Skip to content
Snippets Groups Projects
Commit 3bf933e3 authored by Andjelko Horvat's avatar Andjelko Horvat
Browse files

authtwitter: use state instead of session (issue 412). 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2867 44740490-163a-0410-bde0-09ae8108e29a
parent cb9538e2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/authtwitter/lib/Auth/Source/Twitter.php
+ 5
12
View file @ 3bf933e3
...@@ -66,30 +66,23 @@ class sspmod_authtwitter_Auth_Source_Twitter extends SimpleSAML_Auth_Source { ...@@ -66,30 +66,23 @@ class sspmod_authtwitter_Auth_Source_Twitter extends SimpleSAML_Auth_Source {
$stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
// SimpleSAML_Logger::debug('facebook auth state id = ' . $stateID);
$consumer = new sspmod_oauth_Consumer($this->key, $this->secret); $consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
// Get the request token // Get the request token
$requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token'); $linkback = SimpleSAML_Module::getModuleURL('authtwitter/linkback.php', array('AuthState' => $stateID));
$requestToken = $consumer->getRequestToken('https://api.twitter.com/oauth/request_token', array('oauth_callback' => $linkback));
SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" .
$requestToken->key . "] with the secret [" . $requestToken->secret . "]"); $requestToken->key . "] with the secret [" . $requestToken->secret . "]");
$oauthState = array( $state['authtwitter:authdata:requestToken'] = $requestToken;
'requestToken' => serialize($requestToken), SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
'stateid' => $stateID,
);
$session = SimpleSAML_Session::getInstance();
$session->setData('oauth', 'oauth', $oauthState);
// Authorize the request token // Authorize the request token
$consumer->getAuthorizeRequest('https://api.twitter.com/oauth/authenticate', $requestToken); $consumer->getAuthorizeRequest('https://api.twitter.com/oauth/authenticate', $requestToken);
} }
public function finalStep(&$state) { public function finalStep(&$state) {
$requestToken = unserialize($state['requestToken']); $requestToken = $state['authtwitter:authdata:requestToken'];
$consumer = new sspmod_oauth_Consumer($this->key, $this->secret); $consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
......
modules/authtwitter/www/linkback.php
+ 4
9
View file @ 3bf933e3
...@@ -4,17 +4,12 @@ ...@@ -4,17 +4,12 @@
* Handle linkback() response from Twitter. * Handle linkback() response from Twitter.
*/ */
$session = SimpleSAML_Session::getInstance(); if (!array_key_exists('AuthState', $_REQUEST) || empty($_REQUEST['AuthState'])) {
throw new SimpleSAML_Error_BadRequest('Missing state parameter on twitter linkback endpoint.');
$oauthState = $session->getData('oauth', 'oauth');
if (!array_key_exists('stateid', $oauthState) || empty($oauthState['stateid'])) {
throw new SimpleSAML_Error_BadRequest('Could not load oauthstate:stateid');
} }
$stateId = $oauthState['stateid']; $stateID = $_REQUEST['AuthState'];
$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT); $state = SimpleSAML_Auth_State::loadState($stateID, sspmod_authtwitter_Auth_Source_Twitter::STAGE_INIT);
$state['requestToken'] = $oauthState['requestToken'];
/* Find authentication source. */ /* Find authentication source. */
if (!array_key_exists(sspmod_authtwitter_Auth_Source_Twitter::AUTHID, $state)) { if (!array_key_exists(sspmod_authtwitter_Auth_Source_Twitter::AUTHID, $state)) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment