vendor/plugins/oauth-plugin/lib/oauth/rails/controller_methods.rb

   1 require 'oauth/signature'
   2 module OAuth
   3   module Rails
   4
   5     module ControllerMethods
   6       protected
   7
   8       def current_token
   9         @current_token
  10       end
  11
  12       def current_client_application
  13         @current_client_application
  14       end
  15
  16       def oauthenticate
  17         logger.info "entering oauthenticate"
  18         verified=verify_oauth_signature
  19         logger.info "verified=#{verified.to_s}"
  20         return verified && current_token.is_a?(::AccessToken)
  21       end
  22
  23       def oauth?
  24         current_token!=nil
  25       end
  26
  27       # use in a before_filter
  28       def oauth_required
  29         logger.info "Current_token=#{@current_token.inspect}"
  30         if oauthenticate
  31           logger.info "passed oauthenticate"
  32           if authorized?
  33             logger.info "passed authorized"
  34             return true
  35           else
  36             logger.info "failed authorized"
  37             invalid_oauth_response
  38           end
  39         else
  40           logger.info "failed oauthenticate"
  41
  42           invalid_oauth_response
  43         end
  44       end
  45
  46       # This requies that you have an acts_as_authenticated compatible authentication plugin installed
  47       def login_or_oauth_required
  48         if oauthenticate
  49           if authorized?
  50             return true
  51           else
  52             invalid_oauth_response
  53           end
  54         else
  55           login_required
  56         end
  57       end
  58
  59
  60       # verifies a request token request
  61       def verify_oauth_consumer_signature
  62         begin
  63           valid = ClientApplication.verify_request(request) do |token, consumer_key|
  64             @current_client_application = ClientApplication.find_by_key(consumer_key)
  65
  66             # return the token secret and the consumer secret
  67             [nil, @current_client_application.secret]
  68           end
  69         rescue
  70           valid=false
  71         end
  72
  73         invalid_oauth_response unless valid
  74       end
  75
  76       def verify_oauth_request_token
  77         verify_oauth_signature && current_token.is_a?(RequestToken)
  78       end
  79
  80       def invalid_oauth_response(code=401,message="Invalid OAuth Request")
  81         render :text => message, :status => code
  82       end
  83
  84       private
  85
  86       def current_token=(token)
  87         @current_token=token
  88         if @current_token
  89           @current_user=@current_token.user
  90           @current_client_application=@current_token.client_application
  91         end
  92         @current_token
  93       end
  94
  95       # Implement this for your own application using app-specific models
  96       def verify_oauth_signature
  97         begin
  98           valid = ClientApplication.verify_request(request) do |request|
  99             self.current_token = OauthToken.find_token(request.token)
 100             logger.info "self=#{self.class.to_s}"
 101             logger.info "token=#{self.current_token}"
 102             # return the token secret and the consumer secret
 103             [(current_token.nil? ? nil : current_token.secret), (current_client_application.nil? ? nil : current_client_application.secret)]
 104           end
 105           # reset @current_user to clear state for restful_...._authentication
 106           @current_user = nil if (!valid)
 107           valid
 108         rescue
 109           false
 110         end
 111       end
 112     end
 113   end
 114 end