aboutsummaryrefslogtreecommitdiff
path: root/mod/twitter_api/lib/twitter_api.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/twitter_api/lib/twitter_api.php')
-rw-r--r--mod/twitter_api/lib/twitter_api.php233
1 files changed, 136 insertions, 97 deletions
diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php
index 167dbe0f5..a7b971876 100644
--- a/mod/twitter_api/lib/twitter_api.php
+++ b/mod/twitter_api/lib/twitter_api.php
@@ -6,6 +6,27 @@
*/
/**
+ * Get the API wrapper object
+ *
+ * @param string $oauth_token User's OAuth token
+ * @param string $oauth_token_secret User's OAuth secret
+ * @return TwitterOAuth|null
+ */
+function twitter_api_get_api_object($oauth_token = null, $oauth_token_secret = null) {
+ $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
+ $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
+ if (!($consumer_key && $consumer_secret)) {
+ return null;
+ }
+
+ $api = new TwitterOAuth($consumer_key, $consumer_secret, $oauth_token, $oauth_token_secret);
+ if ($api) {
+ $api->host = "https://api.twitter.com/1.1/";
+ }
+ return $api;
+}
+
+/**
* Tests if the system admin has enabled Sign-On-With-Twitter
*
* @param void
@@ -24,11 +45,13 @@ function twitter_api_allow_sign_on_with_twitter() {
}
/**
- * Forwards
+ * Forwards the user to twitter to authenticate
*
- * @todo what is this?
+ * This includes the login URL as the callback
*/
function twitter_api_forward() {
+ global $SESSION;
+
// sanity check
if (!twitter_api_allow_sign_on_with_twitter()) {
forward();
@@ -37,13 +60,40 @@ function twitter_api_forward() {
$callback = elgg_normalize_url("twitter_api/login");
$request_link = twitter_api_get_authorize_url($callback);
+ // capture metadata about login to persist through redirects
+ $login_metadata = array(
+ 'persistent' => (bool) get_input("persistent"),
+ );
+ // capture referrer if in site, but not the twitter_api
+ if (!empty($SESSION['last_forward_from'])) {
+ $login_metadata['forward'] = $SESSION['last_forward_from'];
+ } elseif (!empty($_SERVER['HTTP_REFERER'])
+ && 0 === strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url())
+ && 0 !== strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url() . 'twitter_api/')) {
+ $login_metadata['forward'] = $_SERVER['HTTP_REFERER'];
+ }
+ $SESSION['twitter_api_login_metadata'] = $login_metadata;
+
forward($request_link, 'twitter_api');
}
/**
- * Log in a user with twitter.
+ * Log in a user referred from Twitter's OAuth API
+ *
+ * If the user has already linked their account with Twitter, it is a seamless
+ * login. If this is a first time login (or a user from deprecated twitter login
+ * plugin), we create a new account (update the account).
+ *
+ * If a plugin wants to be notified when someone logs in with twitter or a new
+ * twitter user signs up, register for the standard login or create user events
+ * and check for 'twitter_api' context.
+ *
+ * The user has to be redirected from Twitter for this to work. It depends on
+ * the Twitter OAuth data.
*/
function twitter_api_login() {
+ /* @var ElggSession $SESSION */
+ global $SESSION;
// sanity check
if (!twitter_api_allow_sign_on_with_twitter()) {
@@ -51,7 +101,21 @@ function twitter_api_login() {
}
$token = twitter_api_get_access_token(get_input('oauth_verifier'));
- if (!isset($token['oauth_token']) or !isset($token['oauth_token_secret'])) {
+
+ $persistent = false;
+ $forward = '';
+
+ // fetch login metadata from session
+ $login_metadata = $SESSION['twitter_api_login_metadata'];
+ unset($SESSION['twitter_api_login_metadata']);
+ if (!empty($login_metadata['persistent'])) {
+ $persistent = true;
+ }
+ if (!empty($login_metadata['forward'])) {
+ $forward = $login_metadata['forward'];
+ }
+
+ if (!isset($token['oauth_token']) || !isset($token['oauth_token_secret'])) {
register_error(elgg_echo('twitter_api:login:error'));
forward();
}
@@ -64,32 +128,24 @@ function twitter_api_login() {
'access_key' => $token['oauth_token'],
'access_secret' => $token['oauth_token_secret'],
),
- 'limit' => 0
+ 'limit' => 0,
);
$users = elgg_get_entities_from_plugin_user_settings($options);
if ($users) {
- if (count($users) == 1 && login($users[0])) {
+ if (count($users) == 1 && login($users[0], $persistent)) {
system_message(elgg_echo('twitter_api:login:success'));
-
- // trigger login hook
- elgg_trigger_plugin_hook('login', 'twitter_api', array('user' => $users[0]));
+ forward($forward);
} else {
- system_message(elgg_echo('twitter_api:login:error'));
+ register_error(elgg_echo('twitter_api:login:error'));
+ forward();
}
-
- forward();
} else {
- // need Twitter account credentials
- elgg_load_library('twitter_oauth');
-
- $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
- $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
- $api = new TwitterOAuth($consumer_key, $consumer_secret, $token['oauth_token'], $token['oauth_token_secret']);
+ $api = twitter_api_get_api_object($token['oauth_token'], $token['oauth_token_secret']);
$twitter = $api->get('account/verify_credentials');
- // backward compatibility for stalled-development Twitter Login plugin
+ // backward compatibility for deprecated Twitter Login plugin
$user = FALSE;
if ($twitter_user = get_user_by_username($token['screen_name'])) {
if (($screen_name = $twitter_user->twitter_screen_name) && ($screen_name == $token['screen_name'])) {
@@ -101,48 +157,10 @@ function twitter_api_login() {
// create new user
if (!$user) {
- // check new registration allowed
- if (!twitter_api_allow_new_users_with_twitter()) {
- register_error(elgg_echo('registerdisabled'));
- forward();
- }
-
- // trigger a hook for plugin authors to intercept
- if (!elgg_trigger_plugin_hook('new_twitter_user', 'twitter_service', array('account' => $twitter), TRUE)) {
- // halt execution
- register_error(elgg_echo('twitter_api:login:error'));
- forward();
- }
-
- // Elgg-ify Twitter credentials
- $username = $twitter->screen_name;
- while (get_user_by_username($username)) {
- $username = $twitter->screen_name . '_' . rand(1000, 9999);
- }
-
- $password = generate_random_cleartext_password();
- $name = $twitter->name;
-
- $user = new ElggUser();
- $user->username = $username;
- $user->name = $name;
- $user->access_id = ACCESS_PUBLIC;
- $user->salt = generate_random_cleartext_password();
- $user->password = generate_user_password($user, $password);
- $user->owner_guid = 0;
- $user->container_guid = 0;
-
- if (!$user->save()) {
- register_error(elgg_echo('registerbad'));
- forward();
- }
-
- // @todo require email address?
-
+ $user = twitter_api_create_user($twitter);
$site_name = elgg_get_site_entity()->name;
system_message(elgg_echo('twitter_api:login:email', array($site_name)));
-
- $forward = "settings/user/{$user->username}";
+ $forward = "twitter_api/interstitial";
}
// set twitter services tokens
@@ -156,9 +174,6 @@ function twitter_api_login() {
// login new user
if (login($user)) {
system_message(elgg_echo('twitter_api:login:success'));
-
- // trigger login hook for new user
- elgg_trigger_plugin_hook('first_login', 'twitter_api', array('user' => $user));
} else {
system_message(elgg_echo('twitter_api:login:error'));
}
@@ -172,37 +187,70 @@ function twitter_api_login() {
}
/**
+ * Create a new user from Twitter information
+ *
+ * @param object $twitter Twitter OAuth response
+ * @return ElggUser
+ */
+function twitter_api_create_user($twitter) {
+ // check new registration allowed
+ if (!twitter_api_allow_new_users_with_twitter()) {
+ register_error(elgg_echo('registerdisabled'));
+ forward();
+ }
+
+ // Elgg-ify Twitter credentials
+ $username = $twitter->screen_name;
+ while (get_user_by_username($username)) {
+ // @todo I guess we just hope this is good enough
+ $username = $twitter->screen_name . '_' . rand(1000, 9999);
+ }
+
+ $password = generate_random_cleartext_password();
+ $name = $twitter->name;
+
+ $user = new ElggUser();
+ $user->username = $username;
+ $user->name = $name;
+ $user->access_id = ACCESS_PUBLIC;
+ $user->salt = generate_random_cleartext_password();
+ $user->password = generate_user_password($user, $password);
+ $user->owner_guid = 0;
+ $user->container_guid = 0;
+
+ if (!$user->save()) {
+ register_error(elgg_echo('registerbad'));
+ forward();
+ }
+
+ return $user;
+}
+
+/**
* Pull in the latest avatar from twitter.
*
- * @param unknown_type $user
- * @param unknown_type $file_location
+ * @param ElggUser $user
+ * @param string $file_location
*/
function twitter_api_update_user_avatar($user, $file_location) {
// twitter's images have a few suffixes:
// _normal
- // _resonably_small
+ // _reasonably_small
// _mini
// the twitter app here returns _normal. We want standard, so remove the suffix.
// @todo Should probably check that it's an image file.
$file_location = str_replace('_normal.jpg', '.jpg', $file_location);
- $sizes = array(
- 'topbar' => array(16, 16, TRUE),
- 'tiny' => array(25, 25, TRUE),
- 'small' => array(40, 40, TRUE),
- 'medium' => array(100, 100, TRUE),
- 'large' => array(200, 200, FALSE),
- 'master' => array(550, 550, FALSE),
- );
+ $icon_sizes = elgg_get_config('icon_sizes');
$filehandler = new ElggFile();
$filehandler->owner_guid = $user->getGUID();
- foreach ($sizes as $size => $dimensions) {
+ foreach ($icon_sizes as $size => $dimensions) {
$image = get_resized_image_from_existing_file(
$file_location,
- $dimensions[0],
- $dimensions[1],
- $dimensions[2]
+ $dimensions['w'],
+ $dimensions['h'],
+ $dimensions['square']
);
$filehandler->setFilename("profile/$user->guid$size.jpg");
@@ -213,8 +261,6 @@ function twitter_api_update_user_avatar($user, $file_location) {
// update user's icontime
$user->icontime = time();
-
- return TRUE;
}
/**
@@ -228,7 +274,7 @@ function twitter_api_update_user_avatar($user, $file_location) {
* to establish session request tokens.
*/
function twitter_api_authorize() {
- $token = twitter_api_get_access_token();
+ $token = twitter_api_get_access_token(get_input('oauth_verifier'));
if (!isset($token['oauth_token']) || !isset($token['oauth_token_secret'])) {
register_error(elgg_echo('twitter_api:authorize:error'));
forward('settings/plugins', 'twitter_api');
@@ -243,7 +289,6 @@ function twitter_api_authorize() {
),
'limit' => 0
);
-
$users = elgg_get_entities_from_plugin_user_settings($options);
if ($users) {
@@ -281,19 +326,15 @@ function twitter_api_revoke() {
}
/**
- * Returns the url to authorize a user.
+ * Gets the url to authorize a user.
*
- * @param string $callback The callback URL?
+ * @param string $callback The callback URL
*/
-function twitter_api_get_authorize_url($callback = NULL) {
+function twitter_api_get_authorize_url($callback = NULL, $login = true) {
global $SESSION;
- elgg_load_library('twitter_oauth');
-
- $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
- $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
// request tokens from Twitter
- $twitter = new TwitterOAuth($consumer_key, $consumer_secret);
+ $twitter = twitter_api_get_api_object();
$token = $twitter->getRequestToken($callback);
// save token in session for use after authorization
@@ -302,28 +343,26 @@ function twitter_api_get_authorize_url($callback = NULL) {
'oauth_token_secret' => $token['oauth_token_secret'],
);
- return $twitter->getAuthorizeURL($token['oauth_token']);
+ return $twitter->getAuthorizeURL($token['oauth_token'], $login);
}
/**
* Returns the access token to use in twitter calls.
*
- * @param unknown_type $oauth_verifier
+ * @param bool $oauth_verifier
+ * @return array
*/
function twitter_api_get_access_token($oauth_verifier = FALSE) {
+ /* @var ElggSession $SESSION */
global $SESSION;
- elgg_load_library('twitter_oauth');
-
- $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
- $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
// retrieve stored tokens
$oauth_token = $SESSION['twitter_api']['oauth_token'];
$oauth_token_secret = $SESSION['twitter_api']['oauth_token_secret'];
- $SESSION->offsetUnset('twitter_api');
+ unset($SESSION['twitter_api']);
// fetch an access token
- $api = new TwitterOAuth($consumer_key, $consumer_secret, $oauth_token, $oauth_token_secret);
+ $api = twitter_api_get_api_object($oauth_token, $oauth_token_secret);
return $api->getAccessToken($oauth_verifier);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-13 23:14:35 +0000