From bb68338861e4fc618407f83706d194e1114ce103 Mon Sep 17 00:00:00 2001
From: Joseph Warner <hardolaf@hardolaf.com>
Date: Wed, 14 Aug 2013 15:55:38 -0400
Subject: [PATCH] [feature/oauth] Refactor oauth::link_account for two paths

PHPBB3-11673
---
 phpBB/includes/ucp/ucp_auth_link.php      | 14 +++++-
 phpBB/phpbb/auth/provider/oauth/oauth.php | 60 ++++++++++++++++++-----
 2 files changed, 62 insertions(+), 12 deletions(-)

diff --git a/phpBB/includes/ucp/ucp_auth_link.php b/phpBB/includes/ucp/ucp_auth_link.php
index 43d69be901..59eedb7c92 100644
--- a/phpBB/includes/ucp/ucp_auth_link.php
+++ b/phpBB/includes/ucp/ucp_auth_link.php
@@ -39,6 +39,7 @@ class ucp_auth_link
 
 		$submit	= $request->variable('submit', false, false, phpbb_request_interface::POST);
 
+		// This path is only for primary actions
 		if (!sizeof($error) && $submit)
 		{
 			if (!check_form_key('ucp_auth_link'))
@@ -57,7 +58,7 @@ class ucp_auth_link
 				// Tell the provider that the method is auth_link not login_link
 				$link_data['link_method'] = 'auth_link';
 
-				if ($request->variable('link', null))
+				if ($request->variable('link', null, false, phpbb_request_interface::POST))
 				{
 					$error[] = $auth_provider->link_account($link_data);
 				}
@@ -68,6 +69,17 @@ class ucp_auth_link
 			}
 		}
 
+		// In some cases, an request to an external server may be required in
+		// these cases, the GET parameter 'link' should exist and should be true
+		if ($request->variable('link', false))
+		{
+			// In this case the link data should only be populated with the
+			// link_method as the provider dictates how data is returned to it.
+			$link_data = array('link_method' => 'auth_link');
+
+			$error[] = $auth_provider->link_account($link_data);
+		}
+
 		if (isset($provider_data['VARS']))
 		{
 			// Handle hidden fields separately
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php
index 36e605d8fc..ff715d8944 100644
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -408,8 +408,17 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base
 			return 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST';
 		}
 
-		$storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $service_name, $this->auth_provider_oauth_token_storage_table);
+		switch ($link_data['link_method'])
+		{
+			case 'auth_link':
+				return $this->link_account_auth_link($link_data, $service_name);
+			case 'login_link':
+				return $this->link_account_login_link($link_data, $service_name);
+		}
+	}
 
+	protected function link_account_login_link(array $link_data, $service_name)
+	{
 		// Check for an access token, they should have one
 		if (!$storage->has_access_token_by_session())
 		{
@@ -417,13 +426,7 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base
 		}
 
 		// Prepare the query string
-		if ($this->request->variable('mode', 'login_link'))
-		{
-			$query = 'mode=login_link';
-		} else {
-			$query = 'i=ucp_auth_link&mode=auth_link';
-		}
-		$query .= '&login_link_oauth_service=' . strtolower($link_data['oauth_service']);
+		$query = 'mode=login_link&login_link_oauth_service=' . strtolower($link_data['oauth_service']);
 
 		// Prepare for an authentication request
 		$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
@@ -440,12 +443,47 @@ class phpbb_auth_provider_oauth extends phpbb_auth_provider_base
 			'provider'			=> strtolower($link_data['oauth_service']),
 			'oauth_provider_id'	=> $unique_id,
 		);
+
+		$this->link_account_perform_link($data);
+		// Update token storage to store the user_id
+		$storage->set_user_id($link_data['user_id']);
+	}
+
+	protected function link_account_auth_link(array $link_data, $service_name)
+	{
+		$storage = new phpbb_auth_provider_oauth_token_storage($this->db, $this->user, $service_name, $this->auth_provider_oauth_token_storage_table);
+		$query = 'i=ucp_auth_link&mode=auth_link&link=1&login_link_oauth_service=' . strtolower($link_data['oauth_service']);
+		$service_credentials = $this->service_providers[$service_name]->get_service_credentials();
+		$scopes = $this->service_providers[$service_name]->get_auth_scope();
+		$service = $this->get_service(strtolower($link_data['oauth_service']), $storage, $service_credentials, $scopes, $query);
+
+		if ($this->request->is_set('code', phpbb_request_interface::GET))
+		{
+			$this->service_providers[$service_name]->set_external_service_provider($service);
+			$unique_id = $this->service_providers[$service_name]->perform_auth_login();
+
+			// Insert into table, they will be able to log in after this
+			$data = array(
+				'user_id'			=> $link_data['user_id'],
+				'provider'			=> strtolower($link_data['oauth_service']),
+				'oauth_provider_id'	=> $unique_id,
+			);
+
+			$this->link_account_perform_link($data);
+
+			// Update token storage to store the user_id
+			$storage->set_user_id($link_data['user_id']);
+		} else {
+			$url = $service->getAuthorizationUri();
+			header('Location: ' . $url);
+		}
+	}
+
+	protected function link_account_perform_link($data)
+	{
 		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
 			' . $this->db->sql_build_array('INSERT', $data);
 		$this->db->sql_query($sql);
-
-		// Update token storage to store the user_id
-		$storage->set_user_id($link_data['user_id']);
 	}
 
 	/**