]> git.openstreetmap.org Git - rails.git/blobdiff - app/models/request_token.rb
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Turn on mass assignment protection
[rails.git] / app / models / request_token.rb
diff --git a/app/models/request_token.rb b/app/models/request_token.rb
index 0044dde261e70debd643f09996d1bafe13c61995..6e4ec40c357aa46ccbb2a23cb87b5b8f1168f7e2 100644 (file)
--- a/app/models/request_token.rb
+++ b/app/models/request_token.rb
@@ -6,7 +6,7 @@ class RequestToken < OauthToken
     return false if authorized?
     self.user = user
     self.authorized_at = Time.now
-    self.verifier = OAuth::Helper.generate_key(16)[0,20] unless oauth10?
+    self.verifier = OAuth::Helper.generate_key(20)[0,20] unless oauth10?
     self.save
   end
 
@@ -21,7 +21,7 @@ class RequestToken < OauthToken
         params[p] = read_attribute(p)
       }
 
-      access_token = AccessToken.create(params)
+      access_token = AccessToken.create(params, :without_protection => true)
       invalidate!
       access_token
     end
@@ -36,7 +36,7 @@ class RequestToken < OauthToken
   end
 
   def oob?
-    self.callback_url=='oob'
+    callback_url.nil? || callback_url.downcase == 'oob'
   end
 
   def oauth10?
The OpenStreetMap web site