Exemplo n.º 1
0
 public function test_login()
 {
     global $phpbb_root_path, $phpEx;
     $db = $this->new_dbal();
     $config = new \phpbb\config\config(array('ip_login_limit_max' => 0, 'ip_login_limit_use_forwarded' => 0, 'max_login_attempts' => 0));
     $lang_loader = new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx);
     $lang = new \phpbb\language\language($lang_loader);
     $request = $this->getMock('\\phpbb\\request\\request');
     $user = new \phpbb\user($lang, '\\phpbb\\datetime');
     $driver_helper = new \phpbb\passwords\driver\helper($config);
     $passwords_drivers = array('passwords.driver.bcrypt_2y' => new \phpbb\passwords\driver\bcrypt_2y($config, $driver_helper), 'passwords.driver.bcrypt' => new \phpbb\passwords\driver\bcrypt($config, $driver_helper), 'passwords.driver.salted_md5' => new \phpbb\passwords\driver\salted_md5($config, $driver_helper), 'passwords.driver.phpass' => new \phpbb\passwords\driver\phpass($config, $driver_helper));
     $passwords_helper = new \phpbb\passwords\helper();
     // Set up passwords manager
     $passwords_manager = new \phpbb\passwords\manager($config, $passwords_drivers, $passwords_helper, array_keys($passwords_drivers));
     $phpbb_container = new phpbb_mock_container_builder();
     $provider = new \phpbb\auth\provider\db($db, $config, $passwords_manager, $request, $user, $phpbb_container, $phpbb_root_path, $phpEx);
     if (version_compare(PHP_VERSION, '5.3.7', '<')) {
         $password_hash = '$2a$10$e01Syh9PbJjUkio66eFuUu4FhCE2nRgG7QPc1JACalsPXcIuG2bbi';
     } else {
         $password_hash = '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i';
     }
     $expected = array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => array('user_id' => '1', 'username' => 'foobar', 'user_password' => $password_hash, 'user_passchg' => '0', 'user_email' => '*****@*****.**', 'user_type' => '0', 'user_login_attempts' => '0'));
     $login_return = $provider->login('foobar', 'example');
     $this->assertEquals($expected['status'], $login_return['status']);
     $this->assertEquals($expected['error_msg'], $login_return['error_msg']);
     foreach ($expected['user_row'] as $key => $value) {
         $this->assertEquals($value, $login_return['user_row'][$key]);
     }
     // Check if convert works
     $login_return = $provider->login('foobar2', 'example');
     $password_start = version_compare(PHP_VERSION, '5.3.7', '<') ? '$2a$10$' : '$2y$10$';
     $this->assertStringStartsWith($password_start, $login_return['user_row']['user_password']);
 }
Exemplo n.º 2
0
    public function login($username, $password)
    {
        // Temporary workaround for only having one authentication provider available
        if (!$this->request->is_set('oauth_service')) {
            $provider = new \phpbb\auth\provider\db($this->db, $this->config, $this->passwords_manager, $this->request, $this->user, $this->phpbb_container, $this->phpbb_root_path, $this->php_ext);
            return $provider->login($username, $password);
        }
        // Requst the name of the OAuth service
        $service_name_original = $this->request->variable('oauth_service', '', false);
        $service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original);
        if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers)) {
            return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST', 'user_row' => array('user_id' => ANONYMOUS));
        }
        // Get the service credentials for the given service
        $service_credentials = $this->service_providers[$service_name]->get_service_credentials();
        $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table);
        $query = 'mode=login&login=external&oauth_service=' . $service_name_original . '&redirect=' . rawurlencode(htmlspecialchars_decode($this->request->variable('redirect', '')));
        $service = $this->get_service($service_name_original, $storage, $service_credentials, $query, $this->service_providers[$service_name]->get_auth_scope());
        if ($this->request->is_set('code', \phpbb\request\request_interface::GET)) {
            $this->service_providers[$service_name]->set_external_service_provider($service);
            $unique_id = $this->service_providers[$service_name]->perform_auth_login();
            // Check to see if this provider is already assosciated with an account
            $data = array('provider' => $service_name_original, 'oauth_provider_id' => $unique_id);
            $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '
				WHERE ' . $this->db->sql_build_array('SELECT', $data);
            $result = $this->db->sql_query($sql);
            $row = $this->db->sql_fetchrow($result);
            $this->db->sql_freeresult($result);
            if (!$row) {
                // The user does not yet exist, ask to link or create profile
                return array('status' => LOGIN_SUCCESS_LINK_PROFILE, 'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED', 'user_row' => array(), 'redirect_data' => array('auth_provider' => 'oauth', 'login_link_oauth_service' => $service_name_original));
            }
            // Retrieve the user's account
            $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
				FROM ' . $this->users_table . '
					WHERE user_id = ' . (int) $row['user_id'];
            $result = $this->db->sql_query($sql);
            $row = $this->db->sql_fetchrow($result);
            $this->db->sql_freeresult($result);
            if (!$row) {
                throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY');
            }
            // Update token storage to store the user_id
            $storage->set_user_id($row['user_id']);
            // The user is now authenticated and can be logged in
            return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
        } else {
            $url = $service->getAuthorizationUri();
            header('Location: ' . $url);
        }
    }