makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/oauth] Fix remaining issues with token storage

Browse source 
PHPBB3-11673
This commit is contained in:
Joseph Warner 2013-08-15 01:14:37 -04:00
parent 2bf97a01ce
commit 83515cd3d4
2 changed files with 70 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
phpBB/phpbb/auth/provider/oauth/token_storage.php
View file

@ -16,6 +16,7 @@ if (!defined('IN_PHPBB'))
} }
use OAuth\OAuth1\Token\StdOAuth1Token;
use OAuth\Common\Token\TokenInterface; use OAuth\Common\Token\TokenInterface;
use OAuth\Common\Storage\TokenStorageInterface; use OAuth\Common\Storage\TokenStorageInterface;
use OAuth\Common\Storage\Exception\StorageException; use OAuth\Common\Storage\Exception\StorageException;
@ -109,7 +110,7 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
$data = array( $data = array(
'user_id' => $this->user->data['user_id'], 'user_id' => $this->user->data['user_id'],
'provider' => $this->service_name, 'provider' => $this->service_name,
'oauth_token' => serialize($token), 'oauth_token' => $this->json_encode_token($token),
'session_id' => $this->user->data['session_id'], 'session_id' => $this->user->data['session_id'],
); );
@ -248,7 +249,7 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
throw new TokenNotFoundException('Token not stored'); throw new TokenNotFoundException('Token not stored');
} }
$token = unserialize($row['oauth_token']); $token = $this->json_decode_token($row['oauth_token']);
// Ensure that the token was serialized/unserialized correctly // Ensure that the token was serialized/unserialized correctly
if (!($token instanceof TokenInterface)) if (!($token instanceof TokenInterface))
@ -278,4 +279,56 @@ class phpbb_auth_provider_oauth_token_storage implements TokenStorageInterface
return $row; return $row;
} }
public function json_encode_token(TokenInterface $token)
{
$members = array(
'accessToken' => $token->getAccessToken(),
'endOfLife' => $token->getEndOfLife(),
'extraParams' => $token->getExtraParams(),
'refreshToken' => $token->getRefreshToken(),
'token_class' => get_class($token),
);
// Handle additional data needed for OAuth1 tokens
if ($token instanceof StdOAuth1Token)
{
$members['requestToken'] = $token->getRequestToken();
$members['requestTokenSecret'] = $token->getRequestTokenSecret();
$members['accessTokenSecret'] = $token->getAccessTokenSecret();
}
return json_encode($members);
}
public function json_decode_token($json)
{
$token_data = json_decode($json, true);
if ($token_data === null)
{
throw new TokenNotFoundException('Token not stored correctly');
}
$token_class = $token_data['token_class'];
$access_token = $token_data['accessToken'];
$refresh_token = $token_data['refreshToken'];
$endOfLife = $token_data['endOfLife'];
$extra_params = $token_data['extraParams'];
// Create the token
$token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params);
$token->setEndOfLife($endOfLife);
// Handle OAuth 1.0 specific elements
if ($token instanceof StdOAuth1Token)
{
$token->setRequestToken($token_data['requestToken']);
$token->setRequestTokenSecret($token_data['requestTokenSecret']);
$token->setAccessTokenSecret($token_data['accessTokenSecret']);
}
return $token;
}
} }

25
tests/auth/provider_oauth_token_storage_test.php
View file

@ -86,16 +86,8 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
/** /**
* @dataProvider retrieveAccessToken_data * @dataProvider retrieveAccessToken_data
*/ */
public function test_retrieve_access_token_by_session($cache_token, $db_token, $exception) public function test_retrieve_access_token_by_session($cache_token, $exception)
{ {
if ($db_token)
{
$temp_storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->service_name, $this->token_storage_table);
$temp_storage->storeAccessToken($db_token);
unset($temp_storage);
$token = $db_token;
}
if ($cache_token) if ($cache_token)
{ {
$this->token_storage->storeAccessToken($cache_token); $this->token_storage->storeAccessToken($cache_token);
@ -108,6 +100,19 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
$this->assertEquals($token, $stored_token); $this->assertEquals($token, $stored_token);
} }
public function test_retrieve_access_token_by_session_from_db()
{
$expected_token = new StdOAuth2Token('access', 'refresh', StdOAuth2Token::EOL_NEVER_EXPIRES);
// Store a token in the database
$temp_storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $this->service_name, $this->token_storage_table);
$temp_storage->storeAccessToken($expected_token);
unset($temp_storage);
// Test to see if the token can be retrieved
$stored_token = $this->token_storage->retrieve_access_token_by_session();
$this->assertEquals($expected_token, $stored_token);
}
public function test_storeAccessToken() public function test_storeAccessToken()
{ {
@ -122,7 +127,7 @@ class phpbb_auth_provider_oauth_token_storage_test extends phpbb_database_test_c
$row = $this->get_token_row_by_session_id($this->session_id); $row = $this->get_token_row_by_session_id($this->session_id);
// The token is serialized before stored in the database // The token is serialized before stored in the database
$this->assertEquals(serialize($token), $row['oauth_token']); $this->assertEquals($this->token_storage->json_encode_token($token), $row['oauth_token']);
} }
public static function hasAccessToken_data() public static function hasAccessToken_data()