From 7c5141842081e7f9031cb3063089d2d03a30a0fe Mon Sep 17 00:00:00 2001
From: Tristan Darricau <github@nicofuma.fr>
Date: Sun, 15 Jun 2014 16:10:55 +0200
Subject: [PATCH 1/3] [ticket/12716] Add the missing parameters in the call of
 clearToken

PHPBB3-12716
---
 phpBB/phpbb/auth/provider/oauth/token_storage.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpBB/phpbb/auth/provider/oauth/token_storage.php b/phpBB/phpbb/auth/provider/oauth/token_storage.php
index b7d32bf246..613d9565e5 100644
--- a/phpBB/phpbb/auth/provider/oauth/token_storage.php
+++ b/phpBB/phpbb/auth/provider/oauth/token_storage.php
@@ -265,7 +265,7 @@ class token_storage implements TokenStorageInterface
 		// Ensure that the token was serialized/unserialized correctly
 		if (!($token instanceof TokenInterface))
 		{
-			$this->clearToken();
+			$this->clearToken($data['provider']);
 			throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
 		}
 

From 8595b2ae86ca14c83d8a61241fadec9f72a730c3 Mon Sep 17 00:00:00 2001
From: Tristan Darricau <github@nicofuma.fr>
Date: Thu, 19 Jun 2014 20:11:49 +0200
Subject: [PATCH 2/3] [ticket/12716] Add regression test

PHPBB3-12716
---
 tests/auth/fixtures/oauth_tokens.xml          |  6 +++++
 tests/auth/phpbb_not_a_token.php              | 23 +++++++++++++++++++
 .../provider_oauth_token_storage_test.php     | 18 +++++++++++++++
 3 files changed, 47 insertions(+)
 create mode 100644 tests/auth/phpbb_not_a_token.php

diff --git a/tests/auth/fixtures/oauth_tokens.xml b/tests/auth/fixtures/oauth_tokens.xml
index 9bfb5a4422..cffa02a39d 100644
--- a/tests/auth/fixtures/oauth_tokens.xml
+++ b/tests/auth/fixtures/oauth_tokens.xml
@@ -5,6 +5,12 @@
 		<column>session_id</column>
 		<column>provider</column>
 		<column>oauth_token</column>
+		<row>
+			<value>1</value>
+			<value>9999</value>
+			<value>auth.provider.oauth.service.testing</value>
+			<value>{"token_class":"phpbb_not_a_token","accessToken":"error","refreshToken":0,"endOfLife":null,"extraParams":null}</value>
+		</row>
 	</table>
 </dataset>
 
diff --git a/tests/auth/phpbb_not_a_token.php b/tests/auth/phpbb_not_a_token.php
new file mode 100644
index 0000000000..61cc14fa10
--- /dev/null
+++ b/tests/auth/phpbb_not_a_token.php
@@ -0,0 +1,23 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class phpbb_not_a_token
+{
+	public function __construct($param1, $param2, $param3, $param4)
+	{
+	}
+
+	public function setEndOfLife()
+	{
+	}
+}
diff --git a/tests/auth/provider_oauth_token_storage_test.php b/tests/auth/provider_oauth_token_storage_test.php
index ec28e546bd..8919345087 100644
--- a/tests/auth/provider_oauth_token_storage_test.php
+++ b/tests/auth/provider_oauth_token_storage_test.php
@@ -13,6 +13,8 @@
 
 use OAuth\OAuth2\Token\StdOAuth2Token;
 
+require_once dirname(__FILE__) . '/phpbb_not_a_token.php';
+
 class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_case
 {
 	protected $db;
@@ -73,6 +75,22 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
 		$this->assertEquals($token, $stored_token);
 	}
 
+	public function test_retrieveAccessToken_wrong_token()
+	{
+		$this->user->data['session_id'] = 9999;
+		try
+		{
+			$this->token_storage->retrieveAccessToken($this->service_name);
+			$this->fail('The token can not be deserialized and an exception should be thrown.');
+		}
+		catch (\OAuth\Common\Storage\Exception\TokenNotFoundException $e)
+		{
+		}
+
+		$row = $this->get_token_row_by_session_id(9999);
+		$this->assertFalse($row);
+	}
+
 	public function test_retrieveAccessToken_from_db()
 	{
 		$expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES);

From 2ebd86611a760b923752a6103e3f75d2bb94e048 Mon Sep 17 00:00:00 2001
From: Tristan Darricau <github@nicofuma.fr>
Date: Mon, 23 Jun 2014 23:59:45 +0200
Subject: [PATCH 3/3] [ticket/12716] Use a string as session_id

PHPBB3-12716
---
 tests/auth/fixtures/oauth_tokens.xml             | 2 +-
 tests/auth/provider_oauth_token_storage_test.php | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/auth/fixtures/oauth_tokens.xml b/tests/auth/fixtures/oauth_tokens.xml
index cffa02a39d..6c82e94e62 100644
--- a/tests/auth/fixtures/oauth_tokens.xml
+++ b/tests/auth/fixtures/oauth_tokens.xml
@@ -7,7 +7,7 @@
 		<column>oauth_token</column>
 		<row>
 			<value>1</value>
-			<value>9999</value>
+			<value>abcd</value>
 			<value>auth.provider.oauth.service.testing</value>
 			<value>{"token_class":"phpbb_not_a_token","accessToken":"error","refreshToken":0,"endOfLife":null,"extraParams":null}</value>
 		</row>
diff --git a/tests/auth/provider_oauth_token_storage_test.php b/tests/auth/provider_oauth_token_storage_test.php
index 8919345087..45daa9816b 100644
--- a/tests/auth/provider_oauth_token_storage_test.php
+++ b/tests/auth/provider_oauth_token_storage_test.php
@@ -77,7 +77,7 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
 
 	public function test_retrieveAccessToken_wrong_token()
 	{
-		$this->user->data['session_id'] = 9999;
+		$this->user->data['session_id'] = 'abcd';
 		try
 		{
 			$this->token_storage->retrieveAccessToken($this->service_name);
@@ -87,7 +87,7 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
 		{
 		}
 
-		$row = $this->get_token_row_by_session_id(9999);
+		$row = $this->get_token_row_by_session_id('abcd');
 		$this->assertFalse($row);
 	}