From: Tom Hughes <tom@compton.nu>
Date: Mon, 23 Sep 2013 12:47:05 +0000 (+0100)
Subject: Allow GET as well as POST for oauth#request_token and oauth#access_token
X-Git-Tag: live~4688
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/038c341918db3c29f9f8ce9369505e8b4d81d471

Allow GET as well as POST for oauth#request_token and oauth#access_token
---

diff --git a/config/routes.rb b/config/routes.rb
index c65954b22..7e078539e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -247,8 +247,8 @@ OpenStreetMap::Application.routes.draw do
   match '/oauth/revoke' => 'oauth#revoke', :via => [:get, :post]
   match '/oauth/authorize' => 'oauth#authorize', :via => [:get, :post], :as => :authorize
   match '/oauth/token' => 'oauth#token', :via => :get, :as => :token
-  match '/oauth/request_token' => 'oauth#request_token', :via => :get, :as => :request_token
-  match '/oauth/access_token' => 'oauth#access_token', :via => :get, :as => :access_token
+  match '/oauth/request_token' => 'oauth#request_token', :via => [:get, :post], :as => :request_token
+  match '/oauth/access_token' => 'oauth#access_token', :via => [:get, :post], :as => :access_token
   match '/oauth/test_request' => 'oauth#test_request', :via => :get, :as => :test_request
 
   # roles and banning pages
diff --git a/test/functional/oauth_controller_test.rb b/test/functional/oauth_controller_test.rb
index 42f3c3c99..85358892e 100644
--- a/test/functional/oauth_controller_test.rb
+++ b/test/functional/oauth_controller_test.rb
@@ -28,10 +28,18 @@ class OauthControllerTest < ActionController::TestCase
       { :path => "/oauth/request_token", :method => :get },
       { :controller => "oauth", :action => "request_token" }
     )
+    assert_routing(
+      { :path => "/oauth/request_token", :method => :post },
+      { :controller => "oauth", :action => "request_token" }
+    )
     assert_routing(
       { :path => "/oauth/access_token", :method => :get },
       { :controller => "oauth", :action => "access_token" }
     )
+    assert_routing(
+      { :path => "/oauth/access_token", :method => :post },
+      { :controller => "oauth", :action => "access_token" }
+    )
     assert_routing(
       { :path => "/oauth/test_request", :method => :get },
       { :controller => "oauth", :action => "test_request" }