]> git.openstreetmap.org Git - rails.git/blobdiff - app/models/request_token.rb
Remove tables from password reset form
[rails.git] / app / models / request_token.rb
index 1be8c69026881513cb280230b07e674a51584fe3..6e4ec40c357aa46ccbb2a23cb87b5b8f1168f7e2 100644 (file)
@@ -1,25 +1,46 @@
 class RequestToken < OauthToken
 class RequestToken < OauthToken
+
+  attr_accessor :provided_oauth_verifier
+
   def authorize!(user)
     return false if authorized?
     self.user = user
     self.authorized_at = Time.now
   def authorize!(user)
     return false if authorized?
     self.user = user
     self.authorized_at = Time.now
+    self.verifier = OAuth::Helper.generate_key(20)[0,20] unless oauth10?
     self.save
   end
     self.save
   end
-  
+
   def exchange!
     return false unless authorized?
   def exchange!
     return false unless authorized?
+    return false unless oauth10? || verifier == provided_oauth_verifier
+
     RequestToken.transaction do
     RequestToken.transaction do
-      logger.info("£££ In exchange!")
       params = { :user => user, :client_application => client_application }
       # copy the permissions from the authorised request token to the access token
       params = { :user => user, :client_application => client_application }
       # copy the permissions from the authorised request token to the access token
-      client_application.permissions.each { |p| 
-        logger.info("£££ copying permission #{p} = #{read_attribute(p).inspect}")
+      client_application.permissions.each { |p|
         params[p] = read_attribute(p)
       }
 
         params[p] = read_attribute(p)
       }
 
-      access_token = AccessToken.create(params)
+      access_token = AccessToken.create(params, :without_protection => true)
       invalidate!
       access_token
     end
   end
       invalidate!
       access_token
     end
   end
+
+  def to_query
+    if oauth10?
+      super
+    else
+      "#{super}&oauth_callback_confirmed=true"
+    end
+  end
+
+  def oob?
+    callback_url.nil? || callback_url.downcase == 'oob'
+  end
+
+  def oauth10?
+    (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
+  end
+
 end
 end