makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-12 22:38:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #2598 from Nicofuma/ticket/12716

Browse source 
[ticket/12716] Add the missing parameters in the call of clearToken

* Nicofuma/ticket/12716:
  [ticket/12716] Use a string as session_id
  [ticket/12716] Add regression test
  [ticket/12716] Add the missing parameters in the call of clearToken
This commit is contained in:
Joas Schilling 2014-06-27 16:00:29 +02:00
commit 404c2f1144
4 changed files with 48 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/phpbb/auth/provider/oauth/token_storage.php
View file

@ -266,7 +266,7 @@ class token_storage implements TokenStorageInterface
// Ensure that the token was serialized/unserialized correctly // Ensure that the token was serialized/unserialized correctly
if (!($token instanceof TokenInterface)) if (!($token instanceof TokenInterface))
{ {
$this->clearToken(); $this->clearToken($data['provider']);
throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED'); throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
} }

6
tests/auth/fixtures/oauth_tokens.xml
View file

@ -5,6 +5,12 @@
<column>session_id</column> <column>session_id</column>
<column>provider</column> <column>provider</column>
<column>oauth_token</column> <column>oauth_token</column>
<row>
<value>1</value>
<value>abcd</value>
<value>auth.provider.oauth.service.testing</value>
<value>{"token_class":"phpbb_not_a_token","accessToken":"error","refreshToken":0,"endOfLife":null,"extraParams":null}</value>
</row>
</table> </table>
</dataset> </dataset>

23
tests/auth/phpbb_not_a_token.php Normal file
View file

@ -0,0 +1,23 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
class phpbb_not_a_token
{
public function __construct($param1, $param2, $param3, $param4)
{
}
public function setEndOfLife()
{
}
}

18
tests/auth/provider_oauth_token_storage_test.php
View file

@ -13,6 +13,8 @@
use OAuth\OAuth2\Token\StdOAuth2Token; use OAuth\OAuth2\Token\StdOAuth2Token;
require_once dirname(__FILE__) . '/phpbb_not_a_token.php';
class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_case class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_case
{ {
protected $db; protected $db;
@ -73,6 +75,22 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
$this->assertEquals($token, $stored_token); $this->assertEquals($token, $stored_token);
} }
public function test_retrieveAccessToken_wrong_token()
{
$this->user->data['session_id'] = 'abcd';
try
{
$this->token_storage->retrieveAccessToken($this->service_name);
$this->fail('The token can not be deserialized and an exception should be thrown.');
}
catch (\OAuth\Common\Storage\Exception\TokenNotFoundException $e)
{
}
$row = $this->get_token_row_by_session_id('abcd');
$this->assertFalse($row);
}
public function test_retrieveAccessToken_from_db() public function test_retrieveAccessToken_from_db()
{ {
$expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES); $expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES);