]> git.openstreetmap.org Git - rails.git/blob - vendor/plugins/oauth-plugin/lib/oauth/rails/controller_methods.rb
Add a link to [[Visibility of GPS traces]] on the wiki to explain what public/private...
[rails.git] / vendor / plugins / oauth-plugin / lib / oauth / rails / controller_methods.rb
1 require 'oauth/signature'
2 module OAuth
3   module Rails
4    
5     module ControllerMethods
6       protected
7       
8       def current_token
9         @current_token
10       end
11       
12       def current_client_application
13         @current_client_application
14       end
15       
16       def oauthenticate
17         logger.info "entering oauthenticate"
18         verified=verify_oauth_signature 
19         logger.info "verified=#{verified.to_s}"
20         return verified && current_token.is_a?(::AccessToken)
21       end
22       
23       def oauth?
24         current_token!=nil
25       end
26       
27       # use in a before_filter
28       def oauth_required
29         logger.info "Current_token=#{@current_token.inspect}"
30         if oauthenticate
31           logger.info "passed oauthenticate"
32           if authorized?
33             logger.info "passed authorized"
34             return true
35           else
36             logger.info "failed authorized"
37             invalid_oauth_response
38           end
39         else
40           logger.info "failed oauthenticate"
41           
42           invalid_oauth_response
43         end
44       end
45       
46       # This requies that you have an acts_as_authenticated compatible authentication plugin installed
47       def login_or_oauth_required
48         if oauthenticate
49           if authorized?
50             return true
51           else
52             invalid_oauth_response
53           end
54         else
55           login_required
56         end
57       end
58       
59       
60       # verifies a request token request
61       def verify_oauth_consumer_signature
62         begin
63           valid = ClientApplication.verify_request(request) do |token, consumer_key|
64             @current_client_application = ClientApplication.find_by_key(consumer_key)
65
66             # return the token secret and the consumer secret
67             [nil, @current_client_application.secret]
68           end
69         rescue
70           valid=false
71         end
72
73         invalid_oauth_response unless valid
74       end
75
76       def verify_oauth_request_token
77         verify_oauth_signature && current_token.is_a?(RequestToken)
78       end
79
80       def invalid_oauth_response(code=401,message="Invalid OAuth Request")
81         render :text => message, :status => code
82       end
83
84       private
85       
86       def current_token=(token)
87         @current_token=token
88         if @current_token
89           @current_user=@current_token.user
90           @current_client_application=@current_token.client_application 
91         end
92         @current_token
93       end
94       
95       # Implement this for your own application using app-specific models
96       def verify_oauth_signature
97         begin
98           valid = ClientApplication.verify_request(request) do |request|
99             self.current_token = ClientApplication.find_token(request.token)
100             logger.info "self=#{self.class.to_s}"
101             logger.info "token=#{self.current_token}"
102             # return the token secret and the consumer secret
103             [(current_token.nil? ? nil : current_token.secret), (current_client_application.nil? ? nil : current_client_application.secret)]
104           end
105           # reset @current_user to clear state for restful_...._authentication
106           @current_user = nil if (!valid)
107           valid
108         rescue
109           false
110         end
111       end
112     end
113   end
114 end