Update oauth models and controllers for OAuth 1.0a support
authorTom Hughes <tom@compton.nu>
Fri, 10 Sep 2010 09:31:44 +0000 (10:31 +0100)
committerTom Hughes <tom@compton.nu>
Tue, 21 Sep 2010 15:20:30 +0000 (16:20 +0100)
app/controllers/oauth_controller.rb
app/models/client_application.rb
app/models/request_token.rb
config/example.application.yml
db/migrate/20100910084426_add_callback_to_oauth_tokens.rb [new file with mode: 0644]

index 4b539b1..260f9ec 100644 (file)
@@ -52,9 +52,17 @@ class OauthController < ApplicationController
 
         if any_auth
           @token.authorize!(@user)
-          redirect_url = params[:oauth_callback] || @token.client_application.callback_url
+          if @token.oauth10?
+            redirect_url = params[:oauth_callback] || @token.client_application.callback_url
+          else
+            redirect_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url
+          end
           if redirect_url
-            redirect_to "#{redirect_url}?oauth_token=#{@token.token}"
+            if @token.oauth10?
+              redirect_to "#{redirect_url}?oauth_token=#{@token.token}"
+            else
+              redirect_to "#{redirect_url}?oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}"
+            end
           else
             render :action => "authorize_success"
           end
index d3799ab..9474a01 100644 (file)
@@ -6,6 +6,21 @@ class ClientApplication < ActiveRecord::Base
   validates_uniqueness_of :key
   before_validation_on_create :generate_keys
   
+  validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i
+  validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+  validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+
+  attr_accessor :token_callback_url
+  
+  def self.find_token(token_key)
+    token = OauthToken.find_by_token(token_key, :include => :client_application)
+    if token && token.authorized?
+      token
+    else
+      nil
+    end
+  end
+
   def self.verify_request(request, options = {}, &block)
     begin
       signature = OAuth::Signature.build(request, options, &block)
@@ -35,7 +50,7 @@ class ClientApplication < ActiveRecord::Base
   end
     
   def create_request_token
-    RequestToken.create :client_application => self
+    RequestToken.create :client_application => self, :callback_url => self.token_callback_url
   end
 
   # the permissions that this client would like from the user
@@ -52,8 +67,8 @@ protected
                  :allow_write_api, :allow_read_gpx, :allow_write_gpx ]
 
   def generate_keys
-    @oauth_client = oauth_server.generate_consumer_credentials
-    self.key = @oauth_client.key
-    self.secret = @oauth_client.secret
+    oauth_client = oauth_server.generate_consumer_credentials
+    self.key = oauth_client.key
+    self.secret = oauth_client.secret
   end
 end
index d66fe6c..0044dde 100644 (file)
@@ -1,17 +1,23 @@
 class RequestToken < OauthToken
+
+  attr_accessor :provided_oauth_verifier
+
   def authorize!(user)
     return false if authorized?
     self.user = user
     self.authorized_at = Time.now
+    self.verifier = OAuth::Helper.generate_key(16)[0,20] unless oauth10?
     self.save
   end
-  
+
   def exchange!
     return false unless authorized?
+    return false unless oauth10? || verifier == provided_oauth_verifier
+
     RequestToken.transaction do
       params = { :user => user, :client_application => client_application }
       # copy the permissions from the authorised request token to the access token
-      client_application.permissions.each { |p| 
+      client_application.permissions.each { |p|
         params[p] = read_attribute(p)
       }
 
@@ -20,4 +26,21 @@ class RequestToken < OauthToken
       access_token
     end
   end
+
+  def to_query
+    if oauth10?
+      super
+    else
+      "#{super}&oauth_callback_confirmed=true"
+    end
+  end
+
+  def oob?
+    self.callback_url=='oob'
+  end
+
+  def oauth10?
+    (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
+  end
+
 end
index 25df99d..9b00beb 100644 (file)
@@ -53,6 +53,8 @@ standard_settings: &standard_settings
   gpx_image_dir: "/home/osm/images"
   # Location of data for file columns
   #file_column_root: ""
+  # Enable legacy OAuth 1.0 support
+  oauth_10_support: true
 
 development:
   <<: *standard_settings
diff --git a/db/migrate/20100910084426_add_callback_to_oauth_tokens.rb b/db/migrate/20100910084426_add_callback_to_oauth_tokens.rb
new file mode 100644 (file)
index 0000000..179b80f
--- /dev/null
@@ -0,0 +1,11 @@
+class AddCallbackToOauthTokens < ActiveRecord::Migration
+  def self.up
+    add_column :oauth_tokens, :callback_url, :string
+    add_column :oauth_tokens, :verifier, :string, :limit => 20
+  end
+
+  def self.down
+    remove_column :oauth_tokens, :callback_url
+    remove_column :oauth_tokens, :verifier
+  end
+end