From: Matt Amos Date: Mon, 3 Aug 2009 14:00:29 +0000 (+0000) Subject: Moved find_token method into the token class, since that seems a more appropriate... X-Git-Tag: live~7327^2~13 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/eff06faf46c8f0cc4d92a16f6b2daa22eabb4893 Moved find_token method into the token class, since that seems a more appropriate place for it. --- diff --git a/app/models/client_application.rb b/app/models/client_application.rb index 2186dc5df..d3799abe0 100644 --- a/app/models/client_application.rb +++ b/app/models/client_application.rb @@ -6,16 +6,6 @@ class ClientApplication < ActiveRecord::Base validates_uniqueness_of :key before_validation_on_create :generate_keys - def self.find_token(token_key) - token = OauthToken.find_by_token(token_key, :include => :client_application) - if token && token.authorized? - logger.info "Loaded #{token.token} which was authorized by (user_id=#{token.user_id}) on the #{token.authorized_at}" - token - else - nil - end - end - def self.verify_request(request, options = {}, &block) begin signature = OAuth::Signature.build(request, options, &block) diff --git a/app/models/oauth_token.rb b/app/models/oauth_token.rb index 5fca40ce2..f64ec53db 100644 --- a/app/models/oauth_token.rb +++ b/app/models/oauth_token.rb @@ -5,6 +5,16 @@ class OauthToken < ActiveRecord::Base validates_presence_of :client_application, :token, :secret before_validation_on_create :generate_keys + def self.find_token(token_key) + token = OauthToken.find_by_token(token_key, :include => :client_application) + if token && token.authorized? + logger.info "Loaded #{token.token} which was authorized by (user_id=#{token.user_id}) on the #{token.authorized_at}" + token + else + nil + end + end + def invalidated? invalidated_at != nil end diff --git a/test/unit/client_application_test.rb b/test/unit/client_application_test.rb deleted file mode 100644 index 213d4d28c..000000000 --- a/test/unit/client_application_test.rb +++ /dev/null @@ -1,17 +0,0 @@ -require File.dirname(__FILE__) + '/../test_helper' - -class ClientApplicationTest < ActiveSupport::TestCase - api_fixtures - - ## - # test that tokens can't be found unless they're authorised - def test_find_token - tok = client_applications(:oauth_web_app).create_request_token - assert_equal false, tok.authorized?, "Token should be created unauthorised." - assert_equal nil, ClientApplication.find_token(tok.token), "Shouldn't be able to find unauthorised token" - tok.authorize!(users(:public_user)) - assert_equal true, tok.authorized?, "Token should now be authorised." - assert_not_equal nil, ClientApplication.find_token(tok.token), "Should be able to find authorised token" - end - -end diff --git a/test/unit/oauth_token_test.rb b/test/unit/oauth_token_test.rb index eb8219c57..655e64eda 100644 --- a/test/unit/oauth_token_test.rb +++ b/test/unit/oauth_token_test.rb @@ -23,4 +23,15 @@ class OauthTokenTest < ActiveSupport::TestCase assert_equal false, tok.authorized?, "Token should now be invalid." end + ## + # test that tokens can't be found unless they're authorised + def test_find_token + tok = client_applications(:oauth_web_app).create_request_token + assert_equal false, tok.authorized?, "Token should be created unauthorised." + assert_equal nil, OauthToken.find_token(tok.token), "Shouldn't be able to find unauthorised token" + tok.authorize!(users(:public_user)) + assert_equal true, tok.authorized?, "Token should now be authorised." + assert_not_equal nil, OauthToken.find_token(tok.token), "Should be able to find authorised token" + end + end diff --git a/vendor/plugins/oauth-plugin/lib/oauth/rails/controller_methods.rb b/vendor/plugins/oauth-plugin/lib/oauth/rails/controller_methods.rb index 668328b7e..68ef9d224 100644 --- a/vendor/plugins/oauth-plugin/lib/oauth/rails/controller_methods.rb +++ b/vendor/plugins/oauth-plugin/lib/oauth/rails/controller_methods.rb @@ -96,7 +96,7 @@ module OAuth def verify_oauth_signature begin valid = ClientApplication.verify_request(request) do |request| - self.current_token = ClientApplication.find_token(request.token) + self.current_token = OauthToken.find_token(request.token) logger.info "self=#{self.class.to_s}" logger.info "token=#{self.current_token}" # return the token secret and the consumer secret @@ -111,4 +111,4 @@ module OAuth end end end -end \ No newline at end of file +end