X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/59eebc05b2de2c85033237c06d9474d5072b4d1f..ed0375ec89862574e642070b01fe16e90f058538:/app/controllers/oauth_controller.rb diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb index f8959beae..4b539b1fd 100644 --- a/app/controllers/oauth_controller.rb +++ b/app/controllers/oauth_controller.rb @@ -1,7 +1,8 @@ class OauthController < ApplicationController layout 'site' - before_filter :authorize_web, :except => [:request_token, :access_token] + before_filter :authorize_web, :only => [:oauthorize, :revoke] + before_filter :set_locale, :only => [:oauthorize, :revoke] before_filter :require_user, :only => [:oauthorize] before_filter :verify_oauth_consumer_signature, :only => [:request_token] before_filter :verify_oauth_request_token, :only => [:access_token] @@ -11,13 +12,11 @@ class OauthController < ApplicationController def request_token @token = current_client_application.create_request_token - logger.info "in REQUEST TOKEN" if @token logger.info "request token params: #{params.inspect}" # request tokens indicate what permissions the client *wants*, not # necessarily the same as those which the user allows. current_client_application.permissions.each do |pref| - logger.info "PARAMS found #{pref}" @token.write_attribute(pref, true) end @token.save! @@ -26,8 +25,8 @@ class OauthController < ApplicationController else render :nothing => true, :status => 401 end - end - + end + def access_token @token = current_token && current_token.exchange! if @token @@ -39,19 +38,18 @@ class OauthController < ApplicationController def oauthorize @token = RequestToken.find_by_token params[:oauth_token] - unless @token.invalidated? - if request.post? + unless @token.nil? or @token.invalidated? + if request.post? any_auth = false @token.client_application.permissions.each do |pref| if params[pref] - logger.info "OAUTHORIZE PARAMS found #{pref}" @token.write_attribute(pref, true) any_auth ||= true else @token.write_attribute(pref, false) end end - + if any_auth @token.authorize!(@user) redirect_url = params[:oauth_callback] || @token.client_application.callback_url @@ -69,15 +67,13 @@ class OauthController < ApplicationController render :action => "authorize_failure" end end - + def revoke @token = @user.oauth_tokens.find_by_token params[:token] if @token @token.invalidate! - flash[:notice] = "You've revoked the token for #{@token.client_application.name}" + flash[:notice] = t('oauth.revoke.flash', :application => @token.client_application.name) end - logger.info "about to redirect" redirect_to :controller => 'oauth_clients', :action => 'index' end - end