makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch '3.1.x'

Browse source
This commit is contained in:
Joas Schilling 2015-06-04 17:30:16 +02:00
commit f3f82bd377
7 changed files with 215 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
phpBB/includes/functions_user.php
View file

@ -502,6 +502,9 @@ function user_delete($mode, $user_ids, $retain_username = true)
$num_users_delta = 0; $num_users_delta = 0;
// Get auth provider collection in case accounts might need to be unlinked
$provider_collection = $phpbb_container->get('auth.provider_collection');
// Some things need to be done in the loop (if the query changes based // Some things need to be done in the loop (if the query changes based
// on which user is currently being deleted) // on which user is currently being deleted)
$added_guest_posts = 0; $added_guest_posts = 0;
@ -512,6 +515,38 @@ function user_delete($mode, $user_ids, $retain_username = true)
avatar_delete('user', $user_row); avatar_delete('user', $user_row);
} }
// Unlink accounts
foreach ($provider_collection as $provider_name => $auth_provider)
{
$provider_data = $auth_provider->get_auth_link_data($user_id);
if ($provider_data !== null)
{
$link_data = array(
'user_id' => $user_id,
'link_method' => 'user_delete',
);
// BLOCK_VARS might contain hidden fields necessary for unlinking accounts
if (isset($provider_data['BLOCK_VARS']) && is_array($provider_data['BLOCK_VARS']))
{
foreach ($provider_data['BLOCK_VARS'] as $provider_service)
{
if (!array_key_exists('HIDDEN_FIELDS', $provider_service))
{
$provider_service['HIDDEN_FIELDS'] = array();
}
$auth_provider->unlink_account(array_merge($link_data, $provider_service['HIDDEN_FIELDS']));
}
}
else
{
$auth_provider->unlink_account($link_data);
}
}
}
// Decrement number of users if this user is active // Decrement number of users if this user is active
if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE) if ($user_row['user_type'] != USER_INACTIVE && $user_row['user_type'] != USER_IGNORE)
{ {

2
phpBB/phpbb/auth/provider/base.php
View file

@ -61,7 +61,7 @@ abstract class base implements \phpbb\auth\provider\provider_interface
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public function get_auth_link_data() public function get_auth_link_data($user_id = 0)
{ {
return; return;
} }

9
phpBB/phpbb/auth/provider/oauth/oauth.php
View file

@ -553,13 +553,13 @@ class oauth extends \phpbb\auth\provider\base
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public function get_auth_link_data() public function get_auth_link_data($user_id = 0)
{ {
$block_vars = array(); $block_vars = array();
// Get all external accounts tied to the current user // Get all external accounts tied to the current user
$data = array( $data = array(
'user_id' => (int) $this->user->data['user_id'], 'user_id' => ($user_id <= 0) ? (int) $this->user->data['user_id'] : (int) $user_id,
); );
$sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . ' $sql = 'SELECT oauth_provider_id, provider FROM ' . $this->auth_provider_oauth_token_account_assoc . '
WHERE ' . $this->db->sql_build_array('SELECT', $data); WHERE ' . $this->db->sql_build_array('SELECT', $data);
@ -616,10 +616,13 @@ class oauth extends \phpbb\auth\provider\base
return 'LOGIN_LINK_MISSING_DATA'; return 'LOGIN_LINK_MISSING_DATA';
} }
// Remove user specified in $link_data if possible
$user_id = isset($link_data['user_id']) ? $link_data['user_id'] : $this->user->data['user_id'];
// Remove the link // Remove the link
$sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . " $sql = 'DELETE FROM ' . $this->auth_provider_oauth_token_account_assoc . "
WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "' WHERE provider = '" . $this->db->sql_escape($link_data['oauth_service']) . "'
AND user_id = " . (int) $this->user->data['user_id']; AND user_id = " . (int) $user_id;
$this->db->sql_query($sql); $this->db->sql_query($sql);
// Clear all tokens belonging to the user on this servce // Clear all tokens belonging to the user on this servce

6
phpBB/phpbb/auth/provider/provider_interface.php
View file

@ -166,6 +166,10 @@ interface provider_interface
/** /**
* Returns an array of data necessary to build the ucp_auth_link page * Returns an array of data necessary to build the ucp_auth_link page
* *
* @param int $user_id User ID for whom the data should be retrieved.
* defaults to 0, which is not a valid ID. The method
* should fall back to the current user's ID in this
* case.
* @return array|null If this function is not implemented on an auth * @return array|null If this function is not implemented on an auth
* provider then it returns null. If it is implemented * provider then it returns null. If it is implemented
* it will return an array of up to four elements of * it will return an array of up to four elements of
@ -181,7 +185,7 @@ interface provider_interface
* 'VARS' => array(...), * 'VARS' => array(...),
* ) * )
*/ */
public function get_auth_link_data(); public function get_auth_link_data($user_id = 0);
/** /**
* Unlinks an external account from a phpBB account. * Unlinks an external account from a phpBB account.

46
tests/functions/fixtures/user_delete.xml Normal file
View file

@ -0,0 +1,46 @@
<?xml version="1.0" encoding="UTF-8" ?>
<dataset>
<table name="phpbb_users">
<column>user_id</column>
<column>username_clean</column>
<column>username</column>
<column>user_permissions</column>
<column>user_sig</column>
<row>
<value>1</value>
<value>anonymous</value>
<value>anonymous</value>
<value></value>
<value></value>
</row>
<row>
<value>2</value>
<value>2</value>
<value>2</value>
<value></value>
<value></value>
</row>
</table>
<table name="phpbb_oauth_accounts">
<column>user_id</column>
<column>provider</column>
<column>oauth_provider_id</column>
<row>
<value>2</value>
<value>google</value>
<value>1234567890123456789</value>
</row>
</table>
<table name="phpbb_oauth_tokens">
<column>user_id</column>
<column>session_id</column>
<column>provider</column>
<column>oauth_token</column>
<row>
<value>2</value>
<value>897a897b797c8789997d7979879</value>
<value>auth.provider.oauth.service.google</value>
<value>{"accessToken":"ya29.YPHwCWVkrvwu1kgbYKiDNYaQ451ZuHy9OEQAGVME8if-WBzR-v7a9ftxbx41kaL)5VLEXB-6qJEvri","endOfLife":1429959670,"extraParams":{"token_type":"Bearer","id_token":"eyJhbGciOiJSUzI1NiIsImupZCI6IjE0YuRjNzc2MDQwYjUyNDZmNTI5OWFkZDVlMmQ1NWNOPTdjMDdlZTAifQ.eyJpc3MiOiJhY2NvdW90cy5nb78nbGUuY29tIiwic3ViIjoiMTExMDMwNwerNjM4MTM5NTQwMTM1IiwiYXpwIjoiOTk3MzUwMTY0NzE0LWhwOXJrYjZpcjM4MW80YjV1NjRpaGtmM29zMnRvbWxhLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwiOiJtYXJjLmFsZXhhbmRlci4zN0BnbWFpbC5jb20iLCJhdF9oYXNoIjoiWHk2b1JabnVZUWRfRTZDeDV0RkItdyIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdWQiOiI5OTczNTAxNjQ3MTQtaHA5cmtiNmlyMzgxbzRiNXU2NGloa2Yzb3MydG9tbGEuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJpYXQiOjE0Mjk5NTYwNzEsImV4cCI6MTQyOTk1OTY3MX0.C5gfSzjqwlRRvVMuTP6jfWIuEHMXn55oYHsSA3eh97n2BZL0TZHhUm4K206Fgucd6ufAphan4l0J7y6tMAHLZPr-kk6KDINxWnPG-up99reblGutay0lRYjMCcrhJAOql8EI1bi84GyliZFYHL67pE0ZtSf-CMb1CeH18TFe-Fk"},"refreshToken":null,"token_class":"OAuth\\\\OAuth2\\\\Token\\\\StdOAuth2Token"}</value>
</row>
</table>
</dataset>

112
tests/functions/user_delete_test.php Normal file
View file

@ -0,0 +1,112 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php';
class phpbb_functions_user_delete_test extends phpbb_database_test_case
{
/** @var \phpbb\db\driver\driver_interface */
protected $db;
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/user_delete.xml');
}
protected function setUp()
{
parent::setUp();
global $cache, $config, $db, $phpbb_container, $phpbb_dispatcher, $user;
$this->db = $db = $this->new_dbal();
$user = new \phpbb\user('\phpbb\datetime');
$phpbb_dispatcher = new phpbb_mock_event_dispatcher();
$phpbb_container = new phpbb_mock_container_builder();
$config = new \phpbb\config\config(array(
'auth_method' => 'oauth',
'auth_oauth_google_key' => 'foo',
'auth_oauth_google_secret' => 'bar',
));
set_config_count('foobar', 0, false, $config);
$cache = new \phpbb\cache\driver\null();
$request = new phpbb_mock_request();
$notification_manager = new phpbb_mock_notification_manager();
$provider_collection = new \phpbb\auth\provider_collection($phpbb_container, $config);
$oauth_provider_google = new \phpbb\auth\provider\oauth\service\google($config, $request);
$oauth_provider_collection = new \phpbb\di\service_collection($phpbb_container);
$oauth_provider_collection->offsetSet('auth.provider.oauth.service.google', $oauth_provider_google);
$driver_helper = new \phpbb\passwords\driver\helper($config);
$passwords_drivers = array(
'passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $driver_helper),
'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $driver_helper),
'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $driver_helper),
'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $driver_helper),
);
$passwords_helper = new \phpbb\passwords\helper;
// Set up passwords manager
$passwords_manager = new \phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, array_keys($passwords_drivers));
$oauth_provider = new \phpbb\auth\provider\oauth\oauth(
$db,
$config,
$passwords_manager,
$request,
$user,
'phpbb_oauth_tokens',
'phpbb_oauth_accounts',
$oauth_provider_collection,
'phpbb_users',
$phpbb_container,
$this->phpbb_root_path,
$this->php_ext
);
$provider_collection->offsetSet('auth.provider.oauth', $oauth_provider);
$phpbb_container->set('auth.provider.oauth', $oauth_provider);
$phpbb_container->set('auth.provider.oauth.service.google', $oauth_provider_google);
$phpbb_container->set('auth.provider_collection', $provider_collection);
$phpbb_container->set('notification_manager', $notification_manager);
}
public function test_user_delete()
{
// Check that user is linked
$sql = 'SELECT ot.user_id AS user_id
FROM phpbb_oauth_accounts oa, phpbb_oauth_tokens ot
WHERE oa.user_id = 2
AND ot.user_id = oa.user_id';
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
$this->assertEquals(array('user_id' => '2'), $row);
// user_delete() should return false
$this->assertFalse(user_delete('remove', array(2)));
// Make sure user link was removed
$sql = 'SELECT ot.user_id AS user_id
FROM phpbb_oauth_accounts oa, phpbb_oauth_tokens ot
WHERE oa.user_id = 2
AND ot.user_id = oa.user_id';
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
$this->assertEmpty($row);
}
}

10
tests/functions_user/delete_user_test.php
View file

@ -36,6 +36,16 @@ class phpbb_functions_user_delete_user_test extends phpbb_database_test_case
$phpbb_dispatcher = new phpbb_mock_event_dispatcher(); $phpbb_dispatcher = new phpbb_mock_event_dispatcher();
$phpbb_container = new phpbb_mock_container_builder(); $phpbb_container = new phpbb_mock_container_builder();
$phpbb_container->set('notification_manager', new phpbb_mock_notification_manager()); $phpbb_container->set('notification_manager', new phpbb_mock_notification_manager());
$phpbb_container->set(
'auth.provider.db',
new phpbb_mock_auth_provider()
);
$provider_collection = new \phpbb\auth\provider_collection($phpbb_container, $config);
$provider_collection->add('auth.provider.db');
$phpbb_container->set(
'auth.provider_collection',
$provider_collection
);
} }
public function first_last_post_data() public function first_last_post_data()