From: Tom Hughes <tom@compton.nu>
Date: Thu, 4 Jan 2018 22:34:22 +0000 (+0000)
Subject: Monkey patch OAuth to allow http signatures on https requests
X-Git-Tag: live~3187
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/ce9066797cb8bd2f3ae4b1590a3516580e44db36

Monkey patch OAuth to allow http signatures on https requests
---

diff --git a/config/initializers/oauth.rb b/config/initializers/oauth.rb
index 3b4f06a2e..421ca2bf9 100644
--- a/config/initializers/oauth.rb
+++ b/config/initializers/oauth.rb
@@ -47,6 +47,25 @@ module OpenStreetMap
       end
     end
   end
+
+  module OAuthFilter
+    def oauth1_verify(request, options = {}, &block)
+      signature = OAuth::Signature.build(request, options, &block)
+      return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
+      value = signature.verify
+      if request.ssl? && !value
+        http_request = request.dup
+        http_request.define_singleton_method(:scheme) { "http" }
+        http_request.define_singleton_method(:port) { 80 }
+        signature = OAuth::Signature.build(http_request, options, &block)
+        value = signature.verify
+      end
+      value
+    rescue OAuth::Signature::UnknownSignatureMethod
+      false
+    end
+  end
 end
 
 OAuth::Controllers::ProviderController.prepend(OpenStreetMap::ProviderController)
+OAuth::Rack::OAuthFilter.prepend(OpenStreetMap::OAuthFilter)