X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/173e92edb838ca423db1637cd767543a582f1c07..5bc3054d61559107868dfa351b25d8f48c571151:/app/controllers/oauth_controller.rb diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb index 8af8af5e7..5c84be0cf 100644 --- a/app/controllers/oauth_controller.rb +++ b/app/controllers/oauth_controller.rb @@ -1,5 +1,5 @@ class OauthController < ApplicationController - layout 'site' + layout 'slim' before_filter :authorize_web, :only => [:oauthorize, :revoke] before_filter :set_locale, :only => [:oauthorize, :revoke] @@ -12,13 +12,11 @@ class OauthController < ApplicationController def request_token @token = current_client_application.create_request_token - logger.info "in REQUEST TOKEN" if @token logger.info "request token params: #{params.inspect}" # request tokens indicate what permissions the client *wants*, not # necessarily the same as those which the user allows. current_client_application.permissions.each do |pref| - logger.info "PARAMS found #{pref}" @token.write_attribute(pref, true) end @token.save! @@ -40,12 +38,11 @@ class OauthController < ApplicationController def oauthorize @token = RequestToken.find_by_token params[:oauth_token] - unless @token.invalidated? + unless @token.nil? or @token.invalidated? if request.post? any_auth = false @token.client_application.permissions.each do |pref| if params[pref] - logger.info "OAUTHORIZE PARAMS found #{pref}" @token.write_attribute(pref, true) any_auth ||= true else @@ -55,9 +52,17 @@ class OauthController < ApplicationController if any_auth @token.authorize!(@user) - redirect_url = params[:oauth_callback] || @token.client_application.callback_url - if redirect_url - redirect_to "#{redirect_url}?oauth_token=#{@token.token}" + if @token.oauth10? + redirect_url = params[:oauth_callback] || @token.client_application.callback_url + else + redirect_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url + end + if redirect_url and not redirect_url.empty? + if @token.oauth10? + redirect_to "#{redirect_url}?oauth_token=#{@token.token}" + else + redirect_to "#{redirect_url}?oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" + end else render :action => "authorize_success" end @@ -77,7 +82,6 @@ class OauthController < ApplicationController @token.invalidate! flash[:notice] = t('oauth.revoke.flash', :application => @token.client_application.name) end - logger.info "about to redirect" redirect_to :controller => 'oauth_clients', :action => 'index' end end