X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/b8f6dbd403507edd14f04f3151c285e232607360..3d3f3982a0cdf1c5159c5fa07c672d4cdedcb9b3:/app/controllers/oauth_controller.rb?ds=sidebyside diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb index f8959beae..5c84be0cf 100644 --- a/app/controllers/oauth_controller.rb +++ b/app/controllers/oauth_controller.rb @@ -1,7 +1,8 @@ class OauthController < ApplicationController - layout 'site' + layout 'slim' - before_filter :authorize_web, :except => [:request_token, :access_token] + before_filter :authorize_web, :only => [:oauthorize, :revoke] + before_filter :set_locale, :only => [:oauthorize, :revoke] before_filter :require_user, :only => [:oauthorize] before_filter :verify_oauth_consumer_signature, :only => [:request_token] before_filter :verify_oauth_request_token, :only => [:access_token] @@ -11,13 +12,11 @@ class OauthController < ApplicationController def request_token @token = current_client_application.create_request_token - logger.info "in REQUEST TOKEN" if @token logger.info "request token params: #{params.inspect}" # request tokens indicate what permissions the client *wants*, not # necessarily the same as those which the user allows. current_client_application.permissions.each do |pref| - logger.info "PARAMS found #{pref}" @token.write_attribute(pref, true) end @token.save! @@ -26,8 +25,8 @@ class OauthController < ApplicationController else render :nothing => true, :status => 401 end - end - + end + def access_token @token = current_token && current_token.exchange! if @token @@ -39,24 +38,31 @@ class OauthController < ApplicationController def oauthorize @token = RequestToken.find_by_token params[:oauth_token] - unless @token.invalidated? - if request.post? + unless @token.nil? or @token.invalidated? + if request.post? any_auth = false @token.client_application.permissions.each do |pref| if params[pref] - logger.info "OAUTHORIZE PARAMS found #{pref}" @token.write_attribute(pref, true) any_auth ||= true else @token.write_attribute(pref, false) end end - + if any_auth @token.authorize!(@user) - redirect_url = params[:oauth_callback] || @token.client_application.callback_url - if redirect_url - redirect_to "#{redirect_url}?oauth_token=#{@token.token}" + if @token.oauth10? + redirect_url = params[:oauth_callback] || @token.client_application.callback_url + else + redirect_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url + end + if redirect_url and not redirect_url.empty? + if @token.oauth10? + redirect_to "#{redirect_url}?oauth_token=#{@token.token}" + else + redirect_to "#{redirect_url}?oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" + end else render :action => "authorize_success" end @@ -69,15 +75,13 @@ class OauthController < ApplicationController render :action => "authorize_failure" end end - + def revoke @token = @user.oauth_tokens.find_by_token params[:token] if @token @token.invalidate! - flash[:notice] = "You've revoked the token for #{@token.client_application.name}" + flash[:notice] = t('oauth.revoke.flash', :application => @token.client_application.name) end - logger.info "about to redirect" redirect_to :controller => 'oauth_clients', :action => 'index' end - end