From 5d44386e762c5fbdf2866f174bd82788c09615ee Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Fri, 24 Jun 2011 16:30:44 -0400
Subject: Fixes #2958 cleaned up user login for twitter

---
 .../graphics/sign-in-with-twitter-d.png            | Bin 0 -> 3306 bytes
 .../graphics/sign-in-with-twitter-l.png            | Bin 0 -> 3062 bytes
 mod/twitter_api/lib/twitter_api.php                | 121 +++++++++++----------
 .../views/default/twitter_api/login.php            |   4 +-
 4 files changed, 65 insertions(+), 60 deletions(-)
 create mode 100644 mod/twitter_api/graphics/sign-in-with-twitter-d.png
 create mode 100644 mod/twitter_api/graphics/sign-in-with-twitter-l.png

(limited to 'mod/twitter_api')

diff --git a/mod/twitter_api/graphics/sign-in-with-twitter-d.png b/mod/twitter_api/graphics/sign-in-with-twitter-d.png
new file mode 100644
index 000000000..b49a0ba59
Binary files /dev/null and b/mod/twitter_api/graphics/sign-in-with-twitter-d.png differ
diff --git a/mod/twitter_api/graphics/sign-in-with-twitter-l.png b/mod/twitter_api/graphics/sign-in-with-twitter-l.png
new file mode 100644
index 000000000..834d43cfd
Binary files /dev/null and b/mod/twitter_api/graphics/sign-in-with-twitter-l.png differ
diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php
index 18855862e..81aef38fb 100644
--- a/mod/twitter_api/lib/twitter_api.php
+++ b/mod/twitter_api/lib/twitter_api.php
@@ -24,9 +24,9 @@ function twitter_api_allow_sign_on_with_twitter() {
 }
 
 /**
- * Forwards
+ * Forwards the user to twitter to authenticate
  *
- * @todo what is this?
+ * This includes the login URL as the callback
  */
 function twitter_api_forward() {
 	// sanity check
@@ -41,7 +41,18 @@ function twitter_api_forward() {
 }
 
 /**
- * Log in a user with twitter.
+ * Log in a user referred from Twitter's OAuth API
+ *
+ * If the user has already linked their account with Twitter, it is a seamless
+ * login. If this is a first time login (or a user from deprecated twitter login
+ * plugin), we create a new account (update the account).
+ *
+ * If a plugin wants to be notified when someone logs in with twitter or a new
+ * twitter user signs up, register for the standard login or create user events
+ * and check for 'twitter_api' context.
+ *
+ * The user has to be redirected from Twitter for this to work. It depends on
+ * the Twitter OAuth data.
  */
 function twitter_api_login() {
 
@@ -64,29 +75,26 @@ function twitter_api_login() {
 			'access_key' => $token['oauth_token'],
 			'access_secret' => $token['oauth_token_secret'],
 		),
-		'limit' => 0
+		'limit' => 0,
 	);
 
 	$users = elgg_get_entities_from_plugin_user_settings($options);
 
 	if ($users) {
 		if (count($users) == 1 && login($users[0])) {
-			system_message(elgg_echo('twitter_api:login:success'));
-			
-			// trigger login hook
-			elgg_trigger_plugin_hook('login', 'twitter_api', array('user' => $users[0]));
+			system_message(elgg_echo('twitter_api:login:success'));			
 		} else {
-			system_message(elgg_echo('twitter_api:login:error'));
+			register_error(elgg_echo('twitter_api:login:error'));
 		}
-
-		forward();
+		
+		forward(elgg_get_site_url());
 	} else {
 		$consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api');
 		$consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api');
 		$api = new TwitterOAuth($consumer_key, $consumer_secret, $token['oauth_token'], $token['oauth_token_secret']);
 		$twitter = $api->get('account/verify_credentials');
 
-		// backward compatibility for stalled-development Twitter Login plugin
+		// backward compatibility for deprecated Twitter Login plugin
 		$user = FALSE;
 		if ($twitter_user = get_user_by_username($token['screen_name'])) {
 			if (($screen_name = $twitter_user->twitter_screen_name) && ($screen_name == $token['screen_name'])) {
@@ -98,47 +106,9 @@ function twitter_api_login() {
 
 		// create new user
 		if (!$user) {
-			// check new registration allowed
-			if (!twitter_api_allow_new_users_with_twitter()) {
-				register_error(elgg_echo('registerdisabled'));
-				forward();
-			}
-
-			// trigger a hook for plugin authors to intercept
-			if (!elgg_trigger_plugin_hook('new_twitter_user', 'twitter_service', array('account' => $twitter), TRUE)) {
-				// halt execution
-				register_error(elgg_echo('twitter_api:login:error'));
-				forward();
-			}
-
-			// Elgg-ify Twitter credentials
-			$username = $twitter->screen_name;
-			while (get_user_by_username($username)) {
-				$username = $twitter->screen_name . '_' . rand(1000, 9999);
-			}
-
-			$password = generate_random_cleartext_password();
-			$name = $twitter->name;
-
-			$user = new ElggUser();
-			$user->username = $username;
-			$user->name = $name;
-			$user->access_id = ACCESS_PUBLIC;
-			$user->salt = generate_random_cleartext_password();
-			$user->password = generate_user_password($user, $password);
-			$user->owner_guid = 0;
-			$user->container_guid = 0;
-
-			if (!$user->save()) {
-				register_error(elgg_echo('registerbad'));
-				forward();
-			}
-
-			// @todo require email address?
-
+			$user = twitter_api_create_user($twitter);
 			$site_name = elgg_get_site_entity()->name;
 			system_message(elgg_echo('twitter_api:login:email', array($site_name)));
-
 			$forward = "settings/user/{$user->username}";
 		}
 
@@ -153,9 +123,6 @@ function twitter_api_login() {
 		// login new user
 		if (login($user)) {
 			system_message(elgg_echo('twitter_api:login:success'));
-			
-			// trigger login hook for new user
-			elgg_trigger_plugin_hook('first_login', 'twitter_api', array('user' => $user));
 		} else {
 			system_message(elgg_echo('twitter_api:login:error'));
 		}
@@ -168,11 +135,51 @@ function twitter_api_login() {
 	forward();
 }
 
+/**
+ * Create a new user from Twitter information
+ * 
+ * @param object $twitter Twitter OAuth response
+ * @return ElggUser
+ */
+function twitter_api_create_user($twitter) {
+	// check new registration allowed
+	if (!twitter_api_allow_new_users_with_twitter()) {
+		register_error(elgg_echo('registerdisabled'));
+		forward();
+	}
+
+	// Elgg-ify Twitter credentials
+	$username = $twitter->screen_name;
+	while (get_user_by_username($username)) {
+		// @todo I guess we just hope this is good enough
+		$username = $twitter->screen_name . '_' . rand(1000, 9999);
+	}
+
+	$password = generate_random_cleartext_password();
+	$name = $twitter->name;
+
+	$user = new ElggUser();
+	$user->username = $username;
+	$user->name = $name;
+	$user->access_id = ACCESS_PUBLIC;
+	$user->salt = generate_random_cleartext_password();
+	$user->password = generate_user_password($user, $password);
+	$user->owner_guid = 0;
+	$user->container_guid = 0;
+
+	if (!$user->save()) {
+		register_error(elgg_echo('registerbad'));
+		forward();
+	}
+
+	return $user;
+}
+
 /**
  * Pull in the latest avatar from twitter.
  *
- * @param unknown_type $user
- * @param unknown_type $file_location
+ * @param ElggUser $user
+ * @param string   $file_location
  */
 function twitter_api_update_user_avatar($user, $file_location) {
 	// twitter's images have a few suffixes:
@@ -210,8 +217,6 @@ function twitter_api_update_user_avatar($user, $file_location) {
 	
 	// update user's icontime
 	$user->icontime = time();
-
-	return TRUE;
 }
 
 /**
diff --git a/mod/twitter_api/views/default/twitter_api/login.php b/mod/twitter_api/views/default/twitter_api/login.php
index d0aca87ac..17bd76d56 100644
--- a/mod/twitter_api/views/default/twitter_api/login.php
+++ b/mod/twitter_api/views/default/twitter_api/login.php
@@ -1,10 +1,10 @@
 <?php
 /**
- * 
+ * Extension of login form for Twitter sign in
  */
 
 $url = elgg_get_site_url() . 'twitter_api/forward';
-$img_url = elgg_get_site_url() . 'mod/twitter_api/graphics/sign_in_with_twitter.gif';
+$img_url = elgg_get_site_url() . 'mod/twitter_api/graphics/sign-in-with-twitter-d.png';
 
 $login = <<<__HTML
 <div id="login_with_twitter">
-- 
cgit v1.2.3