diff --git a/.env.sample b/.env.sample
index f6352d66..44203567 100644
--- a/.env.sample
+++ b/.env.sample
@@ -9,3 +9,7 @@ VAPID_PRIVATE_KEY=
# Vimeo access token required for Library downloads. Required scopes: "private video_files public"
VIMEO_ACCESS_TOKEN=
+
+# X Oauth 2.0 Token
+X_CLIENT_ID=
+X_CLIENT_SECRET=
\ No newline at end of file
diff --git a/Gemfile b/Gemfile
index 9fd9af82..da7efa12 100644
--- a/Gemfile
+++ b/Gemfile
@@ -79,3 +79,7 @@ gem "inertia_rails", "~> 3.11"
gem "vite_rails", "~> 3.0"
gem "ruby-openai"
+
+gem "omniauth"
+gem "omniauth-twitter2"
+gem "omniauth-rails_csrf_protection"
diff --git a/Gemfile.lock b/Gemfile.lock
index 4bad2129..87165f1d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -182,6 +182,8 @@ GEM
globalid (1.2.1)
activesupport (>= 6.1)
hashdiff (1.1.0)
+ hashie (5.1.0)
+ logger
heapy (0.2.0)
thor
httparty (0.23.1)
@@ -230,7 +232,6 @@ GEM
matrix (0.4.2)
mini_magick (4.12.0)
mini_mime (1.1.5)
- mini_portile2 (2.8.9)
minitest (5.25.4)
mocha (2.1.0)
ruby2_keywords (>= 0.0.5)
@@ -264,6 +265,28 @@ GEM
racc (~> 1.4)
nokogiri (1.18.3-x86_64-linux-gnu)
racc (~> 1.4)
+ oauth2 (2.0.18)
+ faraday (>= 0.17.3, < 4.0)
+ jwt (>= 1.0, < 4.0)
+ logger (~> 1.2)
+ multi_xml (~> 0.5)
+ rack (>= 1.2, < 4)
+ snaky_hash (~> 2.0, >= 2.0.3)
+ version_gem (~> 1.1, >= 1.1.9)
+ omniauth (2.1.4)
+ hashie (>= 3.4.6)
+ logger
+ rack (>= 2.2.3)
+ rack-protection
+ omniauth-oauth2 (1.9.0)
+ oauth2 (>= 2.0.2, < 3)
+ omniauth (~> 2.0)
+ omniauth-rails_csrf_protection (2.0.1)
+ actionpack (>= 4.2)
+ omniauth (~> 2.0)
+ omniauth-twitter2 (1.0.0)
+ omniauth
+ omniauth-oauth2 (~> 1.0)
openssl (3.2.0)
parallel (1.24.0)
parser (3.3.0.3)
@@ -393,8 +416,13 @@ GEM
rack (~> 2.2, >= 2.2.4)
rack-protection (= 3.2.0)
tilt (~> 2.0)
- sqlite3 (1.7.3)
- mini_portile2 (~> 2.8.0)
+ snaky_hash (2.0.3)
+ hashie (>= 0.1.0, < 6)
+ version_gem (>= 1.1.8, < 3)
+ sqlite3 (1.7.3-aarch64-linux)
+ sqlite3 (1.7.3-arm64-darwin)
+ sqlite3 (1.7.3-x86_64-darwin)
+ sqlite3 (1.7.3-x86_64-linux)
stackprof (0.2.27)
stimulus-rails (1.3.3)
railties (>= 6.0.0)
@@ -412,6 +440,7 @@ GEM
unicode-display_width (2.5.0)
uri (1.0.3)
useragent (0.16.11)
+ version_gem (1.1.9)
vite_rails (3.0.19)
railties (>= 5.1, < 9)
vite_ruby (~> 3.0, >= 3.2.2)
@@ -462,6 +491,9 @@ DEPENDENCIES
mailkick
mocha
net-http-persistent
+ omniauth
+ omniauth-rails_csrf_protection
+ omniauth-twitter2
platform_agent
propshaft!
puma (~> 6.4)
diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
new file mode 100644
index 00000000..719729b5
--- /dev/null
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -0,0 +1,101 @@
+class Users::OmniauthCallbacksController < ApplicationController
+ include Authentication
+
+ skip_before_action :verify_authenticity_token, only: [ :twitter, :failure ]
+ skip_before_action :require_authentication, only: [ :twitter, :failure, :initiate_login ]
+ before_action :restore_authentication, only: [ :twitter ]
+
+ def twitter
+ auth_hash = request.env["omniauth.auth"]
+ login_only = session.delete(:oauth_login_only)
+
+ if auth_hash.blank?
+ redirect_to new_session_path, alert: "Authentication failed. Please try again."
+ return
+ end
+
+ if login_only
+ handle_login(auth_hash)
+ else
+ handle_connect(auth_hash)
+ end
+ end
+
+ private
+
+ def handle_login(auth_hash)
+ user = User.find_by(twitter_uid: auth_hash["uid"])
+
+ if user.present?
+ start_new_session_for(user)
+ redirect_to root_path, notice: "Signed in with X successfully!"
+ else
+ redirect_to new_session_path, alert: "No account found with this X account. Please sign in with email first and connect your X account."
+ end
+ end
+
+ def handle_connect(auth_hash)
+ unless Current.user
+ redirect_to new_session_path, alert: "Please sign in first to connect your X account."
+ return
+ end
+
+ begin
+ Current.user.update!(
+ twitter_uid: auth_hash["uid"],
+ twitter_oauth_token: auth_hash.dig("credentials", "token"),
+ twitter_oauth_refresh_token: auth_hash.dig("credentials", "refresh_token"),
+ twitter_screen_name: auth_hash.dig("info", "nickname"),
+ twitter_username: auth_hash.dig("info", "nickname"),
+ twitter_profile_image: auth_hash.dig("info", "image"),
+ twitter_connected_at: Time.current,
+ twitter_url: "https://x.com/#{auth_hash.dig('info', 'nickname')}"
+ )
+
+ redirect_to user_profile_path("me"), notice: "Successfully connected your X account!"
+ rescue => e
+ Rails.logger.error "X OAuth Error: #{e.message}"
+ Rails.logger.error e.backtrace.join("\n")
+ redirect_to user_profile_path("me"), alert: "Failed to connect X account. Please try again."
+ end
+ end
+
+ public
+
+ def initiate_login
+ session[:oauth_login_only] = true
+ render inline: <<-HTML, layout: false
+
+
+
+
+
+
+
+ HTML
+ end
+
+ def failure
+ error_message = request.params[:message] || "Authentication failed"
+ Rails.logger.error "OmniAuth Failure: #{error_message}"
+ redirect_to user_profile_path("me"), alert: "X authentication failed: #{error_message}"
+ end
+
+ def disconnect
+ Current.user.update!(
+ twitter_uid: nil,
+ twitter_oauth_token: nil,
+ twitter_oauth_refresh_token: nil,
+ twitter_screen_name: nil,
+ twitter_username: nil,
+ twitter_profile_image: nil,
+ twitter_connected_at: nil,
+ twitter_url: nil
+ )
+
+ redirect_to user_profile_path("me"), notice: "X account disconnected successfully!"
+ end
+
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index 2a830b2e..4d1ecc14 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -41,6 +41,7 @@ def mentioning_messages
validates_presence_of :email_address, if: :person?
normalizes :email_address, with: ->(email_address) { email_address.downcase }
+ validates :twitter_uid, uniqueness: true, allow_nil: true
scope :without_default_names, -> { where.not(name: DEFAULT_NAME) }
scope :non_suspended, -> { where(suspended_at: nil) }
@@ -215,6 +216,10 @@ def unblock!(other_user)
blocks_given.where(blocked: other_user).destroy_all
end
+ def twitter_connected?
+ twitter_uid.present? && twitter_connected_at.present?
+ end
+
private
def self.find_and_initialize_unclaimed_gumroad_import(attributes)
unclaimed_gumroad_import = User.active.non_suspended.unclaimed_gumroad_imports.find_by(email_address: attributes[:email_address])
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index a488eda2..b05c2575 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -37,6 +37,22 @@
<% end %>
<% end %>
+
+
+
+ or
+
+
+
+
+
+
diff --git a/app/views/users/profiles/show.html.erb b/app/views/users/profiles/show.html.erb
index a1aef960..1bc14162 100644
--- a/app/views/users/profiles/show.html.erb
+++ b/app/views/users/profiles/show.html.erb
@@ -79,10 +79,18 @@
<%= translation_button(:twitter) %>
-
+ <% if @user.twitter_connected_at.present? %>
+
+ <%= link_to "Disconnect", "/auth/twitter/disconnect", data: { turbo_method: :delete, turbo_confirm: "Disconnect your X account?" }, class: "btn txt-small" %>
+ <% else %>
+
+ Connect your X account
+ <%= image_tag "social/twitter-outline.svg", role: "presentation", size: 24, class: "colorize--black" %>
+
+ <% end %>
@@ -163,4 +171,10 @@
<%= link_to "Push Notifications Dev Mode", user_push_subscriptions_url, class: "btn txt-small center" %>
<% end %>
+
+ <% unless @user.twitter_connected_at.present? %>
+
+ <% end %>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
new file mode 100644
index 00000000..9b237c64
--- /dev/null
+++ b/config/initializers/omniauth.rb
@@ -0,0 +1,6 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+ provider :twitter2,
+ ENV["X_CLIENT_ID"],
+ ENV["X_CLIENT_SECRET"],
+ scope: "tweet.read users.read offline.access"
+end
diff --git a/config/routes.rb b/config/routes.rb
index 648f162f..5f8ed95b 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -71,6 +71,11 @@
resource :email_subscription, only: %i[ show update ]
end
+ get "/auth/:provider/callback", to: "users/omniauth_callbacks#twitter"
+ get "/auth/failure", to: "users/omniauth_callbacks#failure"
+ delete "/auth/twitter/disconnect", to: "users/omniauth_callbacks#disconnect"
+ post "/auth/twitter2/login", to: "users/omniauth_callbacks#initiate_login"
+
resources :users, only: :show do
scope module: "users" do
resource :avatar, only: %i[ show destroy ]
diff --git a/db/migrate/20260112044358_add_twitter_o_auth_to_users.rb b/db/migrate/20260112044358_add_twitter_o_auth_to_users.rb
new file mode 100644
index 00000000..9f33b40d
--- /dev/null
+++ b/db/migrate/20260112044358_add_twitter_o_auth_to_users.rb
@@ -0,0 +1,12 @@
+class AddTwitterOAuthToUsers < ActiveRecord::Migration[7.2]
+ def change
+ add_column :users, :twitter_uid, :string
+ add_column :users, :twitter_oauth_token, :text
+ add_column :users, :twitter_oauth_refresh_token, :text
+ add_column :users, :twitter_screen_name, :string
+ add_column :users, :twitter_profile_image, :string
+ add_column :users, :twitter_connected_at, :datetime
+
+ add_index :users, :twitter_uid, unique: true
+ end
+end
diff --git a/db/structure.sql b/db/structure.sql
index cbf5ce5e..99340df8 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -75,7 +75,7 @@ FOREIGN KEY ("creator_id")
CREATE INDEX "index_searches_on_user_id" ON "searches" ("user_id");
CREATE INDEX "index_searches_on_creator_id" ON "searches" ("creator_id");
CREATE TABLE IF NOT EXISTS "webhook_events" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "source" varchar, "event_type" varchar, "payload" text, "processed_at" datetime(6), "created_at" datetime(6) NOT NULL, "updated_at" datetime(6) NOT NULL);
-CREATE TABLE IF NOT EXISTS "users" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar NOT NULL, "created_at" datetime(6) NOT NULL, "updated_at" datetime(6) NOT NULL, "role" integer DEFAULT 0 NOT NULL, "email_address" varchar DEFAULT NULL, "password_digest" varchar DEFAULT NULL, "active" boolean DEFAULT 1, "bio" text DEFAULT NULL, "bot_token" varchar DEFAULT NULL, "avatar_url" varchar DEFAULT NULL, "twitter_username" varchar DEFAULT NULL, "linkedin_username" varchar DEFAULT NULL, "personal_url" varchar DEFAULT NULL, "membership_started_at" datetime(6) DEFAULT NULL, "ascii_name" varchar DEFAULT NULL, "twitter_url" varchar DEFAULT NULL, "linkedin_url" varchar DEFAULT NULL, "order_id" bigint DEFAULT NULL, "suspended_at" datetime(6) DEFAULT NULL, "preferences" text DEFAULT '{}', "last_authenticated_at" datetime(6));
+CREATE TABLE IF NOT EXISTS "users" ("id" integer PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar NOT NULL, "created_at" datetime(6) NOT NULL, "updated_at" datetime(6) NOT NULL, "role" integer DEFAULT 0 NOT NULL, "email_address" varchar DEFAULT NULL, "password_digest" varchar DEFAULT NULL, "active" boolean DEFAULT 1, "bio" text DEFAULT NULL, "bot_token" varchar DEFAULT NULL, "avatar_url" varchar DEFAULT NULL, "twitter_username" varchar DEFAULT NULL, "linkedin_username" varchar DEFAULT NULL, "personal_url" varchar DEFAULT NULL, "membership_started_at" datetime(6) DEFAULT NULL, "ascii_name" varchar DEFAULT NULL, "twitter_url" varchar DEFAULT NULL, "linkedin_url" varchar DEFAULT NULL, "order_id" bigint DEFAULT NULL, "suspended_at" datetime(6) DEFAULT NULL, "preferences" text DEFAULT '{}', "last_authenticated_at" datetime(6), "provider" varchar, "uid" varchar, "twitter_uid" varchar, "twitter_oauth_token" text, "twitter_oauth_refresh_token" text, "twitter_screen_name" varchar, "twitter_profile_image" varchar, "twitter_connected_at" datetime(6));
CREATE UNIQUE INDEX "index_users_on_bot_token" ON "users" ("bot_token");
CREATE UNIQUE INDEX "index_users_on_email_address" ON "users" ("email_address");
CREATE UNIQUE INDEX "index_users_on_order_id" ON "users" ("order_id") WHERE order_id IS NOT NULL;
@@ -184,7 +184,10 @@ CREATE INDEX "index_messages_on_answered_at" ON "messages" ("answered_at");
CREATE INDEX "index_messages_on_answered_by_id" ON "messages" ("answered_by_id");
CREATE INDEX "index_messages_on_room_id_and_mentions_everyone" ON "messages" ("room_id", "mentions_everyone") WHERE mentions_everyone = true;
CREATE INDEX "index_messages_on_original_message_id" ON "messages" ("original_message_id");
+CREATE UNIQUE INDEX "index_users_on_twitter_uid" ON "users" ("twitter_uid");
INSERT INTO "schema_migrations" (version) VALUES
+('20260112044358'),
+('20260112031751'),
('20251128154156'),
('20251106202943'),
('20251103002249'),
diff --git a/test/controllers/users/omniauth_callbacks_controller_test.rb b/test/controllers/users/omniauth_callbacks_controller_test.rb
new file mode 100644
index 00000000..3375a0f4
--- /dev/null
+++ b/test/controllers/users/omniauth_callbacks_controller_test.rb
@@ -0,0 +1,137 @@
+require "test_helper"
+
+class Users::OmniauthCallbacksControllerTest < ActionDispatch::IntegrationTest
+ setup do
+ OmniAuth.config.test_mode = true
+ OmniAuth.config.silence_get_warning = true
+ end
+
+ teardown do
+ OmniAuth.config.test_mode = false
+ OmniAuth.config.mock_auth[:twitter2] = nil
+ end
+
+ def mock_auth_hash(uid: "123456789", nickname: "testuser")
+ OmniAuth::AuthHash.new({
+ "provider" => "twitter2",
+ "uid" => uid,
+ "info" => {
+ "nickname" => nickname,
+ "image" => "https://pbs.twimg.com/profile_images/test.jpg"
+ },
+ "credentials" => {
+ "token" => "test_token",
+ "refresh_token" => "test_refresh"
+ }
+ })
+ end
+
+ test "twitter callback for login signs in user with linked X account" do
+ user = users(:david)
+ user.update!(twitter_uid: "123456789", twitter_oauth_token: "token")
+
+ OmniAuth.config.mock_auth[:twitter2] = mock_auth_hash
+
+ post "/auth/twitter2/login"
+ assert_response :success
+
+ get "/auth/twitter2/callback"
+
+ assert_redirected_to root_path
+ assert_equal "Signed in with X successfully!", flash[:notice]
+ end
+
+ test "twitter callback for login rejects user without linked X account" do
+ OmniAuth.config.mock_auth[:twitter2] = mock_auth_hash(uid: "nonexistent")
+
+ post "/auth/twitter2/login"
+ get "/auth/twitter2/callback"
+
+ assert_redirected_to new_session_path
+ assert_equal "No account found with this X account. Please sign in with email first and connect your X account.", flash[:alert]
+ end
+
+ test "twitter callback for connect redirects when not signed in" do
+ OmniAuth.config.mock_auth[:twitter2] = mock_auth_hash
+
+ get "/auth/twitter2/callback"
+
+ assert_redirected_to new_session_path
+ assert_equal "Please sign in first to connect your X account.", flash[:alert]
+ end
+
+ test "disconnect clears X account data" do
+ sign_in :david
+ user = users(:david)
+ user.update!(
+ twitter_uid: "123456789",
+ twitter_oauth_token: "token",
+ twitter_oauth_refresh_token: "refresh",
+ twitter_screen_name: "testuser",
+ twitter_profile_image: "https://example.com/image.jpg",
+ twitter_connected_at: Time.current
+ )
+
+ delete "/auth/twitter/disconnect"
+
+ assert_redirected_to user_profile_path("me")
+ assert_equal "X account disconnected successfully!", flash[:notice]
+
+ user.reload
+ assert_nil user.twitter_uid
+ assert_nil user.twitter_oauth_token
+ assert_nil user.twitter_screen_name
+ assert_nil user.twitter_connected_at
+ end
+
+ test "disconnect requires authentication" do
+ delete "/auth/twitter/disconnect"
+
+ assert_redirected_to new_session_path
+ end
+
+ test "initiate_login renders auto-submit form" do
+ post "/auth/twitter2/login"
+
+ assert_response :success
+ assert_includes response.body, 'action="/auth/twitter2"'
+ end
+
+ test "failure redirects with error message" do
+ get "/auth/failure", params: { message: "access_denied" }
+
+ assert_redirected_to user_profile_path("me")
+ assert_equal "X authentication failed: access_denied", flash[:alert]
+ end
+
+ test "user twitter_uid must be unique" do
+ users(:david).update!(twitter_uid: "123456789")
+
+ user = users(:jason)
+ user.twitter_uid = "123456789"
+
+ assert_not user.valid?
+ assert_includes user.errors[:twitter_uid], "has already been taken"
+ end
+
+ test "twitter_connected? returns true when uid and connected_at present" do
+ user = users(:david)
+ user.update!(twitter_uid: "123", twitter_connected_at: Time.current)
+
+ assert user.twitter_connected?
+ end
+
+ test "twitter_connected? returns false when uid missing" do
+ user = users(:david)
+ user.update!(twitter_uid: nil, twitter_connected_at: Time.current)
+
+ assert_not user.twitter_connected?
+ end
+
+ test "twitter_connected? returns false when connected_at missing" do
+ user = users(:david)
+ user.update!(twitter_uid: "123", twitter_connected_at: nil)
+
+ assert_not user.twitter_connected?
+ end
+end