]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/application_controller.rb
Merge remote-tracking branch 'upstream/pull/5157'
[rails.git] / app / controllers / application_controller.rb
index 05fa76658d55bedeecf412c4a5d1927cb6ce3899..4b36607bb00a988b671ce3f2da760633f0aabeba 100644 (file)
@@ -86,10 +86,6 @@ class ApplicationController < ActionController::Base
     @oauth_token = current_user.oauth_token(Settings.oauth_application) if current_user && Settings.key?(:oauth_application)
   end
 
-  def require_oauth_10a_support
-    report_error t("application.oauth_10a_disabled", :link => t("application.auth_disabled_link")), :forbidden unless Settings.oauth_10a_support
-  end
-
   ##
   # require the user to have cookies enabled in their browser
   def require_cookies
@@ -181,7 +177,7 @@ class ApplicationController < ActionController::Base
     # TODO: some sort of escaping of problem characters in the message
     response.headers["Error"] = message
 
-    if request.headers["X-Error-Format"]&.casecmp("xml")&.zero?
+    if request.headers["X-Error-Format"]&.casecmp?("xml")
       result = OSM::API.new.xml_doc
       result.root.name = "osmError"
       result.root << (XML::Node.new("status") << "#{Rack::Utils.status_code(status)} #{Rack::Utils::HTTP_STATUS_CODES[status]}")
@@ -297,7 +293,7 @@ class ApplicationController < ActionController::Base
   end
 
   def deny_access(_exception)
-    if doorkeeper_token || current_token
+    if doorkeeper_token
       set_locale
       report_error t("oauth.permissions.missing"), :forbidden
     elsif current_user
@@ -327,23 +323,6 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  # extract authorisation credentials from headers, returns user = nil if none
-  def auth_data
-    if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it
-      authdata = request.env["X-HTTP_AUTHORIZATION"].to_s.split
-    elsif request.env.key? "REDIRECT_X_HTTP_AUTHORIZATION" # mod_fcgi
-      authdata = request.env["REDIRECT_X_HTTP_AUTHORIZATION"].to_s.split
-    elsif request.env.key? "HTTP_AUTHORIZATION" # regular location
-      authdata = request.env["HTTP_AUTHORIZATION"].to_s.split
-    end
-    # only basic authentication supported
-    user, pass = Base64.decode64(authdata[1]).split(":", 2) if authdata && authdata[0] == "Basic"
-    [user, pass]
-  end
-
-  # override to stop oauth plugin sending errors
-  def invalid_oauth_response; end
-
   # clean any referer parameter
   def safe_referer(referer)
     begin
@@ -366,7 +345,7 @@ class ApplicationController < ActionController::Base
   end
 
   def scope_enabled?(scope)
-    doorkeeper_token&.includes_scope?(scope) || current_token&.includes_scope?(scope)
+    doorkeeper_token&.includes_scope?(scope)
   end
 
   helper_method :scope_enabled?