app/controllers/oauth_controller.rb

   1 class OauthController < ApplicationController
   2   include OAuth::Controllers::ProviderController
   3
   4   # The ProviderController will call login_required for any action that needs
   5   # a login, but we want to check authorization on every action.
   6   authorize_resource :class => false
   7
   8   before_action :require_oauth_10a_support
   9
  10   layout "site"
  11
  12   def revoke
  13     @token = current_user.oauth_tokens.find_by :token => params[:token]
  14     if @token
  15       @token.invalidate!
  16       flash[:notice] = t(".flash", :application => @token.client_application.name)
  17     end
  18     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
  19   end
  20
  21   protected
  22
  23   def login_required
  24     authorize_web
  25     set_locale
  26   end
  27
  28   def user_authorizes_token?
  29     any_auth = false
  30
  31     @token.client_application.permissions.each do |pref|
  32       if params[pref].to_i.nonzero?
  33         @token.write_attribute(pref, true)
  34         any_auth ||= true
  35       else
  36         @token.write_attribute(pref, false)
  37       end
  38     end
  39
  40     any_auth
  41   end
  42
  43   def oauth1_authorize
  44     override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
  45
  46     if @token.invalidated?
  47       @message = t "oauth.authorize_failure.invalid"
  48       render :action => "authorize_failure"
  49     elsif request.post?
  50       if user_authorizes_token?
  51         @token.authorize!(current_user)
  52         callback_url = if @token.oauth10?
  53                          params[:oauth_callback] || @token.client_application.callback_url
  54                        else
  55                          @token.oob? ? @token.client_application.callback_url : @token.callback_url
  56                        end
  57         @redirect_url = URI.parse(callback_url) if callback_url.present?
  58
  59         if @redirect_url.to_s.blank?
  60           render :action => "authorize_success"
  61         else
  62           @redirect_url.query = if @redirect_url.query.blank?
  63                                   "oauth_token=#{@token.token}"
  64                                 else
  65                                   @redirect_url.query +
  66                                     "&oauth_token=#{@token.token}"
  67                                 end
  68
  69           @redirect_url.query += "&oauth_verifier=#{@token.verifier}" unless @token.oauth10?
  70
  71           redirect_to @redirect_url.to_s, :allow_other_host => true
  72         end
  73       else
  74         @token.invalidate!
  75         @message = t("oauth.authorize_failure.denied", :app_name => @token.client_application.name)
  76         render :action => "authorize_failure"
  77       end
  78     end
  79   end
  80 end