]> git.openstreetmap.org Git - rails.git/blob - app/controllers/oauth_controller.rb
Used `unredacted` scope rather than explicit SQL
[rails.git] / app / controllers / oauth_controller.rb
1 require 'oauth/controllers/provider_controller'
2
3 class OauthController < ApplicationController
4   include OAuth::Controllers::ProviderController
5
6   layout 'slim'
7
8   def login_required
9     authorize_web
10     set_locale
11     require_user
12   end
13
14   def user_authorizes_token?
15     any_auth = false
16
17     @token.client_application.permissions.each do |pref|
18       if params[pref]
19         @token.write_attribute(pref, true)
20         any_auth ||= true
21       else
22         @token.write_attribute(pref, false)
23       end
24     end
25
26     any_auth
27   end
28
29   def revoke
30     @token = current_user.oauth_tokens.find_by_token params[:token]
31     if @token
32       @token.invalidate!
33       flash[:notice] = t('oauth.revoke.flash', :application => @token.client_application.name)
34     end
35     redirect_to oauth_clients_url(:display_name => @token.user.display_name)
36   end
37
38 protected
39
40   def oauth1_authorize
41     unless @token
42       render :action=>"authorize_failure"
43       return
44     end
45
46     unless @token.invalidated?
47       if request.post?
48         if user_authorizes_token?
49           @token.authorize!(current_user)
50           if @token.oauth10?
51             callback_url = params[:oauth_callback] || @token.client_application.callback_url
52           else
53             callback_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url
54           end
55           @redirect_url = URI.parse(callback_url) unless callback_url.blank?
56
57           unless @redirect_url.to_s.blank?
58             @redirect_url.query = @redirect_url.query.blank? ?
59             "oauth_token=#{@token.token}" :
60               @redirect_url.query + "&oauth_token=#{@token.token}"
61             unless @token.oauth10?
62               @redirect_url.query += "&oauth_verifier=#{@token.verifier}"
63             end
64             redirect_to @redirect_url.to_s
65           else
66             render :action => "authorize_success"
67           end
68         else
69           @token.invalidate!
70           render :action => "authorize_failure"
71         end
72       end
73     else
74       render :action => "authorize_failure"
75     end
76   end
77 end