These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
123Next pageLast page
 

phpBB 3.2 EVE SSO / ESI extension [beta]
Author
Previous Topic Next Topic
Snitch Ashor
Republic Military School
Minmatar Republic
#1 - 2017-03-11 23:36:53 UTC  |  Edited by: Snitch Ashor
Hi all,

This is a beta version of a phpBB extension that enables Single sign on for registration and login to the phpBB forum software: Downloads

Current version: 1.1b

Update procedure (coming from a previous version of THIS extension):

  1. Disable the extension. (DO *NOT* clear the data)
  2. Exchange the extension folder.
  3. Purge your forums cache.
  4. Reenable


Current features:


  • phpBB auth provider (replaces regular login completely)
  • Login / Registration using EVE accounts
  • Group management based on corp / alliance (using ESI to fetch)
  • Teamspeak serverGroup management based on corp / alliance
  • Display users corp / alliance below the user name


Requirements:


  • phpBB 3.2 or above
  • php5.5 or above with php-curl installed
  • A valid EVE Online subscription (you need one to register a developer app.)



Installation and setup:

This extension is under development, if you install it on anything but a fresh and empty board, backup your database and files now.


  1. Upload the contents of the zip to your forum root (the zip should already contain the directory structure /ext/snitch/authevesso)
  2. Go to the ACP
  3. Enable the extension under 'Customise', if it doesnt show up check the directory structure.
  4. Go to developers.eveonline.com and create an App, select API access the scope esi-corporations.read_corporation_membership.v1, set the callback url to server/forumurl/authevesso/login
  5. Go to you forum ACP: General - Client communication - Authentication
  6. Enter your app id and secret you got in the above step, as well as the Admin character name (Important: This has to be an eve character you will use from now on to log in as admin. If this char already exists as a board user, make him a founder and grant all permissions now.)
  7. Save Settings
  8. Change authentication method to Evesso and save.
  9. Log in with the admin EVE char and purge the forum cache in the ACP.
  10. Start adding Groups / Teamspeak groups under 'Extensions'

if something goes wrong and you locked yourself out, access your database and find the key auth_method in your phpbb_config table and change it from 'evesso' to 'db'.


To do:


  • Implement logging
  • Testing
  • Better session management (when logging in from multiple devices)
  • ???


A few notes how its working:

This extension automatically creates a forum user account for evey user that logs in with his eve account.
It only handles the groups configured in the extensions ACP menu, it will not add OR REMOVE from any of the groups / teamspeak groups not entered there.
phpBB3.1+ has a new cron system. if you wish to run the cron jobs manually, the command to do so is: php _install_dir_/bin/phpbbcli.php cron:run (set to run e.g. once in 15 minutes, dont worry, the actual jobs run at different intervals) In that case, go to your boards server settings and set 'run periodic tasks from system...' to 'yes'.


Credits:

Inspired by EVE API for phpBB 3.0 by Cyerus and phpBB 3.1 Authentication Provider for Shibboleth
Using the Teamspeak PHP framework
ESI client generated using swagger codegen


Translations:

English
Russian


Speacial thanks:

Jintaro Keo for a lot of testing and the russian translation


Happy testing,

Report any bugs you ancounter here or to admin@brgf.de
If you wanna support this project, feel free to throw some ISK at Snitch Ashor

o7, Snitch
Snitch Ashor
Republic Military School
Minmatar Republic
#2 - 2017-03-12 07:16:14 UTC
Reserved.
Norio Nori
Broccoli Forest
#3 - 2017-03-15 14:39:43 UTC
It is amazing!
Milo Caman
Anshar Incorporated
#4 - 2017-03-17 16:34:23 UTC
Super happy to see this again, but seeing this when I try to log into my fresh forum after setting up:

SQL ERROR [ mysqli ]

Unknown column 'session_authstate' in 'field list' [1054]

Don't have access to my database from work, so will reset the auth method and have a closer look when I get home in a few hours, but if there's any quick fixes to this that'd be excellent.
Snitch Ashor
Republic Military School
Minmatar Republic
#5 - 2017-03-17 21:04:44 UTC
Milo Caman wrote:
Super happy to see this again, but seeing this when I try to log into my fresh forum after setting up:

SQL ERROR [ mysqli ]

Unknown column 'session_authstate' in 'field list' [1054]

Don't have access to my database from work, so will reset the auth method and have a closer look when I get home in a few hours, but if there's any quick fixes to this that'd be excellent.



Hmmm weird, that column should have been installed with the mod. Will try it myself on a fresh install.
Milo Caman
Anshar Incorporated
#6 - 2017-03-17 21:46:08 UTC
I've reset the auth_method key and managed to get back in, no problems. For anyone who's new to MySQL something like this should work fine. 

UPDATE phpbb_config SET config_value = 'db' WHERE config_name = 'auth_method' LIMIT 1;


You'll need to clear the cache folder afterwards.

Interestingly if the extension is enabled, using the extensions tab in the ACP returns the following:

General Error
SQL ERROR [ mysqli ]

Table 'phpbb.phpbb_authevesso_groups' doesn't exist [1146]

SQL

SELECT * FROM phpbb_authevesso_groups

BACKTRACE

FILE: (not given by php)
LINE: (not given by php)
CALL: msg_handler()

FILE: [ROOT]/phpbb/db/driver/driver.php
LINE: 999
CALL: trigger_error()

FILE: [ROOT]/phpbb/db/driver/mysqli.php
LINE: 193
CALL: phpbb\db\driver\driver->sql_error()

FILE: [ROOT]/phpbb/db/driver/factory.php
LINE: 329
CALL: phpbb\db\driver\mysqli->sql_query()

FILE: [ROOT]/ext/snitch/authevesso/acp/main_module.php
LINE: 91
CALL: phpbb\db\driver\factory->sql_query()

FILE: [ROOT]/includes/functions_module.php
LINE: 676
CALL: snitch\authevesso\acp\main_module->main()

FILE: [ROOT]/adm/index.php
LINE: 82
CALL: p_master->load_active()


I'm not sure if this is useful? I may have done something wrong.
Snitch Ashor
Republic Military School
Minmatar Republic
#7 - 2017-03-17 21:57:25 UTC  |  Edited by: Snitch Ashor
That is related to the first I guess, looks like the migration that installs database tables and columns is not executed at all in your case, will try to figure out what went wrong. If you want to retry you have to deinstall the mod and delte all data of the mod in the customization tab.

If you could try the following please:

Disable the mod.
Delte Data for the mod.

Reenable it and give it a try. If the same error occurs, here's how to create the DB entries required:

ALTER TABLE phpbb_users ADD (
  `user_refreshToken` varchar(255) COLLATE utf8_bin DEFAULT NULL,
  `user_characterID` bigint(20) DEFAULT NULL,
  `user_lastAPI` int(11) UNSIGNED DEFAULT NULL,
  `user_APIfailcount` mediumint(8) UNSIGNED DEFAULT NULL
);

ALTER TABLE phpbb_sessions ADD (
  `session_authstate` varchar(255) COLLATE utf8_bin DEFAULT NULL,
  `session_refreshToken` varchar(255) COLLATE utf8_bin DEFAULT NULL,
  `session_characterID` bigint(20) DEFAULT NULL,
  `session_characterName` varchar(100) COLLATE utf8_bin DEFAULT NULL
);

CREATE TABLE `phpbb_authevesso_groups` (
  `id` bigint(20) DEFAULT NULL,
  `name` varchar(255) COLLATE utf8_bin NOT NULL DEFAULT '',
  `type` varchar(20) COLLATE utf8_bin NOT NULL DEFAULT '',
  `forum_group` mediumint(8) UNSIGNED DEFAULT NULL,
  `ts_group` mediumint(8) UNSIGNED DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
Milo Caman
Anshar Incorporated
#8 - 2017-03-17 22:13:25 UTC  |  Edited by: Milo Caman
Snitch Ashor wrote:
That is related to the first I guess, looks like the migration that installs database tables and columns is not executed at all in your case, will try to figure out what went wrong. If you want to retry you have to deinstall the mod and delte all data of the mod in the customization tab


Is it possible to trigger the migration script manually? Not had any luck reinstalling this so far.

EDIT: After digging through apache's log files, I found this:


[Sat Mar 18 00:21:02.270677 2017] [:error] [pid 9469] [client ] PHP Fatal error:  Class 'phpbb\\db\\migration\\migration' not found in /var/www/html/forum/ext/snitch/authevesso/migrations/add_table.php on line 5, referer: https://[url-removed]/forum/ext/snitch/authevesso/migrations/


SECOND EDIT: The MySQL query you provided did it, thank you! I'll report back with anything else I run into.
Snitch Ashor
Republic Military School
Minmatar Republic
#9 - 2017-03-18 00:19:35 UTC
Thanks for reporting back, could you do one more quick check just look if the file

_phpBBinstall_/phpbb/db/migration/migration.php is present and tell me what php version you are running please?

Thanks.

Btw since all migrations require that class, the one that creates the profile field to enter the teamspeakID might be missing as well. You can just create it under users-> custom profile fields:

Identifier: authevesso_tsid Type: single text field.

Publicly display profile field: NO and the only options that should be ticked are:
Display in user control panel
Hide profile field
Milo Caman
Anshar Incorporated
#10 - 2017-03-18 00:30:07 UTC
migration.php is present. I'm using PHP 7.0.15-0ubuntu0.16.04.4.

Everything appears to be working smoothly now.

Just a thought, but you might want to set something that toggles the 'register' button on the forum when SSO is active, as it allows users to make redundant accounts they can't log into. It's not really a big issue, but might cause some confusion if the 'Disable registration' option isn't selected in the ACP.
Snitch Ashor
Republic Military School
Minmatar Republic
#11 - 2017-03-18 06:47:01 UTC
Yeah you are right. You can disable board registration yourself for now in the ACP. I will either disable the button or just forward registration to the sso as well.
Paic Aishai
Les mecs pas chiants
#12 - 2017-03-18 11:01:38 UTC  |  Edited by: Paic Aishai
Thanks man. Cool project you're working on here !

I also tried to install this and ran into the same problems as Milo. After following your instructions, the extension page is now accesible and database schemas seems ok, but when I try to login, I get an "Invalid auth state." error.

The auth state seems to be passed along correctly during the OAuth process, it is even set correctly in the database (phpbb_sessions.session_authstate)

Any ideas ?


EDIT : Ok my bad. I was not using HTTPS, everything is fine now.
Felicity Stihl
Bittervet's retirement home
#13 - 2017-03-18 18:54:16 UTC
Cool project

I installed it without a hitch, but when I enable authentication, I will get a 404 error when trying to hit the login button.

The 404 is for forums.domain.tld/authevesso/login (my phpbb install is not in a subdirectory)

Any ideas on this one ?
Snitch Ashor
Republic Military School
Minmatar Republic
#14 - 2017-03-18 19:03:12 UTC
Paic Aishai wrote:
Thanks man. Cool project you're working on here !

I also tried to install this and ran into the same problems as Milo. After following your instructions, the extension page is now accesible and database schemas seems ok, but when I try to login, I get an "Invalid auth state." error.

The auth state seems to be passed along correctly during the OAuth process, it is even set correctly in the database (phpbb_sessions.session_authstate)

Any ideas ?


So basically what is supposed to happen is the auth state, which is just a random number is stored in the session sb before sending the user to the sso page and the response is compared afterwards. Not sure what goes wrong there. Could you post or pm me your forum address?
Snitch Ashor
Republic Military School
Minmatar Republic
#15 - 2017-03-18 19:07:03 UTC
Felicity Stihl wrote:
Cool project

I installed it without a hitch, but when I enable authentication, I will get a 404 error when trying to hit the login button.

The 404 is for forums.domain.tld/authevesso/login (my phpbb install is not in a subdirectory)

Any ideas on this one ?



Will have to try and reproduce it. If you feel like trying it on a subfolder, let me know if it works.
Felicity Stihl
Bittervet's retirement home
#16 - 2017-03-18 19:12:03 UTC  |  Edited by: Felicity Stihl
Snitch Ashor wrote:
Felicity Stihl wrote:
Cool project

I installed it without a hitch, but when I enable authentication, I will get a 404 error when trying to hit the login button.

The 404 is for forums.domain.tld/authevesso/login (my phpbb install is not in a subdirectory)

Any ideas on this one ?



Will have to try and reproduce it. If you feel like trying it on a subfolder, let me know if it works.



Same error, it also complains about /adm/authevesso

the apache log shows this when I hit the login button (after i changed the forum url, and moved files so that the new path is: https://forums.domain.tld/forums)
xx.xx.xx.xx - - [18/Mar/2017:19:12:44 +0000] "GET /forums/authevesso/login?target=https%3A%2F%2Fforums.domain.tld%2Fforums%2Findex.php HTTP/1.1" 404 578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"



I cannot access the callback url manually either...
Looks like the forums isn't reacting to the new plugin
Felicity Stihl
Bittervet's retirement home
#17 - 2017-03-19 10:42:02 UTC
Quick update:

Made a new VM to test this on, completley vanilla ubuntu 16.10 , just installed mod_php, apache2, phpmyadmin, and mysql. installed a fresh version of phpbb 3.2 and added your plugin, so far so good..

after installing, and activating the plugin, I cannot access the /authevesso/login url (http://172.16.32.149/phpbb/authevesso/login?target=http%3A%2F%2F172.16.32.149%2Fphpbb%2Findex.php)
Snitch Ashor
Republic Military School
Minmatar Republic
#18 - 2017-03-19 13:20:47 UTC
Felicity Stihl wrote:
Quick update:

Made a new VM to test this on, completley vanilla ubuntu 16.10 , just installed mod_php, apache2, phpmyadmin, and mysql. installed a fresh version of phpbb 3.2 and added your plugin, so far so good..

after installing, and activating the plugin, I cannot access the /authevesso/login url (http://172.16.32.149/phpbb/authevesso/login?target=http%3A%2F%2F172.16.32.149%2Fphpbb%2Findex.php)




Thanks for testing, will do the same, the only difference to my test enviroment is ubuntu16.10 and prly the mysql version. Will let you know if i can figure out what it is.
Felicity Stihl
Bittervet's retirement home
#19 - 2017-03-19 13:52:14 UTC
Snitch Ashor wrote:
Felicity Stihl wrote:
Quick update:

Made a new VM to test this on, completley vanilla ubuntu 16.10 , just installed mod_php, apache2, phpmyadmin, and mysql. installed a fresh version of phpbb 3.2 and added your plugin, so far so good..

after installing, and activating the plugin, I cannot access the /authevesso/login url (http://172.16.32.149/phpbb/authevesso/login?target=http%3A%2F%2F172.16.32.149%2Fphpbb%2Findex.php)




Thanks for testing, will do the same, the only difference to my test enviroment is ubuntu16.10 and prly the mysql version. Will let you know if i can figure out what it is.


The mysql version is probably not the issue, the default apache configuration may be. As I stated, I'm running a unmodified apache conf except for enabling mod_rewrite.
Felicity Stihl
Bittervet's retirement home
#20 - 2017-03-19 15:16:13 UTC  |  Edited by: Felicity Stihl
Felicity Stihl wrote:
Snitch Ashor wrote:
Felicity Stihl wrote:
Quick update:

Made a new VM to test this on, completley vanilla ubuntu 16.10 , just installed mod_php, apache2, phpmyadmin, and mysql. installed a fresh version of phpbb 3.2 and added your plugin, so far so good..

after installing, and activating the plugin, I cannot access the /authevesso/login url (http://172.16.32.149/phpbb/authevesso/login?target=http%3A%2F%2F172.16.32.149%2Fphpbb%2Findex.php)




Thanks for testing, will do the same, the only difference to my test enviroment is ubuntu16.10 and prly the mysql version. Will let you know if i can figure out what it is.


The mysql version is probably not the issue, the default apache configuration may be. As I stated, I'm running a unmodified apache conf except for enabling mod_rewrite.



To anwser my own post:
Found two issues,
1. had to explictly set the php variable "register_globals" to off
2. had to install php-curl (which is not mentioned as a requirement anywhere)

Seems to work now, except for the fact that when I log in, I get a error complaning about "INSECURE_REDIRECT".. (things still work if I refresh)
123Next pageLast page