lib/rodauth/features/oauth_base.rb in rodauth-oauth-1.3.2 vs lib/rodauth/features/oauth_base.rb in rodauth-oauth-1.4.0
- old
+ new
@@ -107,17 +107,20 @@
auth_value_method :oauth_metadata_ui_locales_supported, nil
auth_value_method :oauth_metadata_op_policy_uri, nil
auth_value_method :oauth_metadata_op_tos_uri, nil
auth_value_methods(
+ :authorization_server_url,
+ :oauth_grants_unique_columns
+ )
+
+ auth_methods(
:fetch_access_token,
:secret_hash,
:generate_token_hash,
:secret_matches?,
- :authorization_server_url,
:oauth_unique_id_generator,
- :oauth_grants_unique_columns,
:require_authorizable_account,
:oauth_account_ds,
:oauth_application_ds
)
@@ -751,49 +754,53 @@
op_policy_uri: oauth_metadata_op_policy_uri,
op_tos_uri: oauth_metadata_op_tos_uri
}
end
- def redirect_response_error(error_code, redirect_url = redirect_uri || request.referer || default_redirect)
+ def redirect_response_error(error_code, message = nil)
if accepts_json?
status_code = if respond_to?(:"oauth_#{error_code}_response_status")
send(:"oauth_#{error_code}_response_status")
else
oauth_invalid_response_status
end
- throw_json_response_error(status_code, error_code)
+ throw_json_response_error(status_code, error_code, message)
else
+ redirect_url = redirect_uri || request.referer || default_redirect
redirect_url = URI.parse(redirect_url)
- params = []
-
- params << if respond_to?(:"oauth_#{error_code}_error_code")
- ["error", send(:"oauth_#{error_code}_error_code")]
- else
- ["error", error_code]
- end
-
- if respond_to?(:"oauth_#{error_code}_message")
- message = send(:"oauth_#{error_code}_message")
- params << ["error_description", CGI.escape(message)]
- end
-
+ params = response_error_params(error_code, message)
state = param_or_nil("state")
-
- params << ["state", state] if state
-
+ params["state"] = state if state
_redirect_response_error(redirect_url, params)
end
end
def _redirect_response_error(redirect_url, params)
- params = params.map { |k, v| "#{k}=#{v}" }
- params << redirect_url.query if redirect_url.query
- redirect_url.query = params.join("&")
+ params = URI.encode_www_form(params)
+ if redirect_url.query
+ params << "&" unless params.empty?
+ params << redirect_url.query
+ end
+ redirect_url.query = params
redirect(redirect_url.to_s)
end
+ def response_error_params(error_code, message = nil)
+ code = if respond_to?(:"oauth_#{error_code}_error_code")
+ send(:"oauth_#{error_code}_error_code")
+ else
+ error_code
+ end
+ payload = { "error" => code }
+ error_description = message
+ error_description ||= send(:"oauth_#{error_code}_message") if respond_to?(:"oauth_#{error_code}_message")
+ payload["error_description"] = error_description if error_description
+
+ payload
+ end
+
def json_response_success(body, cache = false)
response.status = 200
response["Content-Type"] ||= json_response_content_type
if cache
# defaulting to 1-day for everyone, for now at least
@@ -807,16 +814,10 @@
return_response(json_payload)
end
def throw_json_response_error(status, error_code, message = nil)
set_response_error_status(status)
- code = if respond_to?(:"oauth_#{error_code}_error_code")
- send(:"oauth_#{error_code}_error_code")
- else
- error_code
- end
- payload = { "error" => code }
- payload["error_description"] = message || (send(:"oauth_#{error_code}_message") if respond_to?(:"oauth_#{error_code}_message"))
+ payload = response_error_params(error_code, message)
json_payload = _json_response_body(payload)
response["Content-Type"] ||= json_response_content_type
response["WWW-Authenticate"] = oauth_token_type.upcase if status == 401
return_response(json_payload)
end