]> git.openstreetmap.org Git - rails.git/blob - app/controllers/oauth_controller.rb
Merge remote-tracking branch 'upstream/pull/5081'
[rails.git] / app / controllers / oauth_controller.rb
1 class OauthController < ApplicationController
2   include OAuth::Controllers::ProviderController
3
4   # The ProviderController will call login_required for any action that needs
5   # a login, but we want to check authorization on every action.
6   authorize_resource :class => false
7
8   before_action :require_oauth_10a_support
9
10   layout "site"
11
12   allow_all_form_action :only => :oauth1_authorize
13
14   def revoke
15     @token = current_user.oauth_tokens.find_by :token => params[:token]
16     if @token
17       @token.invalidate!
18       flash[:notice] = t(".flash", :application => @token.client_application.name)
19     end
20     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
21   end
22
23   protected
24
25   def login_required
26     authorize_web
27     set_locale
28   end
29
30   def user_authorizes_token?
31     any_auth = false
32
33     @token.client_application.permissions.each do |pref|
34       if params[pref].to_i.nonzero?
35         @token.write_attribute(pref, true)
36         any_auth ||= true
37       else
38         @token.write_attribute(pref, false)
39       end
40     end
41
42     any_auth
43   end
44
45   def oauth1_authorize
46     if @token.invalidated?
47       @message = t "oauth.authorize_failure.invalid"
48       render :action => "authorize_failure"
49     elsif request.post?
50       if user_authorizes_token?
51         @token.authorize!(current_user)
52         callback_url = if @token.oauth10?
53                          params[:oauth_callback] || @token.client_application.callback_url
54                        else
55                          @token.oob? ? @token.client_application.callback_url : @token.callback_url
56                        end
57         @redirect_url = URI.parse(callback_url) if callback_url.present?
58
59         if @redirect_url.to_s.blank?
60           render :action => "authorize_success"
61         else
62           @redirect_url.query = if @redirect_url.query.blank?
63                                   "oauth_token=#{@token.token}"
64                                 else
65                                   @redirect_url.query +
66                                     "&oauth_token=#{@token.token}"
67                                 end
68
69           @redirect_url.query += "&oauth_verifier=#{@token.verifier}" unless @token.oauth10?
70
71           redirect_to @redirect_url.to_s, :allow_other_host => true
72         end
73       else
74         @token.invalidate!
75         @message = t("oauth.authorize_failure.denied", :app_name => @token.client_application.name)
76         render :action => "authorize_failure"
77       end
78     end
79   end
80 end