Upgrade Twitter bridge to use OAuth 1.0a. It's more secure, and allows

us to automatically send in a callback url instead of having to manually configure one for each StatusNet instance.
2010-02-16 06:12:08 +00:00
parent e8275aa60a
commit c201baffbf
3 changed files with 98 additions and 28 deletions
--- a/plugins/TwitterBridge/twitterauthorization.php
+++ b/plugins/TwitterBridge/twitterauthorization.php
@@ -56,6 +56,7 @@ class TwitterauthorizationAction extends Action
    var $tw_fields    = null;
    var $access_token = null;
    var $signin       = null;
+    var $verifier     = null;

    /**
     * Initialize class members. Looks for 'oauth_token' parameter.
@@ -70,6 +71,7 @@ class TwitterauthorizationAction extends Action

        $this->signin      = $this->boolean('signin');
        $this->oauth_token = $this->arg('oauth_token');
+        $this->verifier    = $this->arg('oauth_verifier');

        return true;
    }
@@ -160,8 +162,7 @@ class TwitterauthorizationAction extends Action
            // Get a new request token and authorize it

            $client  = new TwitterOAuthClient();
-            $req_tok =
-              $client->getRequestToken(TwitterOAuthClient::$requestTokenURL);
+            $req_tok = $client->getRequestToken();

            // Sock the request token away in the session temporarily

@@ -171,7 +172,7 @@ class TwitterauthorizationAction extends Action
            $auth_link = $client->getAuthorizeLink($req_tok, $this->signin);

        } catch (OAuthClientException $e) {
-            $msg = sprintf('OAuth client cURL error - code: %1s, msg: %2s',
+            $msg = sprintf('OAuth client error - code: %1s, msg: %2s',
                           $e->getCode(), $e->getMessage());
            $this->serverError(_m('Couldn\'t link your Twitter account.'));
        }
@@ -187,7 +188,6 @@ class TwitterauthorizationAction extends Action
     */
    function saveAccessToken()
    {
-
        // Check to make sure Twitter returned the same request
        // token we sent them

@@ -204,7 +204,7 @@ class TwitterauthorizationAction extends Action

            // Exchange the request token for an access token

-            $atok = $client->getAccessToken(TwitterOAuthClient::$accessTokenURL);
+            $atok = $client->getAccessToken($this->verifier);

            // Test the access token and get the user's Twitter info

--- a/plugins/TwitterBridge/twitteroauthclient.php
+++ b/plugins/TwitterBridge/twitteroauthclient.php
@@ -91,6 +91,19 @@ class TwitterOAuthClient extends OAuthClient
        }
    }

+    /**
+     * Gets a request token from Twitter
+     *
+     * @return OAuthToken $token the request token
+     */
+    function getRequestToken()
+    {
+        return parent::getRequestToken(
+            self::$requestTokenURL,
+            common_local_url('twitterauthorization')
+        );
+    }
+
    /**
     * Builds a link to Twitter's endpoint for authorizing a request token
     *
@@ -107,6 +120,21 @@ class TwitterOAuthClient extends OAuthClient
                                        common_local_url('twitterauthorization'));
    }

+    /**
+     * Fetches an access token from Twitter
+     *
+     * @param string $verifier 1.0a verifier
+     *
+     * @return OAuthToken $token the access token
+     */
+    function getAccessToken($verifier = null)
+    {
+        return parent::getAccessToken(
+            self::$accessTokenURL,
+            $verifier
+        );
+    }
+
    /**
     * Calls Twitter's /account/verify_credentials API method
     *