| [ Index ] |
PHP Cross Reference of phpBB-3.1.12-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 namespace phpbb\auth\provider\oauth; 15 16 use OAuth\OAuth1\Token\StdOAuth1Token; 17 use OAuth\Common\Token\TokenInterface; 18 use OAuth\Common\Storage\TokenStorageInterface; 19 use OAuth\Common\Storage\Exception\TokenNotFoundException; 20 21 /** 22 * OAuth storage wrapper for phpbb's cache 23 */ 24 class token_storage implements TokenStorageInterface 25 { 26 /** 27 * Cache driver. 28 * 29 * @var \phpbb\db\driver\driver_interface 30 */ 31 protected $db; 32 33 /** 34 * phpBB user 35 * 36 * @var \phpbb\user 37 */ 38 protected $user; 39 40 /** 41 * OAuth token table 42 * 43 * @var string 44 */ 45 protected $auth_provider_oauth_table; 46 47 /** 48 * @var object|TokenInterface 49 */ 50 protected $cachedToken; 51 52 /** 53 * Creates token storage for phpBB. 54 * 55 * @param \phpbb\db\driver\driver_interface $db 56 * @param \phpbb\user $user 57 * @param string $auth_provider_oauth_table 58 */ 59 public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $auth_provider_oauth_table) 60 { 61 $this->db = $db; 62 $this->user = $user; 63 $this->auth_provider_oauth_table = $auth_provider_oauth_table; 64 } 65 66 /** 67 * {@inheritdoc} 68 */ 69 public function retrieveAccessToken($service) 70 { 71 $service = $this->get_service_name_for_db($service); 72 73 if ($this->cachedToken instanceof TokenInterface) 74 { 75 return $this->cachedToken; 76 } 77 78 $data = array( 79 'user_id' => (int) $this->user->data['user_id'], 80 'provider' => $service, 81 ); 82 83 if ((int) $this->user->data['user_id'] === ANONYMOUS) 84 { 85 $data['session_id'] = $this->user->data['session_id']; 86 } 87 88 return $this->_retrieve_access_token($data); 89 } 90 91 /** 92 * {@inheritdoc} 93 */ 94 public function storeAccessToken($service, TokenInterface $token) 95 { 96 $service = $this->get_service_name_for_db($service); 97 98 $this->cachedToken = $token; 99 100 $data = array( 101 'user_id' => (int) $this->user->data['user_id'], 102 'provider' => $service, 103 'oauth_token' => $this->json_encode_token($token), 104 'session_id' => $this->user->data['session_id'], 105 ); 106 107 $sql = 'INSERT INTO ' . $this->auth_provider_oauth_table . ' 108 ' . $this->db->sql_build_array('INSERT', $data); 109 $this->db->sql_query($sql); 110 } 111 112 /** 113 * {@inheritdoc} 114 */ 115 public function hasAccessToken($service) 116 { 117 $service = $this->get_service_name_for_db($service); 118 119 if ($this->cachedToken) 120 { 121 return true; 122 } 123 124 $data = array( 125 'user_id' => (int) $this->user->data['user_id'], 126 'provider' => $service, 127 ); 128 129 if ((int) $this->user->data['user_id'] === ANONYMOUS) 130 { 131 $data['session_id'] = $this->user->data['session_id']; 132 } 133 134 return $this->_has_acess_token($data); 135 } 136 137 /** 138 * {@inheritdoc} 139 */ 140 public function clearToken($service) 141 { 142 $service = $this->get_service_name_for_db($service); 143 144 $this->cachedToken = null; 145 146 $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' 147 WHERE user_id = ' . (int) $this->user->data['user_id'] . " 148 AND provider = '" . $this->db->sql_escape($service) . "'"; 149 150 if ((int) $this->user->data['user_id'] === ANONYMOUS) 151 { 152 $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; 153 } 154 155 $this->db->sql_query($sql); 156 } 157 158 /** 159 * {@inheritdoc} 160 */ 161 public function clearAllTokens() 162 { 163 $this->cachedToken = null; 164 165 $sql = 'DELETE FROM ' . $this->auth_provider_oauth_table . ' 166 WHERE user_id = ' . (int) $this->user->data['user_id']; 167 168 if ((int) $this->user->data['user_id'] === ANONYMOUS) 169 { 170 $sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; 171 } 172 173 $this->db->sql_query($sql); 174 } 175 176 /** 177 * Updates the user_id field in the database assosciated with the token 178 * 179 * @param int $user_id 180 */ 181 public function set_user_id($user_id) 182 { 183 if (!$this->cachedToken) 184 { 185 return; 186 } 187 188 $sql = 'UPDATE ' . $this->auth_provider_oauth_table . ' 189 SET ' . $this->db->sql_build_array('UPDATE', array( 190 'user_id' => (int) $user_id 191 )) . ' 192 WHERE user_id = ' . (int) $this->user->data['user_id'] . " 193 AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'"; 194 $this->db->sql_query($sql); 195 } 196 197 /** 198 * Checks to see if an access token exists solely by the session_id of the user 199 * 200 * @param string $service The name of the OAuth service 201 * @return bool true if they have token, false if they don't 202 */ 203 public function has_access_token_by_session($service) 204 { 205 $service = $this->get_service_name_for_db($service); 206 207 if ($this->cachedToken) 208 { 209 return true; 210 } 211 212 $data = array( 213 'session_id' => $this->user->data['session_id'], 214 'provider' => $service, 215 ); 216 217 return $this->_has_acess_token($data); 218 } 219 220 /** 221 * A helper function that performs the query for has access token functions 222 * 223 * @param array $data 224 * @return bool 225 */ 226 protected function _has_acess_token($data) 227 { 228 return (bool) $this->get_access_token_row($data); 229 } 230 231 public function retrieve_access_token_by_session($service) 232 { 233 $service = $this->get_service_name_for_db($service); 234 235 if ($this->cachedToken instanceof TokenInterface) 236 { 237 return $this->cachedToken; 238 } 239 240 $data = array( 241 'session_id' => $this->user->data['session_id'], 242 'provider' => $service, 243 ); 244 245 return $this->_retrieve_access_token($data); 246 } 247 248 /** 249 * A helper function that performs the query for retrieve access token functions 250 * Also checks if the token is a valid token 251 * 252 * @param array $data 253 * @return mixed 254 * @throws \OAuth\Common\Storage\Exception\TokenNotFoundException 255 */ 256 protected function _retrieve_access_token($data) 257 { 258 $row = $this->get_access_token_row($data); 259 260 if (!$row) 261 { 262 throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_NOT_STORED'); 263 } 264 265 $token = $this->json_decode_token($row['oauth_token']); 266 267 // Ensure that the token was serialized/unserialized correctly 268 if (!($token instanceof TokenInterface)) 269 { 270 $this->clearToken($data['provider']); 271 throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED'); 272 } 273 274 $this->cachedToken = $token; 275 return $token; 276 } 277 278 /** 279 * A helper function that performs the query for retrieving an access token 280 * 281 * @param array $data 282 * @return mixed 283 */ 284 protected function get_access_token_row($data) 285 { 286 $sql = 'SELECT oauth_token FROM ' . $this->auth_provider_oauth_table . ' 287 WHERE ' . $this->db->sql_build_array('SELECT', $data); 288 $result = $this->db->sql_query($sql); 289 $row = $this->db->sql_fetchrow($result); 290 $this->db->sql_freeresult($result); 291 292 return $row; 293 } 294 295 public function json_encode_token(TokenInterface $token) 296 { 297 $members = array( 298 'accessToken' => $token->getAccessToken(), 299 'endOfLife' => $token->getEndOfLife(), 300 'extraParams' => $token->getExtraParams(), 301 'refreshToken' => $token->getRefreshToken(), 302 303 'token_class' => get_class($token), 304 ); 305 306 // Handle additional data needed for OAuth1 tokens 307 if ($token instanceof StdOAuth1Token) 308 { 309 $members['requestToken'] = $token->getRequestToken(); 310 $members['requestTokenSecret'] = $token->getRequestTokenSecret(); 311 $members['accessTokenSecret'] = $token->getAccessTokenSecret(); 312 } 313 314 return json_encode($members); 315 } 316 317 public function json_decode_token($json) 318 { 319 $token_data = json_decode($json, true); 320 321 if ($token_data === null) 322 { 323 throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED'); 324 } 325 326 $token_class = $token_data['token_class']; 327 $access_token = $token_data['accessToken']; 328 $refresh_token = $token_data['refreshToken']; 329 $endOfLife = $token_data['endOfLife']; 330 $extra_params = $token_data['extraParams']; 331 332 // Create the token 333 $token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params); 334 $token->setEndOfLife($endOfLife); 335 336 // Handle OAuth 1.0 specific elements 337 if ($token instanceof StdOAuth1Token) 338 { 339 $token->setRequestToken($token_data['requestToken']); 340 $token->setRequestTokenSecret($token_data['requestTokenSecret']); 341 $token->setAccessTokenSecret($token_data['accessTokenSecret']); 342 } 343 344 return $token; 345 } 346 347 /** 348 * Returns the name of the service as it must be stored in the database. 349 * 350 * @param string $service The name of the OAuth service 351 * @return string The name of the OAuth service as it needs to be stored 352 * in the database. 353 */ 354 protected function get_service_name_for_db($service) 355 { 356 // Enforce the naming convention for oauth services 357 if (strpos($service, 'auth.provider.oauth.service.') !== 0) 358 { 359 $service = 'auth.provider.oauth.service.' . strtolower($service); 360 } 361 362 return $service; 363 } 364 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jan 11 00:25:41 2018 | Cross-referenced by PHPXref 0.7.1 |