Skip to content
Extraits de code Groupes Projets
Vue normale Lien permanent
authorizations_controller.rb 2,18 ko
Newer Older
Raphael Sofaer's avatar
Add Chubbies, the oauth sample app, and a cucumber feature for part of an oauth flow
Raphael Sofaer a validé
1 2 
class AuthorizationsController < ApplicationController
  include OAuth2::Provider::Rack::AuthorizationCodesSupport
danielgrippi's avatar
Chubbies now sees that it has no secret and registers itself.  
danielgrippi a validé
3 
  before_filter :authenticate_user!, :except => :token
Ilya Zhitomirskiy's avatar
A user can now revoke an application's token iz ms  
Ilya Zhitomirskiy a validé
4 
  before_filter :block_invalid_authorization_code_requests, :except => [:token, :index, :destroy]
danielgrippi's avatar
Chubbies now sees that it has no secret and registers itself.  
danielgrippi a validé
5 6 

  skip_before_filter :verify_authenticity_token, :only => :token
Raphael Sofaer's avatar
Add Chubbies, the oauth sample app, and a cucumber feature for part of an oauth flow
Raphael Sofaer a validé
7 8 

  def new
Raphael Sofaer's avatar
WIP auth form and more oauth stuff  
Raphael Sofaer a validé
9 
    @requested_scopes = params["scope"].split(',')
Raphael Sofaer's avatar
Add Chubbies, the oauth sample app, and a cucumber feature for part of an oauth flow
Raphael Sofaer a validé
10 
    @client = oauth2_authorization_request.client
Raphael Sofaer's avatar
WIP auth form and more oauth stuff  
Raphael Sofaer a validé
11 
    render :layout => "popup" if params[:popup]
Raphael Sofaer's avatar
Add Chubbies, the oauth sample app, and a cucumber feature for part of an oauth flow
Raphael Sofaer a validé
12 13 14 
  end

  def create
Raphael Sofaer's avatar
Chubbies now uses diaspora-client  
Raphael Sofaer a validé
15 
    if params[:commit] == "Authorize"
Raphael Sofaer's avatar
Add Chubbies, the oauth sample app, and a cucumber feature for part of an oauth flow
Raphael Sofaer a validé
16 17 18 19 20 
      grant_authorization_code(current_user)
    else
      deny_authorization_code
    end
  end
danielgrippi's avatar
Chubbies now sees that it has no secret and registers itself.  
danielgrippi a validé
21 22 

  def token
danielgrippi's avatar
Chubbies now sends manifest data to create a client  
danielgrippi a validé
23 
    if(params[:type] == 'client_associate' && params[:manifest_url])
Ilya Zhitomirskiy's avatar
WIP verifying sig in the pre-registration endpoint  
Ilya Zhitomirskiy a validé
24 
      manifest = JSON.parse(RestClient.get(params[:manifest_url]).body)
danielgrippi's avatar
Chubbies now sees that it has no secret and registers itself.  
danielgrippi a validé
25
Ilya Zhitomirskiy's avatar
WIP verifying sig in the pre-registration endpoint  
Ilya Zhitomirskiy a validé
26 27 28 29 30 
      message = verify(params[:signed_string], params[:signature], manifest['public_key'])
      unless message =='ok' 
        render :text => message, :status => 403
      else
        client = OAuth2::Provider.client_class.create_from_manifest!(manifest)
danielgrippi's avatar
Chubbies now sees that it has no secret and registers itself.  
danielgrippi a validé
31
Ilya Zhitomirskiy's avatar
WIP verifying sig in the pre-registration endpoint  
Ilya Zhitomirskiy a validé
32 33 34 35 36 37 38 
        render :json => {:client_id => client.oauth_identifier,
                         :client_secret => client.oauth_secret,
                         :expires_in => 0,
                         :flows_supported => "",
                        }

      end
danielgrippi's avatar
Chubbies now sees that it has no secret and registers itself.  
danielgrippi a validé
39 40 41 42 
    else
      render :text => "bad request", :status => 403
    end
  end
Ilya Zhitomirskiy's avatar
added authorizations page where a user can see all of their authorized applications  
Ilya Zhitomirskiy a validé
43 44 45 46 47 

  def index
    @authorizations = current_user.authorizations
    @applications = current_user.applications
  end
Ilya Zhitomirskiy's avatar
A user can now revoke an application's token iz ms  
Ilya Zhitomirskiy a validé
48 49 50 51 52 53 54 

  def destroy
    ## ID is actually the id of the client
    auth = current_user.authorizations.where(:client_id => params[:id]).first
    auth.revoke
    redirect_to authorizations_path
  end
Ilya Zhitomirskiy's avatar
WIP verifying sig in the pre-registration endpoint  
Ilya Zhitomirskiy a validé
55 56 57 58 59 60 61 62 63 64 65 66 67 68 


  def verify_signature(challenge, signature, serialized_pub_key)
    public_key = OpenSSL::PKey::RSA.new(serialized_pub_key) 
    public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(signature), challenge)
  end

  def valid_time?(time)
    time.to_i > (Time.now - 5.minutes).to_i
  end

  def valid_nonce?(nonce)
    OAuth2::Provider.client_class.where(:nonce => nonce).first.nil?
  end
Raphael Sofaer's avatar
Add Chubbies, the oauth sample app, and a cucumber feature for part of an oauth flow
Raphael Sofaer a validé
69 70 
end
danielgrippi's avatar
Chubbies now sends manifest data to create a client  
danielgrippi a validé
71 
OAuth2::Provider.client_class.instance_eval do
Ilya Zhitomirskiy's avatar
WIP verifying sig in the pre-registration endpoint  
Ilya Zhitomirskiy a validé
72 
  def self.create_from_manifest! manifest
danielgrippi's avatar
Chubbies now sends manifest data to create a client  
danielgrippi a validé
73 74 75 
    create!(manifest)
  end
end