Upstream

.github/workflows/main.yml

@@ -0,0 +1,24 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        ruby: ['2.6', '2.7', '3.0', '3.1', '3.2', '3.3', '3.4', '4.0', 'jruby']
+      fail-fast: false
+      max-parallel: 10
+    runs-on: ubuntu-latest
+
+    env:
+      CI: true
+
+    name: ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # 'bundle install' and cache
+          ruby-version: ${{ matrix.ruby }}
+      - run: bundle exec rake

CHANGELOG.md

@@ -0,0 +1,4 @@
+# CHANGELOG
+
+## [1.4.0] - Feb 17, 2017
+- Allow passing a callback_url param, see https://github.com/arunagw/omniauth-twitter/pull/107

CONTRIBUTING.md

@@ -19,8 +19,7 @@ new line in each of your commit messages:
 [ci skip]
 ```
 
-This will signal [Travis](https://travis-ci.org) that running the test suite is
-not necessary for these changes.
+This will signal [GitHub Actions](https://docs.github.com/en/actions) that running the test suite is not necessary for these changes.
 
 # Reporting Bugs
 

Gemfile

@@ -5,6 +5,15 @@ gemspec
 gem 'rake'
 
 group :test do
+  if Gem::Version.create(RUBY_VERSION) < Gem::Version.create("2.0.0")
+    # for jruby 1.7.x
+    gem "addressable", "2.4.0"
+  end
+
+  if Gem::Version.create(RUBY_VERSION) < Gem::Version.create("2.2.2")
+    gem "rack", "~> 1.6"
+  end
+
   gem 'rspec', '~> 3.2'
   gem 'rack-test'
   gem 'simplecov'

README.md

@@ -1,18 +1,17 @@
 # OmniAuth Twitter
 
 [![Gem Version](https://badge.fury.io/rb/omniauth-twitter.svg)](http://badge.fury.io/rb/omniauth-twitter)
-[![CI Build Status](https://secure.travis-ci.org/arunagw/omniauth-twitter.svg?branch=master)](http://travis-ci.org/arunagw/omniauth-twitter)
 [![Code Climate](https://codeclimate.com/github/arunagw/omniauth-twitter.png)](https://codeclimate.com/github/arunagw/omniauth-twitter)
 
 This gem contains the Twitter strategy for OmniAuth.
 
-Twitter offers a few different methods of integration. This strategy implements the browser variant of the "[Sign in with Twitter](https://dev.twitter.com/docs/auth/implementing-sign-twitter)" flow.
+Twitter offers a few different methods of integration. This strategy implements the browser variant of the "[Sign in with Twitter](https://dev.twitter.com/web/sign-in/implementing)" flow.
 
 Twitter uses OAuth 1.0a. Twitter's developer area contains ample documentation on how it implements this, so check that out if you are really interested in the details.
 
 ## Before You Begin
 
-You should have already installed OmniAuth into your app; if not, read the [OmniAuth README](https://github.com/intridea/omniauth) to get started.
+You should have already installed OmniAuth into your app; if not, read the [OmniAuth README](https://github.com/omniauth/omniauth) to get started.
 
 Now sign in into the [Twitter developer area](https://dev.twitter.com/apps) and create an application. Take note of your API Key and API Secret (not the Access Token and Access Token Secret) because that is what your web application will use to authenticate against the Twitter API. Make sure to set a callback URL or else you may get authentication errors. (It doesn't matter what it is, just that it is set.)
 
@@ -42,7 +41,7 @@ Replace `"API_KEY"` and `"API_SECRET"` with the appropriate values you obtained
 
 ## Authentication Options
 
-Twitter supports a [few options](https://dev.twitter.com/docs/api/1/get/oauth/authenticate) when authenticating. Usually you would specify these options as query parameters to the Twitter API authentication url (`https://api.twitter.com/oauth/authenticate` by default). With OmniAuth, of course, you use `http://yourapp.com/auth/twitter` instead. Because of this, this OmniAuth provider will pick up the query parameters you pass to the `/auth/twitter` URL and re-use them when making the call to the Twitter API.
+Twitter supports a [few options](https://developer.twitter.com/en/docs/basics/authentication/api-reference/authenticate) when authenticating. Usually you would specify these options as query parameters to the Twitter API authentication URL (`https://api.x.com/oauth/authenticate` by default). With OmniAuth, of course, you use `http://yourapp.com/auth/twitter` instead. Because of this, this OmniAuth provider will pick up the query parameters you pass to the `/auth/twitter` URL and re-use them when making the call to the Twitter API.
 
 The options are:
 
@@ -52,15 +51,15 @@ The options are:
 
 * **lang** - The language used in the Twitter prompt. This is useful for adding i18n support since the language of the prompt can be dynamically set for each user. *Example:* `http://yoursite.com/auth/twitter?lang=pt`
 
-* **secure_image_url** - Set to `true` to use https for the user's image url. Default is `false`.
+* **secure_image_url** - Set to `true` to use https for the user's image URL. Default is `false`.
 
 * **image_size**: This option defines the size of the user's image. Valid options include `mini` (24x24), `normal` (48x48), `bigger` (73x73) and `original` (the size of the image originally uploaded). Default is `normal`.
 
-* **x_auth_access_type** - This option (described [here](https://dev.twitter.com/docs/api/1/post/oauth/request_token)) lets you request the level of access that your app will have to the Twitter account in question. *Example:* `http://yoursite.com/auth/twitter?x_auth_access_type=read`
+* **x_auth_access_type** - This option (described [here](https://developer.twitter.com/en/docs/basics/authentication/api-reference/request_token)) lets you request the level of access that your app will have to the Twitter account in question. *Example:* `http://yoursite.com/auth/twitter?x_auth_access_type=read`
 
-* **use_authorize** - There are actually two URLs you can use against the Twitter API. As mentioned, the default is `https://api.twitter.com/oauth/authenticate`, but you also have `https://api.twitter.com/oauth/authorize`. Passing this option as `true` will use the second URL rather than the first. What's the difference? As described [here](https://dev.twitter.com/docs/api/1/get/oauth/authenticate), with `authenticate`, if your user has already granted permission to your application, Twitter will redirect straight back to your application, whereas `authorize` forces the user to go through the "grant permission" screen again. For certain use cases this may be necessary. *Example:* `http://yoursite.com/auth/twitter?use_authorize=true`. *Note:* You must have "Allow this application to be used to Sign in with Twitter" checked in [your application's settings](https://dev.twitter.com/apps) - without it your user will be asked to authorize your application each time they log in.
+* **use_authorize** - There are actually two URLs you can use against the Twitter API. As mentioned, the default is `https://api.x.com/oauth/authenticate`, but you also have `https://api.twitter.com/oauth/authorize`. Passing this option as `true` will use the second URL rather than the first. What's the difference? As described [here](https://developer.twitter.com/en/docs/basics/authentication/api-reference/authenticate), with `authenticate`, if your user has already granted permission to your application, Twitter will redirect straight back to your application, whereas `authorize` forces the user to go through the "grant permission" screen again. For certain use cases this may be necessary. *Example:* `http://yoursite.com/auth/twitter?use_authorize=true`. *Note:* You must have "Allow this application to be used to Sign in with Twitter" checked in [your application's settings](https://dev.twitter.com/apps) - without it your user will be asked to authorize your application each time they log in.
 
-Here's an example of a possible configuration where the the user's original profile picture is returned over https, the user is always prompted to sign-in and the default language of the Twitter prompt is changed:
+Here's an example of a possible configuration where the user's original profile picture is returned over https, the user is always prompted to sign-in and the default language of the Twitter prompt is changed:
 
 ```ruby
 Rails.application.config.middleware.use OmniAuth::Builder do
@@ -84,7 +83,7 @@ An example auth hash available in `request.env['omniauth.auth']`:
   :provider => "twitter",
   :uid => "123456",
   :info => {
-    :nickname => "johnqpublic",
+    :nickname => "johnqpublic", # screen name
     :name => "John Q Public",
     :location => "Anytown, USA",
     :image => "http://si0.twimg.com/sticky/default_profile_images/default_profile_2_normal.png",
@@ -117,7 +116,7 @@ An example auth hash available in `request.env['omniauth.auth']`:
       :profile_sidebar_fill_color => "666666",
       :followers_count => 1,
       :default_profile_image => false,
-      :screen_name => "",
+      :screen_name => "johnqpublic",
       :following => false,
       :utc_offset => -3600,
       :verified => false,
@@ -156,7 +155,9 @@ Ryan Bates has put together an excellent RailsCast on OmniAuth:
 
 ## Supported Rubies
 
-OmniAuth Twitter is tested under 1.9.3, 2.0.0, 2.1.x, 2.2.x, JRuby, and Rubinius.
+OmniAuth Twitter is tested under 2.1.x, 2.2.x and JRuby.
+
+If you use its gem on ruby 1.9.x, 2.0.x, or Rubinius use version v1.2.1 .
 
 ## Contributing
 

lib/omniauth-twitter/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Twitter
-    VERSION = "1.2.1"
+    VERSION = "1.4.0"
   end
 end

lib/omniauth/strategies/twitter.rb

@@ -7,7 +7,7 @@ class Twitter < OmniAuth::Strategies::OAuth
       option :name, 'twitter'
 
       option :client_options, {:authorize_path => '/oauth/authenticate',
-                               :site => 'https://api.twitter.com',
+                               :site => 'https://api.x.com',
                                :proxy => ENV['http_proxy'] ? URI(ENV['http_proxy']) : nil}
 
       uid { access_token.params[:user_id] }
@@ -61,8 +61,24 @@ def request_phase
         old_request_phase
       end
 
+      alias :old_callback_url :callback_url
+
       def callback_url
-        request.params['callback_url'] || super
+        if request.params['callback_url']
+          request.params['callback_url']
+        else
+          old_callback_url
+        end
+      end
+
+      def callback_path
+        params = session['omniauth.params']
+
+        if params.nil? || params['callback_url'].nil?
+          super
+        else
+          URI(params['callback_url']).path
+        end
       end
 
       private

omniauth-twitter.gemspec

@@ -16,8 +16,8 @@ Gem::Specification.new do |s|
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-
-  s.add_dependency 'json', '~> 1.3'
+  s.required_ruby_version = Gem::Requirement.new('>= 1.9.3')
   s.add_dependency 'omniauth-oauth', '~> 1.1'
-  s.add_development_dependency 'bundler', '~> 1.0'
+  s.add_dependency 'rack'
+  s.add_dependency 'cgi'
 end

spec/omniauth/strategies/twitter_spec.rb

@@ -18,7 +18,7 @@
     end
 
     it 'should have correct site' do
-      expect(subject.options.client_options.site).to eq('https://api.twitter.com')
+      expect(subject.options.client_options.site).to eq('https://api.x.com')
     end
 
     it 'should have correct authorize url' do
@@ -130,6 +130,48 @@
       end
     end
 
+    context 'with a specified callback_url in the params' do
+      before do
+        params = { 'callback_url' => 'http://foo.dev/auth/twitter/foobar' }
+        allow(subject).to receive(:request) do
+          double('Request', :params => params)
+        end
+        allow(subject).to receive(:session) do
+          double('Session', :[] => { 'callback_url' => params['callback_url'] })
+        end
+        allow(subject).to receive(:old_request_phase) { :whatever }
+      end
+
+      it 'should use the callback_url' do
+        expect(subject.callback_url).to eq 'http://foo.dev/auth/twitter/foobar'
+      end
+
+      it 'should return the correct callback_path' do
+        expect(subject.callback_path).to eq '/auth/twitter/foobar'
+      end
+    end
+
+    context 'with no callback_url set' do
+      before do
+        allow(subject).to receive(:request) do
+          double('Request', :params => {})
+        end
+        allow(subject).to receive(:session) do
+          double('Session', :[] => {})
+        end
+        allow(subject).to receive(:old_request_phase) { :whatever }
+        allow(subject).to receive(:old_callback_url).and_return(:old_callback)
+      end
+
+      it 'callback_url should return nil' do
+        expect(subject.callback_url).to eq :old_callback
+      end
+
+      it 'should return the default callback_path value' do
+        expect(subject.callback_path).to eq '/auth/twitter/callback'
+      end
+    end
+
     context "with no request params set and force_login specified" do
       before do
         allow(subject).to receive(:request) do

spec/spec_helper.rb

@@ -2,7 +2,7 @@
 $:.unshift File.expand_path('../../lib', __FILE__)
 require 'simplecov'
 SimpleCov.start do
-  minimum_coverage(94.59)
+  minimum_coverage(90)
 end
 require 'rspec'
 require 'rack/test'