]> git.openstreetmap.org Git - rails.git/blob - app/controllers/oauth_controller.rb
8ce53739fdff427bd656f9b9aba7b7c90aec273c
[rails.git] / app / controllers / oauth_controller.rb
1 require "oauth/controllers/provider_controller"
2
3 class OauthController < ApplicationController
4   include OAuth::Controllers::ProviderController
5
6   layout "site"
7
8   def login_required
9     authorize_web
10     set_locale
11     require_user
12   end
13
14   def user_authorizes_token?
15     any_auth = false
16
17     @token.client_application.permissions.each do |pref|
18       if params[pref]
19         @token.write_attribute(pref, true)
20         any_auth ||= true
21       else
22         @token.write_attribute(pref, false)
23       end
24     end
25
26     any_auth
27   end
28
29   def revoke
30     @token = current_user.oauth_tokens.find_by_token params[:token]
31     if @token
32       @token.invalidate!
33       flash[:notice] = t("oauth.revoke.flash", :application => @token.client_application.name)
34     end
35     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
36   end
37
38   protected
39
40   def oauth1_authorize
41     if @token.invalidated?
42       @message = t "oauth.oauthorize_failure.invalid"
43       render :action => "authorize_failure"
44     else
45       if request.post?
46         if user_authorizes_token?
47           @token.authorize!(current_user)
48           if @token.oauth10?
49             callback_url = params[:oauth_callback] || @token.client_application.callback_url
50           else
51             callback_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url
52           end
53           @redirect_url = URI.parse(callback_url) unless callback_url.blank?
54
55           if @redirect_url.to_s.blank?
56             render :action => "authorize_success"
57           else
58             @redirect_url.query = if @redirect_url.query.blank?
59                                     "oauth_token=#{@token.token}"
60                                   else
61                                     @redirect_url.query +
62                                       "&oauth_token=#{@token.token}"
63                                   end
64
65             unless @token.oauth10?
66               @redirect_url.query += "&oauth_verifier=#{@token.verifier}"
67             end
68
69             redirect_to @redirect_url.to_s
70           end
71         else
72           @token.invalidate!
73           @message = t("oauth.oauthorize_failure.denied", :app_name => @token.client_application.name)
74           render :action => "authorize_failure"
75         end
76       end
77     end
78   end
79 end