OAuth: Compare oauth users using exact compare

This commit is contained in:
Igor Scheller 2021-01-01 20:50:20 +01:00 committed by msquare
parent a5757497e5
commit bb2a13f605
3 changed files with 8 additions and 57 deletions

View File

@ -1,53 +0,0 @@
<?php
namespace Engelsystem\Migrations;
use Engelsystem\Database\Migration\Migration;
use Illuminate\Database\Query\Grammars\MySqlGrammar;
class OauthSetIdentifierBinary extends Migration
{
use Reference;
/**
* Run the migration
*/
public function up()
{
$connection = $this->schema->getConnection();
if (!$connection->getQueryGrammar() instanceof MySqlGrammar) {
return;
}
$connection->unprepared(
'
ALTER TABLE `oauth`
CHANGE `identifier`
`identifier`
VARCHAR(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin
NOT NULL
'
);
}
/**
* Reverse the migration
*/
public function down()
{
$connection = $this->schema->getConnection();
if (!$connection->getQueryGrammar() instanceof MySqlGrammar) {
return;
}
$connection->unprepared(
'
ALTER TABLE `oauth`
CHANGE `identifier`
`identifier`
VARCHAR(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci
NOT NULL
'
);
}
}

View File

@ -129,12 +129,16 @@ class OAuthController extends BaseController
} }
$resourceOwner = $provider->getResourceOwner($accessToken); $resourceOwner = $provider->getResourceOwner($accessToken);
$resourceId = $resourceOwner->getId();
/** @var OAuth|null $oauth */ /** @var OAuth|null $oauth */
$oauth = $this->oauth $oauth = $this->oauth
->query() ->query()
->where('provider', $providerName) ->where('provider', $providerName)
->where('identifier', $resourceOwner->getId()) ->where('identifier', $resourceId)
->get()
// Explicit case sensitive comparison using PHP as some DBMS collations are case sensitive and some arent
->where('identifier', '===', $resourceId)
->first(); ->first();
$expirationTime = $accessToken->getExpires(); $expirationTime = $accessToken->getExpires();

View File

@ -340,7 +340,7 @@ class OAuthControllerTest extends TestCase
$resourceOwner, $resourceOwner,
'getId', 'getId',
null, null,
'provider-not-connected-identifier', 'ProVIdeR-User-IdenTifIer', // Case sensitive variation of existing entry
$this->atLeastOnce() $this->atLeastOnce()
); );
$this->setExpects( $this->setExpects(
@ -348,7 +348,7 @@ class OAuthControllerTest extends TestCase
'toArray', 'toArray',
null, null,
[ [
'uid' => 'provider-not-connected-identifier', 'uid' => 'ProVIdeR-User-IdenTifIer',
'user' => 'username', 'user' => 'username',
'email' => 'foo.bar@localhost', 'email' => 'foo.bar@localhost',
'given-name' => 'Foo', 'given-name' => 'Foo',
@ -385,7 +385,7 @@ class OAuthControllerTest extends TestCase
$this->config->set('registration_enabled', true); $this->config->set('registration_enabled', true);
$controller->index($request); $controller->index($request);
$this->assertEquals('testprovider', $this->session->get('oauth2_connect_provider')); $this->assertEquals('testprovider', $this->session->get('oauth2_connect_provider'));
$this->assertEquals('provider-not-connected-identifier', $this->session->get('oauth2_user_id')); $this->assertEquals('ProVIdeR-User-IdenTifIer', $this->session->get('oauth2_user_id'));
$this->assertEquals('test-token', $this->session->get('oauth2_access_token')); $this->assertEquals('test-token', $this->session->get('oauth2_access_token'));
$this->assertEquals('test-refresh-token', $this->session->get('oauth2_refresh_token')); $this->assertEquals('test-refresh-token', $this->session->get('oauth2_refresh_token'));
$this->assertEquals(4242424242, $this->session->get('oauth2_expires_at')->unix()); $this->assertEquals(4242424242, $this->session->get('oauth2_expires_at')->unix());