gauvain/san-reymoros
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Augmentation vers version 3.3.0

Browse Source
This commit is contained in:
Gauvain Boiché
2020-03-31 15:31:03 +02:00
parent d926806907
commit a1864c0414
2618 changed files with 406015 additions and 31377 deletions
Download Patch File Download Diff File Expand all files Collapse all files

285
install/update/new/phpbb/auth/provider/apache.php Normal file
View File

@@ -0,0 +1,285 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider;
use phpbb\config\config;
use phpbb\db\driver\driver_interface;
use phpbb\language\language;
use phpbb\request\request_interface;
use phpbb\request\type_cast_helper;
use phpbb\user;
/**
* Apache authentication provider for phpBB3
*/
class apache extends base
{
/** @var config phpBB config */
protected $config;
/** @var driver_interface Database object */
protected $db;
/** @var language Language object */
protected $language;
/** @var request_interface Request object */
protected $request;
/** @var user User object */
protected $user;
/** @var string Relative path to phpBB root */
protected $phpbb_root_path;
/** @var string PHP file extension */
protected $php_ext;
/**
* Apache Authentication Constructor
*
* @param config $config Config object
* @param driver_interface $db Database object
* @param language $language Language object
* @param request_interface $request Request object
* @param user $user User object
* @param string $phpbb_root_path Relative path to phpBB root
* @param string $php_ext PHP file extension
*/
public function __construct(config $config, driver_interface $db, language $language, request_interface $request, user $user, $phpbb_root_path, $php_ext)
{
$this->config = $config;
$this->db = $db;
$this->language = $language;
$this->request = $request;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}
/**
* {@inheritdoc}
*/
public function init()
{
if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
{
return $this->language->lang('APACHE_SETUP_BEFORE_USE');
}
return false;
}
/**
* {@inheritdoc}
*/
public function login($username, $password)
{
// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
if ($php_auth_user !== $username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// this is the user's first login so create an empty profile
return array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => $this->user_row($php_auth_user),
);
}
// Not logged into apache
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_EXTERNAL_AUTH_APACHE',
'user_row' => array('user_id' => ANONYMOUS),
);
}
/**
* {@inheritdoc}
*/
public function autologin()
{
if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
{
return array();
}
$php_auth_user = htmlspecialchars_decode($this->request->server('PHP_AUTH_USER'));
$php_auth_pw = htmlspecialchars_decode($this->request->server('PHP_AUTH_PW'));
if (!empty($php_auth_user) && !empty($php_auth_pw))
{
$type_cast_helper = new type_cast_helper();
$type_cast_helper->set_var($php_auth_user, $php_auth_user, 'string', true);
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username = '" . $this->db->sql_escape($php_auth_user) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
return ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ? array() : $row;
}
if (!function_exists('user_add'))
{
include($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
}
// create the user if he does not exist yet
user_add($this->user_row($php_auth_user));
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
return $row;
}
}
return array();
}
/**
* This function generates an array which can be passed to the user_add
* function in order to create a user
*
* @param string $username The username of the new user.
*
* @return array Contains data that can be passed directly to
* the user_add function.
*/
private function user_row($username)
{
// first retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
AND group_type = " . GROUP_SPECIAL;
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (!$row)
{
trigger_error('NO_GROUP');
}
// generate user account data
return array(
'username' => $username,
'user_password' => '',
'user_email' => '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $this->user->ip,
'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
);
}
/**
* {@inheritdoc}
*/
public function validate_session($user)
{
// Check if PHP_AUTH_USER is set and handle this case
if ($this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
{
$php_auth_user = $this->request->server('PHP_AUTH_USER');
return ($php_auth_user === $user['username']) ? true : false;
}
// PHP_AUTH_USER is not set. A valid session is now determined by the user type (anonymous/bot or not)
if ($user['user_type'] == USER_IGNORE)
{
return true;
}
return false;
}
}

108
install/update/new/phpbb/auth/provider/base.php Normal file
View File

@@ -0,0 +1,108 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider;
/**
* Base authentication provider class that all other providers should implement
*/
abstract class base implements provider_interface
{
/**
* {@inheritdoc}
*/
public function init()
{
return;
}
/**
* {@inheritdoc}
*/
public function autologin()
{
return;
}
/**
* {@inheritdoc}
*/
public function acp()
{
return;
}
/**
* {@inheritdoc}
*/
public function get_acp_template($new_config)
{
return;
}
/**
* {@inheritdoc}
*/
public function get_login_data()
{
return;
}
/**
* {@inheritdoc}
*/
public function get_auth_link_data($user_id = 0)
{
return;
}
/**
* {@inheritdoc}
*/
public function logout($data, $new_session)
{
return;
}
/**
* {@inheritdoc}
*/
public function validate_session($user)
{
return;
}
/**
* {@inheritdoc}
*/
public function login_link_has_necessary_data($login_link_data)
{
return;
}
/**
* {@inheritdoc}
*/
public function link_account(array $link_data)
{
return;
}
/**
* {@inheritdoc}
*/
public function unlink_account(array $link_data)
{
return;
}
}

259
install/update/new/phpbb/auth/provider/db.php Normal file
View File

@@ -0,0 +1,259 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider;
use phpbb\captcha\factory;
use phpbb\config\config;
use phpbb\db\driver\driver_interface;
use phpbb\passwords\manager;
use phpbb\request\request_interface;
use phpbb\user;
/**
* Database authentication provider for phpBB3
* This is for authentication via the integrated user table
*/
class db extends base
{
/** @var factory CAPTCHA factory */
protected $captcha_factory;
/** @var config phpBB config */
protected $config;
/** @var driver_interface DBAL driver instance */
protected $db;
/** @var request_interface Request object */
protected $request;
/** @var user User object */
protected $user;
/** @var string phpBB root path */
protected $phpbb_root_path;
/** @var string PHP file extension */
protected $php_ext;
/**
* phpBB passwords manager
*
* @var manager
*/
protected $passwords_manager;
/**
* Database Authentication Constructor
*
* @param factory $captcha_factory
* @param config $config
* @param driver_interface $db
* @param manager $passwords_manager
* @param request_interface $request
* @param user $user
* @param string $phpbb_root_path
* @param string $php_ext
*/
public function __construct(factory $captcha_factory, config $config, driver_interface $db, manager $passwords_manager, request_interface $request, user $user, $phpbb_root_path, $php_ext)
{
$this->captcha_factory = $captcha_factory;
$this->config = $config;
$this->db = $db;
$this->passwords_manager = $passwords_manager;
$this->request = $request;
$this->user = $user;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
}
/**
* {@inheritdoc}
*/
public function login($username, $password)
{
// Auth plugins get the password untrimmed.
// For compatibility we trim() here.
$password = trim($password);
// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$username_clean = utf8_clean_string($username);
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (($this->user->ip && !$this->config['ip_login_limit_use_forwarded']) ||
($this->user->forwarded_for && $this->config['ip_login_limit_use_forwarded']))
{
$sql = 'SELECT COUNT(*) AS attempts
FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time > ' . (time() - (int) $this->config['ip_login_limit_time']);
if ($this->config['ip_login_limit_use_forwarded'])
{
$sql .= " AND attempt_forwarded_for = '" . $this->db->sql_escape($this->user->forwarded_for) . "'";
}
else
{
$sql .= " AND attempt_ip = '" . $this->db->sql_escape($this->user->ip) . "' ";
}
$result = $this->db->sql_query($sql);
$attempts = (int) $this->db->sql_fetchfield('attempts');
$this->db->sql_freeresult($result);
$attempt_data = array(
'attempt_ip' => $this->user->ip,
'attempt_browser' => trim(substr($this->user->browser, 0, 149)),
'attempt_forwarded_for' => $this->user->forwarded_for,
'attempt_time' => time(),
'user_id' => ($row) ? (int) $row['user_id'] : 0,
'username' => $username,
'username_clean' => $username_clean,
);
$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data);
$this->db->sql_query($sql);
}
else
{
$attempts = 0;
}
if (!$row)
{
if ($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max'])
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'user_row' => array('user_id' => ANONYMOUS),
);
}
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$show_captcha = ($this->config['max_login_attempts'] && $row['user_login_attempts'] >= $this->config['max_login_attempts']) ||
($this->config['ip_login_limit_max'] && $attempts >= $this->config['ip_login_limit_max']);
// If there are too many login attempts, we need to check for a confirm image
// Every auth module is able to define what to do by itself...
if ($show_captcha)
{
$captcha = $this->captcha_factory->get_instance($this->config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response)
{
return array(
'status' => LOGIN_ERROR_ATTEMPTS,
'error_msg' => 'LOGIN_ERROR_ATTEMPTS',
'user_row' => $row,
);
}
else
{
$captcha->reset();
}
}
// Check password ...
if ($this->passwords_manager->check($password, $row['user_password'], $row))
{
// Check for old password hash...
if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32)
{
$hash = $this->passwords_manager->hash($password);
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_password = '" . $this->db->sql_escape($hash) . "'
WHERE user_id = {$row['user_id']}";
$this->db->sql_query($sql);
$row['user_password'] = $hash;
}
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id'];
$this->db->sql_query($sql);
if ($row['user_login_attempts'] != 0)
{
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$this->db->sql_query($sql);
}
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login... set user_login_attempts to zero...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$this->db->sql_query($sql);
// Give status about wrong password...
return array(
'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD,
'error_msg' => 'LOGIN_ERROR_PASSWORD',
'user_row' => $row,
);
}
}

359
install/update/new/phpbb/auth/provider/ldap.php Normal file
View File

@@ -0,0 +1,359 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider;
use phpbb\config\config;
use phpbb\db\driver\driver_interface;
use phpbb\language\language;
use phpbb\user;
/**
* Database authentication provider for phpBB3
* This is for authentication via the integrated user table
*/
class ldap extends base
{
/** @var config phpBB config */
protected $config;
/** @var driver_interface DBAL driver interface */
protected $db;
/** @var language phpBB language class */
protected $language;
/** @var user phpBB user */
protected $user;
/**
* LDAP Authentication Constructor
*
* @param config $config Config object
* @param driver_interface $db DBAL driver interface
* @param language $language Language object
* @param user $user User object
*/
public function __construct(config $config, driver_interface $db, language $language, user $user)
{
$this->config = $config;
$this->db = $db;
$this->language = $language;
$this->user = $user;
}
/**
* {@inheritdoc}
*/
public function init()
{
if (!@extension_loaded('ldap'))
{
return $this->language->lang('LDAP_NO_LDAP_EXTENSION');
}
$this->config['ldap_port'] = (int) $this->config['ldap_port'];
if ($this->config['ldap_port'])
{
$ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']);
}
else
{
$ldap = @ldap_connect($this->config['ldap_server']);
}
if (!$ldap)
{
return $this->language->lang('LDAP_NO_SERVER_CONNECTION');
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($this->config['ldap_user'] || $this->config['ldap_password'])
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
{
return $this->language->lang('LDAP_INCORRECT_USER_PASSWORD');
}
}
// ldap_connect only checks whether the specified server is valid, so the connection might still fail
$search = @ldap_search(
$ldap,
htmlspecialchars_decode($this->config['ldap_base_dn']),
$this->ldap_user_filter($this->user->data['username']),
(empty($this->config['ldap_email'])) ?
array(htmlspecialchars_decode($this->config['ldap_uid'])) :
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
0,
1
);
if ($search === false)
{
return $this->language->lang('LDAP_SEARCH_FAILED');
}
$result = @ldap_get_entries($ldap, $search);
@ldap_close($ldap);
if (!is_array($result) || count($result) < 2)
{
return $this->language->lang('LDAP_NO_IDENTITY', $this->user->data['username']);
}
if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])]))
{
return $this->language->lang('LDAP_NO_EMAIL');
}
return false;
}
/**
* {@inheritdoc}
*/
public function login($username, $password)
{
// do not allow empty password
if (!$password)
{
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'NO_PASSWORD_SUPPLIED',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!$username)
{
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
if (!@extension_loaded('ldap'))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LDAP_NO_LDAP_EXTENSION',
'user_row' => array('user_id' => ANONYMOUS),
);
}
$this->config['ldap_port'] = (int) $this->config['ldap_port'];
if ($this->config['ldap_port'])
{
$ldap = @ldap_connect($this->config['ldap_server'], $this->config['ldap_port']);
}
else
{
$ldap = @ldap_connect($this->config['ldap_server']);
}
if (!$ldap)
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
'user_row' => array('user_id' => ANONYMOUS),
);
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($this->config['ldap_user'] || $this->config['ldap_password'])
{
if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
{
return array(
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LDAP_NO_SERVER_CONNECTION',
'user_row' => array('user_id' => ANONYMOUS),
);
}
}
$search = @ldap_search(
$ldap,
htmlspecialchars_decode($this->config['ldap_base_dn']),
$this->ldap_user_filter($username),
(empty($this->config['ldap_email'])) ?
array(htmlspecialchars_decode($this->config['ldap_uid'])) :
array(htmlspecialchars_decode($this->config['ldap_uid']), htmlspecialchars_decode($this->config['ldap_email'])),
0,
1
);
$ldap_result = @ldap_get_entries($ldap, $search);
if (is_array($ldap_result) && count($ldap_result) > 1)
{
if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password)))
{
@ldap_close($ldap);
$sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
unset($ldap_result);
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
{
return array(
'status' => LOGIN_ERROR_ACTIVE,
'error_msg' => 'ACTIVE_ERROR',
'user_row' => $row,
);
}
// Successful login... set user_login_attempts to zero...
return array(
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
);
}
else
{
// retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "
WHERE group_name = '" . $this->db->sql_escape('REGISTERED') . "'
AND group_type = " . GROUP_SPECIAL;
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (!$row)
{
trigger_error('NO_GROUP');
}
// generate user account data
$ldap_user_row = array(
'username' => $username,
'user_password' => '',
'user_email' => (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,
'user_ip' => $this->user->ip,
'user_new' => ($this->config['new_member_post_limit']) ? 1 : 0,
);
unset($ldap_result);
// this is the user's first login so create an empty profile
return array(
'status' => LOGIN_SUCCESS_CREATE_PROFILE,
'error_msg' => false,
'user_row' => $ldap_user_row,
);
}
}
else
{
unset($ldap_result);
@ldap_close($ldap);
// Give status about wrong password...
return array(
'status' => LOGIN_ERROR_PASSWORD,
'error_msg' => 'LOGIN_ERROR_PASSWORD',
'user_row' => array('user_id' => ANONYMOUS),
);
}
}
@ldap_close($ldap);
return array(
'status' => LOGIN_ERROR_USERNAME,
'error_msg' => 'LOGIN_ERROR_USERNAME',
'user_row' => array('user_id' => ANONYMOUS),
);
}
/**
* {@inheritdoc}
*/
public function acp()
{
// These are fields required in the config table
return array(
'ldap_server', 'ldap_port', 'ldap_base_dn', 'ldap_uid', 'ldap_user_filter', 'ldap_email', 'ldap_user', 'ldap_password',
);
}
/**
* {@inheritdoc}
*/
public function get_acp_template($new_config)
{
return array(
'TEMPLATE_FILE' => 'auth_provider_ldap.html',
'TEMPLATE_VARS' => array(
'AUTH_LDAP_BASE_DN' => $new_config['ldap_base_dn'],
'AUTH_LDAP_EMAIL' => $new_config['ldap_email'],
'AUTH_LDAP_PASSORD' => $new_config['ldap_password'] !== '' ? '********' : '',
'AUTH_LDAP_PORT' => $new_config['ldap_port'],
'AUTH_LDAP_SERVER' => $new_config['ldap_server'],
'AUTH_LDAP_UID' => $new_config['ldap_uid'],
'AUTH_LDAP_USER' => $new_config['ldap_user'],
'AUTH_LDAP_USER_FILTER' => $new_config['ldap_user_filter'],
),
);
}
/**
* Generates a filter string for ldap_search to find a user
*
* @param $username string Username identifying the searched user
*
* @return string A filter string for ldap_search
*/
private function ldap_user_filter($username)
{
$filter = '(' . $this->config['ldap_uid'] . '=' . $this->ldap_escape(htmlspecialchars_decode($username)) . ')';
if ($this->config['ldap_user_filter'])
{
$_filter = ($this->config['ldap_user_filter'][0] == '(' && substr($this->config['ldap_user_filter'], -1) == ')') ? $this->config['ldap_user_filter'] : "({$this->config['ldap_user_filter']})";
$filter = "(&{$filter}{$_filter})";
}
return $filter;
}
/**
* Escapes an LDAP AttributeValue
*
* @param string $string The string to be escaped
* @return string The escaped string
*/
private function ldap_escape($string)
{
return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
}
}

859
install/update/new/phpbb/auth/provider/oauth/oauth.php Normal file
View File

@@ -0,0 +1,859 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider\oauth;
use OAuth\Common\Http\Exception\TokenResponseException;
use OAuth\ServiceFactory;
use OAuth\Common\Consumer\Credentials;
use OAuth\Common\Service\ServiceInterface;
use OAuth\OAuth1\Service\AbstractService as OAuth1Service;
use OAuth\OAuth2\Service\AbstractService as OAuth2Service;
use phpbb\auth\provider\base;
use phpbb\auth\provider\db;
use phpbb\auth\provider\oauth\service\exception;
use phpbb\config\config;
use phpbb\db\driver\driver_interface;
use phpbb\di\service_collection;
use phpbb\event\dispatcher;
use phpbb\language\language;
use phpbb\request\request_interface;
use phpbb\user;
/**
* OAuth authentication provider for phpBB3
*/
class oauth extends base
{
/** @var config */
protected $config;
/** @var driver_interface */
protected $db;
/** @var db */
protected $db_auth;
/** @var dispatcher */
protected $dispatcher;
/** @var language */
protected $language;
/** @var request_interface */
protected $request;
/** @var service_collection */
protected $service_providers;
/** @var user */
protected $user;
/** @var string OAuth table: token storage */
protected $oauth_token_table;
/** @var string OAuth table: state */
protected $oauth_state_table;
/** @var string OAuth table: account association */
protected $oauth_account_table;
/** @var string Users table */
protected $users_table;
/** @var string phpBB root path */
protected $root_path;
/** @var string php File extension */
protected $php_ext;
/**
* Constructor.
*
* @param config $config Config object
* @param driver_interface $db Database object
* @param db $db_auth DB auth provider
* @param dispatcher $dispatcher Event dispatcher object
* @param language $language Language object
* @param request_interface $request Request object
* @param service_collection $service_providers OAuth providers service collection
* @param user $user User object
* @param string $oauth_token_table OAuth table: token storage
* @param string $oauth_state_table OAuth table: state
* @param string $oauth_account_table OAuth table: account association
* @param string $users_table User table
* @param string $root_path phpBB root path
* @param string $php_ext php File extension
*/
public function __construct(
config $config,
driver_interface $db,
db $db_auth,
dispatcher $dispatcher,
language $language,
request_interface $request,
service_collection $service_providers,
user $user,
$oauth_token_table,
$oauth_state_table,
$oauth_account_table,
$users_table,
$root_path,
$php_ext
)
{
$this->config = $config;
$this->db = $db;
$this->db_auth = $db_auth;
$this->dispatcher = $dispatcher;
$this->language = $language;
$this->service_providers = $service_providers;
$this->request = $request;
$this->user = $user;
$this->oauth_token_table = $oauth_token_table;
$this->oauth_state_table = $oauth_state_table;
$this->oauth_account_table = $oauth_account_table;
$this->users_table = $users_table;
$this->root_path = $root_path;
$this->php_ext = $php_ext;
}
/**
* {@inheritdoc}
*/
public function init()
{
// This does not test whether or not the key and secret provided are valid.
foreach ($this->service_providers as $service_provider)
{
$credentials = $service_provider->get_service_credentials();
if (($credentials['key'] && !$credentials['secret']) || (!$credentials['key'] && $credentials['secret']))
{
return $this->language->lang('AUTH_PROVIDER_OAUTH_ERROR_ELEMENT_MISSING');
}
}
return false;
}
/**
* {@inheritdoc}
*/
public function login($username, $password)
{
// Temporary workaround for only having one authentication provider available
if (!$this->request->is_set('oauth_service'))
{
return $this->db_auth->login($username, $password);
}
// Request the name of the OAuth service
$provider = $this->request->variable('oauth_service', '', false);
$service_name = $this->get_service_name($provider);
if ($provider === '' || !array_key_exists($service_name, $this->service_providers))
{
return [
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST',
'user_row' => ['user_id' => ANONYMOUS],
];
}
// Get the service credentials for the given service
$storage = new token_storage($this->db, $this->user, $this->oauth_token_table, $this->oauth_state_table);
$query = 'mode=login&login=external&oauth_service=' . $provider;
try
{
/** @var OAuth1Service|OAuth2Service $service */
$service = $this->get_service($provider, $storage, $query);
}
catch (\Exception $e)
{
return [
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => $e->getMessage(),
'user_row' => ['user_id' => ANONYMOUS],
];
}
if ($this->is_set_code($service))
{
$this->service_providers[$service_name]->set_external_service_provider($service);
try
{
$unique_id = $this->service_providers[$service_name]->perform_auth_login();
}
catch (exception $e)
{
return [
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => $e->getMessage(),
'user_row' => ['user_id' => ANONYMOUS],
];
}
/**
* Check to see if this provider is already associated with an account.
*
* Enforcing a data type to make sure it are strings and not integers,
* so values are quoted in the SQL WHERE statement.
*/
$data = [
'provider' => (string) utf8_strtolower($provider),
'oauth_provider_id' => (string) $unique_id
];
$sql = 'SELECT user_id
FROM ' . $this->oauth_account_table . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
$redirect_data = array(
'auth_provider' => 'oauth',
'login_link_oauth_service' => $provider,
);
/**
* Event is triggered before check if provider is already associated with an account
*
* @event core.oauth_login_after_check_if_provider_id_has_match
* @var array row User row
* @var array data Provider data
* @var array redirect_data Data to be appended to the redirect url
* @var ServiceInterface service OAuth service
* @since 3.2.3-RC1
* @changed 3.2.6-RC1 Added redirect_data
*/
$vars = [
'row',
'data',
'redirect_data',
'service',
];
extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars)));
if (!$row)
{
// The user does not yet exist, ask to link or create profile
return [
'status' => LOGIN_SUCCESS_LINK_PROFILE,
'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED',
'user_row' => [],
'redirect_data' => $redirect_data,
];
}
// Retrieve the user's account
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_ip, user_type, user_login_attempts
FROM ' . $this->users_table . '
WHERE user_id = ' . (int) $row['user_id'];
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if (!$row)
{
return [
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY',
'user_row' => ['user_id' => ANONYMOUS],
];
}
/**
* Check if the user is banned.
* The fourth parameter (return) has to be true, otherwise the OAuth login is still called and
* an uncaught exception is thrown as there is no token stored in the database.
*/
$ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true);
if (!empty($ban))
{
$till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : '';
$message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';
$contact_link = phpbb_get_board_contact_link($this->config, $this->root_path, $this->php_ext);
$message = $this->language->lang($message, $till_date, '<a href="' . $contact_link . '">', '</a>');
$message .= !empty($ban['ban_give_reason']) ? '<br /><br />' . $this->language->lang('BOARD_BAN_REASON', $ban['ban_give_reason']) : '';
$message .= !empty($ban['ban_triggered_by']) ? '<br /><br /><em>' . $this->language->lang('BAN_TRIGGERED_BY_' . utf8_strtoupper($ban['ban_triggered_by'])) . '</em>' : '';
return [
'status' => LOGIN_BREAK,
'error_msg' => $message,
'user_row' => $row,
];
}
// Update token storage to store the user_id
$storage->set_user_id($row['user_id']);
/**
* Event is triggered after user is successfully logged in via OAuth.
*
* @event core.auth_oauth_login_after
* @var array row User row
* @since 3.1.11-RC1
*/
$vars = [
'row',
];
extract($this->dispatcher->trigger_event('core.auth_oauth_login_after', compact($vars)));
// The user is now authenticated and can be logged in
return [
'status' => LOGIN_SUCCESS,
'error_msg' => false,
'user_row' => $row,
];
}
else
{
return $this->set_redirect($service);
}
}
/**
* {@inheritdoc}
*/
public function get_login_data()
{
$login_data = [
'TEMPLATE_FILE' => 'login_body_oauth.html',
'BLOCK_VAR_NAME' => 'oauth',
'BLOCK_VARS' => [],
];
foreach ($this->service_providers as $service_name => $service_provider)
{
// Only include data if the credentials are set
$credentials = $service_provider->get_service_credentials();
if ($credentials['key'] && $credentials['secret'])
{
$provider = $this->get_provider($service_name);
$redirect_url = generate_board_url() . '/ucp.' . $this->php_ext . '?mode=login&login=external&oauth_service=' . $provider;
$login_data['BLOCK_VARS'][$service_name] = [
'REDIRECT_URL' => redirect($redirect_url, true),
'SERVICE_NAME' => $this->get_provider_title($provider),
];
}
}
return $login_data;
}
/**
* {@inheritdoc}
*/
public function acp()
{
$ret = [];
foreach ($this->service_providers as $service_name => $service_provider)
{
$provider = $this->get_provider($service_name);
$provider = utf8_strtolower($provider);
$ret[] = 'auth_oauth_' . $provider . '_key';
$ret[] = 'auth_oauth_' . $provider . '_secret';
}
return $ret;
}
/**
* {@inheritdoc}
*/
public function get_acp_template($new_config)
{
$ret = [
'BLOCK_VAR_NAME' => 'oauth_services',
'BLOCK_VARS' => [],
'TEMPLATE_FILE' => 'auth_provider_oauth.html',
'TEMPLATE_VARS' => [],
];
foreach ($this->service_providers as $service_name => $service_provider)
{
$provider = $this->get_provider($service_name);
$ret['BLOCK_VARS'][$provider] = [
'NAME' => $provider,
'ACTUAL_NAME' => $this->get_provider_title($provider),
'KEY' => $new_config['auth_oauth_' . utf8_strtolower($provider) . '_key'],
'SECRET' => $new_config['auth_oauth_' . utf8_strtolower($provider) . '_secret'],
];
}
return $ret;
}
/**
* {@inheritdoc}
*/
public function login_link_has_necessary_data($login_link_data)
{
if (empty($login_link_data))
{
return 'LOGIN_LINK_NO_DATA_PROVIDED';
}
if (!array_key_exists('oauth_service', $login_link_data) || !$login_link_data['oauth_service'] ||
!array_key_exists('link_method', $login_link_data) || !$login_link_data['link_method'])
{
return 'LOGIN_LINK_MISSING_DATA';
}
return null;
}
/**
* {@inheritdoc}
*/
public function link_account(array $link_data)
{
// Check for a valid link method (auth_link or login_link)
if (!array_key_exists('link_method', $link_data) ||
!in_array($link_data['link_method'], ['auth_link', 'login_link']))
{
return 'LOGIN_LINK_MISSING_DATA';
}
// We must have an oauth_service listed, check for it two ways
if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])
{
$link_data['oauth_service'] = $this->request->variable('oauth_service', '');
if (!$link_data['oauth_service'])
{
return 'LOGIN_LINK_MISSING_DATA';
}
}
$service_name = $this->get_service_name($link_data['oauth_service']);
if (!array_key_exists($service_name, $this->service_providers))
{
return 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST';
}
switch ($link_data['link_method'])
{
case 'auth_link':
return $this->link_account_auth_link($link_data, $service_name);
case 'login_link':
return $this->link_account_login_link($link_data, $service_name);
default:
return 'LOGIN_LINK_MISSING_DATA';
}
}
/**
* {@inheritdoc}
*/
public function logout($data, $new_session)
{
// Clear all tokens belonging to the user
$storage = new token_storage($this->db, $this->user, $this->oauth_token_table, $this->oauth_state_table);
$storage->clearAllTokens();
return;
}
/**
* {@inheritdoc}
*/
public function get_auth_link_data($user_id = 0)
{
$user_ids = [];
$block_vars = [];
$sql = 'SELECT oauth_provider_id, provider
FROM ' . $this->oauth_account_table . '
WHERE user_id = ' . ($user_id > 0 ? (int) $user_id : (int) $this->user->data['user_id']);
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
$user_ids[$row['provider']] = $row['oauth_provider_id'];
}
$this->db->sql_freeresult($result);
foreach ($this->service_providers as $service_name => $service_provider)
{
// Only include data if the credentials are set
$credentials = $service_provider->get_service_credentials();
if ($credentials['key'] && $credentials['secret'])
{
$provider = $this->get_provider($service_name);
$block_vars[$service_name] = [
'SERVICE_NAME' => $this->get_provider_title($provider),
'UNIQUE_ID' => isset($user_ids[$provider]) ? $user_ids[$provider] : null,
'HIDDEN_FIELDS' => [
'link' => !isset($user_ids[$provider]),
'oauth_service' => $provider,
],
];
}
}
return [
'BLOCK_VAR_NAME' => 'oauth',
'BLOCK_VARS' => $block_vars,
'TEMPLATE_FILE' => 'ucp_auth_link_oauth.html',
];
}
/**
* {@inheritdoc}
*/
public function unlink_account(array $link_data)
{
if (!array_key_exists('oauth_service', $link_data) || !$link_data['oauth_service'])
{
return 'LOGIN_LINK_MISSING_DATA';
}
// Remove user specified in $link_data if possible
$user_id = isset($link_data['user_id']) ? $link_data['user_id'] : $this->user->data['user_id'];
// Remove the link
$sql = 'DELETE FROM ' . $this->oauth_account_table . "
WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'
AND user_id = " . (int) $user_id;
$this->db->sql_query($sql);
$service_name = $this->get_service_name($link_data['oauth_service']);
// Clear all tokens belonging to the user on this service
$storage = new token_storage($this->db, $this->user, $this->oauth_token_table, $this->oauth_state_table);
$storage->clearToken($service_name);
return false;
}
/**
* Performs the account linking for login_link.
*
* @param array $link_data The same variable given to
* {@see \phpbb\auth\provider\provider_interface::link_account}
* @param string $service_name The name of the service being used in linking.
* @return string|false Returns a language key (string) if an error is encountered,
* or false on success.
*/
protected function link_account_login_link(array $link_data, $service_name)
{
$storage = new token_storage($this->db, $this->user, $this->oauth_token_table, $this->oauth_state_table);
// Check for an access token, they should have one
if (!$storage->has_access_token_by_session($service_name))
{
return 'LOGIN_LINK_ERROR_OAUTH_NO_ACCESS_TOKEN';
}
// Prepare for an authentication request
$query = 'mode=login_link&login_link_oauth_service=' . $link_data['oauth_service'];
try
{
$service = $this->get_service($link_data['oauth_service'], $storage, $query);
}
catch (\Exception $e)
{
return $e->getMessage();
}
$this->service_providers[$service_name]->set_external_service_provider($service);
try
{
// The user has already authenticated successfully, request to authenticate again
$unique_id = $this->service_providers[$service_name]->perform_token_auth();
}
catch (exception $e)
{
return $e->getMessage();
}
// Insert into table, they will be able to log in after this
$data = [
'user_id' => $link_data['user_id'],
'provider' => utf8_strtolower($link_data['oauth_service']),
'oauth_provider_id' => $unique_id,
];
$this->link_account_perform_link($data);
// Update token storage to store the user_id
$storage->set_user_id($link_data['user_id']);
return false;
}
/**
* Performs the account linking for auth_link.
*
* @param array $link_data The same variable given to
* {@see \phpbb\auth\provider\provider_interface::link_account}
* @param string $service_name The name of the service being used in linking.
* @return string|false Returns a language constant (string) if an error is encountered,
* or false on success.
*/
protected function link_account_auth_link(array $link_data, $service_name)
{
$storage = new token_storage($this->db, $this->user, $this->oauth_token_table, $this->oauth_state_table);
$query = 'i=ucp_auth_link&mode=auth_link&link=1&oauth_service=' . $link_data['oauth_service'];
try
{
/** @var OAuth1Service|OAuth2Service $service */
$service = $this->get_service($link_data['oauth_service'], $storage, $query);
}
catch (\Exception $e)
{
return $e->getMessage();
}
if ($this->is_set_code($service))
{
$this->service_providers[$service_name]->set_external_service_provider($service);
try
{
$unique_id = $this->service_providers[$service_name]->perform_auth_login();
}
catch (exception $e)
{
return $e->getMessage();
}
// Insert into table, they will be able to log in after this
$data = [
'user_id' => $this->user->data['user_id'],
'provider' => utf8_strtolower($link_data['oauth_service']),
'oauth_provider_id' => $unique_id,
];
$this->link_account_perform_link($data);
return false;
}
else
{
return $this->set_redirect($service);
}
}
/**
* Performs the query that inserts an account link
*
* @param array $data This array is passed to db->sql_build_array
*/
protected function link_account_perform_link(array $data)
{
// Check if the external account is already associated with other user
$sql = 'SELECT user_id
FROM ' . $this->oauth_account_table . "
WHERE provider = '" . $this->db->sql_escape($data['provider']) . "'
AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row)
{
trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED');
}
// Link account
$sql = 'INSERT INTO ' . $this->oauth_account_table . ' ' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);
/**
* Event is triggered after user links account.
*
* @event core.auth_oauth_link_after
* @var array data User row
* @since 3.1.11-RC1
*/
$vars = [
'data',
];
extract($this->dispatcher->trigger_event('core.auth_oauth_link_after', compact($vars)));
}
/**
* Returns a new service object.
*
* @param string $provider The name of the provider
* @param token_storage $storage Token storage object
* @param string $query The query string used for the redirect uri
* @return ServiceInterface
* @throws exception When OAuth service was not created
*/
protected function get_service($provider, token_storage $storage, $query)
{
$service_name = $this->get_service_name($provider);
/** @see \phpbb\auth\provider\oauth\service\service_interface::get_service_credentials */
$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
/** @see \phpbb\auth\provider\oauth\service\service_interface::get_auth_scope */
$scopes = $this->service_providers[$service_name]->get_auth_scope();
$callback = generate_board_url() . "/ucp.{$this->php_ext}?{$query}";
// Setup the credentials for the requests
$credentials = new Credentials(
$service_credentials['key'],
$service_credentials['secret'],
$callback
);
$service_factory = new ServiceFactory;
// Allow providers to register a custom class or override the provider name
if ($class = $this->service_providers[$service_name]->get_external_service_class())
{
if (class_exists($class))
{
try
{
$service_factory->registerService($provider, $class);
}
catch (\OAuth\Common\Exception\Exception $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
}
else
{
$provider = $class;
}
}
$service = $service_factory->createService($provider, $credentials, $storage, $scopes);
if (!$service)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED');
}
return $service;
}
/**
* Returns the service name for an OAuth provider name.
*
* @param string $provider The OAuth provider name
* @return string The service name
*/
protected function get_service_name($provider)
{
if (strpos($provider, 'auth.provider.oauth.service.') !== 0)
{
$provider = 'auth.provider.oauth.service.' . utf8_strtolower($provider);
}
return $provider;
}
/**
* Returns the OAuth provider name from a service name.
*
* @param string $service_name The service name
* @return string The OAuth provider name
*/
protected function get_provider($service_name)
{
return str_replace('auth.provider.oauth.service.', '', $service_name);
}
/**
* Returns the localized title for the OAuth provider.
*
* @param string $provider The OAuth provider name
* @return string The OAuth provider title
*/
protected function get_provider_title($provider)
{
return $this->language->lang('AUTH_PROVIDER_OAUTH_SERVICE_' . utf8_strtoupper($provider));
}
/**
* Returns whether or not the authorization code is set.
*
* @param OAuth1Service|OAuth2Service $service The external OAuth service
* @return bool Whether or not the authorization code is set in the URL
* for the respective OAuth service's version
*/
protected function is_set_code($service)
{
switch ($service::OAUTH_VERSION)
{
case 1:
return $this->request->is_set('oauth_token', request_interface::GET);
case 2:
return $this->request->is_set('code', request_interface::GET);
default:
return false;
}
}
/**
* Sets a redirect to the authorization uri.
*
* @param OAuth1Service|OAuth2Service $service The external OAuth service
* @return array|false Array if an error occurred,
* false on success
*/
protected function set_redirect($service)
{
$parameters = [];
if ($service::OAUTH_VERSION === 1)
{
try
{
$token = $service->requestRequestToken();
$parameters = ['oauth_token' => $token->getRequestToken()];
}
catch (TokenResponseException $e)
{
return [
'status' => LOGIN_ERROR_EXTERNAL_AUTH,
'error_msg' => $e->getMessage(),
'user_row' => ['user_id' => ANONYMOUS],
];
}
}
redirect($service->getAuthorizationUri($parameters), false, true);
return false;
}
}

59
install/update/new/phpbb/auth/provider/oauth/service/base.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider\oauth\service;
/**
* Base OAuth abstract class that all OAuth services should implement
*/
abstract class base implements service_interface
{
/**
* External OAuth service provider
*
* @var \OAuth\Common\Service\ServiceInterface
*/
protected $service_provider;
/**
* {@inheritdoc}
*/
public function get_auth_scope()
{
return [];
}
/**
* {@inheritdoc}
*/
public function get_external_service_class()
{
return '';
}
/**
* {@inheritdoc}
*/
public function get_external_service_provider()
{
return $this->service_provider;
}
/**
* {@inheritdoc}
*/
public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider)
{
$this->service_provider = $service_provider;
}
}

107
install/update/new/phpbb/auth/provider/oauth/service/bitly.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider\oauth\service;
/**
* Bitly OAuth service
*/
class bitly extends base
{
/** @var \phpbb\config\config */
protected $config;
/** @var \phpbb\request\request_interface */
protected $request;
/**
* Constructor.
*
* @param \phpbb\config\config $config Config object
* @param \phpbb\request\request_interface $request Request object
*/
public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
{
$this->config = $config;
$this->request = $request;
}
/**
* {@inheritdoc}
*/
public function get_service_credentials()
{
return [
'key' => $this->config['auth_oauth_bitly_key'],
'secret' => $this->config['auth_oauth_bitly_secret'],
];
}
/**
* {@inheritdoc}
*/
public function perform_auth_login()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
try
{
// This was a callback request, get the token
$this->service_provider->requestAccessToken($this->request->variable('code', ''));
}
catch (\OAuth\Common\Http\Exception\TokenResponseException $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
try
{
// Send a request with it
$result = (array) json_decode($this->service_provider->request('user/info'), true);
}
catch (\OAuth\Common\Exception\Exception $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
// Return the unique identifier returned from bitly
return $result['data']['login'];
}
/**
* {@inheritdoc}
*/
public function perform_token_auth()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
try
{
// Send a request with it
$result = (array) json_decode($this->service_provider->request('user/info'), true);
}
catch (\OAuth\Common\Exception\Exception $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
// Return the unique identifier
return $result['data']['login'];
}
}

107
install/update/new/phpbb/auth/provider/oauth/service/facebook.php Normal file
View File

@@ -0,0 +1,107 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider\oauth\service;
/**
* Facebook OAuth service
*/
class facebook extends base
{
/** @var \phpbb\config\config */
protected $config;
/** @var \phpbb\request\request_interface */
protected $request;
/**
* Constructor.
*
* @param \phpbb\config\config $config Config object
* @param \phpbb\request\request_interface $request Request object
*/
public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
{
$this->config = $config;
$this->request = $request;
}
/**
* {@inheritdoc}
*/
public function get_service_credentials()
{
return [
'key' => $this->config['auth_oauth_facebook_key'],
'secret' => $this->config['auth_oauth_facebook_secret'],
];
}
/**
* {@inheritdoc}
*/
public function perform_auth_login()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
try
{
// This was a callback request, get the token
$this->service_provider->requestAccessToken($this->request->variable('code', ''));
}
catch (\OAuth\Common\Http\Exception\TokenResponseException $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
try
{
// Send a request with it
$result = (array) json_decode($this->service_provider->request('/me'), true);
}
catch (\OAuth\Common\Exception\Exception $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
// Return the unique identifier
return $result['id'];
}
/**
* {@inheritdoc}
*/
public function perform_token_auth()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
try
{
// Send a request with it
$result = (array) json_decode($this->service_provider->request('/me'), true);
}
catch (\OAuth\Common\Exception\Exception $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
// Return the unique identifier
return $result['id'];
}
}

118
install/update/new/phpbb/auth/provider/oauth/service/google.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider\oauth\service;
/**
* Google OAuth service
*/
class google extends base
{
/** @var \phpbb\config\config */
protected $config;
/** @var \phpbb\request\request_interface */
protected $request;
/**
* Constructor.
*
* @param \phpbb\config\config $config Config object
* @param \phpbb\request\request_interface $request Request object
*/
public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
{
$this->config = $config;
$this->request = $request;
}
/**
* {@inheritdoc}
*/
public function get_auth_scope()
{
return [
'userinfo_email',
'userinfo_profile',
];
}
/**
* {@inheritdoc}
*/
public function get_service_credentials()
{
return [
'key' => $this->config['auth_oauth_google_key'],
'secret' => $this->config['auth_oauth_google_secret'],
];
}
/**
* {@inheritdoc}
*/
public function perform_auth_login()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
try
{
// This was a callback request, get the token
$this->service_provider->requestAccessToken($this->request->variable('code', ''));
}
catch (\OAuth\Common\Http\Exception\TokenResponseException $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
try
{
// Send a request with it
$result = (array) json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
}
catch (\OAuth\Common\Exception\Exception $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
// Return the unique identifier
return $result['id'];
}
/**
* {@inheritdoc}
*/
public function perform_token_auth()
{
if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
try
{
// Send a request with it
$result = (array) json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
}
catch (\OAuth\Common\Exception\Exception $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
// Return the unique identifier
return $result['id'];
}
}

85
install/update/new/phpbb/auth/provider/oauth/service/service_interface.php Normal file
View File

@@ -0,0 +1,85 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider\oauth\service;
/**
* OAuth service interface
*/
interface service_interface
{
/**
* Returns an array of the scopes necessary for auth
*
* @return array An array of the required scopes
*/
public function get_auth_scope();
/**
* Returns an array containing the service credentials belonging to requested
* service.
*
* @return array An array containing the 'key' and the 'secret' of the
* service in the form:
* array(
* 'key' => string
* 'secret' => string
* )
*/
public function get_service_credentials();
/**
* Returns the results of the authentication in json format
*
* @throws \phpbb\auth\provider\oauth\service\exception
* @return string The unique identifier returned by the service provider
* that is used to authenticate the user with phpBB.
*/
public function perform_auth_login();
/**
* Returns the results of the authentication in json format
* Use this function when the user already has an access token
*
* @throws \phpbb\auth\provider\oauth\service\exception
* @return string The unique identifier returned by the service provider
* that is used to authenticate the user with phpBB.
*/
public function perform_token_auth();
/**
* Returns the class of external library service provider that has to be used.
*
* @return string If the string is a class, it will register the provided string as a class,
* which later will be generated as the OAuth external service provider.
* If the string is not a class, it will use this string,
* trying to generate a service for the version 2 and 1 respectively:
* \OAuth\OAuth2\Service\<string>
* If the string is empty, it will default to OAuth's standard service classes,
* trying to generate a service for the version 2 and 1 respectively:
* \OAuth\OAuth2\Service\Facebook
*/
public function get_external_service_class();
/**
* Returns the external library service provider once it has been set
*/
public function get_external_service_provider();
/**
* Sets the external library service provider
*
* @param \OAuth\Common\Service\ServiceInterface $service_provider
*/
public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider);
}

111
install/update/new/phpbb/auth/provider/oauth/service/twitter.php Normal file
View File

@@ -0,0 +1,111 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider\oauth\service;
/**
* Twitter OAuth service
*/
class twitter extends base
{
/** @var \phpbb\config\config */
protected $config;
/** @var \phpbb\request\request_interface */
protected $request;
/**
* Constructor.
*
* @param \phpbb\config\config $config Config object
* @param \phpbb\request\request_interface $request Request object
*/
public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
{
$this->config = $config;
$this->request = $request;
}
/**
* {@inheritdoc}
*/
public function get_service_credentials()
{
return [
'key' => $this->config['auth_oauth_twitter_key'],
'secret' => $this->config['auth_oauth_twitter_secret'],
];
}
/**
* {@inheritdoc}
*/
public function perform_auth_login()
{
if (!($this->service_provider instanceof \OAuth\OAuth1\Service\Twitter))
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
$storage = $this->service_provider->getStorage();
try
{
/** @var \OAuth\OAuth1\Token\TokenInterface $token */
$token = $storage->retrieveAccessToken('Twitter');
}
catch (\OAuth\Common\Storage\Exception\TokenNotFoundException $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
$secret = $token->getRequestTokenSecret();
try
{
// This was a callback request, get the token
$this->service_provider->requestAccessToken(
$this->request->variable('oauth_token', ''),
$this->request->variable('oauth_verifier', ''),
$secret
);
}
catch (\OAuth\Common\Http\Exception\TokenResponseException $e)
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
}
// Send a request with it
$result = (array) json_decode($this->service_provider->request('account/verify_credentials.json'), true);
// Return the unique identifier
return $result['id'];
}
/**
* {@inheritdoc}
*/
public function perform_token_auth()
{
if (!($this->service_provider instanceof \OAuth\OAuth1\Service\Twitter))
{
throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
}
// Send a request with it
$result = (array) json_decode($this->service_provider->request('account/verify_credentials.json'), true);
// Return the unique identifier
return $result['id'];
}
}

620
install/update/new/phpbb/auth/provider/oauth/token_storage.php Normal file
View File

@@ -0,0 +1,620 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider\oauth;
use OAuth\OAuth1\Token\StdOAuth1Token;
use OAuth\Common\Token\TokenInterface;
use OAuth\Common\Storage\TokenStorageInterface;
use OAuth\Common\Storage\Exception\TokenNotFoundException;
use OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException;
/**
* OAuth storage wrapper for phpBB's cache
*/
class token_storage implements TokenStorageInterface
{
/** @var \phpbb\db\driver\driver_interface */
protected $db;
/** @var \phpbb\user */
protected $user;
/** @var string OAuth table: token storage */
protected $oauth_token_table;
/** @var string OAuth table: state */
protected $oauth_state_table;
/** @var TokenInterface OAuth token */
protected $cachedToken;
/** @var string OAuth state */
protected $cachedState;
/**
* Constructor.
*
* @param \phpbb\db\driver\driver_interface $db Database object
* @param \phpbb\user $user User object
* @param string $oauth_token_table OAuth table: token storage
* @param string $oauth_state_table OAuth table: state
*/
public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $oauth_token_table, $oauth_state_table)
{
$this->db = $db;
$this->user = $user;
$this->oauth_token_table = $oauth_token_table;
$this->oauth_state_table = $oauth_state_table;
}
/**
* {@inheritdoc}
*/
public function retrieveAccessToken($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedToken instanceof TokenInterface)
{
return $this->cachedToken;
}
$data = [
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
];
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}
return $this->_retrieve_access_token($data);
}
/**
* {@inheritdoc}
*/
public function storeAccessToken($service, TokenInterface $token)
{
$service = $this->get_service_name_for_db($service);
$this->cachedToken = $token;
$data = [
'oauth_token' => $this->json_encode_token($token),
];
$sql = 'UPDATE ' . $this->oauth_token_table . '
SET ' . $this->db->sql_build_array('UPDATE', $data) . '
WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND provider = '" . $this->db->sql_escape($service) . "'";
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
$this->db->sql_query($sql);
if (!$this->db->sql_affectedrows())
{
$data = [
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
'oauth_token' => $this->json_encode_token($token),
'session_id' => $this->user->data['session_id'],
];
$sql = 'INSERT INTO ' . $this->oauth_token_table . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);
}
return $this;
}
/**
* {@inheritdoc}
*/
public function hasAccessToken($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedToken)
{
return true;
}
$data = [
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
];
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}
return $this->has_access_token($data);
}
/**
* {@inheritdoc}
*/
public function clearToken($service)
{
$service = $this->get_service_name_for_db($service);
$this->cachedToken = null;
$sql = 'DELETE FROM ' . $this->oauth_token_table . '
WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND provider = '" . $this->db->sql_escape($service) . "'";
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
$this->db->sql_query($sql);
return $this;
}
/**
* {@inheritdoc}
*/
public function clearAllTokens()
{
$this->cachedToken = null;
$sql = 'DELETE FROM ' . $this->oauth_token_table . '
WHERE user_id = ' . (int) $this->user->data['user_id'];
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
$this->db->sql_query($sql);
return $this;
}
/**
* {@inheritdoc}
*/
public function storeAuthorizationState($service, $state)
{
$service = $this->get_service_name_for_db($service);
$this->cachedState = $state;
$data = [
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
'oauth_state' => $state,
'session_id' => $this->user->data['session_id'],
];
$sql = 'INSERT INTO ' . $this->oauth_state_table . ' ' . $this->db->sql_build_array('INSERT', $data);
$this->db->sql_query($sql);
return $this;
}
/**
* {@inheritdoc}
*/
public function hasAuthorizationState($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedState)
{
return true;
}
$data = [
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
];
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}
return (bool) $this->get_state_row($data);
}
/**
* {@inheritdoc}
*/
public function retrieveAuthorizationState($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedState)
{
return $this->cachedState;
}
$data = [
'user_id' => (int) $this->user->data['user_id'],
'provider' => $service,
];
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$data['session_id'] = $this->user->data['session_id'];
}
return $this->get_state_row($data);
}
/**
* {@inheritdoc}
*/
public function clearAuthorizationState($service)
{
$service = $this->get_service_name_for_db($service);
$this->cachedState = null;
$sql = 'DELETE FROM ' . $this->oauth_state_table . '
WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND provider = '" . $this->db->sql_escape($service) . "'";
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
$this->db->sql_query($sql);
return $this;
}
/**
* {@inheritdoc}
*/
public function clearAllAuthorizationStates()
{
$this->cachedState = null;
$sql = 'DELETE FROM ' . $this->oauth_state_table . '
WHERE user_id = ' . (int) $this->user->data['user_id'];
if ((int) $this->user->data['user_id'] === ANONYMOUS)
{
$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
}
$this->db->sql_query($sql);
return $this;
}
/**
* Updates the user_id field in the database associated with the token.
*
* @param int $user_id The user identifier
* @return void
*/
public function set_user_id($user_id)
{
if (!$this->cachedToken)
{
return;
}
$data = [
'user_id' => (int) $user_id,
];
$sql = 'UPDATE ' . $this->oauth_token_table . '
SET ' . $this->db->sql_build_array('UPDATE', $data) . '
WHERE user_id = ' . (int) $this->user->data['user_id'] . "
AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
$this->db->sql_query($sql);
}
/**
* Checks to see if an access token exists solely by the session_id of the user.
*
* @param string $service The OAuth service name
* @return bool true if the user's access token exists,
* false if the user's access token does not exist
*/
public function has_access_token_by_session($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedToken)
{
return true;
}
$data = [
'session_id' => $this->user->data['session_id'],
'provider' => $service,
];
return $this->has_access_token($data);
}
/**
* Checks to see if a state exists solely by the session_id of the user.
*
* @param string $service The OAuth service name
* @return bool true if the user's state exists,
* false if the user's state does not exist
*/
public function has_state_by_session($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedState)
{
return true;
}
$data = [
'session_id' => $this->user->data['session_id'],
'provider' => $service,
];
return (bool) $this->get_state_row($data);
}
/**
* A helper function that performs the query for has access token functions.
*
* @param array $data The SQL WHERE data
* @return bool true if the user's access token exists,
* false if the user's access token does not exist
*/
protected function has_access_token($data)
{
return (bool) $this->get_access_token_row($data);
}
/**
* A helper function that performs the query for retrieving access token functions by session.
* Also checks if the token is a valid token.
*
* @param string $service The OAuth service provider name
* @return TokenInterface
* @throws TokenNotFoundException
*/
public function retrieve_access_token_by_session($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedToken instanceof TokenInterface)
{
return $this->cachedToken;
}
$data = [
'session_id' => $this->user->data['session_id'],
'provider' => $service,
];
return $this->_retrieve_access_token($data);
}
/**
* A helper function that performs the query for retrieving state functions by session.
*
* @param string $service The OAuth service provider name
* @return string The OAuth state
* @throws AuthorizationStateNotFoundException
*/
public function retrieve_state_by_session($service)
{
$service = $this->get_service_name_for_db($service);
if ($this->cachedState)
{
return $this->cachedState;
}
$data = [
'session_id' => $this->user->data['session_id'],
'provider' => $service,
];
return $this->_retrieve_state($data);
}
/**
* A helper function that performs the query for retrieve access token functions.
* Also checks if the token is a valid token.
*
* @param array $data The SQL WHERE data
* @return TokenInterface
* @throws TokenNotFoundException
*/
protected function _retrieve_access_token($data)
{
$row = $this->get_access_token_row($data);
if (!$row)
{
throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_NOT_STORED');
}
$token = $this->json_decode_token($row['oauth_token']);
// Ensure that the token was serialized/unserialized correctly
if (!($token instanceof TokenInterface))
{
$this->clearToken($data['provider']);
throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
}
$this->cachedToken = $token;
return $token;
}
/**
* A helper function that performs the query for retrieve state functions.
*
* @param array $data The SQL WHERE data
* @return string The OAuth state
* @throws AuthorizationStateNotFoundException
*/
protected function _retrieve_state($data)
{
$row = $this->get_state_row($data);
if (!$row)
{
throw new AuthorizationStateNotFoundException();
}
$this->cachedState = $row['oauth_state'];
return $this->cachedState;
}
/**
* A helper function that performs the query for retrieving an access token.
*
* @param array $data The SQL WHERE data
* @return array|false array with the OAuth token row,
* false if the token does not exist
*/
protected function get_access_token_row($data)
{
$sql = 'SELECT oauth_token
FROM ' . $this->oauth_token_table . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
return $row;
}
/**
* A helper function that performs the query for retrieving a state.
*
* @param array $data The SQL WHERE data
* @return array|false array with the OAuth state row,
* false if the state does not exist
*/
protected function get_state_row($data)
{
$sql = 'SELECT oauth_state
FROM ' . $this->oauth_state_table . '
WHERE ' . $this->db->sql_build_array('SELECT', $data);
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
return $row;
}
/**
* A helper function that JSON encodes a TokenInterface's data.
*
* @param TokenInterface $token
* @return string The json encoded TokenInterface's data
*/
public function json_encode_token(TokenInterface $token)
{
$members = [
'accessToken' => $token->getAccessToken(),
'endOfLife' => $token->getEndOfLife(),
'extraParams' => $token->getExtraParams(),
'refreshToken' => $token->getRefreshToken(),
'token_class' => get_class($token),
];
// Handle additional data needed for OAuth1 tokens
if ($token instanceof StdOAuth1Token)
{
$members['requestToken'] = $token->getRequestToken();
$members['requestTokenSecret'] = $token->getRequestTokenSecret();
$members['accessTokenSecret'] = $token->getAccessTokenSecret();
}
return json_encode($members);
}
/**
* A helper function that JSON decodes a data string and creates a TokenInterface.
*
* @param string $json The json encoded TokenInterface's data
* @return TokenInterface
* @throws TokenNotFoundException
*/
public function json_decode_token($json)
{
$token_data = json_decode($json, true);
if ($token_data === null)
{
throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
}
$token_class = $token_data['token_class'];
$access_token = $token_data['accessToken'];
$refresh_token = $token_data['refreshToken'];
$endOfLife = $token_data['endOfLife'];
$extra_params = $token_data['extraParams'];
/**
* Create the token
* @var TokenInterface $token
*/
$token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params);
$token->setEndOfLife($endOfLife);
// Handle OAuth 1.0 specific elements
if ($token instanceof StdOAuth1Token)
{
$token->setRequestToken($token_data['requestToken']);
$token->setRequestTokenSecret($token_data['requestTokenSecret']);
$token->setAccessTokenSecret($token_data['accessTokenSecret']);
}
return $token;
}
/**
* Returns the service name as it must be stored in the database.
*
* @param string $provider The OAuth provider name
* @return string The OAuth service name
*/
protected function get_service_name_for_db($provider)
{
// Enforce the naming convention for oauth services
if (strpos($provider, 'auth.provider.oauth.service.') !== 0)
{
$provider = 'auth.provider.oauth.service.' . strtolower($provider);
}
return $provider;
}
}

198
install/update/new/phpbb/auth/provider/provider_interface.php Normal file
View File

@@ -0,0 +1,198 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\auth\provider;
/**
* The interface authentication provider classes have to implement.
*/
interface provider_interface
{
/**
* Checks whether the user is currently identified to the authentication
* provider.
* Called in acp_board while setting authentication plugins.
* Changing to an authentication provider will not be permitted in acp_board
* if there is an error.
*
* @return boolean|string False if the user is identified, otherwise an
* error message, or null if not implemented.
*/
public function init();
/**
* Performs login.
*
* @param string $username The name of the user being authenticated.
* @param string $password The password of the user.
* @return array An associative array of the format:
* array(
* 'status' => status constant
* 'error_msg' => string
* 'user_row' => array
* )
* A fourth key of the array may be present:
* 'redirect_data' This key is only used when 'status' is
* equal to LOGIN_SUCCESS_LINK_PROFILE and its value is an
* associative array that is turned into GET variables on
* the redirect url.
*/
public function login($username, $password);
/**
* Autologin function
*
* @return array|null containing the user row, empty if no auto login
* should take place, or null if not implemented.
*/
public function autologin();
/**
* This function is used to output any required fields in the authentication
* admin panel. It also defines any required configuration table fields.
*
* @return array|null Returns null if not implemented or an array of the
* configuration fields of the provider.
*/
public function acp();
/**
* This function updates the template with variables related to the acp
* options with whatever configuration values are passed to it as an array.
* It then returns the name of the acp file related to this authentication
* provider.
*
* @param \phpbb\config\config $new_config Contains the new configuration values
* that have been set in acp_board.
* @return array|null Returns null if not implemented or an array with
* the template file name and an array of the vars
* that the template needs that must conform to the
* following example:
* array(
* 'TEMPLATE_FILE' => string,
* 'TEMPLATE_VARS' => array(...),
* )
* An optional third element may be added to this
* array: 'BLOCK_VAR_NAME'. If this is present,
* then its value should be a string that is used
* to designate the name of the loop used in the
* ACP template file. When this is present, an
* additional key named 'BLOCK_VARS' is required.
* This must be an array containing at least one
* array of variables that will be assigned during
* the loop in the template. An example of this is
* presented below:
* array(
* 'BLOCK_VAR_NAME' => string,
* 'BLOCK_VARS' => array(
* 'KEY IS UNIMPORTANT' => array(...),
* ),
* 'TEMPLATE_FILE' => string,
* 'TEMPLATE_VARS' => array(...),
* )
*/
public function get_acp_template($new_config);
/**
* Returns an array of data necessary to build custom elements on the login
* form.
*
* @return array|null If this function is not implemented on an auth
* provider then it returns null. If it is implemented
* it will return an array of up to four elements of
* which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is
* present then 'BLOCK_VARS' must also be present in
* the array. The fourth element 'VARS' is also
* optional. The array, with all four elements present
* looks like the following:
* array(
* 'TEMPLATE_FILE' => string,
* 'BLOCK_VAR_NAME' => string,
* 'BLOCK_VARS' => array(...),
* 'VARS' => array(...),
* )
*/
public function get_login_data();
/**
* Performs additional actions during logout.
*
* @param array $data An array corresponding to
* \phpbb\session::data
* @param boolean $new_session True for a new session, false for no new
* session.
*/
public function logout($data, $new_session);
/**
* The session validation function checks whether the user is still logged
* into phpBB.
*
* @param array $user
* @return boolean true if the given user is authenticated, false if the
* session should be closed, or null if not implemented.
*/
public function validate_session($user);
/**
* Checks to see if $login_link_data contains all information except for the
* user_id of an account needed to successfully link an external account to
* a forum account.
*
* @param array $login_link_data Any data needed to link a phpBB account to
* an external account.
* @return string|null Returns a string with a language constant if there
* is data missing or null if there is no error.
*/
public function login_link_has_necessary_data($login_link_data);
/**
* Links an external account to a phpBB account.
*
* @param array $link_data Any data needed to link a phpBB account to
* an external account.
*/
public function link_account(array $link_data);
/**
* Returns an array of data necessary to build the ucp_auth_link page
*
* @param int $user_id User ID for whom the data should be retrieved.
* defaults to 0, which is not a valid ID. The method
* should fall back to the current user's ID in this
* case.
* @return array|null If this function is not implemented on an auth
* provider then it returns null. If it is implemented
* it will return an array of up to four elements of
* which only 'TEMPLATE_FILE'. If 'BLOCK_VAR_NAME' is
* present then 'BLOCK_VARS' must also be present in
* the array. The fourth element 'VARS' is also
* optional. The array, with all four elements present
* looks like the following:
* array(
* 'TEMPLATE_FILE' => string,
* 'BLOCK_VAR_NAME' => string,
* 'BLOCK_VARS' => array(...),
* 'VARS' => array(...),
* )
*/
public function get_auth_link_data($user_id = 0);
/**
* Unlinks an external account from a phpBB account.
*
* @param array $link_data Any data needed to unlink a phpBB account
* from a phpbb account.
*/
public function unlink_account(array $link_data);
}