1 class OauthController < ApplicationController
4 before_filter :authorize_web, :only => [:oauthorize, :revoke]
5 before_filter :set_locale, :only => [:oauthorize, :revoke]
6 before_filter :require_user, :only => [:oauthorize]
7 before_filter :verify_oauth_consumer_signature, :only => [:request_token]
8 before_filter :verify_oauth_request_token, :only => [:access_token]
9 # Uncomment the following if you are using restful_open_id_authentication
10 # skip_before_filter :verify_authenticity_token
13 @token = current_client_application.create_request_token
16 logger.info "request token params: #{params.inspect}"
17 # request tokens indicate what permissions the client *wants*, not
18 # necessarily the same as those which the user allows.
19 current_client_application.permissions.each do |pref|
20 @token.write_attribute(pref, true)
24 render :text => @token.to_query
26 render :nothing => true, :status => 401
31 @token = current_token && current_token.exchange!
33 render :text => @token.to_query
35 render :nothing => true, :status => 401
40 @token = RequestToken.find_by_token params[:oauth_token]
41 unless @token.nil? or @token.invalidated?
44 @token.client_application.permissions.each do |pref|
46 @token.write_attribute(pref, true)
49 @token.write_attribute(pref, false)
54 @token.authorize!(@user)
56 redirect_url = params[:oauth_callback] || @token.client_application.callback_url
58 redirect_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url
60 if redirect_url and not redirect_url.empty?
62 redirect_to "#{redirect_url}?oauth_token=#{@token.token}"
64 redirect_to "#{redirect_url}?oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}"
67 render :action => "authorize_success"
71 render :action => "authorize_failure"
75 render :action => "authorize_failure"
80 @token = @user.oauth_tokens.find_by_token params[:token]
83 flash[:notice] = t('oauth.revoke.flash', :application => @token.client_application.name)
85 redirect_to :controller => 'oauth_clients', :action => 'index'