File: Twitter.php

package info (click to toggle)
simplesamlphp 1.16.3-1%2Bdeb10u2
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 21,036 kB
  • sloc: php: 73,175; ansic: 875; sh: 83; perl: 82; xml: 52; makefile: 46
file content (149 lines) | stat: -rw-r--r-- 4,887 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
<?php

require_once(dirname(dirname(dirname(dirname(dirname(__FILE__))))) . '/oauth/libextinc/OAuth.php');

/**
 * Authenticate using Twitter.
 *
 * @author Andreas Åkre Solberg, UNINETT AS.
 * @package SimpleSAMLphp
 */
class sspmod_authtwitter_Auth_Source_Twitter extends SimpleSAML_Auth_Source
{
	/**
	 * The string used to identify our states.
	 */
	const STAGE_INIT = 'twitter:init';

	/**
	 * The key of the AuthId field in the state.
	 */
	const AUTHID = 'twitter:AuthId';

    /**
     * @var string
     */
	private $key;

    /**
     * @var string
     */
    private $secret;

    /**
     * @var bool
     */
	private $force_login;

    /**
     * @var bool
     */
    private $include_email;

	/**
	 * Constructor for this authentication source.
	 *
	 * @param array $info  Information about this authentication source.
	 * @param array $config  Configuration.
	 */
	public function __construct($info, $config)
    {
		assert(is_array($info));
		assert(is_array($config));

		// Call the parent constructor first, as required by the interface
		parent::__construct($info, $config);

		$configObject = SimpleSAML_Configuration::loadFromArray($config, 'authsources[' . var_export($this->authId, true) . ']');

		$this->key = $configObject->getString('key');
		$this->secret = $configObject->getString('secret');
		$this->force_login = $configObject->getBoolean('force_login', false);
		$this->include_email = $configObject->getBoolean('include_email', false);
	}


	/**
	 * Log-in using Twitter platform
	 *
	 * @param array &$state  Information about the current authentication.
	 */
	public function authenticate(&$state)
    {
		assert(is_array($state));

		// We are going to need the authId in order to retrieve this authentication source later
		$state[self::AUTHID] = $this->authId;
		
		$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
		
		$consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
		// Get the request token
		$linkback = SimpleSAML\Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID));
		$requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback));
		SimpleSAML\Logger::debug("Got a request token from the OAuth service provider [" .
			$requestToken->key . "] with the secret [" . $requestToken->secret . "]");

		$state['authtwitter:authdata:requestToken'] = $requestToken;
		SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);

		// Authorize the request token
		$url = 'https://api.twitter.com/oauth/authenticate';
		if ($this->force_login) {
			$url = \SimpleSAML\Utils\HTTP::addURLParameters($url, array('force_login' => 'true'));
		}
		$consumer->getAuthorizeRequest($url, $requestToken);
	}
	
	
	public function finalStep(&$state)
    {
		$requestToken = $state['authtwitter:authdata:requestToken'];
		$parameters = array();

		if (!isset($_REQUEST['oauth_token'])) {
			throw new SimpleSAML_Error_BadRequest("Missing oauth_token parameter.");
		}
		if ($requestToken->key !== (string)$_REQUEST['oauth_token']) {
			throw new SimpleSAML_Error_BadRequest("Invalid oauth_token parameter.");
		}

		if (!isset($_REQUEST['oauth_verifier'])) {
			throw new SimpleSAML_Error_BadRequest("Missing oauth_verifier parameter.");
		}
		$parameters['oauth_verifier'] = (string)$_REQUEST['oauth_verifier'];
		
		$consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
		
		SimpleSAML\Logger::debug("oauth: Using this request token [" .
			$requestToken->key . "] with the secret [" . $requestToken->secret . "]");

		// Replace the request token with an access token
		$accessToken = $consumer->getAccessToken('https://api.twitter.com/oauth/access_token', $requestToken, $parameters);
		SimpleSAML\Logger::debug("Got an access token from the OAuth service provider [" .
			$accessToken->key . "] with the secret [" . $accessToken->secret . "]");

		$verify_credentials_url = 'https://api.twitter.com/1.1/account/verify_credentials.json';
		if ($this->include_email) {
			$verify_credentials_url = $verify_credentials_url . '?include_email=true';
		}
		$userdata = $consumer->getUserInfo($verify_credentials_url, $accessToken);
		
		if (!isset($userdata['id_str']) || !isset($userdata['screen_name'])) {
			throw new SimpleSAML_Error_AuthSource($this->authId, 'Authentication error: id_str and screen_name not set.');
		}

		$attributes = array();
		foreach ($userdata as $key => $value) {
			if (is_string($value)) {
				$attributes['twitter.' . $key] = array((string)$value);
            }
		}
		
		$attributes['twitter_at_screen_name'] = array('@' . $userdata['screen_name']);
		$attributes['twitter_screen_n_realm'] = array($userdata['screen_name'] . '@twitter.com');
		$attributes['twitter_targetedID'] = array('http://twitter.com!' . $userdata['id_str']);
			
		$state['Attributes'] = $attributes;
	}
}