if any_auth
@token.authorize!(@user)
- redirect_url = params[:oauth_callback] || @token.client_application.callback_url
+ if @token.oauth10?
+ redirect_url = params[:oauth_callback] || @token.client_application.callback_url
+ else
+ redirect_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url
+ end
if redirect_url
- redirect_to "#{redirect_url}?oauth_token=#{@token.token}"
+ if @token.oauth10?
+ redirect_to "#{redirect_url}?oauth_token=#{@token.token}"
+ else
+ redirect_to "#{redirect_url}?oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}"
+ end
else
render :action => "authorize_success"
end
validates_uniqueness_of :key
before_validation_on_create :generate_keys
+ validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i
+ validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+ validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+
+ attr_accessor :token_callback_url
+
+ def self.find_token(token_key)
+ token = OauthToken.find_by_token(token_key, :include => :client_application)
+ if token && token.authorized?
+ token
+ else
+ nil
+ end
+ end
+
def self.verify_request(request, options = {}, &block)
begin
signature = OAuth::Signature.build(request, options, &block)
end
def create_request_token
- RequestToken.create :client_application => self
+ RequestToken.create :client_application => self, :callback_url => self.token_callback_url
end
# the permissions that this client would like from the user
:allow_write_api, :allow_read_gpx, :allow_write_gpx ]
def generate_keys
- @oauth_client = oauth_server.generate_consumer_credentials
- self.key = @oauth_client.key
- self.secret = @oauth_client.secret
+ oauth_client = oauth_server.generate_consumer_credentials
+ self.key = oauth_client.key
+ self.secret = oauth_client.secret
end
end
class RequestToken < OauthToken
+
+ attr_accessor :provided_oauth_verifier
+
def authorize!(user)
return false if authorized?
self.user = user
self.authorized_at = Time.now
+ self.verifier = OAuth::Helper.generate_key(16)[0,20] unless oauth10?
self.save
end
-
+
def exchange!
return false unless authorized?
+ return false unless oauth10? || verifier == provided_oauth_verifier
+
RequestToken.transaction do
params = { :user => user, :client_application => client_application }
# copy the permissions from the authorised request token to the access token
- client_application.permissions.each { |p|
+ client_application.permissions.each { |p|
params[p] = read_attribute(p)
}
access_token
end
end
+
+ def to_query
+ if oauth10?
+ super
+ else
+ "#{super}&oauth_callback_confirmed=true"
+ end
+ end
+
+ def oob?
+ self.callback_url=='oob'
+ end
+
+ def oauth10?
+ (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
+ end
+
end
gpx_image_dir: "/home/osm/images"
# Location of data for file columns
#file_column_root: ""
+ # Enable legacy OAuth 1.0 support
+ oauth_10_support: true
development:
<<: *standard_settings
--- /dev/null
+class AddCallbackToOauthTokens < ActiveRecord::Migration
+ def self.up
+ add_column :oauth_tokens, :callback_url, :string
+ add_column :oauth_tokens, :verifier, :string, :limit => 20
+ end
+
+ def self.down
+ remove_column :oauth_tokens, :callback_url
+ remove_column :oauth_tokens, :verifier
+ end
+end
projects / rails.git / commitdiff