Initial import

Author: tvdijen

.codecov.yml

@@ -0,0 +1,11 @@
+coverage:
+  status:
+    project: yes
+
+comment:
+  layout: "diff"
+  behavior: once
+  require_changes: true
+  require_base: no
+  require_head: yes
+  branches: null

.php_cs.dist

@@ -0,0 +1,16 @@
+<?php
+$finder = PhpCsFixer\Finder::create()
+    ->in([
+        __DIR__ . '/lib',
+        __DIR__ . '/tests',
+        __DIR__ . '/www',
+    ])
+;
+return PhpCsFixer\Config::create()
+    ->setRules([
+        '@PSR2' => true,
+        '@PSR4' => true,
+        '@PSR5' => true,
+    ])
+    ->setFinder($finder)
+;

.travis.yml

@@ -0,0 +1,49 @@
+sudo: required
+
+language: php
+
+php:
+  - 5.5
+  - 5.6
+  - 7.0
+  - 7.1
+  - 7.2
+  - 7.3
+
+env:
+  - SIMPLESAMLPHP_VERSION=1.17.*
+  
+matrix:
+  include:
+    - php: 5.6
+      env: SIMPLESAMLPHP_VERSION=dev-master
+    - php: 7.0
+      env: SIMPLESAMLPHP_VERSION=dev-master
+    - php: 7.1
+      env: SIMPLESAMLPHP_VERSION=dev-master
+    - php: 7.2
+      env: SIMPLESAMLPHP_VERSION=dev-master
+    - php: 7.3
+      env: SIMPLESAMLPHP_VERSION=dev-master
+  allow_failures:
+    - env: SIMPLESAMLPHP_VERSION=dev-master
+    - php: 7.3
+    - php: hhvm
+
+before_script:
+  - composer require "simplesamlphp/simplesamlphp:${SIMPLESAMLPHP_VERSION}" --no-update
+  - composer update --no-interaction
+  - if [[ "$TRAVIS_PHP_VERSION" == "7.3" ]]; then composer require --dev vimeo/psalm; fi
+
+script:
+  - bin/check-syntax.sh
+  - if [[ "$TRAVIS_PHP_VERSION" == "5.6" ]]; then php vendor/phpunit/phpunit/phpunit; else php vendor/phpunit/phpunit/phpunit --no-coverage; fi
+  - if [[ "$TRAVIS_PHP_VERSION" == "7.3" ]]; then vendor/bin/psalm; fi
+
+after_success:
+  # Codecov, need to edit bash uploader for incorrect TRAVIS_PYTHON_VERSION environment variable matching, at least until codecov/codecov-bash#133 is resolved
+  - curl -s https://codecov.io/bash > .codecov
+  - sed -i -e 's/TRAVIS_.*_VERSION/^TRAVIS_.*_VERSION=/' .codecov
+  - chmod +x .codecov
+  - if [[ $TRAVIS_PHP_VERSION == "5.6" ]]; then ./.codecov -X gcov; fi
+# - if [[ "$TRAVIS_PHP_VERSION" == "5.6" ]]; then bash <(curl -s https://codecov.io/bash); fi

bin/check-syntax.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+PHP='/usr/bin/env php'
+RETURN=0
+
+# check PHP files
+for FILE in `find lib www -name "*.php"`; do
+    $PHP -l $FILE > /dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        echo "Syntax check failed for ${FILE}"
+        RETURN=`expr ${RETURN} + 1`
+    fi
+done
+
+exit $RETURN

composer.json

@@ -0,0 +1,48 @@
+{
+    "name": "simplesamlphp/simplesamlphp-module-authtwitter",
+    "description": "A module that is able to perform authentication against Twitter",
+    "type": "simplesamlphp-module",
+    "keywords": ["simplesamlphp", "twitter"],
+    "license": "LGPL-3.0-or-later",
+    "authors": [
+        {
+            "name": "Olav Morken",
+            "email": "olavmrk@gmail.com"
+        },
+        {
+            "name": "Tim van Dijen",
+            "email": "tvdijen@gmail.com"
+        }
+    ],
+    "config": {
+        "preferred-install": {
+            "simplesamlphp/simplesamlphp": "source",
+            "*": "dist"
+        }
+    },
+    "autoload": {
+        "psr-4": {
+            "SimpleSAML\\modules\\authtwitter\\": "lib/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Tests\\SimpleSAML\\modules\\authtwitter\\TestFiles\\": "tests/files",
+            "SimpleSAML\\Test\\Utils\\": "vendor/simplesamlphp/simplesamlphp/tests/Utils"
+        }
+    },
+    "require": {
+        "php": ">=5.5",
+        "simplesamlphp/composer-module-installer": "~1.0",
+        "simplesamlphp/simplesamlphp-module-oauth": "~1.0",
+        "webmozart/assert": "^1.4"
+    },
+    "require-dev": {
+        "simplesamlphp/simplesamlphp": "^1.17",
+        "phpunit/phpunit": "~4.8.35"
+    },
+    "support": {
+        "issues": "https://github.com/tvdijen/simplesamlphp-module-authtwitter/issues",
+        "source": "https://github.com/tvdijen/simplesamlphp-module-authtwitter"
+    }
+}

default-enable

@@ -0,0 +1,3 @@
+This file indicates that the default state of this module
+is enabled. To enable, create a file named disable in the
+same directory as this file.

docs/oauthtwitter.md

@@ -0,0 +1,35 @@
+Using the Twitter authentication source with SimpleSAMLphp
+==========================================================
+
+Remember to configure `authsources.php`, with both Consumer key and secret.
+
+To get an API key and a secret, register the application at:
+
+ * <http://twitter.com/oauth_clients>
+
+Set the callback URL to be:
+
+ * `http://sp.example.org/simplesaml/module.php/authtwitter/linkback.php`
+
+Replace `sp.example.org` with your hostname.
+
+## Testing authentication
+
+On the SimpleSAMLphp frontpage, go to the *Authentication* tab, and use the link:
+
+  * *Test configured authentication sources*
+
+Then choose the *twitter* authentication source.
+
+Expected behaviour would then be that you are sent to twitter, and asked to login:
+
+![](http://clippings.erlang.no/ZZ2EE26BF6.jpg)
+
+The first time a user uses your application to login, he/she is asked for consent:
+
+![](http://clippings.erlang.no/ZZ6B18B5D9.jpg)
+
+You will then be authenticated in SimpleSAMLphp and see an attribute set similar to this:
+
+![](http://clippings.erlang.no/ZZ74A6835E.jpg)
+

lib/Auth/Source/Twitter.php

@@ -0,0 +1,180 @@
+<?php
+
+namespace SimpleSAML\Module\authtwitter\Auth\Source;
+
+use Webmozart\Assert\Assert;
+
+$default = dirname(dirname(dirname(dirname(dirname(__FILE__))))).'/oauth/libextinc/OAuth.php';
+$travis = dirname(dirname(dirname(dirname(__FILE__)))).'/vendor/simplesamlphp/simplesamlphp/modules/oauth/libextinc/OAuth.php';
+
+if (file_exists($default)) {
+    require_once($default);
+} else if (file_exists($travis)) {
+    require_once($travis);
+} else {
+    // Probably codecov, but we can't raise an exception here or Travis will fail
+}
+
+/**
+ * Authenticate using Twitter.
+ *
+ * @author Andreas Åkre Solberg, UNINETT AS.
+ * @package SimpleSAMLphp
+ */
+
+class Twitter extends \SimpleSAML\Auth\Source
+{
+    /**
+     * The string used to identify our states.
+     */
+    const STAGE_INIT = 'twitter:init';
+
+    /**
+     * The key of the AuthId field in the state.
+     */
+    const AUTHID = 'twitter:AuthId';
+
+    /**
+     * @var string
+     */
+    private $key;
+
+    /**
+     * @var string
+     */
+    private $secret;
+
+    /**
+     * @var bool
+     */
+    private $force_login;
+
+    /**
+     * @var bool
+     */
+    private $include_email;
+
+    /**
+     * Constructor for this authentication source.
+     *
+     * @param array $info  Information about this authentication source.
+     * @param array $config  Configuration.
+     */
+    public function __construct($info, $config)
+    {
+        Assert::isArray($info);
+        Assert::isArray($config);
+
+        // Call the parent constructor first, as required by the interface
+        parent::__construct($info, $config);
+
+        $configObject = \SimpleSAML\Configuration::loadFromArray(
+            $config,
+            'authsources['.var_export($this->authId, true).']'
+        );
+
+        $this->key = $configObject->getString('key');
+        $this->secret = $configObject->getString('secret');
+        $this->force_login = $configObject->getBoolean('force_login', false);
+        $this->include_email = $configObject->getBoolean('include_email', false);
+    }
+
+    /**
+     * Log-in using Twitter platform
+     *
+     * @param array &$state  Information about the current authentication.
+     * @return void
+     */
+    public function authenticate(&$state)
+    {
+        Assert::isArray($state);
+
+        // We are going to need the authId in order to retrieve this authentication source later
+        $state[self::AUTHID] = $this->authId;
+
+        $stateID = \SimpleSAML\Auth\State::saveState($state, self::STAGE_INIT);
+
+        $consumer = new \SimpleSAML\Module\oauth\Consumer($this->key, $this->secret);
+        // Get the request token
+        $linkback = \SimpleSAML\Module::getModuleURL('authtwitter/linkback.php', ['AuthState' => $stateID]);
+        $requestToken = $consumer->getRequestToken(
+            'https://api.twitter.com/oauth/request_token',
+            ['oauth_callback' => $linkback]
+        );
+        \SimpleSAML\Logger::debug("Got a request token from the OAuth service provider [".
+            $requestToken->key."] with the secret [".$requestToken->secret."]");
+
+        $state['authtwitter:authdata:requestToken'] = $requestToken;
+        \SimpleSAML\Auth\State::saveState($state, self::STAGE_INIT);
+
+        // Authorize the request token
+        $url = 'https://api.twitter.com/oauth/authenticate';
+        if ($this->force_login) {
+            $url = \SimpleSAML\Utils\HTTP::addURLParameters($url, ['force_login' => 'true']);
+        }
+        $consumer->getAuthorizeRequest($url, $requestToken);
+    }
+
+
+    /**
+     * @param array &$state
+     * @return void
+     */
+    public function finalStep(&$state)
+    {
+        $requestToken = $state['authtwitter:authdata:requestToken'];
+        $parameters = [];
+
+        if (!isset($_REQUEST['oauth_token'])) {
+            throw new \SimpleSAML\Error\BadRequest("Missing oauth_token parameter.");
+        }
+        if ($requestToken->key !== (string) $_REQUEST['oauth_token']) {
+            throw new \SimpleSAML\Error\BadRequest("Invalid oauth_token parameter.");
+        }
+
+        if (!isset($_REQUEST['oauth_verifier'])) {
+            throw new \SimpleSAML\Error\BadRequest("Missing oauth_verifier parameter.");
+        }
+        $parameters['oauth_verifier'] = (string) $_REQUEST['oauth_verifier'];
+
+        $consumer = new \SimpleSAML\Module\oauth\Consumer($this->key, $this->secret);
+
+        \SimpleSAML\Logger::debug("oauth: Using this request token [".
+            $requestToken->key."] with the secret [".$requestToken->secret."]");
+
+        // Replace the request token with an access token
+        $accessToken = $consumer->getAccessToken(
+            'https://api.twitter.com/oauth/access_token',
+            $requestToken,
+            $parameters
+        );
+        \SimpleSAML\Logger::debug("Got an access token from the OAuth service provider [".
+            $accessToken->key."] with the secret [".$accessToken->secret."]");
+
+        $verify_credentials_url = 'https://api.twitter.com/1.1/account/verify_credentials.json';
+        if ($this->include_email) {
+            $verify_credentials_url = $verify_credentials_url.'?include_email=true';
+        }
+        $userdata = $consumer->getUserInfo($verify_credentials_url, $accessToken);
+
+        if (!isset($userdata['id_str']) || !isset($userdata['screen_name'])) {
+            throw new \SimpleSAML\Error\AuthSource(
+                $this->authId,
+                'Authentication error: id_str and screen_name not set.'
+            );
+        }
+
+        $attributes = [];
+        foreach ($userdata as $key => $value) {
+            if (is_string($value)) {
+                $attributes['twitter.'.$key] = [(string) $value];
+            }
+        }
+
+        $attributes['twitter_at_screen_name'] = ['@'.$userdata['screen_name']];
+        $attributes['twitter_screen_n_realm'] = [$userdata['screen_name'].'@twitter.com'];
+        $attributes['twitter_targetedID'] = ['http://twitter.com!'.$userdata['id_str']];
+
+        $state['Attributes'] = $attributes;
+    }
+}

phpunit.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<phpunit bootstrap="tests/bootstrap.php">
+    <testsuites>
+        <testsuite name="The project's test suite">
+            <directory>tests/</directory>
+        </testsuite>
+    </testsuites>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">./lib</directory>
+        </whitelist>
+    </filter>
+    <logging>
+        <log type="coverage-text" target="php://stdout" showUncoveredFiles="true" />
+        <log type="coverage-html" target="build/coverage" title="PHP Coveralls" charset="UTF-8" yui="true" highlight="true" lowUpperBound="35" highLowerBound="70" />
+        <log type="coverage-clover" target="build/logs/clover.xml" />
+    </logging>
+</phpunit>
+