p3k
/
Quill
mirror of https://github.com/aaronpk/Quill.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
301 Commits
3 Branches
4.1 MiB
Tree: 6fc7d060cb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6fc7d060cb'
${ noResults }
Quill/controllers/auth.php

361 lines
12 KiB
Raw Normal View History

Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
do the micropub post and redirect after it's created!
9 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
do the micropub post and redirect after it's created!
9 years ago
redo how auto-login works
7 years ago
do the micropub post and redirect after it's created!
9 years ago
integrates photo uploading in the main note interface Quill corrects the photo rotation based on exif data since iOS tends to take landscape photos and set the rotation bit when holding it in portrait mode.
8 years ago
only skip debugging screens if the endpoints are the same as before
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
integrates photo uploading in the main note interface Quill corrects the photo rotation based on exif data since iOS tends to take landscape photos and set the rotation bit when holding it in portrait mode.
8 years ago
only skip debugging screens if the endpoints are the same as before
8 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
provide option for choosing the scope to request update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
7 years ago
redo how auto-login works
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
redo how auto-login works
7 years ago
provide option for choosing the scope to request update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
7 years ago
redo how auto-login works
7 years ago
Support full automatic no-questions-asked login - ?me=.. on homepage redirects to auth - ?dontask=1 skips confirmation questions - "reply" and other parameters are transferred across login
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
provide option for choosing the scope to request update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
7 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
provide option for choosing the scope to request update to "create" scope by default, but allow the user to choose "post" as a fallback. also updates indieauth/client to 0.2 for json support.
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
don't rely on the "me" in the callback URL closes #79
6 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
don't rely on the "me" in the callback URL closes #79
6 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
use IndieAuth Client instead of doing it manually still shows debug messages when missing endpoints to help people get started
5 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
don't rely on the "me" in the callback URL closes #79
6 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
don't rely on the "me" in the callback URL closes #79
6 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
Adds support for querying your micropub endpoint to check for syndication targets. This changes the value of "in-reply-to" to use hyphens instead of underscore separators!! Also shows you the full request made to your micropub endpoint.
9 years ago
support media endpoint, autosave notes in local storage * looks for a media endpoint in the micropub config * if media endpoint is available, both the note interface and the editor will upload files to it instead of posting the photo directly * the note interface autosaves in-progress notes in localstorage
8 years ago
Adds support for querying your micropub endpoint to check for syndication targets. This changes the value of "in-reply-to" to use hyphens instead of underscore separators!! Also shows you the full request made to your micropub endpoint.
9 years ago
pass q=config in initial micropub config query fixes #54
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
redo how auto-login works
7 years ago
do the micropub post and redirect after it's created!
9 years ago
redo how auto-login works
7 years ago
do the micropub post and redirect after it's created!
9 years ago
redo how auto-login works
7 years ago
do the micropub post and redirect after it's created!
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
improvements to login UI, upgrades libraries makes the login experience a bit friendlier to non-developer users
5 years ago
do the micropub post and redirect after it's created!
9 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
redo how auto-login works
7 years ago
Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation.
10 years ago
move some auth routes to auth.php
7 years ago
add reset login option
7 years ago
add support for token revocation
5 years ago
add reset login option
7 years ago
reset micropub config data
5 years ago
add reset login option
7 years ago
add support for token revocation
5 years ago
add reset login option
7 years ago
move some auth routes to auth.php
7 years ago
disable twitter stuff if no twitter client is set
4 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
disable twitter stuff if no twitter client is set
4 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
clean up note UI, show reply context * shows reply context of the URL you're replying to * autocomplete nicknames from the post when replying * moved debug info to the settings screen to clean up the UI
7 years ago
move some auth routes to auth.php
7 years ago
 
  1. <?php
  2. use Abraham\TwitterOAuth\TwitterOAuth;
  3. 

  4. IndieAuth\Client::$clientID = Config::$base_url;
  5. IndieAuth\Client::$redirectURL = Config::$base_url.'auth/callback';
  6. 

  7. $app->get('/auth/start', function() use($app) {
  8.   $req = $app->request();
  9. 

  10.   $params = $req->params();
  11. 

  12.   $defaultScope = 'create update media';
  13. 

  14.   list($authorizationURL, $error) = IndieAuth\Client::begin($params['me'], $defaultScope);
  15. 

  16.   // Double check for a micropub endpoint here for debugging purposes

  17.   if(!$error) {
  18.     $me = $_SESSION['indieauth_url']; // set by IndieAuth\Client::begin(), will be the normalized and resolved URL

  19.     $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'] = IndieAuth\Client::discoverMicropubEndpoint($me);
  20.     if(!$micropubEndpoint) {
  21.       $error['error'] = 'missing_micropub_endpoint';
  22.     }
  23.   }
  24. 

  25.   if($error && in_array($error['error'], ['missing_authorization_endpoint','missing_token_endpoint','missing_micropub_endpoint'])) {
  26.     // Display debug info for these particular errors

  27. 

  28.     $me = $_SESSION['indieauth_url']; // set by IndieAuth\Client::begin(), will be the normalized and resolved URL

  29.     $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'] = IndieAuth\Client::discoverMicropubEndpoint($me);
  30.     $tokenEndpoint = $_SESSION['indieauth']['token_endpoint'] = IndieAuth\Client::discoverTokenEndpoint($me);
  31.     $authorizationEndpoint = $_SESSION['indieauth']['authorization_endpoint'] = IndieAuth\Client::discoverAuthorizationEndpoint($me);
  32. 

  33.     $html = render('auth_start', array(
  34.       'title' => 'Sign In',
  35.       'me' => $me,
  36.       'authorizing' => $me,
  37.       'meParts' => parse_url($me),
  38.       'tokenEndpoint' => $tokenEndpoint,
  39.       'micropubEndpoint' => $micropubEndpoint,
  40.       'authorizationEndpoint' => $authorizationEndpoint,
  41.       'authorizationURL' => false
  42.     ));
  43.     $app->response()->body($html);
  44.     return;
  45.   }
  46. 

  47.   // Handle other errors like connection errors by showing a generic error page

  48.   if($error) {
  49.     $html = render('auth_error', array(
  50.       'title' => 'Sign In',
  51.       'error' => $error['error'],
  52.       'errorDescription' => $error['error_description'],
  53.     ));
  54.     $app->response()->body($html);
  55.     return;
  56.   }
  57. 

  58.   $me = $_SESSION['indieauth_url']; // set by IndieAuth\Client::begin(), will be the normalized and resolved URL

  59.   $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'] = IndieAuth\Client::discoverMicropubEndpoint($me);
  60.   $tokenEndpoint = $_SESSION['indieauth']['token_endpoint'] = IndieAuth\Client::discoverTokenEndpoint($me);
  61.   $authorizationEndpoint = $_SESSION['indieauth']['authorization_endpoint'] = IndieAuth\Client::discoverAuthorizationEndpoint($me);
  62. 

  63.   if(k($params, 'redirect')) {
  64.     $_SESSION['redirect_after_login'] = $params['redirect'];
  65.   }
  66.   if(k($params, 'reply')) {
  67.     $_SESSION['reply'] = $params['reply'];
  68.   }
  69. 

  70.   // If the user has already signed in before and has a micropub access token,

  71.   // and the endpoints are all the same, skip the debugging screens and redirect

  72.   // immediately to the auth endpoint.

  73.   // This will still generate a new access token when they finish logging in.

  74.   $user = ORM::for_table('users')->where('url', $me)->find_one();
  75.   if($user && $user->micropub_access_token
  76.     && $user->micropub_endpoint == $micropubEndpoint
  77.     && $user->token_endpoint == $tokenEndpoint
  78.     && $user->authorization_endpoint == $authorizationEndpoint
  79.     && !array_key_exists('restart', $params)) {
  80. 

  81.     // Request whatever scope was previously granted

  82.     $authorizationURL = parse_url($authorizationURL);
  83.     $authorizationURL['scope'] = $user->micropub_scope;
  84.     $authorizationURL = http_build_url($authorizationURL);
  85. 

  86.     $app->redirect($authorizationURL, 302);
  87. 

  88.   } else {
  89. 

  90.     if(k($params, 'dontask') && $params['dontask']) {
  91.       // Request whatever scope was previously granted

  92.       $authorizationURL = parse_url($authorizationURL);
  93.       $authorizationURL['scope'] = $user->micropub_scope ?: $defaultScope;
  94.       $authorizationURL = http_build_url($authorizationURL);
  95. 

  96.       $_SESSION['dontask'] = 1;
  97.       $app->redirect($authorizationURL, 302);
  98.     }
  99. 

  100.     $html = render('auth_start', array(
  101.       'title' => 'Sign In',
  102.       'me' => $me,
  103.       'authorizing' => $me,
  104.       'meParts' => parse_url($me),
  105.       'tokenEndpoint' => $tokenEndpoint,
  106.       'micropubEndpoint' => $micropubEndpoint,
  107.       'authorizationEndpoint' => $authorizationEndpoint,
  108.       'authorizationURL' => $authorizationURL
  109.     ));
  110.     $app->response()->body($html);
  111.   }
  112. });
  113. 

  114. $app->get('/auth/redirect', function() use($app) {
  115.   $req = $app->request();
  116.   $params = $req->params();
  117. 

  118.   // Override scope from the form the user selects

  119. 

  120.   if(!isset($params['scope']))
  121.     $params['scope'] = '';
  122. 

  123.   $authorizationURL = parse_url($params['authorization_url']);
  124.   parse_str($authorizationURL['query'], $query);
  125.   $query['scope'] = $params['scope'];
  126.   $authorizationURL['query'] = http_build_query($query);
  127.   $authorizationURL = http_build_url($authorizationURL);
  128. 

  129.   $app->redirect($authorizationURL);
  130.   return;
  131. });
  132. 

  133. $app->get('/auth/callback', function() use($app) {
  134.   $req = $app->request();
  135.   $params = $req->params();
  136. 

  137.   list($token, $error) = IndieAuth\Client::complete($params, true);
  138. 

  139.   if($error) {
  140.     $html = render('auth_error', [
  141.       'title' => 'Auth Callback',
  142.       'error' => $error['error'],
  143.       'errorDescription' => $error['error_description'],
  144.     ]);
  145.     $app->response()->body($html);
  146.     return;
  147.   }
  148. 

  149.   $me = $token['me'];
  150. 

  151.   // Use the discovered endpoints saved in the session

  152.   $micropubEndpoint = $_SESSION['indieauth']['micropub_endpoint'];
  153.   $tokenEndpoint = $_SESSION['indieauth']['token_endpoint'];
  154. 

  155.   $redirectToDashboardImmediately = false;
  156. 

  157.   // If a valid access token was returned, store the token info in the session and they are signed in

  158.   if(k($token['auth'], array('me','access_token','scope'))) {
  159. 

  160.     $_SESSION['auth'] = $token['auth'];
  161.     $_SESSION['me'] = $me = $token['auth']['me'];
  162. 

  163.     $user = ORM::for_table('users')->where('url', $me)->find_one();
  164.     if($user) {
  165.       // Already logged in, update the last login date

  166.       $user->last_login = date('Y-m-d H:i:s');
  167.       // If they have logged in before and we already have an access token, then redirect to the dashboard now

  168.       if($user->micropub_access_token)
  169.         $redirectToDashboardImmediately = true;
  170.     } else {
  171.       // New user! Store the user in the database

  172.       $user = ORM::for_table('users')->create();
  173.       $user->url = $me;
  174.       $user->date_created = date('Y-m-d H:i:s');
  175.     }
  176.     $user->authorization_endpoint = $_SESSION['indieauth']['authorization_endpoint'];
  177.     $user->token_endpoint = $tokenEndpoint;
  178.     $user->micropub_endpoint = $micropubEndpoint;
  179.     $user->micropub_access_token = $token['auth']['access_token'];
  180.     $user->micropub_scope = $token['auth']['scope'];
  181.     $user->micropub_response = $token['response'];
  182.     $user->save();
  183.     $_SESSION['user_id'] = $user->id();
  184. 

  185.     // Make a request to the micropub endpoint to discover the syndication targets and media endpoint if any.

  186.     // Errors are silently ignored here. The user will be able to retry from the new post interface and get feedback.

  187.     get_micropub_config($user, ['q'=>'config']);
  188.   }
  189. 

  190.   unset($_SESSION['indieauth']);
  191. 

  192.   if($redirectToDashboardImmediately || k($_SESSION, 'dontask')) {
  193.     unset($_SESSION['dontask']);
  194.     if(k($_SESSION, 'redirect_after_login')) {
  195.       $dest = $_SESSION['redirect_after_login'];
  196.       unset($_SESSION['redirect_after_login']);
  197.       $app->redirect($dest, 302);
  198.     } else {
  199.       $query = [];
  200.       if(k($_SESSION, 'reply')) {
  201.         $query['reply'] = $_SESSION['reply'];
  202.         unset($_SESSION['reply']);
  203.       }
  204.       $app->redirect('/new?' . http_build_query($query), 302);
  205.     }
  206.   } else {
  207.     $tokenResponse = $token['response'];
  208.     $parsed = @json_decode($tokenResponse);
  209.     if($parsed)
  210.       $tokenResponse = json_encode($parsed, JSON_PRETTY_PRINT+JSON_UNESCAPED_SLASHES);
  211. 

  212.     $html = render('auth_callback', array(
  213.       'title' => 'Sign In',
  214.       'me' => $me,
  215.       'authorizing' => $me,
  216.       'meParts' => parse_url($me),
  217.       'tokenEndpoint' => $tokenEndpoint,
  218.       'auth' => $token['auth'],
  219.       'response' => $tokenResponse,
  220.       'curl_error' => (array_key_exists('error', $token) ? $token['error'] : false),
  221.       'destination' => (k($_SESSION, 'redirect_after_login') ?: '/new')
  222.     ));
  223.     $app->response()->body($html);
  224.   }
  225. });
  226. 

  227. $app->get('/signout', function() use($app) {
  228.   unset($_SESSION['auth']);
  229.   unset($_SESSION['me']);
  230.   unset($_SESSION['auth_state']);
  231.   unset($_SESSION['user_id']);
  232.   $app->redirect('/', 302);
  233. });
  234. 

  235. $app->post('/auth/reset', function() use($app) {
  236.   if($user=require_login($app, false)) {
  237.     revoke_micropub_token($user->micropub_access_token, $user->token_endpoint);
  238. 

  239.     $user->authorization_endpoint = '';
  240.     $user->token_endpoint = '';
  241.     $user->micropub_endpoint = '';
  242.     $user->authorization_endpoint = '';
  243.     $user->micropub_media_endpoint = '';
  244.     $user->micropub_scope = '';
  245.     $user->micropub_access_token = '';
  246.     $user->syndication_targets = '';
  247.     $user->supported_post_types = '';
  248.     $user->save();
  249. 

  250.     unset($_SESSION['auth']);
  251.     unset($_SESSION['me']);
  252.     unset($_SESSION['auth_state']);
  253.     unset($_SESSION['user_id']);
  254.   }
  255.   $app->redirect('/', 302);
  256. });
  257. 

  258. $app->post('/auth/twitter', function() use($app) {
  259.   if(!Config::$twitterClientID) {
  260.     $app->response()['Content-type'] = 'application/json';
  261.     $app->response()->body(json_encode(array(
  262.       'result' => 'error'
  263.     )));
  264.     return;
  265.   }
  266. 

  267.   if($user=require_login($app, false)) {
  268.     $params = $app->request()->params();
  269.     // User just auth'd with twitter, store the access token

  270.     $user->twitter_access_token = $params['twitter_token'];
  271.     $user->twitter_token_secret = $params['twitter_secret'];
  272.     $user->save();
  273. 

  274.     $app->response()['Content-type'] = 'application/json';
  275.     $app->response()->body(json_encode(array(
  276.       'result' => 'ok'
  277.     )));
  278.   } else {
  279.     $app->response()['Content-type'] = 'application/json';
  280.     $app->response()->body(json_encode(array(
  281.       'result' => 'error'
  282.     )));
  283.   }
  284. });
  285. 

  286. function getTwitterLoginURL(&$twitter) {
  287.   $request_token = $twitter->oauth('oauth/request_token', [
  288.     'oauth_callback' => Config::$base_url . 'auth/twitter/callback'
  289.   ]);
  290.   $_SESSION['twitter_auth'] = $request_token;
  291.   return $twitter->url('oauth/authorize', ['oauth_token' => $request_token['oauth_token']]);
  292. }
  293. 

  294. $app->get('/auth/twitter', function() use($app) {
  295.   if(!Config::$twitterClientID) {
  296.     $app->response()['Content-type'] = 'application/json';
  297.     $app->response()->body(json_encode(array(
  298.       'result' => 'error'
  299.     )));
  300.     return;
  301.   }
  302. 

  303.   $params = $app->request()->params();
  304.   if($user=require_login($app, false)) {
  305. 

  306.     // If there is an existing Twitter token, check if it is valid

  307.     // Otherwise, generate a Twitter login link

  308.     $twitter_login_url = false;
  309. 

  310.     if(array_key_exists('login', $params)) {
  311.       $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret);
  312.       $twitter_login_url = getTwitterLoginURL($twitter);
  313.     } else {
  314.       $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret,
  315.         $user->twitter_access_token, $user->twitter_token_secret);
  316. 

  317.       if($user->twitter_access_token) {
  318.         if($twitter->get('account/verify_credentials')) {
  319.           $app->response()['Content-type'] = 'application/json';
  320.           $app->response()->body(json_encode(array(
  321.             'result' => 'ok'
  322.           )));
  323.           return;
  324.         } else {
  325.           // If the existing twitter token is not valid, generate a login link

  326.           $twitter_login_url = getTwitterLoginURL($twitter);
  327.         }
  328.       } else {
  329.         $twitter_login_url = getTwitterLoginURL($twitter);
  330.       }
  331.     }
  332. 

  333.     $app->response()['Content-type'] = 'application/json';
  334.     $app->response()->body(json_encode(array(
  335.       'url' => $twitter_login_url
  336.     )));
  337. 

  338.   } else {
  339.     $app->response()['Content-type'] = 'application/json';
  340.     $app->response()->body(json_encode(array(
  341.       'result' => 'error'
  342.     )));
  343.   }
  344. });
  345. 

  346. $app->get('/auth/twitter/callback', function() use($app) {
  347.   if($user=require_login($app)) {
  348.     $params = $app->request()->params();
  349. 

  350.     $twitter = new TwitterOAuth(Config::$twitterClientID, Config::$twitterClientSecret,
  351.       $_SESSION['twitter_auth']['oauth_token'], $_SESSION['twitter_auth']['oauth_token_secret']);
  352.     $credentials = $twitter->oauth('oauth/access_token', ['oauth_verifier' => $params['oauth_verifier']]);
  353. 

  354.     $user->twitter_access_token = $credentials['oauth_token'];
  355.     $user->twitter_token_secret = $credentials['oauth_token_secret'];
  356.     $user->twitter_username = $credentials['screen_name'];
  357.     $user->save();
  358. 

  359.     $app->redirect('/settings');
  360.   }
  361. });