+ def deny_access(_exception)
+ if current_token
+ set_locale
+ report_error t("oauth.permissions.missing"), :forbidden
+ elsif current_user
+ set_locale
+ report_error t("application.permission_denied"), :forbidden
+ elsif request.get?
+ redirect_to :controller => "users", :action => "login", :referer => request.fullpath
+ else
+ head :forbidden
+ end
+ end
+
+ private
+
+ # extract authorisation credentials from headers, returns user = nil if none
+ def get_auth_data
+ if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it
+ authdata = request.env["X-HTTP_AUTHORIZATION"].to_s.split
+ elsif request.env.key? "REDIRECT_X_HTTP_AUTHORIZATION" # mod_fcgi
+ authdata = request.env["REDIRECT_X_HTTP_AUTHORIZATION"].to_s.split
+ elsif request.env.key? "HTTP_AUTHORIZATION" # regular location
+ authdata = request.env["HTTP_AUTHORIZATION"].to_s.split
+ end
+ # only basic authentication supported
+ user, pass = Base64.decode64(authdata[1]).split(":", 2) if authdata && authdata[0] == "Basic"
+ [user, pass]
+ end
+
+ # override to stop oauth plugin sending errors
+ def invalid_oauth_response; end