lib/oauth/controllers/provider_controller.rb in le1t0-oauth-plugin-0.3.14.001 vs lib/oauth/controllers/provider_controller.rb in le1t0-oauth-plugin-0.4.0.pre4.001

- old
+ new

@@ -3,20 +3,20 @@ module ProviderController def self.included(controller) controller.class_eval do before_filter :login_required, :only => [:authorize,:revoke] - before_filter :login_or_oauth_required, :only => [:test_request] - before_filter :oauth_required, :only => [:invalidate,:capabilities] - before_filter :verify_oauth_consumer_signature, :only => [:request_token] - before_filter :verify_oauth_request_token, :only => [:access_token] + oauthenticate :only => [:test_request] + oauthenticate :strategies => :token, :interactive => false, :only => [:invalidate,:capabilities] + oauthenticate :strategies => :two_legged, :interactive => false, :only => [:request_token] + oauthenticate :strategies => :oauth10_request_token, :interactive => false, :only => [:access_token] skip_before_filter :verify_authenticity_token, :only=>[:request_token, :access_token, :invalidate, :test_request] end end def request_token - @token = current_client_application.create_request_token + @token = current_client_application.create_request_token params if @token render :text => @token.to_query else render :nothing => true, :status => 401 end @@ -29,54 +29,34 @@ else render :nothing => true, :status => 401 end end + def token + @client_application = ClientApplication.find_by_key params[:client_id] + if @client_application.secret != params[:client_secret] + oauth2_error "invalid_client" + return + end + if ["authorization_code","password","none"].include?(params[:grant_type]) + send "oauth2_token_#{params[:grant_type].underscore}" + else + oauth2_error "unsupported_grant_type" + end + end + def test_request render :text => params.collect{|k,v|"#{k}=#{v}"}.join("&") end def authorize - @token = ::RequestToken.find_by_token params[:oauth_token] - unless @token - render :action=>"authorize_failure" - return + if params[:oauth_token] + @token = ::RequestToken.find_by_token params[:oauth_token] + oauth1_authorize + elsif ["code","token"].include?(params[:response_type]) # pick flow + send "oauth2_authorize_#{params[:response_type]}" end - - unless @token.invalidated? - if request.post? - if user_authorizes_token? - @token.authorize!(current_user) - if @token.oauth10? - @redirect_url = URI.parse(params[:oauth_callback] || @token.client_application.callback_url) - else - @redirect_url = URI.parse(@token.oob? ? @token.client_application.callback_url : @token.callback_url) - end - - unless @redirect_url.to_s.blank? - if @token.oauth10? - @redirect_url.query = @redirect_url.query.blank? ? - "oauth_token=#{@token.token}" : - @redirect_url.query + "&oauth_token=#{@token.token}" - redirect_to @redirect_url.to_s - else - @redirect_url.query = @redirect_url.query.blank? ? - "oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" : - @redirect_url.query + "&oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" - redirect_to @redirect_url.to_s - end - else - render :action => "authorize_success" - end - else - @token.invalidate! - render :action => "authorize_failure" - end - end - else - render :action => "authorize_failure" - end end def revoke @token = current_user.tokens.find_by_token params[:token] if @token @@ -106,12 +86,142 @@ end end protected + def oauth1_authorize + unless @token + render :action=>"authorize_failure" + return + end + + unless @token.invalidated? + if request.post? + if user_authorizes_token? + @token.authorize!(current_user) + @redirect_url = URI.parse(@token.oob? ? @token.client_application.callback_url : @token.callback_url) + + unless @redirect_url.to_s.blank? + @redirect_url.query = @redirect_url.query.blank? ? + "oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" : + @redirect_url.query + "&oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" + redirect_to @redirect_url.to_s + else + render :action => "authorize_success" + end + else + @token.invalidate! + render :action => "authorize_failure" + end + end + else + render :action => "authorize_failure" + end + end + + def oauth2_authorize_code + @client_application = ClientApplication.find_by_key params[:client_id] + if request.post? + @redirect_url = URI.parse(params[:redirect_url] || @client_application.callback_url) + if user_authorizes_token? + @verification_code = Oauth2Verifier.create :client_application=>@client_application, :user=>current_user, :callback_url=>@redirect_url.to_s + + unless @redirect_url.to_s.blank? + @redirect_url.query = @redirect_url.query.blank? ? + "code=#{@verification_code.code}" : + @redirect_url.query + "&code=#{@verification_code.code}" + redirect_to @redirect_url.to_s + else + render :action => "authorize_success" + end + else + unless @redirect_url.to_s.blank? + @redirect_url.query = @redirect_url.query.blank? ? + "error=user_denied" : + @redirect_url.query + "&error=user_denied" + redirect_to @redirect_url.to_s + else + render :action => "authorize_failure" + end + end + else + render :action => "oauth2_authorize" + end + end + + def oauth2_authorize_token + @client_application = ClientApplication.find_by_key params[:client_id] + if request.post? + @redirect_url = URI.parse(params[:redirect_url] || @client_application.callback_url) + if user_authorizes_token? + @token = Oauth2Token.create :client_application=>@client_application, :user=>current_user, :scope=>params[:scope] + unless @redirect_url.to_s.blank? + @redirect_url.query = @redirect_url.query.blank? ? + "access_token=#{@token.token}" : + @redirect_url.query + "&access_token=#{@token.token}" + redirect_to @redirect_url.to_s + else + render :action => "authorize_success" + end + else + unless @redirect_url.to_s.blank? + @redirect_url.query = @redirect_url.query.blank? ? + "error=user_denied" : + @redirect_url.query + "&error=user_denied" + redirect_to @redirect_url.to_s + else + render :action => "authorize_failure" + end + end + else + render :action => "oauth2_authorize" + end + end + + # http://tools.ietf.org/html/draft-ietf-oauth-v2-08#section-4.1.1 + def oauth2_token_authorization_code + @verification_code = @client_application.oauth2_verifiers.find_by_token params[:code] + unless @verification_code + oauth2_error + return + end + if @verification_code.redirect_url != params[:redirect_url] + oauth2_error + return + end + @token = @verification_code.exchange! + render :json=>@token + end + + # http://tools.ietf.org/html/draft-ietf-oauth-v2-08#section-4.1.2 + def oauth2_token_password + @user = authenticate_user( params[:username], params[:password]) + unless @user + oauth2_error + return + end + @token = Oauth2Token.create :client_application=>@client_application, :user=>@user, :scope=>params[:scope] + render :json=>@token + end + + # should authenticate and return a user if valid password. Override in your own controller + def authenticate_user(username,password) + User.authenticate(username,password) + end + + # autonomous authorization which creates a token for client_applications user + def oauth2_token_none + @token = Oauth2Token.create :client_application=>@client_application, :user=>@client_application.user, :scope=>params[:scope] + render :json=>@token + end + # Override this to match your authorization page form def user_authorizes_token? params[:authorize] == '1' + end + + def oauth2_error(error="invalid_grant") + render :json=>{:error=>error}.to_json end end end end