Merge remote-tracking branch 'upstream/pull/1827'

[rails.git] / app / models / request_token.rb

diff --git a/app/models/request_token.rb b/app/models/request_token.rb
index 0044dde261e70debd643f09996d1bafe13c61995..335a735bc5a4dbcab80c07d92f2791df53447509 100644 (file)
--- a/app/models/request_token.rb
+++ b/app/models/request_token.rb
@@ -1,13 +1,49 @@
-class RequestToken < OauthToken
+# == Schema Information
+#
+# Table name: oauth_tokens
+#
+#  id                    :integer          not null, primary key
+#  user_id               :integer
+#  type                  :string(20)
+#  client_application_id :integer
+#  token                 :string(50)
+#  secret                :string(50)
+#  authorized_at         :datetime
+#  invalidated_at        :datetime
+#  created_at            :datetime
+#  updated_at            :datetime
+#  allow_read_prefs      :boolean          default(FALSE), not null
+#  allow_write_prefs     :boolean          default(FALSE), not null
+#  allow_write_diary     :boolean          default(FALSE), not null
+#  allow_write_api       :boolean          default(FALSE), not null
+#  allow_read_gpx        :boolean          default(FALSE), not null
+#  allow_write_gpx       :boolean          default(FALSE), not null
+#  callback_url          :string
+#  verifier              :string(20)
+#  scope                 :string
+#  valid_to              :datetime
+#  allow_write_notes     :boolean          default(FALSE), not null
+#
+# Indexes
+#
+#  index_oauth_tokens_on_token    (token) UNIQUE
+#  index_oauth_tokens_on_user_id  (user_id)
+#
+# Foreign Keys
+#
+#  oauth_tokens_client_application_id_fkey  (client_application_id => client_applications.id)
+#  oauth_tokens_user_id_fkey                (user_id => users.id)
+#
 
+class RequestToken < OauthToken
   attr_accessor :provided_oauth_verifier
 
   def authorize!(user)
     return false if authorized?
     self.user = user
     self.authorized_at = Time.now
-    self.verifier = OAuth::Helper.generate_key(16)[0,20] unless oauth10?
-    self.save
+    self.verifier = OAuth::Helper.generate_key(20)[0, 20] unless oauth10?
+    save
   end
 
   def exchange!
@@ -17,9 +53,9 @@ class RequestToken < OauthToken
     RequestToken.transaction do
       params = { :user => user, :client_application => client_application }
       # copy the permissions from the authorised request token to the access token
-      client_application.permissions.each { |p|
-        params[p] = read_attribute(p)
-      }
+      client_application.permissions.each do |p|
+        params[p] = self[p]
+      end
 
       access_token = AccessToken.create(params)
       invalidate!
@@ -36,11 +72,10 @@ class RequestToken < OauthToken
   end
 
   def oob?
-    self.callback_url=='oob'
+    callback_url.nil? || callback_url.casecmp("oob").zero?
   end
 
   def oauth10?
-    (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
+    (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && callback_url.blank?
   end
-
 end