p3k
/
Quill
mirror of https://github.com/aaronpk/Quill.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
314 Commits
3 Branches
4.1 MiB
Tree: 4c704ee338
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4c704ee338'
${ noResults }
Quill/controllers/auth.php

360 lines
12 KiB
Raw Normal View History

Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
do the micropub post and redirect after it's created!
9 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
update indieauth client
2 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
do the micropub post and redirect after it's created!
9 years ago
redo how auto-login works
7 years ago
do the micropub post and redirect after it's created!
9 years ago
integrates photo uploading in the main note interface Quill corrects the photo rotation based on exif data since iOS tends to take landscape photos and set the rotation bit when holding it in portrait mode.
8 years ago
only skip debugging screens if the endpoints are the same as before
8 years ago
update indieauth client
2 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
integrates photo uploading in the main note interface Quill corrects the photo rotation based on exif data since iOS tends to take landscape photos and set the rotation bit when holding it in portrait mode.
8 years ago
only skip debugging screens if the endpoints are the same as before
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
provide option for choosing the scope to request update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
7 years ago
redo how auto-login works
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
redo how auto-login works
7 years ago
provide option for choosing the scope to request update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
7 years ago
redo how auto-login works
7 years ago
Support full automatic no-questions-asked login - ?me=.. on homepage redirects to auth - ?dontask=1 skips confirmation questions - "reply" and other parameters are transferred across login
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
provide option for choosing the scope to request update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
7 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
provide option for choosing the scope to request update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
don't rely on the "me" in the callback URL closes #79
6 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
don't rely on the "me" in the callback URL closes #79
6 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
update indieauth client
2 years ago
don't rely on the "me" in the callback URL closes #79
6 years ago
update indieauth client
2 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
update indieauth client
2 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
Adds support for querying your micropub endpoint to check for syndication targets. This changes the value of "in-reply-to" to use hyphens instead of underscore separators!! Also shows you the full request made to your micropub endpoint.
9 years ago
support media endpoint, autosave notes in local storage * looks for a media endpoint in the micropub config * if media endpoint is available, both the note interface and the editor will upload files to it instead of posting the photo directly * the note interface autosaves in-progress notes in localstorage
8 years ago
Adds support for querying your micropub endpoint to check for syndication targets. This changes the value of "in-reply-to" to use hyphens instead of underscore separators!! Also shows you the full request made to your micropub endpoint.
9 years ago
pass q=config in initial micropub config query fixes #54
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
redo how auto-login works
7 years ago
do the micropub post and redirect after it's created!
9 years ago
redo how auto-login works
7 years ago
do the micropub post and redirect after it's created!
9 years ago
redo how auto-login works
7 years ago
do the micropub post and redirect after it's created!
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
do the micropub post and redirect after it's created!
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
redo how auto-login works
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
move some auth routes to auth.php
7 years ago
add reset login option
7 years ago
add support for token revocation
5 years ago
add reset login option
7 years ago
reset micropub config data
5 years ago
add reset login option
7 years ago
add support for token revocation
5 years ago
add reset login option
7 years ago
move some auth routes to auth.php
7 years ago
disable twitter stuff if no twitter client is set
4 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
disable twitter stuff if no twitter client is set
4 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
 
  1. <?php
  2. use Abraham\TwitterOAuth\TwitterOAuth;
  3. 

  4. IndieAuth\Client::$clientID = Config::$base_url;
  5. IndieAuth\Client::$redirectURL = Config::$base_url.'auth/callback';
  6. 

  7. $app->get('/auth/start', function() use($app) {
  8.   $req = $app->request();
  9. 

  10.   $params = $req->params();
  11. 

  12.   $defaultScope = 'create update media';
  13. 

  14.   list($authorizationURL, $error) = IndieAuth\Client::begin($params['me'], $defaultScope);
  15. 

  16.   $me = IndieAuth\Client::normalizeMeURL($params['me']);
  17. 

  18.   // Double check for a micropub endpoint here for debugging purposes

  19.   if(!$error) {
  20.     $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'] = IndieAuth\Client::discoverMicropubEndpoint($me);
  21.     if(!$micropubEndpoint) {
  22.       $error['error'] = 'missing_micropub_endpoint';
  23.     }
  24.   }
  25. 

  26.   if($error && in_array($error['error'], ['missing_authorization_endpoint','missing_token_endpoint','missing_micropub_endpoint'])) {
  27.     // Display debug info for these particular errors

  28. 

  29.     $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'] = IndieAuth\Client::discoverMicropubEndpoint($me);
  30.     $tokenEndpoint = $_SESSION['indieauth']['token_endpoint'] = IndieAuth\Client::discoverTokenEndpoint($me);
  31.     $authorizationEndpoint = $_SESSION['indieauth']['authorization_endpoint'] = IndieAuth\Client::discoverAuthorizationEndpoint($me);
  32. 

  33.     $html = render('auth_start', array(
  34.       'title' => 'Sign In',
  35.       'me' => $me,
  36.       'authorizing' => $me,
  37.       'meParts' => parse_url($me),
  38.       'tokenEndpoint' => $tokenEndpoint,
  39.       'micropubEndpoint' => $micropubEndpoint,
  40.       'authorizationEndpoint' => $authorizationEndpoint,
  41.       'authorizationURL' => false
  42.     ));
  43.     $app->response()->body($html);
  44.     return;
  45.   }
  46. 

  47.   // Handle other errors like connection errors by showing a generic error page

  48.   if($error) {
  49.     $html = render('auth_error', array(
  50.       'title' => 'Sign In',
  51.       'error' => $error['error'],
  52.       'errorDescription' => $error['error_description'],
  53.     ));
  54.     $app->response()->body($html);
  55.     return;
  56.   }
  57. 

  58.   $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'] = IndieAuth\Client::discoverMicropubEndpoint($me);
  59.   $tokenEndpoint = $_SESSION['indieauth']['token_endpoint'] = IndieAuth\Client::discoverTokenEndpoint($me);
  60.   $authorizationEndpoint = $_SESSION['indieauth']['authorization_endpoint'] = IndieAuth\Client::discoverAuthorizationEndpoint($me);
  61. 

  62.   if(k($params, 'redirect')) {
  63.     $_SESSION['redirect_after_login'] = $params['redirect'];
  64.   }
  65.   if(k($params, 'reply')) {
  66.     $_SESSION['reply'] = $params['reply'];
  67.   }
  68. 

  69.   // If the user has already signed in before and has a micropub access token,

  70.   // and the endpoints are all the same, skip the debugging screens and redirect

  71.   // immediately to the auth endpoint.

  72.   // This will still get a new access token when they finish logging in.

  73.   $user = ORM::for_table('users')->where('url', $me)->find_one();
  74.   if($user && $user->micropub_access_token
  75.     && $user->micropub_endpoint == $micropubEndpoint
  76.     && $user->token_endpoint == $tokenEndpoint
  77.     && $user->authorization_endpoint == $authorizationEndpoint
  78.     && !array_key_exists('restart', $params)) {
  79. 

  80.     // Request whatever scope was previously granted

  81.     $authorizationURL = parse_url($authorizationURL);
  82.     $authorizationURL['scope'] = $user->micropub_scope;
  83.     $authorizationURL = http_build_url($authorizationURL);
  84. 

  85.     $app->redirect($authorizationURL, 302);
  86. 

  87.   } else {
  88. 

  89.     if(k($params, 'dontask') && $params['dontask']) {
  90.       // Request whatever scope was previously granted

  91.       $authorizationURL = parse_url($authorizationURL);
  92.       $authorizationURL['scope'] = $user->micropub_scope ?: $defaultScope;
  93.       $authorizationURL = http_build_url($authorizationURL);
  94. 

  95.       $_SESSION['dontask'] = 1;
  96.       $app->redirect($authorizationURL, 302);
  97.     }
  98. 

  99.     $html = render('auth_start', array(
  100.       'title' => 'Sign In',
  101.       'me' => $me,
  102.       'authorizing' => $me,
  103.       'meParts' => parse_url($me),
  104.       'tokenEndpoint' => $tokenEndpoint,
  105.       'micropubEndpoint' => $micropubEndpoint,
  106.       'authorizationEndpoint' => $authorizationEndpoint,
  107.       'authorizationURL' => $authorizationURL
  108.     ));
  109.     $app->response()->body($html);
  110.   }
  111. });
  112. 

  113. $app->get('/auth/redirect', function() use($app) {
  114.   $req = $app->request();
  115.   $params = $req->params();
  116. 

  117.   // Override scope from the form the user selects

  118. 

  119.   if(!isset($params['scope']))
  120.     $params['scope'] = '';
  121. 

  122.   $authorizationURL = parse_url($params['authorization_url']);
  123.   parse_str($authorizationURL['query'], $query);
  124.   $query['scope'] = $params['scope'];
  125.   $authorizationURL['query'] = http_build_query($query);
  126.   $authorizationURL = http_build_url($authorizationURL);
  127. 

  128.   $app->redirect($authorizationURL);
  129.   return;
  130. });
  131. 

  132. $app->get('/auth/callback', function() use($app) {
  133.   $req = $app->request();
  134.   $params = $req->params();
  135. 

  136.   list($token, $error) = IndieAuth\Client::complete($params, true);
  137. 

  138.   if($error) {
  139.     $html = render('auth_error', [
  140.       'title' => 'Auth Callback',
  141.       'error' => $error['error'],
  142.       'errorDescription' => $error['error_description'],
  143.     ]);
  144.     $app->response()->body($html);
  145.     return;
  146.   }
  147. 

  148.   $me = $token['me'];
  149. 

  150.   // Use the discovered endpoints saved in the session

  151.   $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'];
  152.   $tokenEndpoint = $_SESSION['indieauth']['token_endpoint'];
  153. 

  154.   $redirectToDashboardImmediately = false;
  155. 

  156.   // If a valid access token was returned, store the token info in the session and they are signed in

  157.   if(k($token['response'], array('me','access_token','scope'))) {
  158. 

  159.     $_SESSION['auth'] = $token['response'];
  160.     $_SESSION['me'] = $me = $token['me'];
  161. 

  162.     $user = ORM::for_table('users')->where('url', $me)->find_one();
  163.     if($user) {
  164.       // Already logged in, update the last login date

  165.       $user->last_login = date('Y-m-d H:i:s');
  166.       // If they have logged in before and we already have an access token, then redirect to the dashboard now

  167.       if($user->micropub_access_token)
  168.         $redirectToDashboardImmediately = true;
  169.     } else {
  170.       // New user! Store the user in the database

  171.       $user = ORM::for_table('users')->create();
  172.       $user->url = $me;
  173.       $user->date_created = date('Y-m-d H:i:s');
  174.     }
  175.     $user->authorization_endpoint = $_SESSION['indieauth']['authorization_endpoint'];
  176.     $user->token_endpoint = $tokenEndpoint;
  177.     $user->micropub_endpoint = $micropubEndpoint;
  178.     $user->micropub_access_token = $token['response']['access_token'];
  179.     $user->micropub_scope = $token['response']['scope'];
  180.     $user->micropub_response = json_encode($token['response']);
  181.     $user->save();
  182.     $_SESSION['user_id'] = $user->id();
  183. 

  184.     // Make a request to the micropub endpoint to discover the syndication targets and media endpoint if any.

  185.     // Errors are silently ignored here. The user will be able to retry from the new post interface and get feedback.

  186.     get_micropub_config($user, ['q'=>'config']);
  187.   }
  188. 

  189.   unset($_SESSION['indieauth']);
  190. 

  191.   if($redirectToDashboardImmediately || k($_SESSION, 'dontask')) {
  192.     unset($_SESSION['dontask']);
  193.     if(k($_SESSION, 'redirect_after_login')) {
  194.       $dest = $_SESSION['redirect_after_login'];
  195.       unset($_SESSION['redirect_after_login']);
  196.       $app->redirect($dest, 302);
  197.     } else {
  198.       $query = [];
  199.       if(k($_SESSION, 'reply')) {
  200.         $query['reply'] = $_SESSION['reply'];
  201.         unset($_SESSION['reply']);
  202.       }
  203.       $app->redirect('/new?' . http_build_query($query), 302);
  204.     }
  205.   } else {
  206.     $tokenResponse = $token['response'];
  207.     $parsed = @json_decode($tokenResponse);
  208.     if($parsed)
  209.       $tokenResponse = json_encode($parsed, JSON_PRETTY_PRINT+JSON_UNESCAPED_SLASHES);
  210. 

  211.     $html = render('auth_callback', array(
  212.       'title' => 'Sign In',
  213.       'me' => $me,
  214.       'authorizing' => $me,
  215.       'meParts' => parse_url($me),
  216.       'tokenEndpoint' => $tokenEndpoint,
  217.       'auth' => $token['auth'],
  218.       'response' => $tokenResponse,
  219.       'curl_error' => (array_key_exists('error', $token) ? $token['error'] : false),
  220.       'destination' => (k($_SESSION, 'redirect_after_login') ?: '/new')
  221.     ));
  222.     $app->response()->body($html);
  223.   }
  224. });
  225. 

  226. $app->get('/signout', function() use($app) {
  227.   unset($_SESSION['auth']);
  228.   unset($_SESSION['me']);
  229.   unset($_SESSION['auth_state']);
  230.   unset($_SESSION['user_id']);
  231.   $app->redirect('/', 302);
  232. });
  233. 

  234. $app->post('/auth/reset', function() use($app) {
  235.   if($user=require_login($app, false)) {
  236.     revoke_micropub_token($user->micropub_access_token, $user->token_endpoint);
  237. 

  238.     $user->authorization_endpoint = '';
  239.     $user->token_endpoint = '';
  240.     $user->micropub_endpoint = '';
  241.     $user->authorization_endpoint = '';
  242.     $user->micropub_media_endpoint = '';
  243.     $user->micropub_scope = '';
  244.     $user->micropub_access_token = '';
  245.     $user->syndication_targets = '';
  246.     $user->supported_post_types = '';
  247.     $user->save();
  248. 

  249.     unset($_SESSION['auth']);
  250.     unset($_SESSION['me']);
  251.     unset($_SESSION['auth_state']);
  252.     unset($_SESSION['user_id']);
  253.   }
  254.   $app->redirect('/', 302);
  255. });
  256. 

  257. $app->post('/auth/twitter', function() use($app) {
  258.   if(!Config::$twitterClientID) {
  259.     $app->response()['Content-type'] = 'application/json';
  260.     $app->response()->body(json_encode(array(
  261.       'result' => 'error'
  262.     )));
  263.     return;
  264.   }
  265. 

  266.   if($user=require_login($app, false)) {
  267.     $params = $app->request()->params();
  268.     // User just auth'd with twitter, store the access token

  269.     $user->twitter_access_token = $params['twitter_token'];
  270.     $user->twitter_token_secret = $params['twitter_secret'];
  271.     $user->save();
  272. 

  273.     $app->response()['Content-type'] = 'application/json';
  274.     $app->response()->body(json_encode(array(
  275.       'result' => 'ok'
  276.     )));
  277.   } else {
  278.     $app->response()['Content-type'] = 'application/json';
  279.     $app->response()->body(json_encode(array(
  280.       'result' => 'error'
  281.     )));
  282.   }
  283. });
  284. 

  285. function getTwitterLoginURL(&$twitter) {
  286.   $request_token = $twitter->oauth('oauth/request_token', [
  287.     'oauth_callback' => Config::$base_url . 'auth/twitter/callback'
  288.   ]);
  289.   $_SESSION['twitter_auth'] = $request_token;
  290.   return $twitter->url('oauth/authorize', ['oauth_token' => $request_token['oauth_token']]);
  291. }
  292. 

  293. $app->get('/auth/twitter', function() use($app) {
  294.   if(!Config::$twitterClientID) {
  295.     $app->response()['Content-type'] = 'application/json';
  296.     $app->response()->body(json_encode(array(
  297.       'result' => 'error'
  298.     )));
  299.     return;
  300.   }
  301. 

  302.   $params = $app->request()->params();
  303.   if($user=require_login($app, false)) {
  304. 

  305.     // If there is an existing Twitter token, check if it is valid

  306.     // Otherwise, generate a Twitter login link

  307.     $twitter_login_url = false;
  308. 

  309.     if(array_key_exists('login', $params)) {
  310.       $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret);
  311.       $twitter_login_url = getTwitterLoginURL($twitter);
  312.     } else {
  313.       $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret,
  314.         $user->twitter_access_token, $user->twitter_token_secret);
  315. 

  316.       if($user->twitter_access_token) {
  317.         if($twitter->get('account/verify_credentials')) {
  318.           $app->response()['Content-type'] = 'application/json';
  319.           $app->response()->body(json_encode(array(
  320.             'result' => 'ok'
  321.           )));
  322.           return;
  323.         } else {
  324.           // If the existing twitter token is not valid, generate a login link

  325.           $twitter_login_url = getTwitterLoginURL($twitter);
  326.         }
  327.       } else {
  328.         $twitter_login_url = getTwitterLoginURL($twitter);
  329.       }
  330.     }
  331. 

  332.     $app->response()['Content-type'] = 'application/json';
  333.     $app->response()->body(json_encode(array(
  334.       'url' => $twitter_login_url
  335.     )));
  336. 

  337.   } else {
  338.     $app->response()['Content-type'] = 'application/json';
  339.     $app->response()->body(json_encode(array(
  340.       'result' => 'error'
  341.     )));
  342.   }
  343. });
  344. 

  345. $app->get('/auth/twitter/callback', function() use($app) {
  346.   if($user=require_login($app)) {
  347.     $params = $app->request()->params();
  348. 

  349.     $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret,
  350.       $_SESSION['twitter_auth']['oauth_token'], $_SESSION['twitter_auth']['oauth_token_secret']);
  351.     $credentials = $twitter->oauth('oauth/access_token', ['oauth_verifier' => $params['oauth_verifier']]);
  352. 

  353.     $user->twitter_access_token = $credentials['oauth_token'];
  354.     $user->twitter_token_secret = $credentials['oauth_token_secret'];
  355.     $user->twitter_username = $credentials['screen_name'];
  356.     $user->save();
  357. 

  358.     $app->redirect('/settings');
  359.   }
  360. });