+# == Schema Information
+#
+# Table name: oauth_tokens
+#
+# id :integer not null, primary key
+# user_id :integer
+# type :string(20)
+# client_application_id :integer
+# token :string(50)
+# secret :string(50)
+# authorized_at :datetime
+# invalidated_at :datetime
+# created_at :datetime
+# updated_at :datetime
+# allow_read_prefs :boolean default(FALSE), not null
+# allow_write_prefs :boolean default(FALSE), not null
+# allow_write_diary :boolean default(FALSE), not null
+# allow_write_api :boolean default(FALSE), not null
+# allow_read_gpx :boolean default(FALSE), not null
+# allow_write_gpx :boolean default(FALSE), not null
+# callback_url :string
+# verifier :string(20)
+# scope :string
+# valid_to :datetime
+# allow_write_notes :boolean default(FALSE), not null
+#
+# Indexes
+#
+# index_oauth_tokens_on_token (token) UNIQUE
+# index_oauth_tokens_on_user_id (user_id)
+#
+# Foreign Keys
+#
+# oauth_tokens_client_application_id_fkey (client_application_id => client_applications.id)
+# oauth_tokens_user_id_fkey (user_id => users.id)
+#
+
class RequestToken < OauthToken
+ attr_accessor :provided_oauth_verifier
+
def authorize!(user)
return false if authorized?
+
self.user = user
self.authorized_at = Time.now
- self.save
+ self.verifier = OAuth::Helper.generate_key(20)[0, 20] unless oauth10?
+ save
end
-
+
def exchange!
return false unless authorized?
+ return false unless oauth10? || verifier == provided_oauth_verifier
+
RequestToken.transaction do
params = { :user => user, :client_application => client_application }
# copy the permissions from the authorised request token to the access token
- client_application.permissions.each { |p|
- params[p] = read_attribute(p)
- }
+ client_application.permissions.each do |p|
+ params[p] = self[p]
+ end
access_token = AccessToken.create(params)
invalidate!
access_token
end
end
+
+ def to_query
+ if oauth10?
+ super
+ else
+ "#{super}&oauth_callback_confirmed=true"
+ end
+ end
+
+ def oob?
+ callback_url.nil? || callback_url.casecmp("oob").zero?
+ end
+
+ def oauth10?
+ (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && callback_url.blank?
+ end
end