mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

Merge branch 'develop' of github.com:phpbb/phpbb3 into ticket/11832

Browse Source 
# By Joseph Warner (187) and others
# Via Andreas Fischer (2) and others
* 'develop' of github.com:phpbb/phpbb3: (189 commits)
  [ticket/11835] Fix ucp_auth_link adding in migration
  [prep-release-3.0.12] Remove changelog entry for ticket that was not resolved.
  [feature/oauth] Fix tabindex
  [feature/oauth] Fix bug on ucp_auth_link related to error display
  [feature/oauth] More small fixes
  [feature/oauth] More minor changes from review
  [feature/oauth] Fix small bug introduced by update in OAuth library
  [feature/oauth] Fix small issues on ucp pages
  [feature/oauth] Fix typo in OAuth logout method
  [feature/oauth] Make token storage service ignorant
  [feature/oauth] Update oauth::logout() to use clearAllTokens()
  [feature/oauth] Update storage implementation due to inteface change
  [feature/oauth] Update lusitanian/oauth to stable branch
  [feature/oauth] Update comment on oauth service exception
  [feature/oauth] Forgot to remove placeholder comment
  [feature/oauth] OAuth service exception
  [feature/oauth] A few more minor changes
  [feature/oauth] Changes due to code review
  [feature/oauth] Fix redirects
  [feature/oauth] Fix issues on ucp_login_link from review
  ...
This commit is contained in:
Nathan Guse
2013-09-12 11:56:36 -05:00
parent 4c00c77739 f74a04c976
commit d9fdf41ad8
52 changed files with 3073 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
phpBB/phpbb/auth/auth.php
View File

@@ -970,6 +970,18 @@ class phpbb_auth
);
}
// If the auth provider wants us to link an empty account do so and redirect
if ($login['status'] == LOGIN_SUCCESS_LINK_PROFILE)
{
// If this status exists a fourth field is in the $login array called 'redirect_data'
// This data is passed along as GET data to the next page allow the account to be linked
$params = array('mode' => 'login_link');
$url = append_sid($phpbb_root_path . 'ucp.' . $phpEx, array_merge($params, $login['redirect_data']));
redirect($url);
}
// If login succeeded, we will log the user in... else we pass the login array through...
if ($login['status'] == LOGIN_SUCCESS)
{

40
phpBB/phpbb/auth/provider/base.php
View File

@@ -54,6 +54,22 @@ abstract class phpbb_auth_provider_base implements phpbb_auth_provider_interface
return;
}
/**
* {@inheritdoc}
*/
public function get_login_data()
{
return;
}
/**
* {@inheritdoc}
*/
public function get_auth_link_data()
{
return;
}
/**
* {@inheritdoc}
*/
@@ -69,4 +85,28 @@ abstract class phpbb_auth_provider_base implements phpbb_auth_provider_interface
{
return;
}
/**
* {@inheritdoc}
*/
public function login_link_has_necessary_data($login_link_data)
{
return;
}
/**
* {@inheritdoc}
*/
public function link_account(array $link_data)
{
return;
}
/**
* {@inheritdoc}
*/
public function unlink_account(array $link_data)
{
return;
}
}

92
phpBB/phpbb/auth/provider/interface.php
View File

@@ -45,6 +45,11 @@ interface phpbb_auth_provider_interface
* 'error_msg' => string
* 'user_row' => array
* )
* A fourth key of the array may be present:
* 'redirect_data' This key is only used when 'status' is
* equal to LOGIN_SUCCESS_LINK_PROFILE and its value is an
* associative array that is turned into GET variables on
* the redirect url.
*/
public function login($username, $password);
@@ -80,9 +85,48 @@ interface phpbb_auth_provider_interface
* 'TEMPLATE_FILE' => string,
* 'TEMPLATE_VARS' => array(...),
* )
* An optional third element may be added to this
* array: 'BLOCK_VAR_NAME'. If this is present,
* then its value should be a string that is used
* to designate the name of the loop used in the
* ACP template file. When this is present, an
* additional key named 'BLOCK_VARS' is required.
* This must be an array containing at least one
* array of variables that will be assigned during
* the loop in the template. An example of this is
* presented below:
* array(
* 'BLOCK_VAR_NAME' => string,
* 'BLOCK_VARS' => array(
* 'KEY IS UNIMPORTANT' => array(...),
* ),
* 'TEMPLATE_FILE' => string,
* 'TEMPLATE_VARS' => array(...),
* )
*/
public function get_acp_template($new_config);
/**
* Returns an array of data necessary to build custom elements on the login
* form.
*
* @return array|null If this function is not implemented on an auth
* provider then it returns null. If it is implemented
* it will return an array of up to four elements of
* which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is
* present then 'BLOCK_VARS' must also be present in
* the array. The fourth element 'VARS' is also
* optional. The array, with all four elements present
* looks like the following:
* array(
* 'TEMPLATE_FILE' => string,
* 'BLOCK_VAR_NAME' => string,
* 'BLOCK_VARS' => array(...),
* 'VARS' => array(...),
* )
*/
public function get_login_data();
/**
* Performs additional actions during logout.
*
@@ -102,4 +146,52 @@ interface phpbb_auth_provider_interface
* session should be closed, or null if not implemented.
*/
public function validate_session($user);
/**
* Checks to see if $login_link_data contains all information except for the
* user_id of an account needed to successfully link an external account to
* a forum account.
*
* @param array $link_data Any data needed to link a phpBB account to
* an external account.
* @return string|null Returns a string with a language constant if there
* is data missing or null if there is no error.
*/
public function login_link_has_necessary_data($login_link_data);
/**
* Links an external account to a phpBB account.
*
* @param array $link_data Any data needed to link a phpBB account to
* an external account.
*/
public function link_account(array $link_data);
/**
* Returns an array of data necessary to build the ucp_auth_link page
*
* @return array|null If this function is not implemented on an auth
* provider then it returns null. If it is implemented
* it will return an array of up to four elements of
* which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is
* present then 'BLOCK_VARS' must also be present in
* the array. The fourth element 'VARS' is also
* optional. The array, with all four elements present
* looks like the following:
* array(
* 'TEMPLATE_FILE' => string,
* 'BLOCK_VAR_NAME' => string,
* 'BLOCK_VARS' => array(...),
* 'VARS' => array(...),
* )
*/
public function get_auth_link_data();
/**
* Unlinks an external account from a phpBB account.
*
* @param array $link_data Any data needed to unlink a phpBB account
* from a phpbb account.
*/
public function unlink_account(array $link_data);
}

618
phpBB/phpbb/auth/provider/oauth/oauth.php Normal file
View File

@@ -0,0 +1,618 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
use OAuth\Common\Consumer\Credentials;
use OAuth\Common\Http\Uri\Uri;
/**
* OAuth authentication provider for phpBB3
*
* @package auth
*/
class phpbb_auth_provider_oauth extends phpbb_auth_provider_base
{
/**
* Database driver
*
* @var phpbb_db_driver
*/
protected $db;
/**
* phpBB config
*
* @var phpbb_config
*/
protected $config;
/**
* phpBB request object
*
* @var phpbb_request
*/
protected $request;
/**
* phpBB user
*
* @var phpbb_user
*/
protected $user;
/**
* OAuth token table
*
* @var string
*/
protected $auth_provider_oauth_token_storage_table;
/**
* OAuth account association table
*
* @var string
*/
protected $auth_provider_oauth_token_account_assoc;
/**
* All OAuth service providers
*
* @var phpbb_di_service_collection Contains phpbb_auth_provider_oauth_service_interface
*/
protected $service_providers;
/**
* Users table
*
* @var string
*/
protected $users_table;
/**
* Cached current uri object
*
* @var \OAuth\Common\Http\Uri\UriInterface|null
*/
protected $current_uri;
/**
* phpBB root path
*
* @var string
*/
protected $phpbb_root_path;
/**
* PHP extenstion
*
* @var string
*/
protected $php_ext;
/**
* OAuth Authentication Constructor
*
* @param phpbb_db_driver $db
* @param phpbb_config $config
* @param phpbb_request $request
* @param phpbb_user $user
* @param string $auth_provider_oauth_token_storage_table
* @param string $auth_provider_oauth_token_account_assoc
* @param phpbb_di_service_collection $service_providers Contains phpbb_auth_provider_oauth_service_interface
* @param string $users_table
* @param string $phpbb_root_path
* @param string $php_ext
*/
public function __construct(phpbb_db_driver $db, phpbb_config $config, phpbb_request $request, phpbb_user $user, $auth_provider_oauth_token_storage_table, $auth_provider_oauth_token_account_assoc, phpbb_di_service_collection $service_providers, $users_table, $phpbb_root_path, $php_ext)
{
$this->db = $db;
$this->config = $config;
$this->request = $request;
$this->user = $user;
$this->auth_provider_oauth_token_storage_table = $auth_provider_oauth_token_storage_table;
$this->auth_provider_oauth_token_account_assoc = $auth_provider_oauth_token_account_assoc;
$this->service_providers = $service_providers;
$this->users_table = $users_table;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}
/**
* {@inheritdoc}
*/
public function init()
{
// This does not test whether or not the key and secret provided are valid.
foreach ($this->service_providers as $service_provider)
{
$credentials = $service_provider->get_service_credentials();
if (($credentials['key'] && !$credentials['secret']) || (!$credentials['key'] && $credentials['secret']))
{
return $this->user->lang['AUTH_PROVIDER_OAUTH_ERROR_ELEMENT_MISSING'];
}
}
return false;
}
/**
* {@inheritdoc}
*/
public function login($username, $password)
{
// Temporary workaround for only having one authentication provider available
if (!$this->request->is_set('oauth_service'))
{
$provider = new phpbb_auth_provider_db($this->db, $this->config, $this->request, $this->user, $this->phpbb_root_path, $this->php_ext);
return $provider->login($username, $password);
}
// Requst the name of the OAuth service
$service_name_original = $this->request->variable('oauth_service', '', false);
$service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original);
if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST',
'user_row' => array('user_id' => ANONYMOUS),
);
}
// Get the service credentials for the given service
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
$storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
$query = 'mode=login&login=external&oauth_service=' . $service_name_original;
$service = $this->get_service($service_name_original, $storage, $service_credentials, $this->service_providers[$service_name]->get_auth_scope(), $query);
if ($this->request->is_set('code', phpbb_request_interface::GET))
{
$this->service_providers[$service_name]->set_external_service_provider($service);
$unique_id = $this->service_providers[$service_name]->perform_auth_login();
// Check to see if this provider is already assosciated with an account
$data = array(
'provider' => $service_name_original,
'oauth_provider_id' => $unique_id
);
$sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (!$row)
{
// The user does not yet exist, ask to link or create profile
return array(
'status' => LOGIN_SUCCESS_LINK_PROFILE,
'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED',
'user_row' => array(),
'redirect_data' => array(
'auth_provider' => 'oauth',
'login_link_oauth_service' => $service_name_original,
),
);
}
// Retrieve the user's account
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . $this->users_table . '
WHERE user_id = ' . (int) $row['user_id'];
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (!$row)
{
throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');
}
// Update token storage to store the user_id
$storage->set_user_id($row['user_id']);
// The user is now authenticated and can be logged in
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
else
{
$url = $service->getAuthorizationUri();
header('Location: ' . $url);
}
}
/**
* Returns the cached current_uri object or creates and caches it if it is
* not already created. In each case the query string is updated based on
* the $query parameter.
*
* @param string $service_name The name of the service
* @param string $query The query string of the current_uri
* used in redirects
* @return \OAuth\Common\Http\Uri\UriInterface
*/
protected function get_current_uri($service_name, $query)
{
if ($this->current_uri)
{
$this->current_uri->setQuery($query);
return $this->current_uri;
}
$uri_factory = new \OAuth\Common\Http\Uri\UriFactory();
$current_uri = $uri_factory->createFromSuperGlobalArray($this->request->get_super_global(phpbb_request_interface::SERVER));
$current_uri->setQuery($query);
$this->current_uri = $current_uri;
return $current_uri;
}
/**
* Returns a new service object
*
* @param string $service_name The name of the service
* @param phpbb_auth_oauth_token_storage $storage
* @param array $service_credentials {@see phpbb_auth_provider_oauth::get_service_credentials}
* @param array $scope The scope of the request against
* the api.
* @param string $query The query string of the
* current_uri used in redirection
* @return \OAuth\Common\Service\ServiceInterface
*/
protected function get_service($service_name, phpbb_auth_provider_oauth_token_storage $storage, array $service_credentials, array $scopes = array(), $query)
{
$current_uri = $this->get_current_uri($service_name, $query);
// Setup the credentials for the requests
$credentials = new Credentials(
$service_credentials['key'],
$service_credentials['secret'],
$current_uri->getAbsoluteUri()
);
$service_factory = new \OAuth\ServiceFactory();
$service = $service_factory->createService($service_name, $credentials, $storage, $scopes);
if (!$service)
{
throw new Exception('AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED');
}
return $service;
}
/**
* {@inheritdoc}
*/
public function get_login_data()
{
$login_data = array(
'TEMPLATE_FILE' => 'login_body_oauth.html',
'BLOCK_VAR_NAME' => 'oauth',
'BLOCK_VARS' => array(),
);
foreach ($this->service_providers as $service_name => $service_provider)
{
// Only include data if the credentials are set
$credentials = $service_provider->get_service_credentials();
if ($credentials['key'] && $credentials['secret'])
{
$actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
$redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name;
$login_data['BLOCK_VARS'][$service_name] = array(
'REDIRECT_URL' => redirect($redirect_url, true),
'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
);
}
}
return $login_data;
}
/**
* {@inheritdoc}
*/
public function acp()
{
$ret = array();
foreach ($this->service_providers as $service_name => $service_provider)
{
$actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
$ret[] = 'auth_oauth_' . $actual_name . '_key';
$ret[] = 'auth_oauth_' . $actual_name . '_secret';
}
return $ret;
}
/**
* {@inheritdoc}
*/
public function get_acp_template($new_config)
{
$ret = array(
'BLOCK_VAR_NAME' => 'oauth_services',
'BLOCK_VARS' => array(),
'TEMPLATE_FILE' => 'auth_provider_oauth.html',
'TEMPLATE_VARS' => array(),
);
foreach ($this->service_providers as $service_name => $service_provider)
{
$actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
$ret['BLOCK_VARS'][$actual_name] = array(
'ACTUAL_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
'KEY' => $new_config['auth_oauth_' . $actual_name . '_key'],
'NAME' => $actual_name,
'SECRET' => $new_config['auth_oauth_' . $actual_name . '_secret'],
);
}
return $ret;
}
/**
* {@inheritdoc}
*/
public function login_link_has_necessary_data($login_link_data)
{
if (empty($login_link_data))
{
return 'LOGIN_LINK_NO_DATA_PROVIDED';
}
if (!array_key_exists('oauth_service', $login_link_data) || !$login_link_data['oauth_service'] ||
!array_key_exists('link_method', $login_link_data) || !$login_link_data['link_method'])
{
return 'LOGIN_LINK_MISSING_DATA';
}
return null;
}
/**
* {@inheritdoc}
*/
public function link_account(array $link_data)
{
// Check for a valid link method (auth_link or login_link)
if (!array_key_exists('link_method', $link_data) ||
!in_array($link_data['link_method'], array(
'auth_link',
'login_link',
)))
{
return 'LOGIN_LINK_MISSING_DATA';
}
// We must have an oauth_service listed, check for it two ways
if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])
{
$link_data['oauth_service'] = $this->request->variable('oauth_service', '');
if (!$link_data['oauth_service'])
{
return 'LOGIN_LINK_MISSING_DATA';
}
}
$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
if (!array_key_exists($service_name, $this->service_providers))
{
return 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST';
}
switch ($link_data['link_method'])
{
case 'auth_link':
return $this->link_account_auth_link($link_data, $service_name);
case 'login_link':
return $this->link_account_login_link($link_data, $service_name);
}
}
/**
* Performs the account linking for login_link
*
* @param array $link_data The same variable given to {@see phpbb_auth_provider_interface::link_account}
* @param string $service_name The name of the service being used in
* linking.
* @return string|null Returns a language constant (string) if an error is
* encountered, or null on success.
*/
protected function link_account_login_link(array $link_data, $service_name)
{
$storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
// Check for an access token, they should have one
if (!$storage->has_access_token_by_session($service_name))
{
return 'LOGIN_LINK_ERROR_OAUTH_NO_ACCESS_TOKEN';
}
// Prepare the query string
$query = 'mode=login_link&login_link_oauth_service=' . strtolower($link_data['oauth_service']);
// Prepare for an authentication request
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
$scopes = $this->service_providers[$service_name]->get_auth_scope();
$service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $scopes, $query);
$this->service_providers[$service_name]->set_external_service_provider($service);
// The user has already authenticated successfully, request to authenticate again
$unique_id = $this->service_providers[$service_name]->perform_token_auth();
// Insert into table, they will be able to log in after this
$data = array(
'user_id' => $link_data['user_id'],
'provider' => strtolower($link_data['oauth_service']),
'oauth_provider_id' => $unique_id,
);
$this->link_account_perform_link($data);
// Update token storage to store the user_id
$storage->set_user_id($link_data['user_id']);
}
/**
* Performs the account linking for auth_link
*
* @param array $link_data The same variable given to {@see phpbb_auth_provider_interface::link_account}
* @param string $service_name The name of the service being used in
* linking.
* @return string|null Returns a language constant (string) if an error is
* encountered, or null on success.
*/
protected function link_account_auth_link(array $link_data, $service_name)
{
$storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
$query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . strtolower($link_data['oauth_service']);
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
$scopes = $this->service_providers[$service_name]->get_auth_scope();
$service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $scopes, $query);
if ($this->request->is_set('code', phpbb_request_interface::GET))
{
$this->service_providers[$service_name]->set_external_service_provider($service);
$unique_id = $this->service_providers[$service_name]->perform_auth_login();
// Insert into table, they will be able to log in after this
$data = array(
'user_id' => $this->user->data['user_id'],
'provider' => strtolower($link_data['oauth_service']),
'oauth_provider_id' => $unique_id,
);
$this->link_account_perform_link($data);
}
else
{
$url = $service->getAuthorizationUri();
header('Location: ' . $url);
}
}
/**
* Performs the query that inserts an account link
*
* @param array $data This array is passed to db->sql_build_array
*/
protected function link_account_perform_link(array $data)
{
$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);
}
/**
* {@inheritdoc}
*/
public function logout($data, $new_session)
{
// Clear all tokens belonging to the user
$storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
$storage->clearAllTokens();
return;
}
/**
* {@inheritdoc}
*/
public function get_auth_link_data()
{
$block_vars = array();
// Get all external accounts tied to the current user
$data = array(
'user_id' => (int) $this->user->data['user_id'],
);
$sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$rows = $this->db->sql_fetchrowset($result);
$this->db->sql_freeresult($result);
$oauth_user_ids = array();
if ($rows !== false && sizeof($rows))
{
foreach ($rows as $row)
{
$oauth_user_ids[$row['provider']] = $row['oauth_provider_id'];
}
}
unset($rows);
foreach ($this->service_providers as $service_name => $service_provider)
{
// Only include data if the credentials are set
$credentials = $service_provider->get_service_credentials();
if ($credentials['key'] && $credentials['secret'])
{
$actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
$block_vars[$service_name] = array(
'HIDDEN_FIELDS' => array(
'link' => (!isset($oauth_user_ids[$actual_name])),
'oauth_service' => $actual_name,
),
'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null,
);
}
}
return array(
'BLOCK_VAR_NAME' => 'oauth',
'BLOCK_VARS' => $block_vars,
'TEMPLATE_FILE' => 'ucp_auth_link_oauth.html',
);
}
/**
* {@inheritdoc}
*/
public function unlink_account(array $link_data)
{
if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])
{
return 'LOGIN_LINK_MISSING_DATA';
}
// Remove the link
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "
WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'
AND user_id = " . (int) $this->user->data['user_id'];
$this->db->sql_query($sql);
// Clear all tokens belonging to the user on this servce
$service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']);
$storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
$storage->clearToken($service_name);
return;
}
}

55
phpBB/phpbb/auth/provider/oauth/service/base.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Base OAuth abstract class that all OAuth services should implement
*
* @package auth
*/
abstract class phpbb_auth_provider_oauth_service_base implements phpbb_auth_provider_oauth_service_interface
{
/**
* External OAuth service provider
*
* @var \OAuth\Common\Service\ServiceInterface
*/
protected $service_provider;
/**
* {@inheritdoc}
*/
public function get_external_service_provider()
{
return $this->service_provider;
}
/**
* {@inheritdoc}
*/
public function get_auth_scope()
{
return array();
}
/**
* {@inheritdoc}
*/
public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider)
{
$this->service_provider = $service_provider;
}
}

98
phpBB/phpbb/auth/provider/oauth/service/bitly.php Normal file
View File

@@ -0,0 +1,98 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Bitly OAuth service
*
* @package auth
*/
class phpbb_auth_provider_oauth_service_bitly extends phpbb_auth_provider_oauth_service_base
{
/**
* phpBB config
*
* @var phpbb_config
*/
protected $config;
/**
* phpBB request
*
* @var phpbb_request
*/
protected $request;
/**
* Constructor
*
* @param phpbb_config $config
* @param phpbb_request $request
*/
public function __construct(phpbb_config $config, phpbb_request $request)
{
$this->config = $config;
$this->request = $request;
}
/**
* {@inheritdoc}
*/
public function get_service_credentials()
{
return array(
'key' => $this->config['auth_oauth_bitly_key'],
'secret' => $this->config['auth_oauth_bitly_secret'],
);
}
/**
* {@inheritdoc}
*/
public function perform_auth_login()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))
{
throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
// This was a callback request from bitly, get the token
$this->service_provider->requestAccessToken($this->request->variable('code', ''));
// Send a request with it
$result = json_decode($this->service_provider->request('user/info'), true);
// Return the unique identifier returned from bitly
return $result['data']['login'];
}
/**
* {@inheritdoc}
*/
public function perform_token_auth()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))
{
throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
// Send a request with it
$result = json_decode($this->service_provider->request('user/info'), true);
// Return the unique identifier returned from bitly
return $result['data']['login'];
}
}

25
phpBB/phpbb/auth/provider/oauth/service/exception.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* OAuth service exception class
*
* @package auth
*/
class phpbb_auth_provider_oauth_service_exception extends RuntimeException
{
}

98
phpBB/phpbb/auth/provider/oauth/service/facebook.php Normal file
View File

@@ -0,0 +1,98 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Facebook OAuth service
*
* @package auth
*/
class phpbb_auth_provider_oauth_service_facebook extends phpbb_auth_provider_oauth_service_base
{
/**
* phpBB config
*
* @var phpbb_config
*/
protected $config;
/**
* phpBB request
*
* @var phpbb_request
*/
protected $request;
/**
* Constructor
*
* @param phpbb_config $config
* @param phpbb_request $request
*/
public function __construct(phpbb_config $config, phpbb_request $request)
{
$this->config = $config;
$this->request = $request;
}
/**
* {@inheritdoc}
*/
public function get_service_credentials()
{
return array(
'key' => $this->config['auth_oauth_facebook_key'],
'secret' => $this->config['auth_oauth_facebook_secret'],
);
}
/**
* {@inheritdoc}
*/
public function perform_auth_login()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))
{
throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
// This was a callback request, get the token
$this->service_provider->requestAccessToken($this->request->variable('code', ''));
// Send a request with it
$result = json_decode($this->service_provider->request('/me'), true);
// Return the unique identifier
return $result['id'];
}
/**
* {@inheritdoc}
*/
public function perform_token_auth()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))
{
throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
// Send a request with it
$result = json_decode($this->service_provider->request('/me'), true);
// Return the unique identifier
return $result['id'];
}
}

109
phpBB/phpbb/auth/provider/oauth/service/google.php Normal file
View File

@@ -0,0 +1,109 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* Google OAuth service
*
* @package auth
*/
class phpbb_auth_provider_oauth_service_google extends phpbb_auth_provider_oauth_service_base
{
/**
* phpBB config
*
* @var phpbb_config
*/
protected $config;
/**
* phpBB request
*
* @var phpbb_request
*/
protected $request;
/**
* Constructor
*
* @param phpbb_config $config
* @param phpbb_request $request
*/
public function __construct(phpbb_config $config, phpbb_request $request)
{
$this->config = $config;
$this->request = $request;
}
/**
* {@inheritdoc}
*/
public function get_auth_scope()
{
return array(
'userinfo_email',
'userinfo_profile',
);
}
/**
* {@inheritdoc}
*/
public function get_service_credentials()
{
return array(
'key' => $this->config['auth_oauth_google_key'],
'secret' => $this->config['auth_oauth_google_secret'],
);
}
/**
* {@inheritdoc}
*/
public function perform_auth_login()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))
{
throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
// This was a callback request, get the token
$this->service_provider->requestAccessToken($this->request->variable('code', ''));
// Send a request with it
$result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
// Return the unique identifier
return $result['id'];
}
/**
* {@inheritdoc}
*/
public function perform_token_auth()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))
{
throw new phpbb_auth_provider_oauth_service_exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
// Send a request with it
$result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
// Return the unique identifier
return $result['id'];
}
}

77
phpBB/phpbb/auth/provider/oauth/service/interface.php Normal file
View File

@@ -0,0 +1,77 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
/**
* OAuth service interface
*
* @package auth
*/
interface phpbb_auth_provider_oauth_service_interface
{
/**
* Returns an array of the scopes necessary for auth
*
* @return array An array of the required scopes
*/
public function get_auth_scope();
/**
* Returns the external library service provider once it has been set
*
* @param \OAuth\Common\Service\ServiceInterface|null
*/
public function get_external_service_provider();
/**
* Returns an array containing the service credentials belonging to requested
* service.
*
* @return array An array containing the 'key' and the 'secret' of the
* service in the form:
* array(
* 'key' => string
* 'secret' => string
* )
*/
public function get_service_credentials();
/**
* Returns the results of the authentication in json format
*
* @throws phpbb_auth_provider_oauth_service_exception
* @return string The unique identifier returned by the service provider
* that is used to authenticate the user with phpBB.
*/
public function perform_auth_login();
/**
* Returns the results of the authentication in json format
* Use this function when the user already has an access token
*
* @throws phpbb_auth_provider_oauth_service_exception
* @return string The unique identifier returned by the service provider
* that is used to authenticate the user with phpBB.
*/
public function perform_token_auth();
/**
* Sets the external library service provider
*
* @param \OAuth\Common\Service\ServiceInterface $service
*/
public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider);
}

366
phpBB/phpbb/auth/provider/oauth/token_storage.php Normal file
View File

@@ -0,0 +1,366 @@
<?php
/**
*
* @package auth
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
exit;
}
use OAuth\OAuth1\Token\StdOAuth1Token;
use OAuth\Common\Token\TokenInterface;
use OAuth\Common\Storage\TokenStorageInterface;
use OAuth\Common\Storage\Exception\StorageException;
use OAuth\Common\Storage\Exception\TokenNotFoundException;
/**
* OAuth storage wrapper for phpbb's cache
*
* @package auth
*/
class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
{
/**
* Cache driver.
*
* @var phpbb_db_driver
*/
protected $db;
/**
* phpBB user
*
* @var phpbb_user
*/
protected $user;
/**
* OAuth token table
*
* @var string
*/
protected $auth_provider_oauth_table;
/**
* @var object|TokenInterface
*/
protected $cachedToken;
/**
* Creates token storage for phpBB.
*
* @param phpbb_db_driver $db
* @param phpbb_user $user
* @param string $auth_provider_oauth_table
*/
public function __construct(phpbb_db_driver $db, phpbb_user $user, $auth_provider_oauth_table)
{
$this->db = $db;
$this->user = $user;
$this->auth_provider_oauth_table = $auth_provider_oauth_table;
}
/**
* {@inheritdoc}
*/
public function retrieveAccessToken($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedToken instanceOf TokenInterface)
{
return $this->cachedToken;
}
$data = array(
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
);
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}
return $this->_retrieve_access_token($data);
}
/**
* {@inheritdoc}
*/
public function storeAccessToken($service, TokenInterface $token)
{
$service = $this->get_service_name_for_db($service);
$this->cachedToken = $token;
$data = array(
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
'oauth_token' => $this->json_encode_token($token),
'session_id' => $this->user->data['session_id'],
);
$sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . '
' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);
}
/**
* {@inheritdoc}
*/
public function hasAccessToken($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedToken) {
return true;
}
$data = array(
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
);
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}
return $this->_has_acess_token($data);
}
/**
* {@inheritdoc}
*/
public function clearToken($service)
{
$service = $this->get_service_name_for_db($service);
$this->cachedToken = null;
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '
WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND provider = '" . $this->db->sql_escape($service) . "'";
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
$this->db->sql_query($sql);
}
/**
* {@inheritdoc}
*/
public function clearAllTokens()
{
$this->cachedToken = null;
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . '
WHERE user_id = ' . (int) $this->user->data['user_id'];
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
$this->db->sql_query($sql);
}
/**
* Updates the user_id field in the database assosciated with the token
*
* @param int $user_id
*/
public function set_user_id($user_id)
{
if (!$this->cachedToken)
{
return;
}
$sql = 'UPDATE ' . $this->auth_provider_oauth_table . '
SET ' . $this->db->sql_build_array('UPDATE', array(
'user_id' => (int) $user_id
)) . '
WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
$this->db->sql_query($sql);
}
/**
* Checks to see if an access token exists solely by the session_id of the user
*
* @return bool true if they have token, false if they don't
*/
public function has_access_token_by_session($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedToken)
{
return true;
}
$data = array(
'session_id' => $this->user->data['session_id'],
'provider' => $service,
);
return $this->_has_acess_token($data);
}
/**
* A helper function that performs the query for has access token functions
*
* @param array $data
* @return bool
*/
protected function _has_acess_token($data)
{
return (bool) $this->get_access_token_row($data);
}
public function retrieve_access_token_by_session($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedToken instanceOf TokenInterface) {
return $this->cachedToken;
}
$data = array(
'session_id' => $this->user->data['session_id'],
'provider' => $service,
);
return $this->_retrieve_access_token($data);
}
/**
* A helper function that performs the query for retrieve access token functions
* Also checks if the token is a valid token
*
* @param array $data
* @return mixed
*/
protected function _retrieve_access_token($data)
{
$row = $this->get_access_token_row($data);
if (!$row)
{
throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_NOT_STORED');
}
$token = $this->json_decode_token($row['oauth_token']);
// Ensure that the token was serialized/unserialized correctly
if (!($token instanceof TokenInterface))
{
$this->clearToken();
throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
}
$this->cachedToken = $token;
return $token;
}
/**
* A helper function that performs the query for retrieving an access token
*
* @param array $data
* @return mixed
*/
protected function get_access_token_row($data)
{
$sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
return $row;
}
public function json_encode_token(TokenInterface $token)
{
$members = array(
'accessToken' => $token->getAccessToken(),
'endOfLife' => $token->getEndOfLife(),
'extraParams' => $token->getExtraParams(),
'refreshToken' => $token->getRefreshToken(),
'token_class' => get_class($token),
);
// Handle additional data needed for OAuth1 tokens
if ($token instanceof StdOAuth1Token)
{
$members['requestToken'] = $token->getRequestToken();
$members['requestTokenSecret'] = $token->getRequestTokenSecret();
$members['accessTokenSecret'] = $token->getAccessTokenSecret();
}
return json_encode($members);
}
public function json_decode_token($json)
{
$token_data = json_decode($json, true);
if ($token_data === null)
{
throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
}
$token_class = $token_data['token_class'];
$access_token = $token_data['accessToken'];
$refresh_token = $token_data['refreshToken'];
$endOfLife = $token_data['endOfLife'];
$extra_params = $token_data['extraParams'];
// Create the token
$token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params);
$token->setEndOfLife($endOfLife);
// Handle OAuth 1.0 specific elements
if ($token instanceof StdOAuth1Token)
{
$token->setRequestToken($token_data['requestToken']);
$token->setRequestTokenSecret($token_data['requestTokenSecret']);
$token->setAccessTokenSecret($token_data['accessTokenSecret']);
}
return $token;
}
/**
* Returns the name of the service as it must be stored in the database.
*
* @param string $service The name of the OAuth service
* @return string The name of the OAuth service as it needs to be stored
* in the database.
*/
protected function get_service_name_for_db($service)
{
// Enforce the naming convention for oauth services
if (strpos($service, 'auth.provider.oauth.service.') !== 0)
{
$service = 'auth.provider.oauth.service.' . strtolower($service);
}
return $service;
}
}

71
phpBB/phpbb/db/migration/data/310/auth_provider_oauth.php Normal file
View File

@@ -0,0 +1,71 @@
<?php
/**
*
* @package migration
* @copyright (c) 2013 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License v2
*
*/
class phpbb_db_migration_data_310_auth_provider_oauth extends phpbb_db_migration
{
public function effectively_installed()
{
return $this->db_tools->sql_table_exists($this->table_prefix . 'auth_provider_oauth');
}
public function update_schema()
{
return array(
'add_tables' => array(
$this->table_prefix . 'oauth_tokens' => array(
'COLUMNS' => array(
'user_id' => array('UINT', 0), // phpbb_users.user_id
'session_id' => array('CHAR:32', ''), // phpbb_sessions.session_id used only when user_id not set
'provider' => array('VCHAR', ''), // Name of the OAuth provider
'oauth_token' => array('MTEXT', ''), // Serialized token
),
'KEYS' => array(
'user_id' => array('INDEX', 'user_id'),
'provider' => array('INDEX', 'provider'),
),
),
$this->table_prefix . 'oauth_accounts' => array(
'COLUMNS' => array(
'user_id' => array('UINT', 0),
'provider' => array('VCHAR', ''),
'oauth_provider_id' => array('TEXT_UNI', ''),
),
'PRIMARY_KEY' => array(
'user_id',
'provider',
),
),
),
);
}
public function revert_schema()
{
return array(
'drop_tables' => array(
$this->table_prefix . 'oauth_tokens',
$this->table_prefix . 'oauth_accounts',
),
);
}
public function update_data()
{
return array(
array('module.add', array(
'ucp',
'UCP_PROFILE',
array(
'module_basename' => 'ucp_auth_link',
'modes' => array('auth_link'),
),
)),
);
}
}

10
phpBB/phpbb/request/interface.php
View File

@@ -136,4 +136,14 @@ interface phpbb_request_interface
* Pay attention when using these, they are unsanitised!
*/
public function variable_names($super_global = phpbb_request_interface::REQUEST);
/**
* Returns the original array of the requested super global
*
* @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global
* The super global which will be returned
*
* @return array The original array of the requested super global.
*/
public function get_super_global($super_global = phpbb_request_interface::REQUEST);
}

8
phpBB/phpbb/request/request.php
View File

@@ -412,4 +412,12 @@ class phpbb_request implements phpbb_request_interface
return $var;
}
/**
* {@inheritdoc}
*/
public function get_super_global($super_global = phpbb_request_interface::REQUEST)
{
return $this->input[$super_global];
}
}