worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Rewrite Twitter authentication module with Net::OAuth (#1012)

Browse Source
environments/ppa-mbqj77/deployments/1
Clément Oudot 9 years ago
parent aeda7331ec
commit fc02bce9d0
1 changed files with 137 additions and 70 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 207
      lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthTwitter.pm

207
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthTwitter.pm
Unescape View File

@ -7,7 +7,10 @@ package Lemonldap::NG::Portal::AuthTwitter;
use strict; use strict;
use Lemonldap::NG::Portal::Simple; use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_Browser;
use URI::Escape;
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
our $VERSION = '2.0.0'; our $VERSION = '2.0.0';
our $initDone; our $initDone;
@ -28,8 +31,11 @@ sub authInit {
$self->abort( 'Bad configuration', $self->abort( 'Bad configuration',
'twitterKey and twitterSecret parameters are required' ); 'twitterKey and twitterSecret parameters are required' );
} }
eval { require Net::Twitter }; eval {
$self->abort("Unable to load Net::Twitter: $@") if ($@); require Net::OAuth;
$Net::OAuth::PROTOCOL_VERSION = &Net::OAuth::PROTOCOL_VERSION_1_0A();
};
$self->abort("Unable to load Net::OAuth: $@") if ($@);
$initDone = 1; $initDone = 1;
PE_OK; PE_OK;
@ -39,54 +45,95 @@ sub authInit {
# Authenticate users by Twitter and set user # Authenticate users by Twitter and set user
# @return Lemonldap::NG::Portal constant # @return Lemonldap::NG::Portal constant
sub extractFormInfo { sub extractFormInfo {
my $self = shift; my $self = shift;
my $nonce = time;
# Build Net::Twitter object # Default values for Twitter API
$self->{_twitter} = Net::Twitter->new( $self->{twitterRequestTokenURL} ||=
traits => [qw/API::REST OAuth/], "https://api.twitter.com/oauth/request_token";
consumer_key => $self->{twitterKey}, $self->{twitterAuthorizeURL} ||= "https://api.twitter.com/oauth/authorize";
consumer_secret => $self->{twitterSecret}, $self->{twitterAccessTokenURL} ||=
clientname => $self->{twitterAppName} || 'Lemonldap::NG' "https://api.twitter.com/oauth/access_token";
);
# 1. Request to authenticate # 1. Request to authenticate
unless ( $self->param('twitterback') ) { unless ( $self->param('twitterback') ) {
$self->lmLog( 'Redirection to Twitter', 'debug' ); $self->lmLog( 'Redirection to Twitter', 'debug' );
my $url;
# 1.1 Try to get token to dialog with Twitter # 1.1 Try to get token to dialog with Twitter
eval { my $callback_url = $self->{portal};
$url =
$self->{_twitter}->get_authorization_url( # Twitter callback parameter
callback => "$self->{portal}?twitterback=1&url=" $callback_url .=
. $self->get_url() ); ( $callback_url =~ /\?/ ? '&' : '?' ) . "twitterback=1";
};
# Add request state parameters
# If 401 is returned => application not declared on Twitter if ( $self->{_url} ) {
if ($@) { my $url_param = 'url=' . uri_escape( $self->{_url} );
if ( $@ =~ /\b401\b/ ) { $callback_url .= ( $callback_url =~ /\?/ ? '&' : '?' ) . $url_param;
$self->abort('Twitter application undeclared'); }
if ( $self->param( $self->{authChoiceParam} ) ) {
my $url_param =
$self->{authChoiceParam} . '='
. uri_escape( $self->param( $self->{authChoiceParam} ) );
$callback_url .= ( $callback_url =~ /\?/ ? '&' : '?' ) . $url_param;
}
# Forward hidden fields
if ( exists $self->{portalHiddenFormValues} ) {
$self->lmLog( "Add hidden values to CAS redirect URL\n", 'debug' );
foreach ( keys %{ $self->{portalHiddenFormValues} } ) {
$callback_url .=
( $callback_url =~ /\?/ ? '&' : '?' )
. $_ . '='
. uri_escape( $self->{portalHiddenFormValues}->{$_} );
} }
$self->lmLog( "Net::Twitter error: $@", 'error' );
return PE_ERROR;
} }
# 1.2 Store token key and secret in cookies my $request = Net::OAuth->request("request token")->new(
push @{ $self->{cookie} }, consumer_key => $self->{twitterKey},
$self->cookie( consumer_secret => $self->{twitterSecret},
-name => '_twitTok', request_url => $self->{twitterRequestTokenURL},
-value => $self->{_twitter}->request_token, request_method => 'POST',
-expires => '+3m' signature_method => 'HMAC-SHA1',
), timestamp => time,
$self->cookie( nonce => $nonce,
-name => '_twitSec', callback => $callback_url,
-value => $self->{_twitter}->request_token_secret, );
-expires => '+3m'
); $request->sign;
# 1.3 Redirect user to Twitter my $request_url = $request->to_url;
$self->redirect( -uri => $url );
$self->quit(); $self->lmLog( "POST $request_url to Twitter", 'debug' );
my $res = $self->ua()->post($request_url);
$self->lmLog( "Twitter response: " . $res->as_string, 'debug' );
if ( $res->is_success ) {
my $response = Net::OAuth->response('request token')
->from_post_body( $res->content );
# 1.2 Store token key and secret in cookies
push @{ $self->{cookie} },
$self->cookie(
-name => '_twitSec',
-value => $response->token_secret,
-expires => '+3m'
);
# 1.3 Redirect user to Twitter
my $authorize_url =
$self->{twitterAuthorizeURL} . "?oauth_token=" . $response->token;
$self->redirect( -uri => $authorize_url );
$self->quit();
}
else {
$self->lmLog( 'Twitter OAuth protocol error: ' . $res->content,
'error' );
return PE_ERROR;
}
} }
# 2. User is back from Twitter # 2. User is back from Twitter
@ -97,33 +144,56 @@ sub extractFormInfo {
return PE_ERROR; return PE_ERROR;
} }
$self->lmLog(
"Get token $request_token and verifier $verifier from Twitter",
'debug' );
# 2.1 Reconnect to Twitter # 2.1 Reconnect to Twitter
( my $access = Net::OAuth->request("access token")->new(
$self->{sessionInfo}->{_access_token}, consumer_key => $self->{twitterKey},
$self->{sessionInfo}->{_access_token_secret} consumer_secret => $self->{twitterSecret},
) request_url => $self->{twitterAccessTokenURL},
= $self->{_twitter}->request_access_token( request_method => 'POST',
token => $self->cookie('_twitTok'), signature_method => 'HMAC-SHA1',
token_secret => $self->cookie('_twitSec'), verifier => $verifier,
verifier => $verifier token => $request_token,
); token_secret => $self->cookie('_twitSec'),
timestamp => time,
# 2.2 Ask for user_timeline : I've not found an other way to access to user nonce => $nonce,
# datas ! );
my $status = eval { $self->{_twitter}->user_timeline( { count => 1 } ) }; $access->sign;
# 2.3 Check if user has accepted authentication my $access_url = $access->to_url;
if ($@) {
if ( $@ =~ /\b401\b/ ) { $self->lmLog( "POST $access_url to Twitter", 'debug' );
$self->userError('Twitter authentication refused');
return PE_BADCREDENTIALS; my $res_access = $self->ua()->post($access_url);
} $self->lmLog( "Twitter response: " . $res_access->as_string, 'debug' );
$self->lmLog( "Net::Twitter error: $@", 'error' );
if ( $res_access->is_success ) {
my $response = Net::OAuth->response('access token')
->from_post_body( $res_access->content );
# Get user_id and screename
$self->{_twitterUserId} = $response->{extra_params}->{user_id};
$self->{_twitterScreenName} = $response->{extra_params}->{screen_name};
$self->lmLog(
"Get user id "
. $self->{_twitterUserId}
. " and screen name "
. $self->{_twitterScreenName},
'debug'
);
}
else {
$self->lmLog( 'Twitter OAuth protocol error: ' . $res_access->content,
'error' );
return PE_ERROR;
} }
# 2.4 Set $self->{user} to twitter.com/<username> # 2.4 Set $self->{user} to screen name
$self->{_twitterUser} = $status->[0]->{user}; $self->{user} = $self->{_twitterScreenName};
$self->{user} = 'twitter.com/' . $status->{_twitterUser}->{screen_name};
$self->lmLog( "Good Twitter authentication for $self->{user}", 'debug' ); $self->lmLog( "Good Twitter authentication for $self->{user}", 'debug' );
# Force redirection to avoid displaying OAuth datas # Force redirection to avoid displaying OAuth datas
@ -131,7 +201,6 @@ sub extractFormInfo {
# Clean temporaries cookies # Clean temporaries cookies
push @{ $self->{cookie} }, push @{ $self->{cookie} },
$self->cookie( -name => '_twitTok', -value => 0, -expires => '-3m' ),
$self->cookie( -name => '_twitSec', -value => 0, -expires => '-3m' ); $self->cookie( -name => '_twitSec', -value => 0, -expires => '-3m' );
PE_OK; PE_OK;
} }
@ -142,12 +211,10 @@ sub extractFormInfo {
sub setAuthSessionInfo { sub setAuthSessionInfo {
my $self = shift; my $self = shift;
# TODO: set a parameter to choose this
foreach (qw(screen_name location lang name url)) {
$self->{sessionInfo}->{$_} = $self->{_twitterUser}->{$_};
}
$self->{sessionInfo}->{authenticationLevel} = $self->{twitterAuthnLevel}; $self->{sessionInfo}->{authenticationLevel} = $self->{twitterAuthnLevel};
$self->{sessionInfo}->{'_user'} = $self->{user};
$self->{sessionInfo}->{_twitterUserId} = $self->{_twitterUserId};
$self->{sessionInfo}->{_twitterScreenName} = $self->{_twitterScreenName};
PE_OK; PE_OK;
} }

Write Preview
Loading…
Cancel
Save