Oauth bug in phpBB

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Tue May 14, 2019 12:45 pm

This issue is more wide spread than I first thought! Turns out if you attempt to view a profile when not logged in you're redirected to a login page with the following URL: https://domain.com/memberlist.php?mode=viewprofile&u=2

Again, Oauth is broken :?

In fact, if you're attempting to login from anywhere on the board other than main index page or https://domain/ucp.php?mode=login Oauth is broken. This all boils down to the fact the URL used to display the login cannot be whitelisted in the vendors app (I think), resulting in error 500's or No mode specified error. In the past, didn't phpBB redirect to https://domain/ucp.php?mode=login when requiring a login? This has changed somewhere along the line and broken Oauth.

User avatar
3Di
Former Team Member
Posts: 13902
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Wed May 15, 2019 12:42 am

At my site this happens with my "battlenet" oauth but not with my "github" oauth extension though, which correctly redirects, tried it right now.
With https://phpbbstudio.com/memberlist.php? ... ofile&u=48
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Wed May 15, 2019 6:44 am

Indeed github works on your site but it doesn't on mine...

On a side note, there is something strange going on with your extension. The github oauth button no longer shows up on my test board after entering the key and secret in ACP. I can see in the migrations file that your extension adds the following fields to the database config table:

Code: Select all

auth_oauth_github_key
auth_oauth_github_secret
Yet when I enter the key and secret in ACP, these two are created in the config database and hold the keys:

Code: Select all

auth_oauth_studio_github_key
auth_oauth_studio_github_secret
Both auth_oauth_github_key and auth_oauth_github_secret remain empty? I have to move the key and secret from auth_oauth_studio_github_key and auth_oauth_studio_github_secret to auth_oauth_github_key and auth_oauth_github_secret via phpmyadmin and then empty auth_oauth_studio_github_key and auth_oauth_studio_github_secret to get the github button to work. I have installed oneall on this test board previously so maybe a clash between the two?

Anyway, try it yourself here: https://www.geekcreations.co.uk/phpBB3

EDIT: So I thought I would setup a whole new test board just in case any of the previous extensions I installed were screwing things up with your extension but the GITHUB button still doesn't show on a brand new phpBB3 3.2.7 board? Everything I wrote above remains! :?

User avatar
3Di
Former Team Member
Posts: 13902
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Wed May 15, 2019 8:22 pm

WelshPaul wrote: ↑
Wed May 15, 2019 6:44 am
Yet when I enter the key and secret in ACP, these two are created in the config database and hold the keys:

Code: Select all

auth_oauth_studio_github_key
auth_oauth_studio_github_secret
One thing to note, there aren't occurencies of such keys in the whole extension as per the latest 1.0.1-beta.
But those are created somehow indeed, I have to check.

Also, the support topic exists: [3.2][BETA] GitHub OAuth2 light
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Wed May 15, 2019 9:51 pm

I don't have that issue with my oauth extension...

So github does indeed work with my extension but it requires the following callback: https://domain.com/ucp.php?mode=login&l ... ice=github - I was using: https://domain.com

None of the others work though so for now I have added the following condition to my login_oauth_body.html file:

Code: Select all

<!-- IF SCRIPT_NAME eq 'index' or SCRIPT_NAME eq 'ucp' -->
CODE GOES HERE
<-- ENDIF -->

User avatar
3Di
Former Team Member
Posts: 13902
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Wed May 15, 2019 10:29 pm

Here's github settings http://prntscr.com/np457i

https://phpbbstudio.com/ucp.php?mode=login&login=external&oauth_service=studio_github
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
3Di
Former Team Member
Posts: 13902
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Wed May 15, 2019 11:44 pm

WelshPaul wrote: ↑
Wed May 15, 2019 9:51 pm
poke
Thanks for feedback, new version released - fixed.
The callback for our extension ends in: oauth_service=studio_github not oauth_service=github

You can try to login now from memberlist removing such modification you made to the HTML.
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Thu May 16, 2019 7:30 am

I'm not using your extension but I can confirm that you've fixed it. All we need now is the phpBB team to fix the others :lol:

User avatar
3Di
Former Team Member
Posts: 13902
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Thu May 16, 2019 7:40 pm

I think I will fix it, let me find the ticket if any.

Edit: found it.

Edit2: Done in https://github.com/phpbb/phpbb/pull/5592 - pls test it (I did it already) and report, thx.

Code changes: https://github.com/phpbb/phpbb/pull/559 ... 77cdceb8cc
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

User avatar
WelshPaul
Registered User
Posts: 302
Joined: Tue Aug 19, 2014 2:09 pm

Re: Oauth bug in phpBB

Post by WelshPaul » Thu May 16, 2019 10:12 pm

3Di wrote: ↑
Thu May 16, 2019 7:40 pm
I think I will fix it, let me find the ticket if any.

Edit: found it.

Edit2: Done in https://github.com/phpbb/phpbb/pull/5592 - pls test it (I did it already) and report, thx.

Code changes: https://github.com/phpbb/phpbb/pull/559 ... 77cdceb8cc
Good job! ;)

User avatar
3Di
Former Team Member
Posts: 13902
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milan (IT) Frankfurt (DE)
Name: Marco
Contact:

Re: Oauth bug in phpBB

Post by 3Di » Thu May 16, 2019 10:32 pm

Mission accomplished. :)
Please PM me only to request paid works. Thx.
Want to compensate me for my interest? Donate
My development's activity ΒΊ PhpStorm's proud user
Extensions, Scripts, MOD porting, Update/Upgrades
πŸ‘¨β€πŸ« | Take a tour to | The Studio | πŸ‘¨β€πŸ«

Post Reply

Return to β€œ[3.2.x] Support Forum”