819f74dc1f9cefb9691aa2efcd11f0172c5a588f
[rails.git] / app / controllers / oauth_controller.rb
1 require 'oauth/controllers/provider_controller'
2
3 class OauthController < ApplicationController
4   include OAuth::Controllers::ProviderController
5
6   layout 'site'
7
8   def login_required
9     authorize_web
10     set_locale
11     require_user
12   end
13
14   def user_authorizes_token?
15     any_auth = false
16
17     @token.client_application.permissions.each do |pref|
18       if params[pref]
19         @token.write_attribute(pref, true)
20         any_auth ||= true
21       else
22         @token.write_attribute(pref, false)
23       end
24     end
25
26     any_auth
27   end
28
29   def revoke
30     @token = current_user.oauth_tokens.find_by_token params[:token]
31     if @token
32       @token.invalidate!
33       flash[:notice] = t('oauth.revoke.flash', :application => @token.client_application.name)
34     end
35     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
36   end
37
38   protected
39
40   def oauth1_authorize
41     unless @token
42       render :action => "authorize_failure"
43       return
44     end
45
46     if @token.invalidated?
47       @message = t "oauth.oauthorize_failure.invalid"
48       render :action => "authorize_failure"
49     else
50       if request.post?
51         if user_authorizes_token?
52           @token.authorize!(current_user)
53           if @token.oauth10?
54             callback_url = params[:oauth_callback] || @token.client_application.callback_url
55           else
56             callback_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url
57           end
58           @redirect_url = URI.parse(callback_url) unless callback_url.blank?
59
60           if @redirect_url.to_s.blank?
61             render :action => "authorize_success"
62           else
63             @redirect_url.query = if @redirect_url.query.blank?
64                                     "oauth_token=#{@token.token}"
65                                   else
66                                     @redirect_url.query +
67                                       "&oauth_token=#{@token.token}"
68                                   end
69
70             unless @token.oauth10?
71               @redirect_url.query += "&oauth_verifier=#{@token.verifier}"
72             end
73
74             redirect_to @redirect_url.to_s
75           end
76         else
77           @token.invalidate!
78           @message = t("oauth.oauthorize_failure.denied", :app_name => @token.client_application.name)
79           render :action => "authorize_failure"
80         end
81       end
82     end
83   end
84 end