lib/oauth/controllers/provider_controller.rb in le1t0-oauth-plugin-0.3.14.001 vs lib/oauth/controllers/provider_controller.rb in le1t0-oauth-plugin-0.4.0.pre4.001
- old
+ new
@@ -3,20 +3,20 @@
module ProviderController
def self.included(controller)
controller.class_eval do
before_filter :login_required, :only => [:authorize,:revoke]
- before_filter :login_or_oauth_required, :only => [:test_request]
- before_filter :oauth_required, :only => [:invalidate,:capabilities]
- before_filter :verify_oauth_consumer_signature, :only => [:request_token]
- before_filter :verify_oauth_request_token, :only => [:access_token]
+ oauthenticate :only => [:test_request]
+ oauthenticate :strategies => :token, :interactive => false, :only => [:invalidate,:capabilities]
+ oauthenticate :strategies => :two_legged, :interactive => false, :only => [:request_token]
+ oauthenticate :strategies => :oauth10_request_token, :interactive => false, :only => [:access_token]
skip_before_filter :verify_authenticity_token, :only=>[:request_token, :access_token, :invalidate, :test_request]
end
end
def request_token
- @token = current_client_application.create_request_token
+ @token = current_client_application.create_request_token params
if @token
render :text => @token.to_query
else
render :nothing => true, :status => 401
end
@@ -29,54 +29,34 @@
else
render :nothing => true, :status => 401
end
end
+ def token
+ @client_application = ClientApplication.find_by_key params[:client_id]
+ if @client_application.secret != params[:client_secret]
+ oauth2_error "invalid_client"
+ return
+ end
+ if ["authorization_code","password","none"].include?(params[:grant_type])
+ send "oauth2_token_#{params[:grant_type].underscore}"
+ else
+ oauth2_error "unsupported_grant_type"
+ end
+ end
+
def test_request
render :text => params.collect{|k,v|"#{k}=#{v}"}.join("&")
end
def authorize
- @token = ::RequestToken.find_by_token params[:oauth_token]
- unless @token
- render :action=>"authorize_failure"
- return
+ if params[:oauth_token]
+ @token = ::RequestToken.find_by_token params[:oauth_token]
+ oauth1_authorize
+ elsif ["code","token"].include?(params[:response_type]) # pick flow
+ send "oauth2_authorize_#{params[:response_type]}"
end
-
- unless @token.invalidated?
- if request.post?
- if user_authorizes_token?
- @token.authorize!(current_user)
- if @token.oauth10?
- @redirect_url = URI.parse(params[:oauth_callback] || @token.client_application.callback_url)
- else
- @redirect_url = URI.parse(@token.oob? ? @token.client_application.callback_url : @token.callback_url)
- end
-
- unless @redirect_url.to_s.blank?
- if @token.oauth10?
- @redirect_url.query = @redirect_url.query.blank? ?
- "oauth_token=#{@token.token}" :
- @redirect_url.query + "&oauth_token=#{@token.token}"
- redirect_to @redirect_url.to_s
- else
- @redirect_url.query = @redirect_url.query.blank? ?
- "oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" :
- @redirect_url.query + "&oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}"
- redirect_to @redirect_url.to_s
- end
- else
- render :action => "authorize_success"
- end
- else
- @token.invalidate!
- render :action => "authorize_failure"
- end
- end
- else
- render :action => "authorize_failure"
- end
end
def revoke
@token = current_user.tokens.find_by_token params[:token]
if @token
@@ -106,12 +86,142 @@
end
end
protected
+ def oauth1_authorize
+ unless @token
+ render :action=>"authorize_failure"
+ return
+ end
+
+ unless @token.invalidated?
+ if request.post?
+ if user_authorizes_token?
+ @token.authorize!(current_user)
+ @redirect_url = URI.parse(@token.oob? ? @token.client_application.callback_url : @token.callback_url)
+
+ unless @redirect_url.to_s.blank?
+ @redirect_url.query = @redirect_url.query.blank? ?
+ "oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}" :
+ @redirect_url.query + "&oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}"
+ redirect_to @redirect_url.to_s
+ else
+ render :action => "authorize_success"
+ end
+ else
+ @token.invalidate!
+ render :action => "authorize_failure"
+ end
+ end
+ else
+ render :action => "authorize_failure"
+ end
+ end
+
+ def oauth2_authorize_code
+ @client_application = ClientApplication.find_by_key params[:client_id]
+ if request.post?
+ @redirect_url = URI.parse(params[:redirect_url] || @client_application.callback_url)
+ if user_authorizes_token?
+ @verification_code = Oauth2Verifier.create :client_application=>@client_application, :user=>current_user, :callback_url=>@redirect_url.to_s
+
+ unless @redirect_url.to_s.blank?
+ @redirect_url.query = @redirect_url.query.blank? ?
+ "code=#{@verification_code.code}" :
+ @redirect_url.query + "&code=#{@verification_code.code}"
+ redirect_to @redirect_url.to_s
+ else
+ render :action => "authorize_success"
+ end
+ else
+ unless @redirect_url.to_s.blank?
+ @redirect_url.query = @redirect_url.query.blank? ?
+ "error=user_denied" :
+ @redirect_url.query + "&error=user_denied"
+ redirect_to @redirect_url.to_s
+ else
+ render :action => "authorize_failure"
+ end
+ end
+ else
+ render :action => "oauth2_authorize"
+ end
+ end
+
+ def oauth2_authorize_token
+ @client_application = ClientApplication.find_by_key params[:client_id]
+ if request.post?
+ @redirect_url = URI.parse(params[:redirect_url] || @client_application.callback_url)
+ if user_authorizes_token?
+ @token = Oauth2Token.create :client_application=>@client_application, :user=>current_user, :scope=>params[:scope]
+ unless @redirect_url.to_s.blank?
+ @redirect_url.query = @redirect_url.query.blank? ?
+ "access_token=#{@token.token}" :
+ @redirect_url.query + "&access_token=#{@token.token}"
+ redirect_to @redirect_url.to_s
+ else
+ render :action => "authorize_success"
+ end
+ else
+ unless @redirect_url.to_s.blank?
+ @redirect_url.query = @redirect_url.query.blank? ?
+ "error=user_denied" :
+ @redirect_url.query + "&error=user_denied"
+ redirect_to @redirect_url.to_s
+ else
+ render :action => "authorize_failure"
+ end
+ end
+ else
+ render :action => "oauth2_authorize"
+ end
+ end
+
+ # http://tools.ietf.org/html/draft-ietf-oauth-v2-08#section-4.1.1
+ def oauth2_token_authorization_code
+ @verification_code = @client_application.oauth2_verifiers.find_by_token params[:code]
+ unless @verification_code
+ oauth2_error
+ return
+ end
+ if @verification_code.redirect_url != params[:redirect_url]
+ oauth2_error
+ return
+ end
+ @token = @verification_code.exchange!
+ render :json=>@token
+ end
+
+ # http://tools.ietf.org/html/draft-ietf-oauth-v2-08#section-4.1.2
+ def oauth2_token_password
+ @user = authenticate_user( params[:username], params[:password])
+ unless @user
+ oauth2_error
+ return
+ end
+ @token = Oauth2Token.create :client_application=>@client_application, :user=>@user, :scope=>params[:scope]
+ render :json=>@token
+ end
+
+ # should authenticate and return a user if valid password. Override in your own controller
+ def authenticate_user(username,password)
+ User.authenticate(username,password)
+ end
+
+ # autonomous authorization which creates a token for client_applications user
+ def oauth2_token_none
+ @token = Oauth2Token.create :client_application=>@client_application, :user=>@client_application.user, :scope=>params[:scope]
+ render :json=>@token
+ end
+
# Override this to match your authorization page form
def user_authorizes_token?
params[:authorize] == '1'
+ end
+
+ def oauth2_error(error="invalid_grant")
+ render :json=>{:error=>error}.to_json
end
end
end
end