summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
Diffstat (limited to 'actions')
-rw-r--r--actions/twitterauthorization.php222
-rw-r--r--actions/twittersettings.php383
2 files changed, 288 insertions, 317 deletions
diff --git a/actions/twitterauthorization.php b/actions/twitterauthorization.php
new file mode 100644
index 000000000..b04f35327
--- /dev/null
+++ b/actions/twitterauthorization.php
@@ -0,0 +1,222 @@
+<?php
+/**
+ * Laconica, the distributed open-source microblogging tool
+ *
+ * Class for doing OAuth authentication against Twitter
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category Twitter
+ * @package Laconica
+ * @author Zach Copely <zach@controlyourself.ca>
+ * @copyright 2009 Control Yourself, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://laconi.ca/
+ */
+
+if (!defined('LACONICA')) {
+ exit(1);
+}
+
+/**
+ * Class for doing OAuth authentication against Twitter
+ *
+ * Peforms the OAuth "dance" between Laconica and Twitter -- requests a token,
+ * authorizes it, and exchanges it for an access token. It also creates a link
+ * (Foreign_link) between the Laconica user and Twitter user and stores the
+ * access token and secret in the link.
+ *
+ * @category Twitter
+ * @package Laconica
+ * @author Zach Copley <zach@controlyourself.ca>
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://laconi.ca/
+ *
+ */
+class TwitterauthorizationAction extends Action
+{
+ /**
+ * Initialize class members. Looks for 'oauth_token' parameter.
+ *
+ * @param array $args misc. arguments
+ *
+ * @return boolean true
+ */
+ function prepare($args)
+ {
+ parent::prepare($args);
+
+ $this->oauth_token = $this->arg('oauth_token');
+
+ return true;
+ }
+
+ /**
+ * Handler method
+ *
+ * @param array $args is ignored since it's now passed in in prepare()
+ *
+ * @return nothing
+ */
+ function handle($args)
+ {
+ parent::handle($args);
+
+ if (!common_logged_in()) {
+ $this->clientError(_('Not logged in.'), 403);
+ }
+
+ $user = common_current_user();
+ $flink = Foreign_link::getByUserID($user->id, TWITTER_SERVICE);
+
+ // If there's already a foreign link record, it means we already
+ // have an access token, and this is unecessary. So go back.
+
+ if (isset($flink)) {
+ common_redirect(common_local_url('twittersettings'));
+ }
+
+ // $this->oauth_token is only populated once Twitter authorizes our
+ // request token. If it's empty we're at the beginning of the auth
+ // process
+
+ if (empty($this->oauth_token)) {
+ $this->authorizeRequestToken();
+ } else {
+ $this->saveAccessToken();
+ }
+ }
+
+ /**
+ * Asks Twitter for a request token, and then redirects to Twitter
+ * to authorize it.
+ *
+ * @return nothing
+ */
+ function authorizeRequestToken()
+ {
+ try {
+
+ // Get a new request token and authorize it
+
+ $client = new TwitterOAuthClient();
+ $req_tok =
+ $client->getRequestToken(TwitterOAuthClient::$requestTokenURL);
+
+ // Sock the request token away in the session temporarily
+
+ $_SESSION['twitter_request_token'] = $req_tok->key;
+ $_SESSION['twitter_request_token_secret'] = $req_tok->secret;
+
+ $auth_link = $client->getAuthorizeLink($req_tok);
+
+ } catch (TwitterOAuthClientException $e) {
+ $msg = sprintf('OAuth client cURL error - code: %1s, msg: %2s',
+ $e->getCode(), $e->getMessage());
+ $this->serverError(_('Couldn\'t link your Twitter account.'));
+ }
+
+ common_redirect($auth_link);
+ }
+
+ /**
+ * Called when Twitter returns an authorized request token. Exchanges
+ * it for an access token and stores it.
+ *
+ * @return nothing
+ */
+ function saveAccessToken()
+ {
+
+ // Check to make sure Twitter returned the same request
+ // token we sent them
+
+ if ($_SESSION['twitter_request_token'] != $this->oauth_token) {
+ $this->serverError(_('Couldn\'t link your Twitter account.'));
+ }
+
+ try {
+
+ $client = new TwitterOAuthClient($_SESSION['twitter_request_token'],
+ $_SESSION['twitter_request_token_secret']);
+
+ // Exchange the request token for an access token
+
+ $atok = $client->getAccessToken(TwitterOAuthClient::$accessTokenURL);
+
+ // Test the access token and get the user's Twitter info
+
+ $client = new TwitterOAuthClient($atok->key, $atok->secret);
+ $twitter_user = $client->verifyCredentials();
+
+ } catch (OAuthClientException $e) {
+ $msg = sprintf('OAuth client cURL error - code: %1$s, msg: %2$s',
+ $e->getCode(), $e->getMessage());
+ $this->serverError(_('Couldn\'t link your Twitter account.'));
+ }
+
+ // Save the access token and Twitter user info
+
+ $this->saveForeignLink($atok, $twitter_user);
+
+ // Clean up the the mess we made in the session
+
+ unset($_SESSION['twitter_request_token']);
+ unset($_SESSION['twitter_request_token_secret']);
+
+ common_redirect(common_local_url('twittersettings'));
+ }
+
+ /**
+ * Saves a Foreign_link between Twitter user and local user,
+ * which includes the access token and secret.
+ *
+ * @param OAuthToken $access_token the access token to save
+ * @param mixed $twitter_user twitter API user object
+ *
+ * @return nothing
+ */
+ function saveForeignLink($access_token, $twitter_user)
+ {
+ $user = common_current_user();
+
+ $flink = new Foreign_link();
+
+ $flink->user_id = $user->id;
+ $flink->foreign_id = $twitter_user->id;
+ $flink->service = TWITTER_SERVICE;
+
+ $creds = TwitterOAuthClient::packToken($access_token);
+
+ $flink->credentials = $creds;
+ $flink->created = common_sql_now();
+
+ // Defaults: noticesync on, everything else off
+
+ $flink->set_flags(true, false, false, false);
+
+ $flink_id = $flink->insert();
+
+ if (empty($flink_id)) {
+ common_log_db_error($flink, 'INSERT', __FILE__);
+ $this->serverError(_('Couldn\'t link your Twitter account.'));
+ }
+
+ save_twitter_user($twitter_user->id, $twitter_user->screen_name);
+ }
+
+}
+
diff --git a/actions/twittersettings.php b/actions/twittersettings.php
index 3343dba95..0859ab9d3 100644
--- a/actions/twittersettings.php
+++ b/actions/twittersettings.php
@@ -34,8 +34,6 @@ if (!defined('LACONICA')) {
require_once INSTALLDIR.'/lib/connectsettingsaction.php';
require_once INSTALLDIR.'/lib/twitter.php';
-define('SUBSCRIPTIONS', 80);
-
/**
* Settings for Twitter integration
*
@@ -69,9 +67,8 @@ class TwittersettingsAction extends ConnectSettingsAction
function getInstructions()
{
- return _('Add your Twitter account to automatically send '.
- ' your notices to Twitter, ' .
- 'and subscribe to Twitter friends already here.');
+ return _('Connect your Twitter account to share your updates ' .
+ 'with your Twitter friends and vice-versa.');
}
/**
@@ -99,7 +96,7 @@ class TwittersettingsAction extends ConnectSettingsAction
$flink = Foreign_link::getByUserID($user->id, TWITTER_SERVICE);
- if ($flink) {
+ if (!empty($flink)) {
$fuser = $flink->getForeignUser();
}
@@ -108,192 +105,86 @@ class TwittersettingsAction extends ConnectSettingsAction
'class' => 'form_settings',
'action' =>
common_local_url('twittersettings')));
- $this->elementStart('fieldset', array('id' => 'settings_twitter_account'));
- $this->element('legend', null, _('Twitter Account'));
+
$this->hidden('token', common_session_token());
- if ($fuser) {
+
+ $this->elementStart('fieldset', array('id' => 'settings_twitter_account'));
+
+ if (empty($fuser)) {
$this->elementStart('ul', 'form_data');
- $this->elementStart('li', array('id' => 'settings_twitter_remove'));
- $this->element('span', 'twitter_user', $fuser->nickname);
- $this->element('a', array('href' => $fuser->uri), $fuser->uri);
- $this->element('p', 'form_note',
- _('Current verified Twitter account.'));
- $this->hidden('flink_foreign_id', $flink->foreign_id);
+ $this->elementStart('li', array('id' => 'settings_twitter_login_button'));
+ $this->element('a', array('href' => common_local_url('twitterauthorization')),
+ 'Connect my Twitter account');
$this->elementEnd('li');
$this->elementEnd('ul');
- $this->submit('remove', _('Remove'));
+
+ $this->elementEnd('fieldset');
} else {
+ $this->element('legend', null, _('Twitter account'));
+ $this->elementStart('p', array('id' => 'form_confirmed'));
+ $this->element('a', array('href' => $fuser->uri), $fuser->nickname);
+ $this->elementEnd('p');
+ $this->element('p', 'form_note',
+ _('Connected Twitter account'));
+
+ $this->submit('remove', _('Remove'));
+
+ $this->elementEnd('fieldset');
+
+ $this->elementStart('fieldset', array('id' => 'settings_twitter_preferences'));
+
+ $this->element('legend', null, _('Preferences'));
$this->elementStart('ul', 'form_data');
- $this->elementStart('li', array('id' => 'settings_twitter_login'));
- $this->input('twitter_username', _('Twitter user name'),
- ($this->arg('twitter_username')) ?
- $this->arg('twitter_username') :
- $profile->nickname,
- _('No spaces, please.')); // hey, it's what Twitter says
+ $this->elementStart('li');
+ $this->checkbox('noticesend',
+ _('Automatically send my notices to Twitter.'),
+ ($flink) ?
+ ($flink->noticesync & FOREIGN_NOTICE_SEND) :
+ true);
$this->elementEnd('li');
$this->elementStart('li');
- $this->password('twitter_password', _('Twitter password'));
- $this->elementend('li');
- $this->elementEnd('ul');
- }
- $this->elementEnd('fieldset');
-
- $this->elementStart('fieldset',
- array('id' => 'settings_twitter_preferences'));
- $this->element('legend', null, _('Preferences'));
-
- $this->elementStart('ul', 'form_data');
- $this->elementStart('li');
- $this->checkbox('noticesend',
- _('Automatically send my notices to Twitter.'),
- ($flink) ?
- ($flink->noticesync & FOREIGN_NOTICE_SEND) :
- true);
- $this->elementEnd('li');
- $this->elementStart('li');
- $this->checkbox('replysync',
- _('Send local "@" replies to Twitter.'),
- ($flink) ?
- ($flink->noticesync & FOREIGN_NOTICE_SEND_REPLY) :
- true);
- $this->elementEnd('li');
- $this->elementStart('li');
- $this->checkbox('friendsync',
- _('Subscribe to my Twitter friends here.'),
- ($flink) ?
- ($flink->friendsync & FOREIGN_FRIEND_RECV) :
- false);
- $this->elementEnd('li');
-
- if (common_config('twitterbridge','enabled')) {
+ $this->checkbox('replysync',
+ _('Send local "@" replies to Twitter.'),
+ ($flink) ?
+ ($flink->noticesync & FOREIGN_NOTICE_SEND_REPLY) :
+ true);
+ $this->elementEnd('li');
$this->elementStart('li');
- $this->checkbox('noticerecv',
- _('Import my Friends Timeline.'),
+ $this->checkbox('friendsync',
+ _('Subscribe to my Twitter friends here.'),
($flink) ?
- ($flink->noticesync & FOREIGN_NOTICE_RECV) :
+ ($flink->friendsync & FOREIGN_FRIEND_RECV) :
false);
$this->elementEnd('li');
- } else {
- // preserve setting even if bidrection bridge toggled off
- if ($flink && ($flink->noticesync & FOREIGN_NOTICE_RECV)) {
- $this->hidden('noticerecv', true, 'noticerecv');
- }
- }
-
- $this->elementEnd('ul');
-
- if ($flink) {
- $this->submit('save', _('Save'));
- } else {
- $this->submit('add', _('Add'));
- }
- $this->elementEnd('fieldset');
-
- $this->showTwitterSubscriptions();
-
- $this->elementEnd('form');
- }
- /**
- * Gets some of the user's Twitter friends
- *
- * Gets the number of Twitter friends that are on this
- * instance of Laconica.
- *
- * @return array array of User objects
- */
-
- function subscribedTwitterUsers()
- {
-
- $current_user = common_current_user();
-
- $qry = 'SELECT "user".* ' .
- 'FROM subscription ' .
- 'JOIN "user" ON subscription.subscribed = "user".id ' .
- 'JOIN foreign_link ON foreign_link.user_id = "user".id ' .
- 'WHERE subscriber = %d ' .
- 'ORDER BY "user".nickname';
-
- $user = new User();
-
- $user->query(sprintf($qry, $current_user->id));
-
- $users = array();
-
- while ($user->fetch()) {
-
- // Don't include the user's own self-subscription
- if ($user->id != $current_user->id) {
- $users[] = clone($user);
- }
- }
-
- return $users;
- }
-
- /**
- * Show user's Twitter friends
- *
- * Gets the number of Twitter friends that are on this
- * instance of Laconica, and shows their mini-avatars.
- *
- * @return void
- */
-
- function showTwitterSubscriptions()
- {
-
- $friends = $this->subscribedTwitterUsers();
-
- $friends_count = count($friends);
-
- if ($friends_count > 0) {
- $this->elementStart('div', array('id' => 'entity_subscriptions',
- 'class' => 'section'));
- $this->element('h2', null, _('Twitter Friends'));
- $this->elementStart('ul', 'entities users xoxo');
-
- for ($i = 0; $i < min($friends_count, SUBSCRIPTIONS); $i++) {
+ if (common_config('twitterbridge','enabled')) {
+ $this->elementStart('li');
+ $this->checkbox('noticerecv',
+ _('Import my Friends Timeline.'),
+ ($flink) ?
+ ($flink->noticesync & FOREIGN_NOTICE_RECV) :
+ false);
+ $this->elementEnd('li');
- $other = Profile::staticGet($friends[$i]->id);
+ // preserve setting even if bidrection bridge toggled off
- if (!$other) {
- common_log_db_error($subs, 'SELECT', __FILE__);
- continue;
+ if ($flink && ($flink->noticesync & FOREIGN_NOTICE_RECV)) {
+ $this->hidden('noticerecv', true, 'noticerecv');
}
-
- $this->elementStart('li', 'vcard');
- $this->elementStart('a', array('title' => ($other->fullname) ?
- $other->fullname :
- $other->nickname,
- 'href' => $other->profileurl,
- 'class' => 'url'));
-
- $avatar = $other->getAvatar(AVATAR_MINI_SIZE);
-
- $avatar_url = ($avatar) ?
- $avatar->displayUrl() :
- Avatar::defaultImage(AVATAR_MINI_SIZE);
-
- $this->element('img', array('src' => $avatar_url,
- 'width' => AVATAR_MINI_SIZE,
- 'height' => AVATAR_MINI_SIZE,
- 'class' => 'avatar photo',
- 'alt' => ($other->fullname) ?
- $other->fullname :
- $other->nickname));
-
- $this->element('span', 'fn nickname', $other->nickname);
- $this->elementEnd('a');
- $this->elementEnd('li');
-
}
$this->elementEnd('ul');
- $this->elementEnd('div');
+ if ($flink) {
+ $this->submit('save', _('Save'));
+ } else {
+ $this->submit('add', _('Add'));
+ }
+
+ $this->elementEnd('fieldset');
}
+
+ $this->elementEnd('form');
}
/**
@@ -309,7 +200,6 @@ class TwittersettingsAction extends ConnectSettingsAction
function handlePost()
{
-
// CSRF protection
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
@@ -320,8 +210,6 @@ class TwittersettingsAction extends ConnectSettingsAction
if ($this->arg('save')) {
$this->savePreferences();
- } else if ($this->arg('add')) {
- $this->addTwitterAccount();
} else if ($this->arg('remove')) {
$this->removeTwitterAccount();
} else {
@@ -330,82 +218,6 @@ class TwittersettingsAction extends ConnectSettingsAction
}
/**
- * Associate a Twitter account with the user's account
- *
- * Validates post input; verifies it against Twitter; and if
- * successful stores in the database.
- *
- * @return void
- */
-
- function addTwitterAccount()
- {
- $screen_name = $this->trimmed('twitter_username');
- $password = $this->trimmed('twitter_password');
- $noticesend = $this->boolean('noticesend');
- $noticerecv = $this->boolean('noticerecv');
- $replysync = $this->boolean('replysync');
- $friendsync = $this->boolean('friendsync');
-
- if (!Validate::string($screen_name,
- array('min_length' => 1,
- 'max_length' => 15,
- 'format' => VALIDATE_NUM.VALIDATE_ALPHA.'_'))) {
- $this->showForm(_('Username must have only numbers, '.
- 'upper- and lowercase letters, '.
- 'and underscore (_). 15 chars max.'));
- return;
- }
-
- if (!$this->verifyCredentials($screen_name, $password)) {
- $this->showForm(_('Could not verify your Twitter credentials!'));
- return;
- }
-
- $twit_user = twitter_user_info($screen_name, $password);
-
- if (!$twit_user) {
- $this->showForm(sprintf(_('Unable to retrieve account information '.
- 'For "%s" from Twitter.'),
- $screen_name));
- return;
- }
-
- if (!save_twitter_user($twit_user->id, $screen_name)) {
- $this->showForm(_('Unable to save your Twitter settings!'));
- return;
- }
-
- $user = common_current_user();
-
- $flink = new Foreign_link();
-
- $flink->user_id = $user->id;
- $flink->foreign_id = $twit_user->id;
- $flink->service = TWITTER_SERVICE;
- $flink->credentials = $password;
- $flink->created = common_sql_now();
-
- $flink->set_flags($noticesend, $noticerecv, $replysync, $friendsync);
-
- $flink_id = $flink->insert();
-
- if (!$flink_id) {
- common_log_db_error($flink, 'INSERT', __FILE__);
- $this->showForm(_('Unable to save your Twitter settings!'));
- return;
- }
-
- if ($friendsync) {
- save_twitter_friends($user, $twit_user->id, $screen_name, $password);
- $flink->last_friendsync = common_sql_now();
- $flink->update();
- }
-
- $this->showForm(_('Twitter settings saved.'), true);
- }
-
- /**
* Disassociate an existing Twitter account from this account
*
* @return void
@@ -414,20 +226,11 @@ class TwittersettingsAction extends ConnectSettingsAction
function removeTwitterAccount()
{
$user = common_current_user();
-
- $flink = Foreign_link::getByUserID($user->id, 1);
-
- $flink_foreign_id = $this->arg('flink_foreign_id');
-
- // Maybe an old tab open...?
- if ($flink->foreign_id != $flink_foreign_id) {
- $this->showForm(_('That is not your Twitter account.'));
- return;
- }
+ $flink = Foreign_link::getByUserID($user->id, TWITTER_SERVICE);
$result = $flink->delete();
- if (!$result) {
+ if (empty($result)) {
common_log_db_error($flink, 'DELETE', __FILE__);
$this->serverError(_('Couldn\'t remove Twitter user.'));
return;
@@ -450,32 +253,16 @@ class TwittersettingsAction extends ConnectSettingsAction
$replysync = $this->boolean('replysync');
$user = common_current_user();
+ $flink = Foreign_link::getByUserID($user->id, TWITTER_SERVICE);
- $flink = Foreign_link::getByUserID($user->id, 1);
-
- if (!$flink) {
+ if (empty($flink)) {
common_log_db_error($flink, 'SELECT', __FILE__);
$this->showForm(_('Couldn\'t save Twitter preferences.'));
return;
}
- $twitter_id = $flink->foreign_id;
- $password = $flink->credentials;
-
- $fuser = $flink->getForeignUser();
-
- if (!$fuser) {
- common_log_db_error($fuser, 'SELECT', __FILE__);
- $this->showForm(_('Couldn\'t save Twitter preferences.'));
- return;
- }
-
- $screen_name = $fuser->nickname;
-
$original = clone($flink);
-
$flink->set_flags($noticesend, $noticerecv, $replysync, $friendsync);
-
$result = $flink->update($original);
if ($result === false) {
@@ -484,45 +271,7 @@ class TwittersettingsAction extends ConnectSettingsAction
return;
}
- if ($friendsync) {
- save_twitter_friends($user, $flink->foreign_id, $screen_name, $password);
- }
-
$this->showForm(_('Twitter preferences saved.'), true);
}
- /**
- * Verifies a username and password against Twitter's API
- *
- * @param string $screen_name Twitter user name
- * @param string $password Twitter password
- *
- * @return boolean success flag
- */
-
- function verifyCredentials($screen_name, $password)
- {
- $uri = 'http://twitter.com/account/verify_credentials.json';
-
- $data = get_twitter_data($uri, $screen_name, $password);
-
- if (!$data) {
- return false;
- }
-
- $user = json_decode($data);
-
- if (!$user) {
- return false;
- }
-
- $twitter_id = $user->id;
-
- if ($twitter_id) {
- return $twitter_id;
- }
-
- return false;
- }
-
}