From bb2a13f6056522aeca26f9aa864c41c12a4887bf Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Fri, 1 Jan 2021 20:50:20 +0100 Subject: [PATCH] OAuth: Compare oauth users using exact compare --- ..._28_000000_oauth_set_identifier_binary.php | 53 ------------------- src/Controllers/OAuthController.php | 6 ++- .../Unit/Controllers/OAuthControllerTest.php | 6 +-- 3 files changed, 8 insertions(+), 57 deletions(-) delete mode 100644 db/migrations/2020_12_28_000000_oauth_set_identifier_binary.php diff --git a/db/migrations/2020_12_28_000000_oauth_set_identifier_binary.php b/db/migrations/2020_12_28_000000_oauth_set_identifier_binary.php deleted file mode 100644 index 9dab8d31..00000000 --- a/db/migrations/2020_12_28_000000_oauth_set_identifier_binary.php +++ /dev/null @@ -1,53 +0,0 @@ -schema->getConnection(); - if (!$connection->getQueryGrammar() instanceof MySqlGrammar) { - return; - } - - $connection->unprepared( - ' - ALTER TABLE `oauth` - CHANGE `identifier` - `identifier` - VARCHAR(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin - NOT NULL - ' - ); - } - - /** - * Reverse the migration - */ - public function down() - { - $connection = $this->schema->getConnection(); - if (!$connection->getQueryGrammar() instanceof MySqlGrammar) { - return; - } - - $connection->unprepared( - ' - ALTER TABLE `oauth` - CHANGE `identifier` - `identifier` - VARCHAR(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci - NOT NULL - ' - ); - } -} diff --git a/src/Controllers/OAuthController.php b/src/Controllers/OAuthController.php index 059c50bb..a3f7543a 100644 --- a/src/Controllers/OAuthController.php +++ b/src/Controllers/OAuthController.php @@ -129,12 +129,16 @@ class OAuthController extends BaseController } $resourceOwner = $provider->getResourceOwner($accessToken); + $resourceId = $resourceOwner->getId(); /** @var OAuth|null $oauth */ $oauth = $this->oauth ->query() ->where('provider', $providerName) - ->where('identifier', $resourceOwner->getId()) + ->where('identifier', $resourceId) + ->get() + // Explicit case sensitive comparison using PHP as some DBMS collations are case sensitive and some arent + ->where('identifier', '===', $resourceId) ->first(); $expirationTime = $accessToken->getExpires(); diff --git a/tests/Unit/Controllers/OAuthControllerTest.php b/tests/Unit/Controllers/OAuthControllerTest.php index 15960f99..9d78db88 100644 --- a/tests/Unit/Controllers/OAuthControllerTest.php +++ b/tests/Unit/Controllers/OAuthControllerTest.php @@ -340,7 +340,7 @@ class OAuthControllerTest extends TestCase $resourceOwner, 'getId', null, - 'provider-not-connected-identifier', + 'ProVIdeR-User-IdenTifIer', // Case sensitive variation of existing entry $this->atLeastOnce() ); $this->setExpects( @@ -348,7 +348,7 @@ class OAuthControllerTest extends TestCase 'toArray', null, [ - 'uid' => 'provider-not-connected-identifier', + 'uid' => 'ProVIdeR-User-IdenTifIer', 'user' => 'username', 'email' => 'foo.bar@localhost', 'given-name' => 'Foo', @@ -385,7 +385,7 @@ class OAuthControllerTest extends TestCase $this->config->set('registration_enabled', true); $controller->index($request); $this->assertEquals('testprovider', $this->session->get('oauth2_connect_provider')); - $this->assertEquals('provider-not-connected-identifier', $this->session->get('oauth2_user_id')); + $this->assertEquals('ProVIdeR-User-IdenTifIer', $this->session->get('oauth2_user_id')); $this->assertEquals('test-token', $this->session->get('oauth2_access_token')); $this->assertEquals('test-refresh-token', $this->session->get('oauth2_refresh_token')); $this->assertEquals(4242424242, $this->session->get('oauth2_expires_at')->unix());