app/controllers/oauth_controller.rb

   1 require "oauth/controllers/provider_controller"
   2
   3 class OauthController < ApplicationController
   4   include OAuth::Controllers::ProviderController
   5
   6   layout "site"
   7
   8   def login_required
   9     authorize_web
  10     set_locale
  11     require_user
  12   end
  13
  14   def user_authorizes_token?
  15     any_auth = false
  16
  17     @token.client_application.permissions.each do |pref|
  18       if params[pref]
  19         @token.write_attribute(pref, true)
  20         any_auth ||= true
  21       else
  22         @token.write_attribute(pref, false)
  23       end
  24     end
  25
  26     any_auth
  27   end
  28
  29   def revoke
  30     @token = current_user.oauth_tokens.find_by_token params[:token]
  31     if @token
  32       @token.invalidate!
  33       flash[:notice] = t("oauth.revoke.flash", :application => @token.client_application.name)
  34     end
  35     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
  36   end
  37
  38   protected
  39
  40   def oauth1_authorize
  41     unless @token
  42       render :action => "authorize_failure"
  43       return
  44     end
  45
  46     if @token.invalidated?
  47       @message = t "oauth.oauthorize_failure.invalid"
  48       render :action => "authorize_failure"
  49     else
  50       if request.post?
  51         if user_authorizes_token?
  52           @token.authorize!(current_user)
  53           if @token.oauth10?
  54             callback_url = params[:oauth_callback] || @token.client_application.callback_url
  55           else
  56             callback_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url
  57           end
  58           @redirect_url = URI.parse(callback_url) unless callback_url.blank?
  59
  60           if @redirect_url.to_s.blank?
  61             render :action => "authorize_success"
  62           else
  63             @redirect_url.query = if @redirect_url.query.blank?
  64                                     "oauth_token=#{@token.token}"
  65                                   else
  66                                     @redirect_url.query +
  67                                       "&oauth_token=#{@token.token}"
  68                                   end
  69
  70             unless @token.oauth10?
  71               @redirect_url.query += "&oauth_verifier=#{@token.verifier}"
  72             end
  73
  74             redirect_to @redirect_url.to_s
  75           end
  76         else
  77           @token.invalidate!
  78           @message = t("oauth.oauthorize_failure.denied", :app_name => @token.client_application.name)
  79           render :action => "authorize_failure"
  80         end
  81       end
  82     end
  83   end
  84 end