Sha256: 547695e2a6423f1885dc55364aef222e05aa40811532246de81a1ab2754cc2aa
Contents?: true
Size: 1.91 KB
Versions: 2
Compression:
Stored size: 1.91 KB
Contents
# This controller is where clients can exchange
# codes and refresh_tokens for access_tokens
class Opro::Oauth::TokenController < OproController
before_filter :opro_authenticate_user!, :except => [:create]
skip_before_filter :verify_authenticity_token, :only => [:create]
def create
# Find the client application
application = Opro::Oauth::ClientApp.authenticate(params[:client_id], params[:client_secret])
if application.nil?
render :json => {:error => "Could not find application based on client_id=#{params[:client_id]}
and client_secret=#{params[:client_secret]}"}, :status => :unauthorized
return
end
if params[:code]
auth_grant = Opro::Oauth::AuthGrant.auth_with_code!(params[:code], application.id)
elsif params[:refresh_token]
auth_grant = Opro::Oauth::AuthGrant.refresh_tokens!(params[:refresh_token], application.id)
elsif params[:password] || passwords[:auth_grant] == "password"
user = ::Opro.find_user_for_auth.call(self, params) if Opro.password_exchange_enabled? && oauth_valid_password_auth?(params[:client_id], params[:client_secret])
auth_grant = Opro::Oauth::AuthGrant.auth_with_user!(user, application.id) if user.present?
end
if auth_grant.blank?
msg = "Could not find a user that belongs to this application"
msg << " & has a refresh_token=#{params[:refresh_token]}" if params[:refresh_token]
msg << " & has been granted a code=#{params[:code]}" if params[:code]
msg << " using username and password" if params[:password]
render :json => {:error => msg }, :status => :unauthorized
return
end
auth_grant.generate_expires_at!
render :json => { :access_token => auth_grant.access_token,
:refresh_token => auth_grant.refresh_token,
:expires_in => auth_grant.expires_in }
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| opro-0.2.1.pre | app/controllers/opro/oauth/token_controller.rb |
| opro-0.2.0 | app/controllers/opro/oauth/token_controller.rb |