]> git.openstreetmap.org Git - rails.git/blob - app/controllers/oauth_controller.rb
Merge remote-tracking branch 'openstreetmap/pull/1521'
[rails.git] / app / controllers / oauth_controller.rb
1 require "oauth/controllers/provider_controller"
2
3 class OauthController < ApplicationController
4   include OAuth::Controllers::ProviderController
5
6   layout "site"
7
8   def login_required
9     authorize_web
10     set_locale
11     require_user
12   end
13
14   def user_authorizes_token?
15     any_auth = false
16
17     @token.client_application.permissions.each do |pref|
18       if params[pref]
19         @token.write_attribute(pref, true)
20         any_auth ||= true
21       else
22         @token.write_attribute(pref, false)
23       end
24     end
25
26     any_auth
27   end
28
29   def revoke
30     @token = current_user.oauth_tokens.find_by :token => params[:token]
31     if @token
32       @token.invalidate!
33       flash[:notice] = t("oauth.revoke.flash", :application => @token.client_application.name)
34     end
35     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
36   end
37
38   protected
39
40   def oauth1_authorize
41     if @token.invalidated?
42       @message = t "oauth.oauthorize_failure.invalid"
43       render :action => "authorize_failure"
44     elsif request.post?
45       if user_authorizes_token?
46         @token.authorize!(current_user)
47         callback_url = if @token.oauth10?
48                          params[:oauth_callback] || @token.client_application.callback_url
49                        else
50                          @token.oob? ? @token.client_application.callback_url : @token.callback_url
51                        end
52         @redirect_url = URI.parse(callback_url) unless callback_url.blank?
53
54         if @redirect_url.to_s.blank?
55           render :action => "authorize_success"
56         else
57           @redirect_url.query = if @redirect_url.query.blank?
58                                   "oauth_token=#{@token.token}"
59                                 else
60                                   @redirect_url.query +
61                                     "&oauth_token=#{@token.token}"
62                                 end
63
64           unless @token.oauth10?
65             @redirect_url.query += "&oauth_verifier=#{@token.verifier}"
66           end
67
68           redirect_to @redirect_url.to_s
69         end
70       else
71         @token.invalidate!
72         @message = t("oauth.oauthorize_failure.denied", :app_name => @token.client_application.name)
73         render :action => "authorize_failure"
74       end
75     end
76   end
77 end