From f3e5ae282a81227c311b848f592a9ed730cbf751 Mon Sep 17 00:00:00 2001
From: Andjelko Horvat <comel@vingd.com>
Date: Fri, 5 Apr 2013 17:18:19 +0000
Subject: [PATCH] authtwitter: oauth_verifier fix (issue #546).
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3232 44740490-163a-0410-bde0-09ae8108e29a
---
modules/authtwitter/lib/Auth/Source/Twitter.php | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/modules/authtwitter/lib/Auth/Source/Twitter.php b/modules/authtwitter/lib/Auth/Source/Twitter.php
index 710055980..af50d4441 100644
--- a/modules/authtwitter/lib/Auth/Source/Twitter.php
+++ b/modules/authtwitter/lib/Auth/Source/Twitter.php
@@ -83,6 +83,19 @@ class sspmod_authtwitter_Auth_Source_Twitter extends SimpleSAML_Auth_Source {
public function finalStep(&$state) {
$requestToken = $state['authtwitter:authdata:requestToken'];
+ $parameters = array();
+
+ if (!isset($_REQUEST['oauth_token'])) {
+ throw new SimpleSAML_Error_BadRequest("Missing oauth_token parameter.");
+ }
+ if ($requestToken->key !== (string)$_REQUEST['oauth_token']) {
+ throw new SimpleSAML_Error_BadRequest("Invalid oauth_token parameter.");
+ }
+
+ if (!isset($_REQUEST['oauth_verifier'])) {
+ throw new SimpleSAML_Error_BadRequest("Missing oauth_verifier parameter.");
+ }
+ $parameters['oauth_verifier'] = (string)$_REQUEST['oauth_verifier'];
$consumer = new sspmod_oauth_Consumer($this->key, $this->secret);
@@ -90,7 +103,7 @@ class sspmod_authtwitter_Auth_Source_Twitter extends SimpleSAML_Auth_Source {
$requestToken->key . "] with the secret [" . $requestToken->secret . "]");
// Replace the request token with an access token
- $accessToken = $consumer->getAccessToken('https://api.twitter.com/oauth/access_token', $requestToken);
+ $accessToken = $consumer->getAccessToken('https://api.twitter.com/oauth/access_token', $requestToken, $parameters);
SimpleSAML_Logger::debug("Got an access token from the OAuth service provider [" .
$accessToken->key . "] with the secret [" . $accessToken->secret . "]");
--
GitLab