Oauth bug in phpBB

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Oauth bug in phpBB

Post by WelshPaul »

I have discovered a problem with Oauth...

I found this in my server log:
`[Sat May 11 12:53:13.996584 2019] [php7:error] [pid 26868] [client 0.0.0.0:00000] PHP Fatal error: Uncaught OAuth\\Common\\Http\\Exception\\TokenResponseException: Failed to request resource. HTTP Code: HTTP/1.1 403 Forbidden in /var/www/domain.com/public_html/vendor/lusitanian/oauth/src/OAuth/Common/Http/Client/StreamClient.php:68\nStack trace:\n#0 /var/www/domain.com/public_html/vendor/lusitanian/oauth/src/OAuth/OAuth1/Service/AbstractService.php(52): OAuth\\Common\\Http\\Client\\StreamClient->retrieveResponse(Object(OAuth\\Common\\Http\\Uri\\Uri), '', Array)\n#1 /var/www/domain.com/public_html/phpbb/auth/provider/oauth/oauth.php(330): OAuth\\OAuth1\\Service\\AbstractService->requestRequestToken()\n#2 /var/www/domain.com/public_html/phpbb/auth/auth.php(949): phpbb\\auth\\provider\\oauth\\oauth->login('', '')\n#3 /var/www/domain.com/public_html/includes/functions.php(2378): phpbb\\auth\\auth->login('', '', false, 1, 0)\n#4 /var/www/domain.com/public_html/posting.php(408): login_box('', 'You need to log...')\n#5 {main}\n thrown in /var/www/domain.com/public_html/vendor/lusitanian/oauth/src/OAuth/Common/Http/Client/StreamClient.php on line 68, referer: https://domain.com/posting.php?f=21&mod ... ce=twitter`
Turns out that when a user hits the "Reply" button to a topic/post when not logged in, they are redirected to the phpBB login page where they can login in by entering a username or password or click on one of the oauth buttons (if setup)...

Trouble is, they do not work because the redirect URL is in the following format:

Code: Select all

https://domain.com/posting.php?mode=reply&f=9&t=134
URL's need to be whitelisted in the vendors app but because the url changes depending on what topic or post the user was viewing at the time and it's not whitelisted in the vendors ap there is no way to add it!

This results in an error 500 on twitter, facebook throws this:
Screenshot_2019-05-12_at_08.31.19.png

Google returns you to an information page but fails to log you in:
Screenshot_2019-05-12_at_08.34.56.png
Oauth works on the login page because it uses the following static URL which one can whitelist:

Code: Select all

https://domain.com/ucp.php?mode=login
Same for linking or linking via UCP, Oauth works there because again the URL is static and it can be added to the vendors authorised/whitelist.
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di »

Already noticed here: https://github.com/phpbb/phpbb/pull/557 ... -488073115

You are confirming what I have experienced (it works with GitHub Oauth tough).
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul »

Facebook, Twitter, Google, Github, Discord, Coinbase, instagram all not working etc...

All work fine when used in main login and ucp though.
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di »

Are you using my Github Oauth ext? I ask because last time I tried it worked from there.
https://phpbbstudio.com/extensions/github-oauth2-light
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul »

No, I'm using a commercial extension that supports more Oauth accounts and account registration (not oneall).
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di »

github's OAuth specifically and some others (the native one) has issue, solved into mine. Try it out, is free.

We are working onto making the OAuth system great again, btw.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul »

I don't understand your reply... I'm not complaining about, or requesting help for the extension i'm using or the use of third paty Oauth accounts. Github will work because they allow whitelisting of the whole domain unlike all the rest - but forget about Github and any other Oauth account that isn't supported natively by phpBB as the issue is present with phpBB built in Oauth accounts, Facebook, Twitter, Bitly (who even uses that lol) and Google.

EDIT: Edited for spelling (Crappy Macbook Pro)
Last edited by WelshPaul on Mon May 13, 2019 1:37 pm, edited 3 times in total.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26505
Joined: Fri Aug 29, 2008 9:49 am

Re: Oauth bug in phpBB

Post by Mick »

Have you reported the issue?
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul »

Mick wrote: Mon May 13, 2019 1:27 pm Have you reported the issue?
Who me? No... I came here to get more information and confirmation of the issue... 3Di provided this link: https://github.com/phpbb/phpbb/pull/557 ... -488073115

So they are aware, not sure if it's been escalated or not though.
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di »

WelshPaul wrote: Mon May 13, 2019 1:20 pm I don't understand your reply
Let me spell it: please try my extension and report. Thx.
WelshPaul wrote: Mon May 13, 2019 1:42 pm So they are aware, not sure if it's been escalated or not though.
Not, no issue has been filed.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul »

Just installed your Github extension 3Di and the issue is present there too.
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di »

Thx for reporting, I will test it again against this issue. :)
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul »

3Di wrote: Mon May 13, 2019 2:06 pm Thx for reporting, I will test it again against this issue. :)
What happens is this...

1. Go to a forum, topic or post and click on reply.
2. Click on Github - you will be redirected there
3. Enter your credentials
4. You get returned to forum where you get the error shown in my original post. (No post mode specified.) and you're not logged in.

Same that happens with ours and phpBB's default Oauth options.
User avatar
WelshPaul
Registered User
Posts: 420
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul »

User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di »

Thanks.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
Post Reply

Return to “[3.2.x] Support Forum”