From 3bf933e3ad0b0368043ddb749c7e58e7fc1350c1 Mon Sep 17 00:00:00 2001
From: Andjelko Horvat <comel@vingd.com>
Date: Tue, 5 Jul 2011 12:08:29 +0000
Subject: [PATCH] authtwitter: use state instead of session (issue 412).

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2867 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/authtwitter/lib/Auth/Source/Twitter.php | 17 +++++------------
 modules/authtwitter/www/linkback.php            | 13 ++++---------
 2 files changed, 9 insertions(+), 21 deletions(-)

diff --git a/modules/authtwitter/lib/Auth/Source/Twitter.php b/modules/authtwitter/lib/Auth/Source/Twitter.php
index 0aa6397cd..e021c3349 100644
--- a/modules/authtwitter/lib/Auth/Source/Twitter.php
+++ b/modules/authtwitter/lib/Auth/Source/Twitter.php
@@ -66,30 +66,23 @@ class sspmod_authtwitter_Auth_Source_Twitter extends SimpleSAML_Auth_Source {
 		
 		$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
 		
-		// SimpleSAML_Logger::debug('facebook auth state id = ' . $stateID);
-		
 		$consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
-
 		// Get the request token
-		$requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token');
+		$linkback = SimpleSAML_Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID));
+		$requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback));
 		SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . 
 			$requestToken->key . "] with the secret [" . $requestToken->secret . "]");
 
-		$oauthState = array(
-			'requestToken' => serialize($requestToken),
-			'stateid' => $stateID,
-		);
-		$session = SimpleSAML_Session::getInstance();
-		$session->setData('oauth', 'oauth', $oauthState);
+		$state['authtwitter:authdata:requestToken'] = $requestToken;
+		SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
 
 		// Authorize the request token
 		$consumer->getAuthorizeRequest('https://api.twitter.com/oauth/authenticate', $requestToken);
-
 	}
 	
 	
 	public function finalStep(&$state) {
-		$requestToken = unserialize($state['requestToken']);
+		$requestToken = $state['authtwitter:authdata:requestToken'];
 		
 		$consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
 		
diff --git a/modules/authtwitter/www/linkback.php b/modules/authtwitter/www/linkback.php
index 99bd06662..de6ec85ce 100644
--- a/modules/authtwitter/www/linkback.php
+++ b/modules/authtwitter/www/linkback.php
@@ -4,17 +4,12 @@
  * Handle linkback() response from Twitter.
  */
 
-$session = SimpleSAML_Session::getInstance();
- 
-$oauthState = $session->getData('oauth', 'oauth');
-
-if (!array_key_exists('stateid', $oauthState) || empty($oauthState['stateid'])) {
-	throw new SimpleSAML_Error_BadRequest('Could not load oauthstate:stateid');
+if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) {
+	throw new SimpleSAML_Error_BadRequest('Missing state parameter on twitter linkback endpoint.');
 }
-$stateId = $oauthState['stateid'];
+$stateID = $_REQUEST['AuthState'];
 
-$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT);
-$state['requestToken'] = $oauthState['requestToken'];
+$state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT);
 
 /* Find authentication source. */
 if (!array_key_exists(sspmod_authtwitter_Auth_Source_Twitter::AUTHID, $state)) {
-- 
GitLab