Merge pull request #7 from janwebdev/3.2.5

updating Twitter provider and config

Author: janwebdev

README.md

@@ -34,8 +34,8 @@ social_post:
   providers:
     twitter:
       enabled: true
-      api_key: "%env(TWITTER_API_KEY)%"
-      api_secret: "%env(TWITTER_API_SECRET)%"
+      consumer_key: "%env(TWITTER_CONSUMER_KEY)%"
+      consumer_secret: "%env(TWITTER_CONSUMER_SECRET)%"
       access_token: "%env(TWITTER_ACCESS_TOKEN)%"
       access_token_secret: "%env(TWITTER_ACCESS_TOKEN_SECRET)%"
 
@@ -89,8 +89,8 @@ Add to your `.env`:
 
 ```env
 # Twitter (X) API v2
-TWITTER_API_KEY=your_api_key
-TWITTER_API_SECRET=your_api_secret
+TWITTER_CONSUMER_KEY=your_consumer_key
+TWITTER_CONSUMER_SECRET=your_consumer_secret
 TWITTER_ACCESS_TOKEN=your_access_token
 TWITTER_ACCESS_TOKEN_SECRET=your_access_token_secret
 

config/services.yaml

@@ -18,8 +18,8 @@ services:
   Janwebdev\SocialPostBundle\Provider\Twitter\TwitterClient:
     arguments:
       $httpClient: '@Janwebdev\SocialPostBundle\Http\ClientInterface'
-      $apiKey: "%social_post.twitter.api_key%"
-      $apiSecret: "%social_post.twitter.api_secret%"
+      $consumerKey: "%social_post.twitter.consumer_key%"
+      $consumerSecret: "%social_post.twitter.consumer_secret%"
       $accessToken: "%social_post.twitter.access_token%"
       $accessTokenSecret: "%social_post.twitter.access_token_secret%"
 

src/DependencyInjection/Configuration.php

@@ -27,8 +27,8 @@ public function getConfigTreeBuilder(): TreeBuilder
                         ->arrayNode('twitter')
                             ->canBeEnabled()
                             ->children()
-                                ->scalarNode('api_key')->defaultValue('')->end()
-                                ->scalarNode('api_secret')->defaultValue('')->end()
+                                ->scalarNode('consumer_key')->defaultValue('')->end()
+                                ->scalarNode('consumer_secret')->defaultValue('')->end()
                                 ->scalarNode('access_token')->defaultValue('')->end()
                                 ->scalarNode('access_token_secret')->defaultValue('')->end()
                             ->end()

src/DependencyInjection/SocialPostExtension.php

@@ -25,8 +25,8 @@ class SocialPostExtension extends Extension
      */
     private const PROVIDER_DEFAULTS = [
         'twitter' => [
-            'api_key' => '',
-            'api_secret' => '',
+            'consumer_key' => '',
+            'consumer_secret' => '',
             'access_token' => '',
             'access_token_secret' => '',
         ],

src/Provider/Twitter/TwitterClient.php

@@ -11,7 +11,14 @@
 /**
  * Twitter API v2 client with OAuth 1.0a authentication.
  *
- * @since 3.0.0
+ * OAuth 1.0a requires four credentials from the Twitter Developer Portal
+ * (Projects & Apps → Your App → "Keys and Tokens"):
+ *   - Consumer Keys section: API Key ($consumerKey) + API Key Secret ($consumerSecret)
+ *   - Authentication Tokens section: Access Token ($accessToken) + Access Token Secret ($accessTokenSecret)
+ *
+ * Note: OAuth 2.0 Client ID / Client Secret are separate and NOT used here.
+ *
+ * @since 3.2.1
  * @license https://opensource.org/licenses/MIT
  */
 readonly class TwitterClient
@@ -20,17 +27,17 @@
 
     public function __construct(
         private ClientInterface $httpClient,
-        private string $apiKey,
-        private string $apiSecret,
+        private string $consumerKey,
+        private string $consumerSecret,
         private string $accessToken,
         private string $accessTokenSecret,
     ) {
     }
 
     public function isConfigured(): bool
     {
-        return !empty($this->apiKey)
-            && !empty($this->apiSecret)
+        return !empty($this->consumerKey)
+            && !empty($this->consumerSecret)
             && !empty($this->accessToken)
             && !empty($this->accessTokenSecret);
     }
@@ -91,21 +98,24 @@ private function uploadSingleMedia(AttachmentInterface $attachment): ?string
             if (!file_exists($filePath)) {
                 throw new ProviderException("File not found: {$filePath}");
             }
-            $fileContent = file_get_contents($filePath);
-        } else {
-            $fileContent = file_get_contents($filePath);
         }
 
-        if ($fileContent === false) {
-            throw new ProviderException("Failed to read file: {$filePath}");
+        // Must pass a resource (not string) so Symfony HttpClient uses multipart/form-data
+        $fileHandle = fopen($filePath, 'rb');
+        if ($fileHandle === false) {
+            throw new ProviderException("Failed to open file: {$filePath}");
         }
 
         $headers = $this->getAuthHeaders('POST', $url);
 
-        $response = $this->httpClient->postMultipart($url, $headers, [
-            'media' => $fileContent,
-            'media_category' => 'tweet_image',
-        ]);
+        try {
+            $response = $this->httpClient->postMultipart($url, $headers, [
+                'media' => $fileHandle,
+                'media_category' => 'tweet_image',
+            ]);
+        } finally {
+            fclose($fileHandle);
+        }
 
         if (!$response->isSuccessful()) {
             throw new ProviderException("Failed to upload media: {$response->getBody()}");
@@ -125,23 +135,24 @@ private function uploadSingleMedia(AttachmentInterface $attachment): ?string
     private function getAuthHeaders(string $method, string $url, array $data = []): array
     {
         $oauthParams = [
-            'oauth_consumer_key' => $this->apiKey,
+            'oauth_consumer_key' => $this->consumerKey,
             'oauth_nonce' => bin2hex(random_bytes(16)),
             'oauth_signature_method' => 'HMAC-SHA1',
             'oauth_timestamp' => (string) time(),
             'oauth_token' => $this->accessToken,
             'oauth_version' => '1.0',
         ];
 
-        // Create signature base string
+        // Create signature base string.
+        // JSON POST body is NOT included per OAuth 1.0a spec (only form-urlencoded bodies are).
         $params = array_merge($oauthParams, $method === 'GET' ? $data : []);
         ksort($params);
-        
+
         $paramString = http_build_query($params, '', '&', PHP_QUERY_RFC3986);
         $baseString = strtoupper($method) . '&' . rawurlencode($url) . '&' . rawurlencode($paramString);
 
-        // Generate signature
-        $signingKey = rawurlencode($this->apiSecret) . '&' . rawurlencode($this->accessTokenSecret);
+        // Signing key = percent-encode(consumerSecret) + '&' + percent-encode(accessTokenSecret)
+        $signingKey = rawurlencode($this->consumerSecret) . '&' . rawurlencode($this->accessTokenSecret);
         $signature = base64_encode(hash_hmac('sha1', $baseString, $signingKey, true));
 
         $oauthParams['oauth_signature'] = $signature;

tests/Integration/DependencyInjection/ConfigurationTest.php

@@ -28,8 +28,8 @@ public function testTwitterConfiguration(): void
             'providers' => [
                 'twitter' => [
                     'enabled' => true,
-                    'api_key' => 'test_key',
-                    'api_secret' => 'test_secret',
+                    'consumer_key' => 'test_key',
+                    'consumer_secret' => 'test_secret',
                     'access_token' => 'test_token',
                     'access_token_secret' => 'test_token_secret',
                 ],
@@ -39,7 +39,7 @@ public function testTwitterConfiguration(): void
         $processedConfig = $this->processor->processConfiguration($this->configuration, [$config]);
 
         $this->assertTrue($processedConfig['providers']['twitter']['enabled']);
-        $this->assertEquals('test_key', $processedConfig['providers']['twitter']['api_key']);
+        $this->assertEquals('test_key', $processedConfig['providers']['twitter']['consumer_key']);
     }
 
     public function testFacebookConfiguration(): void
@@ -119,7 +119,7 @@ public function testAllProvidersConfiguration(): void
     {
         $config = [
             'providers' => [
-                'twitter' => ['enabled' => true, 'api_key' => 'key1', 'api_secret' => 's1', 'access_token' => 't1', 'access_token_secret' => 'ts1'],
+                'twitter' => ['enabled' => true, 'consumer_key' => 'key1', 'consumer_secret' => 's1', 'access_token' => 't1', 'access_token_secret' => 'ts1'],
                 'facebook' => ['enabled' => true, 'page_id' => 'p1', 'access_token' => 't1'],
                 'linkedin' => ['enabled' => true, 'organization_id' => 'org1', 'access_token' => 't1'],
                 'telegram' => ['enabled' => true, 'bot_token' => 'bot1', 'channel_id' => 'ch1'],

tests/Unit/Provider/Twitter/TwitterClientTest.php

@@ -21,8 +21,8 @@ protected function setUp(): void
         $this->httpClientMock = $this->createMock(ClientInterface::class);
         $this->client = new TwitterClient(
             $this->httpClientMock,
-            'api_key',
-            'api_secret',
+            'consumer_key',
+            'consumer_secret',
             'access_token',
             'access_token_secret',
         );
@@ -87,7 +87,7 @@ public function testUploadMediaSkipsNonImageAttachments(): void
         $this->assertEquals([], $result);
     }
 
-    public function testUploadMediaPropagatesExceptionOnFailure(): void
+    public function testUploadMediaThrowsIfLocalFileNotFound(): void
     {
         $attachment = $this->createMock(\Janwebdev\SocialPostBundle\Message\Attachment\AttachmentInterface::class);
         $attachment->method('getType')->willReturn('image');