From: Tom Hughes Date: Fri, 10 Sep 2010 09:31:44 +0000 (+0100) Subject: Update oauth models and controllers for OAuth 1.0a support X-Git-Tag: live~6817^2~1 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/1c3a9ee62b7d1a0dc97d52b1a498be1339d49ebf Update oauth models and controllers for OAuth 1.0a support --- diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb index 4b539b1fd..260f9ecfe 100644 --- a/app/controllers/oauth_controller.rb +++ b/app/controllers/oauth_controller.rb @@ -52,9 +52,17 @@ class OauthController < ApplicationController if any_auth @token.authorize!(@user) - redirect_url = params[:oauth_callback] || @token.client_application.callback_url + if @token.oauth10? + redirect_url = params[:oauth_callback] || @token.client_application.callback_url + else + redirect_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url + end if redirect_url - redirect_to "#{redirect_url}?oauth_token=#{@token.token}" + if @token.oauth10? + redirect_to "#{redirect_url}?oauth_token=#{@token.token}" + else + redirect_to "#{redirect_url}?oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" + end else render :action => "authorize_success" end diff --git a/app/models/client_application.rb b/app/models/client_application.rb index d3799abe0..9474a0137 100644 --- a/app/models/client_application.rb +++ b/app/models/client_application.rb @@ -6,6 +6,21 @@ class ClientApplication < ActiveRecord::Base validates_uniqueness_of :key before_validation_on_create :generate_keys + validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i + validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true + validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true + + attr_accessor :token_callback_url + + def self.find_token(token_key) + token = OauthToken.find_by_token(token_key, :include => :client_application) + if token && token.authorized? + token + else + nil + end + end + def self.verify_request(request, options = {}, &block) begin signature = OAuth::Signature.build(request, options, &block) @@ -35,7 +50,7 @@ class ClientApplication < ActiveRecord::Base end def create_request_token - RequestToken.create :client_application => self + RequestToken.create :client_application => self, :callback_url => self.token_callback_url end # the permissions that this client would like from the user @@ -52,8 +67,8 @@ protected :allow_write_api, :allow_read_gpx, :allow_write_gpx ] def generate_keys - @oauth_client = oauth_server.generate_consumer_credentials - self.key = @oauth_client.key - self.secret = @oauth_client.secret + oauth_client = oauth_server.generate_consumer_credentials + self.key = oauth_client.key + self.secret = oauth_client.secret end end diff --git a/app/models/request_token.rb b/app/models/request_token.rb index d66fe6ce1..0044dde26 100644 --- a/app/models/request_token.rb +++ b/app/models/request_token.rb @@ -1,17 +1,23 @@ class RequestToken < OauthToken + + attr_accessor :provided_oauth_verifier + def authorize!(user) return false if authorized? self.user = user self.authorized_at = Time.now + self.verifier = OAuth::Helper.generate_key(16)[0,20] unless oauth10? self.save end - + def exchange! return false unless authorized? + return false unless oauth10? || verifier == provided_oauth_verifier + RequestToken.transaction do params = { :user => user, :client_application => client_application } # copy the permissions from the authorised request token to the access token - client_application.permissions.each { |p| + client_application.permissions.each { |p| params[p] = read_attribute(p) } @@ -20,4 +26,21 @@ class RequestToken < OauthToken access_token end end + + def to_query + if oauth10? + super + else + "#{super}&oauth_callback_confirmed=true" + end + end + + def oob? + self.callback_url=='oob' + end + + def oauth10? + (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank? + end + end diff --git a/config/example.application.yml b/config/example.application.yml index 25df99d26..9b00beb58 100644 --- a/config/example.application.yml +++ b/config/example.application.yml @@ -53,6 +53,8 @@ standard_settings: &standard_settings gpx_image_dir: "/home/osm/images" # Location of data for file columns #file_column_root: "" + # Enable legacy OAuth 1.0 support + oauth_10_support: true development: <<: *standard_settings diff --git a/db/migrate/20100910084426_add_callback_to_oauth_tokens.rb b/db/migrate/20100910084426_add_callback_to_oauth_tokens.rb new file mode 100644 index 000000000..179b80fab --- /dev/null +++ b/db/migrate/20100910084426_add_callback_to_oauth_tokens.rb @@ -0,0 +1,11 @@ +class AddCallbackToOauthTokens < ActiveRecord::Migration + def self.up + add_column :oauth_tokens, :callback_url, :string + add_column :oauth_tokens, :verifier, :string, :limit => 20 + end + + def self.down + remove_column :oauth_tokens, :callback_url + remove_column :oauth_tokens, :verifier + end +end