Oauth bug in phpBB

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Oauth bug in phpBB

Post by WelshPaul » Mon May 13, 2019 8:33 am

I have discovered a problem with Oauth...

I found this in my server log:
`[Sat May 11 12:53:13.996584 2019] [php7:error] [pid 26868] [client 0.0.0.0:00000] PHP Fatal error: Uncaught OAuth\\Common\\Http\\Exception\\TokenResponseException: Failed to request resource. HTTP Code: HTTP/1.1 403 Forbidden in /var/www/domain.com/public_html/vendor/lusitanian/oauth/src/OAuth/Common/Http/Client/StreamClient.php:68\nStack trace:\n#0 /var/www/domain.com/public_html/vendor/lusitanian/oauth/src/OAuth/OAuth1/Service/AbstractService.php(52): OAuth\\Common\\Http\\Client\\StreamClient->retrieveResponse(Object(OAuth\\Common\\Http\\Uri\\Uri), '', Array)\n#1 /var/www/domain.com/public_html/phpbb/auth/provider/oauth/oauth.php(330): OAuth\\OAuth1\\Service\\AbstractService->requestRequestToken()\n#2 /var/www/domain.com/public_html/phpbb/auth/auth.php(949): phpbb\\auth\\provider\\oauth\\oauth->login('', '')\n#3 /var/www/domain.com/public_html/includes/functions.php(2378): phpbb\\auth\\auth->login('', '', false, 1, 0)\n#4 /var/www/domain.com/public_html/posting.php(408): login_box('', 'You need to log...')\n#5 {main}\n thrown in /var/www/domain.com/public_html/vendor/lusitanian/oauth/src/OAuth/Common/Http/Client/StreamClient.php on line 68, referer: https://domain.com/posting.php?f=21&mod ... ce=twitter`
Turns out that when a user hits the "Reply" button to a topic/post when not logged in, they are redirected to the phpBB login page where they can login in by entering a username or password or click on one of the oauth buttons (if setup)...

Trouble is, they do not work because the redirect URL is in the following format:

Code: Select all

https://domain.com/posting.php?mode=reply&f=9&t=134
URL's need to be whitelisted in the vendors app but because the url changes depending on what topic or post the user was viewing at the time and it's not whitelisted in the vendors ap there is no way to add it!

This results in an error 500 on twitter, facebook throws this:
Screenshot_2019-05-12_at_08.31.19.png

Google returns you to an information page but fails to log you in:
Screenshot_2019-05-12_at_08.34.56.png
Oauth works on the login page because it uses the following static URL which one can whitelist:

Code: Select all

https://domain.com/ucp.php?mode=login
Same for linking or linking via UCP, Oauth works there because again the URL is static and it can be added to the vendors authorised/whitelist.

User avatar
3Di
Former Team Member
Posts: 13892
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Mon May 13, 2019 9:03 am

Already noticed here: https://github.com/phpbb/phpbb/pull/557 ... -488073115

You are confirming what I have experienced (it works with GitHub Oauth tough).
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Mon May 13, 2019 9:22 am

Facebook, Twitter, Google, Github, Discord, Coinbase, instagram all not working etc...

All work fine when used in main login and ucp though.

User avatar
3Di
Former Team Member
Posts: 13892
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Mon May 13, 2019 10:01 am

Are you using my Github Oauth ext? I ask because last time I tried it worked from there.
https://phpbbstudio.com/extensions/github-oauth2-light
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Mon May 13, 2019 12:10 pm

No, I'm using a commercial extension that supports more Oauth accounts and account registration (not oneall).

User avatar
3Di
Former Team Member
Posts: 13892
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Mon May 13, 2019 12:52 pm

github's OAuth specifically and some others (the native one) has issue, solved into mine. Try it out, is free.

We are working onto making the OAuth system great again, btw.
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Mon May 13, 2019 1:20 pm

I don't understand your reply... I'm not complaining about, or requesting help for the extension i'm using or the use of third paty Oauth accounts. Github will work because they allow whitelisting of the whole domain unlike all the rest - but forget about Github and any other Oauth account that isn't supported natively by phpBB as the issue is present with phpBB built in Oauth accounts, Facebook, Twitter, Bitly (who even uses that lol) and Google.

EDIT: Edited for spelling (Crappy Macbook Pro)
Last edited by WelshPaul on Mon May 13, 2019 1:37 pm, edited 3 times in total.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21302
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: Oauth bug in phpBB

Post by Mick » Mon May 13, 2019 1:27 pm

Have you reported the issue?
"The more connected we get the more alone we become" - Kyle Broflovski

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Mon May 13, 2019 1:42 pm

Mick wrote: ↑
Mon May 13, 2019 1:27 pm
Have you reported the issue?
Who me? No... I came here to get more information and confirmation of the issue... 3Di provided this link: https://github.com/phpbb/phpbb/pull/557 ... -488073115

So they are aware, not sure if it's been escalated or not though.

User avatar
3Di
Former Team Member
Posts: 13892
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Mon May 13, 2019 1:49 pm

WelshPaul wrote: ↑
Mon May 13, 2019 1:20 pm
I don't understand your reply
Let me spell it: please try my extension and report. Thx.
WelshPaul wrote: ↑
Mon May 13, 2019 1:42 pm
So they are aware, not sure if it's been escalated or not though.
Not, no issue has been filed.
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Mon May 13, 2019 2:04 pm

Just installed your Github extension 3Di and the issue is present there too.

User avatar
3Di
Former Team Member
Posts: 13892
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Mon May 13, 2019 2:06 pm

Thx for reporting, I will test it again against this issue. :)
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Mon May 13, 2019 2:22 pm

3Di wrote: ↑
Mon May 13, 2019 2:06 pm
Thx for reporting, I will test it again against this issue. :)
What happens is this...

1. Go to a forum, topic or post and click on reply.
2. Click on Github - you will be redirected there
3. Enter your credentials
4. You get returned to forum where you get the error shown in my original post. (No post mode specified.) and you're not logged in.

Same that happens with ours and phpBB's default Oauth options.

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Mon May 13, 2019 3:15 pm


User avatar
3Di
Former Team Member
Posts: 13892
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Mon May 13, 2019 3:23 pm

Thanks.
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

Post Reply

Return to β€œ[3.2.x] Support Forum”