[ticket/12352] Use custom provider collection for auth providers

Using this custom provider collection, we can properly check whether the configured auth provider does exist. The method get_provider() has been added for returning the default auth provider or the standard db auth provider if the specified one does not exist. Additionally, the method get_provider() will throw an RuntimeException if none of the above exist. PHPBB3-12352
2025-06-27 21:58:52 +00:00 · 2014-05-31 22:43:07 +02:00 · 2014-05-31 22:43:07 +02:00 · 6f5f0d6d8d
commit 6f5f0d6d8d
parent 306beab4cb
5 changed files with 73 additions and 32 deletions
--- a/phpBB/config/auth_providers.yml
+++ b/phpBB/config/auth_providers.yml
@ -1,8 +1,9 @@
 services:
    auth.provider_collection:
-        class: phpbb\di\service_collection
+        class: phpbb\auth\provider_collection
        arguments:
            - @service_container
            - @config
        tags:
            - { name: service_collection, tag: auth.provider }
    auth.provider.db:
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -2855,15 +2855,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 	}
 	$provider_collection = $phpbb_container->get('auth.provider_collection');
-	$auth_method = $config['auth_method'];
+	$auth_provider = $provider_collection->get_provider();
 	// Revert to db auth provider if selected method does not exist
 	if (!isset($provider_collection['auth.provider.' . $config['auth_method']]))
 	{
 		$auth_method = 'db';
 	}
 	$auth_provider = $provider_collection['auth.provider.' . $auth_method];
 	$auth_provider_data = $auth_provider->get_login_data();
 	if ($auth_provider_data)
--- a/phpBB/phpbb/auth/provider_collection.php
+++ b/phpBB/phpbb/auth/provider_collection.php
@ -0,0 +1,63 @@
 <?php
 /**
 *
 * @package phpBB3
 * @copyright (c) 2014 phpBB Group
 * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
 *
 */
 namespace phpbb\auth;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 /**
 * Collection of auth providers to be configured at container compile time.
 *
 * @package phpBB3
 */
 class provider_collection extends \phpbb\di\service_collection
 {
 	/** @var \phpbb\config\config phpBB Config */
 	protected $config;
 	/**
 	* Constructor
 	*
 	* @param ContainerInterface $container Container object
 	* @param \phpbb\config\config $config phpBB config
 	*/
 	public function __construct($container, \phpbb\config\config $config)
 	{
 		$this->container = $container;
 		$this->config = $config;
 	}
 	/**
 	* Get an auth provider.
 	*
 	* @return object	Default auth provider selected in config if it
 	*			does exist. Otherwise the standard db auth
 	*			provider.
 	* @throws \RuntimeException If neither the auth provider that
 	*			is specified by the phpBB config nor the db
 	*			auth provider exist. The db auth provider
 	*			should always exist in a phpBB installation.
 	*/
 	public function get_provider()
 	{
 		if ($this->offsetExists('auth.provider.' . basename(trim($this->config['auth_method']))))
 		{
 			return $this->offsetGet('auth.provider.' . basename(trim($this->config['auth_method'])));
 		}
 		// Revert to db auth provider if selected method does not exist
 		elseif ($this->offsetExists('auth.provider.db'))
 		{
 			return $this->offsetGet('auth.provider.db');
 		}
 		else
 		{
 			throw new \RuntimeException(sprintf('The authentication provider for the authentication method "%1$s" does not exist. It was not possible to recover from this by reverting to the database authentication provider.', $this->config['auth_method']));
 		}
 	}
 }
--- a/phpBB/phpbb/session.php
+++ b/phpBB/phpbb/session.php
@ -408,16 +408,8 @@ class session
 					$session_expired = false;
 					// Check whether the session is still valid if we have one
 					$method = basename(trim($config['auth_method']));
 					$provider_collection = $phpbb_container->get('auth.provider_collection');
-
+					$provider = $provider_collection->get_provider();
 					// Revert to db auth provider if selected method does not exist
 					if (!isset($provider_collection['auth.provider.' . $method]))
 					{
 						$method = 'db';
 					}
 					$provider = $provider_collection['auth.provider.' . $method];
 					if (!($provider instanceof \phpbb\auth\provider\provider_interface))
 					{
@ -584,16 +576,8 @@ class session
 			}
 		}
 		$method = basename(trim($config['auth_method']));
 		$provider_collection = $phpbb_container->get('auth.provider_collection');
-
+		$provider = $provider_collection->get_provider();
 		// Revert to db auth provider if selected method does not exist
 		if (!isset($provider_collection['auth.provider.' . $method]))
 		{
 			$method = 'db';
 		}
 		$provider = $provider_collection['auth.provider.' . $method];
 		$this->data = $provider->autologin();
 		if (sizeof($this->data))
@ -912,9 +896,8 @@ class session
 		$db->sql_query($sql);
 		// Allow connecting logout with external auth method logout
-		$method = basename(trim($config['auth_method']));
+		$provider_collection = $phpbb_container->get('auth.provider_collection');
-
+		$provider = $provider_collection->get_provider();
 		$provider = $phpbb_container->get('auth.provider.' . $method);
 		$provider->logout($this->data, $new_session);
 		if ($this->data['user_id'] != ANONYMOUS)
--- a/tests/session/testable_factory.php
+++ b/tests/session/testable_factory.php
@ -96,9 +96,11 @@ class phpbb_session_testable_factory
 			'auth.provider.db',
 			new phpbb_mock_auth_provider()
 		);
 		$provider_collection = new \phpbb\auth\provider_collection($phpbb_container, $config);
 		$provider_collection->add('auth.provider.db');
 		$phpbb_container->set(
 			'auth.provider_collection',
-			array('auth.provider.db' => $phpbb_container->get('auth.provider.db'))
+			$provider_collection
 		);
 		$session = new phpbb_mock_session_testable;