]> git.openstreetmap.org Git - rails.git/blob - app/models/request_token.rb
Wrap user name in `bdi` to provide a separate RTL context
[rails.git] / app / models / request_token.rb
1 class RequestToken < OauthToken
2   attr_accessor :provided_oauth_verifier
3
4   def authorize!(user)
5     return false if authorized?
6     self.user = user
7     self.authorized_at = Time.now
8     self.verifier = OAuth::Helper.generate_key(20)[0, 20] unless oauth10?
9     save
10   end
11
12   def exchange!
13     return false unless authorized?
14     return false unless oauth10? || verifier == provided_oauth_verifier
15
16     RequestToken.transaction do
17       params = { :user => user, :client_application => client_application }
18       # copy the permissions from the authorised request token to the access token
19       client_application.permissions.each do |p|
20         params[p] = self[p]
21       end
22
23       access_token = AccessToken.create(params)
24       invalidate!
25       access_token
26     end
27   end
28
29   def to_query
30     if oauth10?
31       super
32     else
33       "#{super}&oauth_callback_confirmed=true"
34     end
35   end
36
37   def oob?
38     callback_url.nil? || callback_url.casecmp("oob").zero?
39   end
40
41   def oauth10?
42     (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && callback_url.blank?
43   end
44 end