
+		{
+			$error[] = 'UCP_AUTH_LINK_NOT_SUPPORTED';
+		}
+
+		$s_hidden_fields = array();
+		add_form_key('ucp_auth_link');
+
+		$submit	= $request->variable('submit', false, false, phpbb_request_interface::POST);
+
+		// This path is only for primary actions
+		if (!sizeof($error) && $submit)
+		{
+			if (!check_form_key('ucp_auth_link'))
+			{
+				$error[] = 'FORM_INVALID';
+			}
+
+			if (!sizeof($error))
+			{
+				// Any post data could be necessary for auth (un)linking
+				$link_data = $request->get_super_global(phpbb_request_interface::POST);
+
+				// The current user_id is also necessary
+				$link_data['user_id'] = $user->data['user_id'];
+
+				// Tell the provider that the method is auth_link not login_link
+				$link_data['link_method'] = 'auth_link';
+
+				if ($request->variable('link', 0, false, phpbb_request_interface::POST))
+				{
+					$error[] = $auth_provider->link_account($link_data);
+				}
+				else
+				{
+					$error[] = $auth_provider->unlink_account($link_data);
+				}
+
+				// Template data may have changed, get new data
+				$provider_data = $auth_provider->get_auth_link_data();
+			}
+		}
+
+		// In some cases, a request to an external server may be required. In
+		// these cases, the GET parameter 'link' should exist and should be true
+		if ($request->variable('link', false))
+		{
+			// In this case the link data should only be populated with the
+			// link_method as the provider dictates how data is returned to it.
+			$link_data = array('link_method' => 'auth_link');
+
+			$error[] = $auth_provider->link_account($link_data);
+
+			// Template data may have changed, get new data
+			$provider_data = $auth_provider->get_auth_link_data();
+		}
+
+		if (isset($provider_data['VARS']))
+		{
+			// Handle hidden fields separately
+			if (isset($provider_data['VARS']['HIDDEN_FIELDS']))
+			{
+				$s_hidden_fields = array_merge($s_hidden_fields, $provider_data['VARS']['HIDDEN_FIELDS']);
+				unset($provider_data['VARS']['HIDDEN_FIELDS']);
+			}
+
+			$template->assign_vars($provider_data['VARS']);
+		}
+
+		if (isset($provider_data['BLOCK_VAR_NAME']))
+		{
+			foreach ($provider_data['BLOCK_VARS'] as $block_vars)
+			{
+				// See if there are additional hidden fields. This should be an associative array
+				if (isset($block_vars['HIDDEN_FIELDS']))
+				{
+					$block_vars['HIDDEN_FIELDS'] = build_hidden_fields($block_vars['HIDDEN_FIELDS']);
+				}
+
+				$template->assign_block_vars($provider_data['BLOCK_VAR_NAME'], $block_vars);
+			}
+		}
+
+		$s_hidden_fields = build_hidden_fields($s_hidden_fields);
+
+		// Replace "error" strings with their real, localised form
+		$error = array_map(array($user, 'lang'), $error);
+		$error = implode('<br />', $error);
+
+		$template->assign_vars(array(
+			'ERROR'	=> $error,
+
+			'PROVIDER_TEMPLATE_FILE'	=> $provider_data['TEMPLATE_FILE'],
+
+			'S_HIDDEN_FIELDS'	=> $s_hidden_fields,
+			'S_UCP_ACTION'		=> $this->u_action,
+		));
+
+		$this->tpl_name = 'ucp_auth_link';
+		$this->page_title = 'UCP_AUTH_LINK';
+	}
+}

phpBB/includes/ucp/ucp_login_link.php

@@ -0,0 +1,243 @@
+<?php
+/**
+*
+* @package ucp
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* ucp_login_link
+* Allows users of external accounts link those accounts to their phpBB accounts
+* during an attempted login.
+* @package ucp
+*/
+class ucp_login_link
+{
+	/**
+	* @var	string
+	*/
+	public $u_action;
+
+	/**
+	* Generates the ucp_login_link page and handles login link process
+	*
+	* @param	int		$id
+	* @param	string	$mode
+	*/
+	function main($id, $mode)
+	{
+		global $config, $phpbb_container, $request, $template, $user;
+		global $phpbb_root_path, $phpEx;
+
+		// Initialize necessary variables
+		$login_error = null;
+		$login_link_error = null;
+		$login_username = null;
+
+		// Build the data array
+		$data = $this->get_login_link_data_array();
+
+		// Ensure the person was sent here with login_link data
+		if (empty($data))
+		{
+			$login_link_error = $user->lang['LOGIN_LINK_NO_DATA_PROVIDED'];
+		}
+
+		// Use the auth_provider requested even if different from configured
+		$auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']);
+		$auth_provider = $phpbb_container->get($auth_provider);
+
+		// Set the link_method to login_link
+		$data['link_method'] = 'login_link';
+
+		// Have the authentication provider check that all necessary data is available
+		$result = $auth_provider->login_link_has_necessary_data($data);
+		if ($result !== null)
+		{
+			$login_link_error = $user->lang[$result];
+		}
+
+		// Perform link action if there is no error
+		if (!$login_link_error)
+		{
+			if ($request->is_set_post('login'))
+			{
+				$login_username = $request->variable('login_username', '', false, phpbb_request_interface::POST);
+				$login_password = $request->untrimmed_variable('login_password', '', true, phpbb_request_interface::POST);
+
+				$login_result = $auth_provider->login($login_username, $login_password);
+
+				// We only care if there is or is not an error
+				$login_error = $this->process_login_result($login_result);
+
+				if (!$login_error)
+				{
+					// Give the user_id to the data
+					$data['user_id'] = $login_result['user_row']['user_id'];
+
+					// The user is now logged in, attempt to link the user to the external account
+					$result = $auth_provider->link_account($data);
+
+					if ($result)
+					{
+						$login_link_error = $user->lang[$result];
+					}
+					else
+					{
+						// Finish login
+						$result = $user->session_create($login_result['user_row']['user_id'], false, false, true);
+
+						// Perform a redirect as the account has been linked
+						$this->perform_redirect();
+					}
+				}
+			}
+		}
+
+		$template->assign_vars(array(
+			// Common template elements
+			'LOGIN_LINK_ERROR'		=> $login_link_error,
+			'PASSWORD_CREDENTIAL'	=> 'login_password',
+			'USERNAME_CREDENTIAL'	=> 'login_username',
+			'S_HIDDEN_FIELDS'		=> $this->get_hidden_fields($data),
+
+			// Registration elements
+			'REGISTER_ACTION'	=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
+
+			// Login elements
+			'LOGIN_ERROR'		=> $login_error,
+			'LOGIN_USERNAME'	=> $login_username,
+		));
+
+		$this->tpl_name = 'ucp_login_link';
+		$this->page_title = 'UCP_LOGIN_LINK';
+	}
+
+	/**
+	* Builds the hidden fields string from the data array.
+	*
+	* @param	array	$data	This function only includes data in the array
+	*							that has a key that begins with 'login_link_'
+	* @return	string	A string of hidden fields that can be included in the
+	*					template
+	*/
+	protected function get_hidden_fields($data)
+	{
+		$fields = array();
+
+		foreach ($data as $key => $value)
+		{
+			$fields['login_link_' . $key] = $value;
+		}
+
+		return build_hidden_fields($fields);
+	}
+
+	/**
+	* Builds the login_link data array
+	*
+	* @return	array	All login_link data. This is all GET data whose names
+	*					begin with 'login_link_'
+	*/
+	protected function get_login_link_data_array()
+	{
+		global $request;
+
+		$var_names = $request->variable_names(phpbb_request_interface::GET);
+		$login_link_data = array();
+		$string_start_length = strlen('login_link_');
+
+		foreach ($var_names as $var_name)
+		{
+			if (strpos($var_name, 'login_link_') === 0)
+			{
+				$key_name = substr($var_name, $string_start_length);
+				$login_link_data[$key_name] = $request->variable($var_name, '', false, phpbb_request_interface::GET);
+			}
+		}
+
+		return $login_link_data;
+	}
+
+	/**
+	* Processes the result array from the login process
+	* @param	array	$result	The login result array
+	* @return	string|null	If there was an error in the process, a string is
+	*						returned. If the login was successful, then null is
+	*						returned.
+	*/
+	protected function process_login_result($result)
+	{
+		global $config, $request, $template, $user;
+
+		$login_error = null;
+
+		if ($result['status'] != LOGIN_SUCCESS)
+		{
+			// Handle all errors first
+			if ($result['status'] == LOGIN_BREAK)
+			{
+				trigger_error($result['error_msg']);
+			}
+
+			switch ($result['status'])
+			{
+				case LOGIN_ERROR_ATTEMPTS:
+
+					$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
+					$captcha->init(CONFIRM_LOGIN);
+
+					$template->assign_vars(array(
+						'CAPTCHA_TEMPLATE'			=> $captcha->get_template(),
+					));
+
+					$login_error = $user->lang[$result['error_msg']];
+				break;
+
+				case LOGIN_ERROR_PASSWORD_CONVERT:
+					$login_error = sprintf(
+						$user->lang[$result['error_msg']],
+						($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
+						($config['email_enable']) ? '</a>' : '',
+						($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
+						($config['board_contact']) ? '</a>' : ''
+					);
+				break;
+
+				// Username, password, etc...
+				default:
+					$login_error = $user->lang[$result['error_msg']];
+
+					// Assign admin contact to some error messages
+					if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
+					{
+						$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
+					}
+
+				break;
+			}
+		}
+
+		return $login_error;
+	}
+
+	/**
+	* Performs a post login redirect
+	*/
+	protected function perform_redirect()
+	{
+		global $phpbb_root_path, $phpEx;
+		$url = append_sid($phpbb_root_path . 'index.' . $phpEx);
+		redirect($url);
+	}
+}

phpBB/includes/ucp/ucp_register.php

@@ -27,7 +27,7 @@ class ucp_register
 	function main($id, $mode)
 	{
 		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
-		global $request;
+		global $request, $phpbb_container;
 
 		//
 		if ($config['require_activation'] == USER_ACTIVATION_DISABLE)
@@ -78,19 +78,37 @@ class ucp_register
 			}
 		}
 
-
 		$cp = new custom_profile();
 
 		$error = $cp_data = $cp_error = array();
+		$s_hidden_fields = array();
+
+		// Handle login_link data added to $_hidden_fields
+		$login_link_data = $this->get_login_link_data_array();
+
+		if (!empty($login_link_data))
+		{
+			// Confirm that we have all necessary data
+			$auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']);
+			$auth_provider = $phpbb_container->get($auth_provider);
+
+			$result = $auth_provider->login_link_has_necessary_data($login_link_data);
+			if ($result !== null)
+			{
+				$error[] = $user->lang[$result];
+			}
+
+			$s_hidden_fields = array_merge($s_hidden_fields, $this->get_login_link_data_for_hidden_fields($login_link_data));
+		}
 
 		if (!$agreed || ($coppa === false && $config['coppa_enable']) || ($coppa && !$config['coppa_enable']))
 		{
 			$add_lang = ($change_lang) ? '&change_lang=' . urlencode($change_lang) : '';
 			$add_coppa = ($coppa !== false) ? '&coppa=' . $coppa : '';
 
-			$s_hidden_fields = array(
+			$s_hidden_fields = array_merge($s_hidden_fields, array(
 				'change_lang'	=> '',
-			);
+			));
 
 			// If we change the language, we want to pass on some more possible parameter.
 			if ($change_lang)
@@ -398,15 +416,28 @@ class ucp_register
 					}
 				}
 
+				// Perform account linking if necessary
+				if (!empty($login_link_data))
+				{
+					$login_link_data['user_id'] = $user_id;
+
+					$result = $auth_provider->link_account($login_link_data);
+
+					if ($result)
+					{
+						$message = $message . '<br /><br />' . $user->lang[$result];
+					}
+				}
+
 				$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
 				trigger_error($message);
 			}
 		}
 
-		$s_hidden_fields = array(
+		$s_hidden_fields = array_merge($s_hidden_fields, array(
 			'agreed'		=> 'true',
 			'change_lang'	=> 0,
-		);
+		));
 
 		if ($config['coppa_enable'])
 		{
@@ -474,4 +505,49 @@ class ucp_register
 		$this->tpl_name = 'ucp_register';
 		$this->page_title = 'UCP_REGISTRATION';
 	}
+
+	/**
+	* Creates the login_link data array
+	*
+	* @return	array	Returns an array of all POST paramaters whose names
+	*					begin with 'login_link_'
+	*/
+	protected function get_login_link_data_array()
+	{
+		global $request;
+
+		$var_names = $request->variable_names(phpbb_request_interface::POST);
+		$login_link_data = array();
+		$string_start_length = strlen('login_link_');
+
+		foreach ($var_names as $var_name)
+		{
+			if (strpos($var_name, 'login_link_') === 0)
+			{
+				$key_name = substr($var_name, $string_start_length);
+				$login_link_data[$key_name] = $request->variable($var_name, '', false, phpbb_request_interface::POST);
+			}
+		}
+
+		return $login_link_data;
+	}
+
+	/**
+	* Prepends they key names of an associative array with 'login_link_' for
+	* inclusion on the page as hidden fields.
+	*
+	* @param	array	$data	The array to be modified
+	* @return	array	The modified array
+	*/
+	protected function get_login_link_data_for_hidden_fields($data)
+	{
+		$new_data = array();
+
+		foreach ($data as $key => $value)
+		{
+			$new_data['login_link_' . $key] = $value;
+		}
+
+		return $new_data;
+	}
 }