app/controllers/oauth_controller.rb

   1 class OauthController < ApplicationController
   2   include OAuth::Controllers::ProviderController
   3
   4   # The ProviderController will call login_required for any action that needs
   5   # a login, but we want to check authorization on every action.
   6   authorize_resource :class => false
   7
   8   layout "site"
   9
  10   def revoke
  11     @token = current_user.oauth_tokens.find_by :token => params[:token]
  12     if @token
  13       @token.invalidate!
  14       flash[:notice] = t(".flash", :application => @token.client_application.name)
  15     end
  16     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
  17   end
  18
  19   protected
  20
  21   def login_required
  22     authorize_web
  23     set_locale
  24   end
  25
  26   def user_authorizes_token?
  27     any_auth = false
  28
  29     @token.client_application.permissions.each do |pref|
  30       if params[pref]
  31         @token.write_attribute(pref, true)
  32         any_auth ||= true
  33       else
  34         @token.write_attribute(pref, false)
  35       end
  36     end
  37
  38     any_auth
  39   end
  40
  41   def oauth1_authorize
  42     override_content_security_policy_directives(:form_action => []) if Settings.csp_enforce || Settings.key?(:csp_report_url)
  43
  44     if @token.invalidated?
  45       @message = t "oauth.authorize_failure.invalid"
  46       render :action => "authorize_failure"
  47     elsif request.post?
  48       if user_authorizes_token?
  49         @token.authorize!(current_user)
  50         callback_url = if @token.oauth10?
  51                          params[:oauth_callback] || @token.client_application.callback_url
  52                        else
  53                          @token.oob? ? @token.client_application.callback_url : @token.callback_url
  54                        end
  55         @redirect_url = URI.parse(callback_url) if callback_url.present?
  56
  57         if @redirect_url.to_s.blank?
  58           render :action => "authorize_success"
  59         else
  60           @redirect_url.query = if @redirect_url.query.blank?
  61                                   "oauth_token=#{@token.token}"
  62                                 else
  63                                   @redirect_url.query +
  64                                     "&oauth_token=#{@token.token}"
  65                                 end
  66
  67           @redirect_url.query += "&oauth_verifier=#{@token.verifier}" unless @token.oauth10?
  68
  69           redirect_to @redirect_url.to_s
  70         end
  71       else
  72         @token.invalidate!
  73         @message = t("oauth.authorize_failure.denied", :app_name => @token.client_application.name)
  74         render :action => "authorize_failure"
  75       end
  76     end
  77   end
  78 end