regression: fork passport-twitter

apps/meteor/package.json

@@ -138,6 +138,7 @@
 		"@rocket.chat/omni-core-ee": "workspace:^",
 		"@rocket.chat/omnichannel-services": "workspace:^",
 		"@rocket.chat/onboarding-ui": "^0.36.2",
+		"@rocket.chat/passport-x": "workspace:~",
 		"@rocket.chat/password-policies": "workspace:^",
 		"@rocket.chat/patch-injection": "workspace:^",
 		"@rocket.chat/pdf-worker": "workspace:^",
@@ -268,8 +269,8 @@
 		"passport-facebook": "^3.0.0",
 		"passport-github2": "^0.1.12",
 		"passport-google-oauth20": "^2.0.0",
+		"passport-oauth1": "~1.3.0",
 		"passport-oauth2": "^1.8.0",
-		"passport-twitter": "^1.0.4",
 		"path": "^0.12.7",
 		"path-to-regexp": "^6.3.0",
 		"pino": "10.3.1",
@@ -402,7 +403,6 @@
 		"@types/passport-github2": "^1.2.9",
 		"@types/passport-google-oauth20": "^2",
 		"@types/passport-oauth2": "^1",
-		"@types/passport-twitter": "^1",
 		"@types/prometheus-gc-stats": "^0.6.4",
 		"@types/proxy-from-env": "^1.0.4",
 		"@types/proxyquire": "^1.3.31",

apps/meteor/server/lib/oauth/oauthConfigs.ts

@@ -1,8 +1,8 @@
+import { Strategy as XStrategy } from '@rocket.chat/passport-x';
 import type { Strategy } from 'passport';
 import { Strategy as FacebookStrategy } from 'passport-facebook';
 import { Strategy as GitHubStrategy } from 'passport-github2';
 import { Strategy as GoogleStrategy } from 'passport-google-oauth20';
-import { Strategy as TwitterStrategy } from 'passport-twitter';
 
 export type OAuthConfig = {
 	strategy: new (...args: any[]) => Strategy;
@@ -24,7 +24,7 @@ export const OAuthConfigs: Record<string, OAuthConfig> = {
 		scope: ['email', 'profile'],
 	},
 	twitter: {
-		strategy: TwitterStrategy,
+		strategy: XStrategy,
 		includeEmail: true,
 	},
 	github_enterprise: {

packages/passport-x/jest.config.ts

@@ -0,0 +1,12 @@
+import server from '@rocket.chat/jest-presets/server';
+import type { Config } from 'jest';
+
+export default {
+	projects: [
+		{
+			displayName: 'server',
+			preset: server.preset,
+			testMatch: ['<rootDir>/src/**/*.spec.[jt]s?(x)'],
+		},
+	],
+} satisfies Config;

packages/passport-x/package.json

@@ -0,0 +1,31 @@
+{
+	"name": "@rocket.chat/passport-x",
+	"version": "0.0.1",
+	"private": true,
+	"description": "Fork of passport-twitter for X (Twitter) OAuth",
+	"main": "./dist/index.js",
+	"typings": "./dist/index.d.ts",
+	"files": [
+		"/dist"
+	],
+	"scripts": {
+		"build": "rm -rf dist && tsc -p tsconfig.json",
+		"dev": "tsc -p tsconfig.json --watch --preserveWatchOutput",
+		"lint": "eslint .",
+		"lint:fix": "eslint --fix .",
+		"testunit": "jest"
+	},
+	"dependencies": {
+		"passport-oauth1": "~1.3.0"
+	},
+	"devDependencies": {
+		"@types/express": "^4.17.25",
+		"@types/passport": "~1.0.17",
+		"eslint": "~9.39.4",
+		"jest": "~30.2.0",
+		"typescript": "~5.9.3"
+	},
+	"volta": {
+		"extends": "../../package.json"
+	}
+}

packages/passport-x/src/APIError.ts

@@ -0,0 +1,15 @@
+/**
+ * `APIError` error.
+ */
+export class APIError extends Error {
+	public override readonly name: string = 'APIError';
+
+	public status: number = 500;
+
+	constructor(
+		message: string,
+		public readonly code: number,
+	) {
+		super(message);
+	}
+}

packages/passport-x/src/Strategy.spec.ts

@@ -0,0 +1,99 @@
+import type { Request } from 'express';
+
+import { Strategy } from './Strategy';
+
+const defaultOptions = {
+	consumerKey: 'ABC123',
+	consumerSecret: 'secret',
+	callbackURL: 'http://www.example.test/callback',
+};
+
+function noop() {
+	// verify callback placeholder
+}
+
+describe('Strategy', () => {
+	describe('constructed', () => {
+		const strategy = new Strategy(defaultOptions, noop);
+
+		it('should be named twitter', () => {
+			expect(strategy.name).toBe('twitter');
+		});
+	});
+
+	describe('constructed with undefined options', () => {
+		it('should throw', () => {
+			expect(() => {
+				// @ts-expect-error testing invalid input
+				new Strategy(undefined, noop);
+			}).toThrow();
+		});
+	});
+
+	describe('failure caused by user denying request', () => {
+		it('should call fail()', () => {
+			const strategy = new Strategy(defaultOptions, noop);
+			strategy.fail = jest.fn();
+
+			const req = { query: { denied: '8L74Y149' } } as unknown as Request;
+			strategy.authenticate(req);
+
+			expect(strategy.fail).toHaveBeenCalled();
+		});
+	});
+
+	describe('userAuthorizationParams', () => {
+		const strategy = new Strategy(defaultOptions, noop);
+
+		it('should return empty object when no options', () => {
+			expect(strategy.userAuthorizationParams({})).toEqual({});
+		});
+
+		it('should map forceLogin to force_login', () => {
+			const params = strategy.userAuthorizationParams({ forceLogin: true });
+			expect(params).toEqual({ force_login: true });
+		});
+
+		it('should map screenName to screen_name', () => {
+			const params = strategy.userAuthorizationParams({ screenName: 'bob' });
+			expect(params).toEqual({ screen_name: 'bob' });
+		});
+
+		it('should map both options', () => {
+			const params = strategy.userAuthorizationParams({ forceLogin: true, screenName: 'bob' });
+			expect(params).toEqual({ force_login: true, screen_name: 'bob' });
+		});
+	});
+
+	describe('parseErrorResponse', () => {
+		const strategy = new Strategy(defaultOptions, noop);
+
+		it('should parse JSON error response', () => {
+			const body = '{"errors":[{"code":32,"message":"Could not authenticate you."}]}';
+			const err = strategy.parseErrorResponse(body, 401);
+			expect(err).toBeInstanceOf(Error);
+			expect(err?.message).toBe('Could not authenticate you.');
+		});
+
+		it('should parse XML error response', () => {
+			const body =
+				'<?xml version="1.0" encoding="UTF-8"?>\n<hash>\n  <error>This client application\'s callback url has been locked</error>\n  <request>/oauth/request_token</request>\n</hash>\n';
+			const err = strategy.parseErrorResponse(body, 401);
+			expect(err).toBeInstanceOf(Error);
+			expect(err?.message).toBe("This client application's callback url has been locked");
+		});
+
+		it('should return plain text as error when body is not JSON or XML', () => {
+			const body = 'Invalid request token.';
+			const err = strategy.parseErrorResponse(body, 401);
+			expect(err).toBeInstanceOf(Error);
+			expect(err?.message).toBe('Invalid request token.');
+		});
+
+		it('should return undefined for JSON without errors array', () => {
+			const body = '{"foo":"bar"}';
+			const err = strategy.parseErrorResponse(body, 401);
+			expect(err).toBeUndefined();
+		});
+	});
+});