From b4a1e41968e1befdf6fc14715d95549f5537abca Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sun, 27 Jun 2021 18:42:47 +0100 Subject: [PATCH] Switch web site to use OAuth 2 --- app/assets/javascripts/oauth.js | 21 +++------------------ app/controllers/application_controller.rb | 2 +- app/helpers/application_helper.rb | 8 +------- app/models/user.rb | 14 +++++++++++++- config/settings.yml | 4 ++-- package.json | 1 - yarn.lock | 12 ------------ 7 files changed, 20 insertions(+), 42 deletions(-) diff --git a/app/assets/javascripts/oauth.js b/app/assets/javascripts/oauth.js index d688590b0..0c3538c51 100644 --- a/app/assets/javascripts/oauth.js +++ b/app/assets/javascripts/oauth.js @@ -1,26 +1,11 @@ -//= require ohauth/ohauth - $(document).ready(function () { var application_data = $("head").data(); - function makeAbsolute(url) { - var a = document.createElement("a"); - a.href = url; - return a.href; - } - - if (application_data.token) { - var headerGenerator = window.ohauth.headerGenerator({ - consumer_key: application_data.consumerKey, - consumer_secret: application_data.consumerSecret, - token: application_data.token, - token_secret: application_data.tokenSecret - }); - - $.ajaxPrefilter(function (options, jqxhr) { + if (application_data.oauthToken) { + $.ajaxPrefilter(function (options) { if (options.oauth) { options.headers = options.headers || {}; - options.headers.Authorization = headerGenerator(options.type, makeAbsolute(options.url), jqxhr.data); + options.headers.Authorization = "Bearer " + application_data.oauthToken; } }); } diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fc8b75b60..8df126a04 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -67,7 +67,7 @@ class ApplicationController < ActionController::Base end def require_oauth - @oauth_token = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key) + @oauth_token = current_user.oauth_token(Settings.oauth_application) if current_user && Settings.key?(:oauth_application) end ## diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index faf538fa9..c9f165d52 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -58,13 +58,7 @@ module ApplicationHelper end data[:location] = session[:location] if session[:location] - - if oauth_token - data[:token] = oauth_token.token - data[:token_secret] = oauth_token.secret - data[:consumer_key] = oauth_token.client_application.key - data[:consumer_secret] = oauth_token.client_application.secret - end + data[:oauth_token] = oauth_token.token if oauth_token data end diff --git a/app/models/user.rb b/app/models/user.rb index 964359e9c..c02795a4a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -288,11 +288,23 @@ class User < ApplicationRecord end ## - # return an oauth access token for a specified application + # return an oauth 1 access token for a specified application def access_token(application_key) ClientApplication.find_by(:key => application_key).access_token_for_user(self) end + ## + # return an oauth 2 access token for a specified application + def oauth_token(application_id) + application = Doorkeeper.config.application_model.find_by(:uid => application_id) + + Doorkeeper.config.access_token_model.find_or_create_for( + :application => application, + :resource_owner => self, + :scopes => application.scopes + ) + end + def fingerprint digest = Digest::SHA256.new digest.update(email) diff --git a/config/settings.yml b/config/settings.yml index 81ab37015..6f77efcfd 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -84,8 +84,8 @@ oauth_10_support: true nominatim_url: "https://nominatim.openstreetmap.org/" # Default editor default_editor: "id" -# OAuth consumer key for the web site -#oauth_key: "" +# OAuth application for the web site +#oauth_application: "" # OAuth consumer key for iD #id_key: "" # Imagery to return in capabilities as blacklisted diff --git a/package.json b/package.json index 60da79b05..4e5538cfd 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,6 @@ "js-cookie": "^2.2.1", "leaflet": "^1.6.0", "leaflet.locatecontrol": "^0.74.0", - "ohauth": "^1.0.0", "qs": "^6.9.4" }, "devDependencies": { diff --git a/yarn.lock b/yarn.lock index ee875da31..73606bc73 100644 --- a/yarn.lock +++ b/yarn.lock @@ -550,11 +550,6 @@ js-yaml@^3.13.1: argparse "^1.0.7" esprima "^4.0.0" -jshashes@~1.0.8: - version "1.0.8" - resolved "https://registry.yarnpkg.com/jshashes/-/jshashes-1.0.8.tgz#f60d837428383abf73ab022e1542e6614bd75514" - integrity sha512-btmQZ/w1rj8Lb6nEwvhjM7nBYoj54yaEFo2PWh3RkxZ8qNwuvOxvQYN/JxVuwoMmdIluL+XwYVJ+pEEZoSYybQ== - json-schema-traverse@^0.4.1: version "0.4.1" resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660" @@ -625,13 +620,6 @@ object-inspect@^1.9.0: resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.9.0.tgz#c90521d74e1127b67266ded3394ad6116986533a" integrity sha512-i3Bp9iTqwhaLZBxGkRfo5ZbE07BQRT7MGu8+nNgwW9ItGp1TzCTw2DLEoWwjClxBjOFI/hWljTAmYGCEwmtnOw== -ohauth@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/ohauth/-/ohauth-1.0.1.tgz#a5d4ab8e5390bb1cad68a58cc9c58630173c02f2" - integrity sha512-R9ZUN3+FVCwzeOOHCJpzA9jw/byRxp5O9X06mTL6Sp/LIQn/rLrMv6cwYctX+hoIKzRUsalGJXZ1kG5wBmSskQ== - dependencies: - jshashes "~1.0.8" - once@^1.3.0: version "1.4.0" resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" -- 2.39.5