+ def better_errors_allow_inline
+ yield
+ rescue StandardError
+ append_content_security_policy_directives(
+ :script_src => %w['unsafe-inline'],
+ :style_src => %w['unsafe-inline']
+ )
+
+ raise
+ end
+
+ def current_ability
+ # Use capabilities from the oauth token if it exists and is a valid access token
+ if Authenticator.new(self, [:token]).allow?
+ Ability.new(nil).merge(Capability.new(current_token))
+ else
+ Ability.new(current_user)
+ end
+ end
+
+ def deny_access(_exception)
+ if current_token
+ set_locale
+ report_error t("oauth.permissions.missing"), :forbidden
+ elsif current_user
+ set_locale
+ respond_to do |format|
+ format.html { redirect_to :controller => "errors", :action => "forbidden" }
+ format.any { report_error t("application.permission_denied"), :forbidden }
+ end
+ elsif request.get?
+ respond_to do |format|
+ format.html { redirect_to :controller => "users", :action => "login", :referer => request.fullpath }
+ format.any { head :forbidden }
+ end
+ else
+ head :forbidden
+ end
+ end
+
+ private
+
+ # extract authorisation credentials from headers, returns user = nil if none
+ def get_auth_data
+ if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it
+ authdata = request.env["X-HTTP_AUTHORIZATION"].to_s.split
+ elsif request.env.key? "REDIRECT_X_HTTP_AUTHORIZATION" # mod_fcgi
+ authdata = request.env["REDIRECT_X_HTTP_AUTHORIZATION"].to_s.split
+ elsif request.env.key? "HTTP_AUTHORIZATION" # regular location
+ authdata = request.env["HTTP_AUTHORIZATION"].to_s.split
+ end
+ # only basic authentication supported
+ user, pass = Base64.decode64(authdata[1]).split(":", 2) if authdata && authdata[0] == "Basic"
+ [user, pass]
+ end
+
+ # override to stop oauth plugin sending errors
+ def invalid_oauth_response; end