resetting the token instead if the app already exists, should move the lookup to be homepage url

78253b68 · Ilya Zhitomirskiy · 9366b724 · 78253b68 · 78253b68 · 78253b68
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@@ -20,25 +20,24 @@ class AuthorizationsController < ApplicationController
  end

  def token
-    if(params[:type] == 'client_associate' && params[:manifest_url])
+    unless(params[:type] == 'client_associate' && params[:manifest_url])
+      render :text => "bad request", :status => 403
+      return
+    end
      manifest = JSON.parse(RestClient.get(params[:manifest_url]).body)

      message = verify(params[:signed_string], params[:signature], manifest['public_key'])
      unless message =='ok' 
        render :text => message, :status => 403
      else
-        client = OAuth2::Provider.client_class.create_from_manifest!(manifest)
+        client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest)

        render :json => {:client_id => client.oauth_identifier,
                         :client_secret => client.oauth_secret,
                         :expires_in => 0,
                         :flows_supported => "",
                        }
-
      end
-    else
-      render :text => "bad request", :status => 403
-    end
  end

  def index
@@ -84,7 +83,14 @@ class AuthorizationsController < ApplicationController
 end

 OAuth2::Provider.client_class.instance_eval do
-  def self.create_from_manifest! manifest
-    create!(manifest)
+  def self.create_or_reset_from_manifest! manifest
+    if obj = find_by_name(manifest['name'])
+      obj.oauth_identifier = OAuth2::Provider::Random.base62(16)
+      obj.oauth_secret = OAuth2::Provider::Random.base62(32)
+      obj.save!
+      obj
+    else
+      create!(manifest)
+    end
  end
 end
--- a/features/oauth.feature
+++ b/features/oauth.feature
@@ -23,7 +23,7 @@ Feature: oauth
    Then I should be on "/account" on Chubbies
    Then I should see "No access token."

-  Scenario: Authorize Chubbies when Chubbies is already registeded
+  Scenario: Authorize Chubbies when Chubbies is already connected
    Given Chubbies is registered on my pod
    When I try to authorize Chubbies
    And there is only one Chubbies
@@ -32,6 +32,20 @@ Feature: oauth
    Then I should be on "/account" on Chubbies
    And I should see my "profile.birthday"
    And I should see my "name"
+
+  Scenario: Authorize Chubbies when the pod knows about Chubbies
+    Given Chubbies is registered on my pod
+    When I try to authorize Chubbies
+    And I visit "/reset" on Chubbies
+    And I go to the destroy user session page
+
+    When I try to authorize Chubbies
+    And there is only one Chubbies
+
+    When I press "Authorize"
+    Then I should be on "/account" on Chubbies
+    And I should see my "profile.birthday"
+    And I should see my "name"
  
  Scenario: Authorize Chubbies should place it on the authorized applications page
    When I try to authorize Chubbies

--- a/features/step_definitions/oauth_steps.rb
+++ b/features/step_definitions/oauth_steps.rb
@@ -8,7 +8,7 @@ end

 Given /^Chubbies is registered on my pod$/ do
  manifest = JSON.parse(RestClient.get("localhost:#{Chubbies::PORT}/manifest.json").body)
-  client = OAuth2::Provider.client_class.create_from_manifest!(manifest)
+  client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest)
  params = {:client_id => client.oauth_identifier,
            :client_secret => client.oauth_secret,
            :host => "localhost:9887"}