From ef351d0cf8a866cb40285e71fe5ed2b980bd11ed Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Sun, 5 Aug 2012 21:03:35 -0400 Subject: Fixes #4764: Twitter login supports persistent and referrer forwarding --- mod/twitter_api/lib/twitter_api.php | 44 ++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 6 deletions(-) (limited to 'mod/twitter_api/lib/twitter_api.php') diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php index fbce00d34..81c9c6628 100644 --- a/mod/twitter_api/lib/twitter_api.php +++ b/mod/twitter_api/lib/twitter_api.php @@ -29,6 +29,8 @@ function twitter_api_allow_sign_on_with_twitter() { * This includes the login URL as the callback */ function twitter_api_forward() { + global $SESSION; + // sanity check if (!twitter_api_allow_sign_on_with_twitter()) { forward(); @@ -37,6 +39,18 @@ function twitter_api_forward() { $callback = elgg_normalize_url("twitter_api/login"); $request_link = twitter_api_get_authorize_url($callback); + // capture metadata about login to persist through redirects + $login_metadata = array( + 'persistent' => (bool) get_input("persistent"), + ); + // capture referrer if in site, but not the twitter_api + if (!empty($_SERVER['HTTP_REFERER']) + && 0 === strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url()) + && 0 !== strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url() . 'twitter_api/')) { + $login_metadata['forward'] = $_SERVER['HTTP_REFERER']; + } + $SESSION['twitter_api_login_metadata'] = $login_metadata; + forward($request_link, 'twitter_api'); } @@ -55,6 +69,8 @@ function twitter_api_forward() { * the Twitter OAuth data. */ function twitter_api_login() { + /* @var ElggSession $SESSION */ + global $SESSION; // sanity check if (!twitter_api_allow_sign_on_with_twitter()) { @@ -62,6 +78,20 @@ function twitter_api_login() { } $token = twitter_api_get_access_token(get_input('oauth_verifier')); + + $persistent = false; + $forward = ''; + + // fetch login metadata from session + $login_metadata = $SESSION['twitter_api_login_metadata']; + unset($SESSION['twitter_api_login_metadata']); + if (!empty($login_metadata['persistent'])) { + $persistent = true; + } + if (!empty($login_metadata['forward'])) { + $forward = $login_metadata['forward']; + } + if (!isset($token['oauth_token']) or !isset($token['oauth_token_secret'])) { register_error(elgg_echo('twitter_api:login:error')); forward(); @@ -81,13 +111,13 @@ function twitter_api_login() { $users = elgg_get_entities_from_plugin_user_settings($options); if ($users) { - if (count($users) == 1 && login($users[0])) { - system_message(elgg_echo('twitter_api:login:success')); + if (count($users) == 1 && login($users[0], $persistent)) { + system_message(elgg_echo('twitter_api:login:success')); + forward($forward); } else { register_error(elgg_echo('twitter_api:login:error')); + forward(); } - - forward(elgg_get_site_url()); } else { $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api'); $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api'); @@ -301,9 +331,11 @@ function twitter_api_get_authorize_url($callback = NULL, $login = true) { /** * Returns the access token to use in twitter calls. * - * @param unknown_type $oauth_verifier + * @param bool $oauth_verifier + * @return array */ function twitter_api_get_access_token($oauth_verifier = FALSE) { + /* @var ElggSession $SESSION */ global $SESSION; $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api'); @@ -312,7 +344,7 @@ function twitter_api_get_access_token($oauth_verifier = FALSE) { // retrieve stored tokens $oauth_token = $SESSION['twitter_api']['oauth_token']; $oauth_token_secret = $SESSION['twitter_api']['oauth_token_secret']; - $SESSION->offsetUnset('twitter_api'); + unset($SESSION['twitter_api']); // fetch an access token $api = new TwitterOAuth($consumer_key, $consumer_secret, $oauth_token, $oauth_token_secret); -- cgit v1.2.3