1 class OauthController < ApplicationController
2 include OAuth::Controllers::ProviderController
4 # The ProviderController will call login_required for any action that needs
5 # a login, but we want to check authorization on every action.
6 authorize_resource :class => false
11 @token = current_user.oauth_tokens.find_by :token => params[:token]
14 flash[:notice] = t(".flash", :application => @token.client_application.name)
16 redirect_to oauth_clients_url(:display_name => @token.user.display_name)
26 def user_authorizes_token?
29 @token.client_application.permissions.each do |pref|
31 @token.write_attribute(pref, true)
34 @token.write_attribute(pref, false)
42 override_content_security_policy_directives(:form_action => []) if CSP_ENFORCE || defined?(CSP_REPORT_URL)
44 if @token.invalidated?
45 @message = t "oauth.authorize_failure.invalid"
46 render :action => "authorize_failure"
48 if user_authorizes_token?
49 @token.authorize!(current_user)
50 callback_url = if @token.oauth10?
51 params[:oauth_callback] || @token.client_application.callback_url
53 @token.oob? ? @token.client_application.callback_url : @token.callback_url
55 @redirect_url = URI.parse(callback_url) if callback_url.present?
57 if @redirect_url.to_s.blank?
58 render :action => "authorize_success"
60 @redirect_url.query = if @redirect_url.query.blank?
61 "oauth_token=#{@token.token}"
64 "&oauth_token=#{@token.token}"
67 @redirect_url.query += "&oauth_verifier=#{@token.verifier}" unless @token.oauth10?
69 redirect_to @redirect_url.to_s
73 @message = t("oauth.authorize_failure.denied", :app_name => @token.client_application.name)
74 render :action => "authorize_failure"