X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/1340fca8f17e4e3cce211e6eafed18cde7f57386..16d355f2b7c130b3e27713e6b46bb841698d4a06:/app/models/request_token.rb?ds=inline diff --git a/app/models/request_token.rb b/app/models/request_token.rb index 6e4ec40c3..adeabb184 100644 --- a/app/models/request_token.rb +++ b/app/models/request_token.rb @@ -1,13 +1,50 @@ -class RequestToken < OauthToken +# == Schema Information +# +# Table name: oauth_tokens +# +# id :integer not null, primary key +# user_id :integer +# type :string(20) +# client_application_id :integer +# token :string(50) +# secret :string(50) +# authorized_at :datetime +# invalidated_at :datetime +# created_at :datetime +# updated_at :datetime +# allow_read_prefs :boolean default(FALSE), not null +# allow_write_prefs :boolean default(FALSE), not null +# allow_write_diary :boolean default(FALSE), not null +# allow_write_api :boolean default(FALSE), not null +# allow_read_gpx :boolean default(FALSE), not null +# allow_write_gpx :boolean default(FALSE), not null +# callback_url :string +# verifier :string(20) +# scope :string +# valid_to :datetime +# allow_write_notes :boolean default(FALSE), not null +# +# Indexes +# +# index_oauth_tokens_on_token (token) UNIQUE +# index_oauth_tokens_on_user_id (user_id) +# +# Foreign Keys +# +# oauth_tokens_client_application_id_fkey (client_application_id => client_applications.id) +# oauth_tokens_user_id_fkey (user_id => users.id) +# +class RequestToken < OauthToken attr_accessor :provided_oauth_verifier def authorize!(user) return false if authorized? + self.user = user - self.authorized_at = Time.now - self.verifier = OAuth::Helper.generate_key(20)[0,20] unless oauth10? - self.save + self.authorized_at = Time.now.utc + self.verifier = OAuth::Helper.generate_key(20)[0, 20] unless oauth10? + save end def exchange! @@ -17,11 +54,11 @@ class RequestToken < OauthToken RequestToken.transaction do params = { :user => user, :client_application => client_application } # copy the permissions from the authorised request token to the access token - client_application.permissions.each { |p| - params[p] = read_attribute(p) - } + client_application.permissions.each do |p| + params[p] = self[p] + end - access_token = AccessToken.create(params, :without_protection => true) + access_token = AccessToken.create(params) invalidate! access_token end @@ -36,11 +73,10 @@ class RequestToken < OauthToken end def oob? - callback_url.nil? || callback_url.downcase == 'oob' + callback_url.nil? || callback_url.casecmp("oob").zero? end def oauth10? - (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank? + Settings.key?(:oauth_10_support) && Settings.oauth_10_support && callback_url.blank? end - end