2010-02-27 17:20:11 +01:00
|
|
|
##@file
|
2010-02-27 23:37:59 +01:00
|
|
|
# Twitter authentication backend file
|
2010-02-27 17:20:11 +01:00
|
|
|
|
|
|
|
##@class
|
2010-02-27 23:37:59 +01:00
|
|
|
# Twitter authentication backend class.
|
2010-02-27 17:20:11 +01:00
|
|
|
package Lemonldap::NG::Portal::AuthTwitter;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Lemonldap::NG::Portal::Simple;
|
2016-05-15 16:43:48 +02:00
|
|
|
use Lemonldap::NG::Portal::_Browser;
|
|
|
|
use URI::Escape;
|
2010-02-27 17:20:11 +01:00
|
|
|
|
2016-05-15 16:43:48 +02:00
|
|
|
our @ISA = (qw(Lemonldap::NG::Portal::_Browser));
|
2016-03-17 23:19:44 +01:00
|
|
|
our $VERSION = '2.0.0';
|
2010-09-23 17:09:27 +02:00
|
|
|
our $initDone;
|
2010-02-27 17:20:11 +01:00
|
|
|
|
2010-10-30 21:25:38 +02:00
|
|
|
BEGIN {
|
|
|
|
eval {
|
|
|
|
require threads::shared;
|
|
|
|
threads::shared::share($initDone);
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2010-02-27 17:20:11 +01:00
|
|
|
## @apmethod int authInit()
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub authInit {
|
|
|
|
my $self = shift;
|
2010-09-23 17:09:27 +02:00
|
|
|
return PE_OK if ($initDone);
|
|
|
|
|
2010-02-27 17:20:11 +01:00
|
|
|
unless ( $self->{twitterKey} and $self->{twitterSecret} ) {
|
|
|
|
$self->abort( 'Bad configuration',
|
|
|
|
'twitterKey and twitterSecret parameters are required' );
|
|
|
|
}
|
2016-05-15 16:43:48 +02:00
|
|
|
eval {
|
|
|
|
require Net::OAuth;
|
|
|
|
$Net::OAuth::PROTOCOL_VERSION = &Net::OAuth::PROTOCOL_VERSION_1_0A();
|
|
|
|
};
|
|
|
|
$self->abort("Unable to load Net::OAuth: $@") if ($@);
|
2010-09-23 17:09:27 +02:00
|
|
|
|
|
|
|
$initDone = 1;
|
2010-02-27 17:20:11 +01:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int extractFormInfo()
|
2010-02-27 23:37:59 +01:00
|
|
|
# Authenticate users by Twitter and set user
|
2010-02-27 17:20:11 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub extractFormInfo {
|
2016-05-15 16:43:48 +02:00
|
|
|
my $self = shift;
|
|
|
|
my $nonce = time;
|
2010-02-27 23:37:59 +01:00
|
|
|
|
2016-05-15 16:43:48 +02:00
|
|
|
# Default values for Twitter API
|
|
|
|
$self->{twitterRequestTokenURL} ||=
|
|
|
|
"https://api.twitter.com/oauth/request_token";
|
|
|
|
$self->{twitterAuthorizeURL} ||= "https://api.twitter.com/oauth/authorize";
|
|
|
|
$self->{twitterAccessTokenURL} ||=
|
|
|
|
"https://api.twitter.com/oauth/access_token";
|
2010-02-27 23:37:59 +01:00
|
|
|
|
|
|
|
# 1. Request to authenticate
|
2010-02-27 17:20:11 +01:00
|
|
|
unless ( $self->param('twitterback') ) {
|
|
|
|
$self->lmLog( 'Redirection to Twitter', 'debug' );
|
2010-02-27 23:37:59 +01:00
|
|
|
|
|
|
|
# 1.1 Try to get token to dialog with Twitter
|
2016-05-19 12:01:58 +02:00
|
|
|
my $callback_url = $self->url();
|
2016-05-15 16:43:48 +02:00
|
|
|
|
|
|
|
# Twitter callback parameter
|
|
|
|
$callback_url .=
|
|
|
|
( $callback_url =~ /\?/ ? '&' : '?' ) . "twitterback=1";
|
|
|
|
|
|
|
|
# Add request state parameters
|
|
|
|
if ( $self->{_url} ) {
|
|
|
|
my $url_param = 'url=' . uri_escape( $self->{_url} );
|
|
|
|
$callback_url .= ( $callback_url =~ /\?/ ? '&' : '?' ) . $url_param;
|
|
|
|
}
|
|
|
|
if ( $self->param( $self->{authChoiceParam} ) ) {
|
|
|
|
my $url_param =
|
|
|
|
$self->{authChoiceParam} . '='
|
|
|
|
. uri_escape( $self->param( $self->{authChoiceParam} ) );
|
|
|
|
$callback_url .= ( $callback_url =~ /\?/ ? '&' : '?' ) . $url_param;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Forward hidden fields
|
|
|
|
if ( exists $self->{portalHiddenFormValues} ) {
|
|
|
|
|
2016-05-19 12:01:58 +02:00
|
|
|
$self->lmLog( "Add hidden values to Twitter redirect URL", 'debug' );
|
2016-05-15 16:43:48 +02:00
|
|
|
|
|
|
|
foreach ( keys %{ $self->{portalHiddenFormValues} } ) {
|
|
|
|
$callback_url .=
|
|
|
|
( $callback_url =~ /\?/ ? '&' : '?' )
|
|
|
|
. $_ . '='
|
|
|
|
. uri_escape( $self->{portalHiddenFormValues}->{$_} );
|
2010-02-27 17:20:11 +01:00
|
|
|
}
|
|
|
|
}
|
2010-02-27 23:37:59 +01:00
|
|
|
|
2016-05-15 16:43:48 +02:00
|
|
|
my $request = Net::OAuth->request("request token")->new(
|
|
|
|
consumer_key => $self->{twitterKey},
|
|
|
|
consumer_secret => $self->{twitterSecret},
|
|
|
|
request_url => $self->{twitterRequestTokenURL},
|
|
|
|
request_method => 'POST',
|
|
|
|
signature_method => 'HMAC-SHA1',
|
|
|
|
timestamp => time,
|
|
|
|
nonce => $nonce,
|
|
|
|
callback => $callback_url,
|
|
|
|
);
|
|
|
|
|
|
|
|
$request->sign;
|
|
|
|
|
|
|
|
my $request_url = $request->to_url;
|
|
|
|
|
|
|
|
$self->lmLog( "POST $request_url to Twitter", 'debug' );
|
|
|
|
|
|
|
|
my $res = $self->ua()->post($request_url);
|
|
|
|
$self->lmLog( "Twitter response: " . $res->as_string, 'debug' );
|
|
|
|
|
|
|
|
if ( $res->is_success ) {
|
|
|
|
my $response = Net::OAuth->response('request token')
|
|
|
|
->from_post_body( $res->content );
|
|
|
|
|
|
|
|
# 1.2 Store token key and secret in cookies
|
|
|
|
push @{ $self->{cookie} },
|
|
|
|
$self->cookie(
|
|
|
|
-name => '_twitSec',
|
|
|
|
-value => $response->token_secret,
|
|
|
|
-expires => '+3m'
|
|
|
|
);
|
|
|
|
|
|
|
|
# 1.3 Redirect user to Twitter
|
|
|
|
my $authorize_url =
|
|
|
|
$self->{twitterAuthorizeURL} . "?oauth_token=" . $response->token;
|
|
|
|
$self->redirect( -uri => $authorize_url );
|
|
|
|
$self->quit();
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$self->lmLog( 'Twitter OAuth protocol error: ' . $res->content,
|
|
|
|
'error' );
|
|
|
|
return PE_ERROR;
|
|
|
|
}
|
2010-02-27 17:20:11 +01:00
|
|
|
}
|
2010-02-27 23:37:59 +01:00
|
|
|
|
|
|
|
# 2. User is back from Twitter
|
2010-02-27 17:20:11 +01:00
|
|
|
my $request_token = $self->param('oauth_token');
|
|
|
|
my $verifier = $self->param('oauth_verifier');
|
2010-02-27 23:37:59 +01:00
|
|
|
unless ( $request_token and $verifier ) {
|
|
|
|
$self->lmLog( 'Twitter OAuth protocol error', 'error' );
|
2010-02-27 17:20:11 +01:00
|
|
|
return PE_ERROR;
|
|
|
|
}
|
2010-02-27 23:37:59 +01:00
|
|
|
|
2016-05-15 16:43:48 +02:00
|
|
|
$self->lmLog(
|
|
|
|
"Get token $request_token and verifier $verifier from Twitter",
|
|
|
|
'debug' );
|
|
|
|
|
2010-02-27 23:37:59 +01:00
|
|
|
# 2.1 Reconnect to Twitter
|
2016-05-15 16:43:48 +02:00
|
|
|
my $access = Net::OAuth->request("access token")->new(
|
|
|
|
consumer_key => $self->{twitterKey},
|
|
|
|
consumer_secret => $self->{twitterSecret},
|
|
|
|
request_url => $self->{twitterAccessTokenURL},
|
|
|
|
request_method => 'POST',
|
|
|
|
signature_method => 'HMAC-SHA1',
|
|
|
|
verifier => $verifier,
|
|
|
|
token => $request_token,
|
|
|
|
token_secret => $self->cookie('_twitSec'),
|
|
|
|
timestamp => time,
|
|
|
|
nonce => $nonce,
|
|
|
|
);
|
|
|
|
$access->sign;
|
|
|
|
|
|
|
|
my $access_url = $access->to_url;
|
|
|
|
|
|
|
|
$self->lmLog( "POST $access_url to Twitter", 'debug' );
|
|
|
|
|
|
|
|
my $res_access = $self->ua()->post($access_url);
|
|
|
|
$self->lmLog( "Twitter response: " . $res_access->as_string, 'debug' );
|
|
|
|
|
|
|
|
if ( $res_access->is_success ) {
|
|
|
|
my $response = Net::OAuth->response('access token')
|
|
|
|
->from_post_body( $res_access->content );
|
|
|
|
|
|
|
|
# Get user_id and screename
|
|
|
|
$self->{_twitterUserId} = $response->{extra_params}->{user_id};
|
|
|
|
$self->{_twitterScreenName} = $response->{extra_params}->{screen_name};
|
|
|
|
|
|
|
|
$self->lmLog(
|
|
|
|
"Get user id "
|
|
|
|
. $self->{_twitterUserId}
|
|
|
|
. " and screen name "
|
|
|
|
. $self->{_twitterScreenName},
|
|
|
|
'debug'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$self->lmLog( 'Twitter OAuth protocol error: ' . $res_access->content,
|
|
|
|
'error' );
|
|
|
|
return PE_ERROR;
|
2010-02-27 17:20:11 +01:00
|
|
|
}
|
2010-02-27 23:37:59 +01:00
|
|
|
|
2016-05-15 16:43:48 +02:00
|
|
|
# 2.4 Set $self->{user} to screen name
|
|
|
|
$self->{user} = $self->{_twitterScreenName};
|
2010-02-27 17:20:11 +01:00
|
|
|
$self->lmLog( "Good Twitter authentication for $self->{user}", 'debug' );
|
2010-02-27 23:37:59 +01:00
|
|
|
|
|
|
|
# Force redirection to avoid displaying OAuth datas
|
2010-02-27 17:20:11 +01:00
|
|
|
$self->{mustRedirect} = 1;
|
2010-02-27 23:37:59 +01:00
|
|
|
|
|
|
|
# Clean temporaries cookies
|
|
|
|
push @{ $self->{cookie} },
|
|
|
|
$self->cookie( -name => '_twitSec', -value => 0, -expires => '-3m' );
|
2010-02-27 17:20:11 +01:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int setAuthSessionInfo()
|
2010-04-14 17:37:57 +02:00
|
|
|
# Set authenticationLevel and Twitter attributes.
|
2010-02-27 17:20:11 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub setAuthSessionInfo {
|
|
|
|
my $self = shift;
|
|
|
|
|
2010-09-01 18:06:01 +02:00
|
|
|
$self->{sessionInfo}->{authenticationLevel} = $self->{twitterAuthnLevel};
|
2016-05-15 16:43:48 +02:00
|
|
|
$self->{sessionInfo}->{'_user'} = $self->{user};
|
|
|
|
$self->{sessionInfo}->{_twitterUserId} = $self->{_twitterUserId};
|
|
|
|
$self->{sessionInfo}->{_twitterScreenName} = $self->{_twitterScreenName};
|
2010-04-14 17:37:57 +02:00
|
|
|
|
2010-02-27 17:20:11 +01:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int authenticate()
|
|
|
|
# Does nothing.
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub authenticate {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2010-09-01 10:59:39 +02:00
|
|
|
## @apmethod int authFinish()
|
|
|
|
# Does nothing.
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub authFinish {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod int authLogout()
|
|
|
|
# Does nothing
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub authLogout {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
## @apmethod boolean authForce()
|
|
|
|
# Does nothing
|
|
|
|
# @return result
|
|
|
|
sub authForce {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-03-24 15:47:47 +01:00
|
|
|
## @method string getDisplayType
|
|
|
|
# @return display type
|
|
|
|
sub getDisplayType {
|
|
|
|
return "logo";
|
|
|
|
}
|
|
|
|
|
2010-02-27 17:20:11 +01:00
|
|
|
1;
|
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
=encoding utf8
|
|
|
|
|
2010-02-27 23:37:59 +01:00
|
|
|
Lemonldap::NG::Portal::AuthTwitter - Perl extension for building Lemonldap::NG
|
|
|
|
compatible portals with Twitter authentication.
|
2010-02-27 17:20:11 +01:00
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
use Lemonldap::NG::Portal::SharedConf;
|
|
|
|
my $portal = new Lemonldap::NG::Portal::Simple(
|
|
|
|
configStorage => {...}, # See Lemonldap::NG::Portal
|
2010-02-27 23:37:59 +01:00
|
|
|
authentication => 'Twitter',
|
2010-02-27 17:20:11 +01:00
|
|
|
);
|
|
|
|
|
|
|
|
if($portal->process()) {
|
|
|
|
# Write here the menu with CGI methods. This page is displayed ONLY IF
|
|
|
|
# the user was not redirected here.
|
2013-10-17 21:21:45 +02:00
|
|
|
print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
|
2010-02-27 17:20:11 +01:00
|
|
|
print "...";
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
# If the user enters here, IT MEANS THAT CAS REDIRECTION DOES NOT WORK
|
2013-10-17 21:21:45 +02:00
|
|
|
print $portal->header('text/html; charset=utf-8'); # DON'T FORGET THIS (see CGI(3))
|
2010-02-27 17:20:11 +01:00
|
|
|
print "<html><body><h1>Unable to work</h1>";
|
|
|
|
print "This server isn't well configured. Contact your administrator.";
|
|
|
|
print "</body></html>";
|
|
|
|
}
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
This library just overload few methods of Lemonldap::NG::Portal::Simple to use
|
2010-02-27 23:37:59 +01:00
|
|
|
Twitter authentication mechanism.
|
2010-02-27 17:20:11 +01:00
|
|
|
|
|
|
|
See L<Lemonldap::NG::Portal::Simple> for usage and other methods.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Portal::Simple>,
|
2010-10-26 08:08:16 +02:00
|
|
|
L<http://lemonldap-ng.org/>
|
2010-02-27 17:20:11 +01:00
|
|
|
|
|
|
|
=head1 AUTHOR
|
|
|
|
|
2013-01-31 06:33:10 +01:00
|
|
|
=over
|
|
|
|
|
|
|
|
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
|
|
|
|
|
|
|
=item Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
|
|
|
=back
|
2010-02-27 17:20:11 +01:00
|
|
|
|
|
|
|
=head1 BUG REPORT
|
|
|
|
|
|
|
|
Use OW2 system to report bug or ask for features:
|
2010-10-26 08:08:16 +02:00
|
|
|
L<http://jira.ow2.org>
|
2010-02-27 17:20:11 +01:00
|
|
|
|
|
|
|
=head1 DOWNLOAD
|
|
|
|
|
|
|
|
Lemonldap::NG is available at
|
|
|
|
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
2013-01-31 06:33:10 +01:00
|
|
|
=over
|
|
|
|
|
|
|
|
=item Copyright (C) 2010 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
2016-01-21 22:15:19 +01:00
|
|
|
=item Copyright (C) 2010-2012 by Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
2013-01-31 06:33:10 +01:00
|
|
|
|
|
|
|
=back
|
2010-02-27 17:20:11 +01:00
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
2013-01-31 06:33:10 +01:00
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
|
|
any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
2010-02-27 17:20:11 +01:00
|
|
|
|
|
|
|
=cut
|
|
|
|
|
|
|
|
|