Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16055

Unable to login using Oauth via Forums, topics or posts

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.2.7
    • Fix Version/s: 3.2.8-RC1
    • Component/s: Login
    • Labels:
    • Environment:
      MySQL(i) 5.7.26
      PHP version: 7.2.16
      Board version: 3.2.7

      Description

      I have discovered a problem with Oauth...

      Turns out that when a user hits the "Reply" button to a topic/post when not logged in, they are redirected to the phpBB login page where they can login in by either entering a username and password manually or by clicking on one of the oauth buttons (if setup in acp). Trouble is, they do not work because the redirect URL is in the following format:

      https://domain.com/posting.php?mode=reply&f=9&t=134

      I think it's because URL's need to be whitelisted in the vendors app and in this instance because the url changes depending on what topic or post the user was viewing at the time they clicked on the "Reply" button it's not possible to whitelist.

      This results in an error 500 on twitter, facebook throws this:
      https://www.phpbb.com/community/download/file.php?id=222846&mode=view

      Google returns you back to the board to an information page but fails to log you in:

      https://www.phpbb.com/community/download/file.php?id=222851&mode=view

       

      Oauth works on the index page, main login page because it uses the following static URL which one can whitelist: 

      https://domain.com/ucp.php?mode=login

       

      Same for linking or linking via UCP, Oauth works there because again the URL is static and it can be added to the vendors authorised/whitelist.

       

      More here:

      https://www.phpbb.com/community/viewtopic.php?f=556&t=2511596

      https://github.com/phpbb/phpbb/pull/557 ... -488073115

        Attachments

          Activity

            People

            • Assignee:
              Marc Marc
              Reporter:
              WelshPaul WelshPaul
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: