Simplify URL scheme name matching in OAuth callback URLs a little
[rails.git] / app / models / request_token.rb
1 class RequestToken < OauthToken
2
3   attr_accessor :provided_oauth_verifier
4
5   def authorize!(user)
6     return false if authorized?
7     self.user = user
8     self.authorized_at = Time.now
9     self.verifier = OAuth::Helper.generate_key(16)[0,20] unless oauth10?
10     self.save
11   end
12
13   def exchange!
14     return false unless authorized?
15     return false unless oauth10? || verifier == provided_oauth_verifier
16
17     RequestToken.transaction do
18       params = { :user => user, :client_application => client_application }
19       # copy the permissions from the authorised request token to the access token
20       client_application.permissions.each { |p|
21         params[p] = read_attribute(p)
22       }
23
24       access_token = AccessToken.create(params)
25       invalidate!
26       access_token
27     end
28   end
29
30   def to_query
31     if oauth10?
32       super
33     else
34       "#{super}&oauth_callback_confirmed=true"
35     end
36   end
37
38   def oob?
39     self.callback_url=='oob'
40   end
41
42   def oauth10?
43     (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
44   end
45
46 end