X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/0c8ad2f86edefed72052b402742cadedb0d674d9..34e3e51456774127d43408b7ab65c24f41373f62:/app/models/client_application.rb diff --git a/app/models/client_application.rb b/app/models/client_application.rb index 0619e75a3..fd382629a 100644 --- a/app/models/client_application.rb +++ b/app/models/client_application.rb @@ -13,16 +13,10 @@ class ClientApplication < ActiveRecord::Base validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true validates_format_of :callback_url, :with => /\A[a-z][a-z0-9.+-]*:\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true - attr_accessible :name, :url, :support_url, :callback_url, - :allow_read_prefs, :allow_write_prefs, - :allow_write_diary, :allow_write_api, - :allow_read_gpx, :allow_write_gpx, - :allow_write_notes - before_validation :generate_keys, :on => :create attr_accessor :token_callback_url - + def self.find_token(token_key) token = OauthToken.find_by_token(token_key, :include => :client_application) if token && token.authorized? @@ -42,7 +36,7 @@ class ClientApplication < ActiveRecord::Base false end end - + def self.all_permissions PERMISSIONS end @@ -50,17 +44,17 @@ class ClientApplication < ActiveRecord::Base def oauth_server @oauth_server ||= OAuth::Server.new("http://" + SERVER_URL) end - + def credentials @oauth_client ||= OAuth::Consumer.new(key, secret) end - + def create_request_token(params={}) params = { :client_application => self, :callback_url => self.token_callback_url } permissions.each do |p| params[p] = true end - RequestToken.create(params, :without_protection => true) + RequestToken.create(params) end def access_token_for_user(user) @@ -71,9 +65,9 @@ class ClientApplication < ActiveRecord::Base params[p] = true end - token = access_tokens.create(params, :without_protection => true) + token = access_tokens.create(params) end - + token end @@ -83,7 +77,7 @@ class ClientApplication < ActiveRecord::Base end protected - + # this is the set of permissions that the client can ask for. clients # have to say up-front what permissions they want and when users sign up they # can agree or not agree to each of them.