Class: Platform::OauthController

Inherits:
BaseController show all
Defined in:
app/controllers/platform/oauth_controller.rb

Overview

Instance Method Summary collapse

Methods inherited from BaseController

#mobile_device?, #platform_current_developer, #platform_current_user, #platform_current_user_is_admin?, #platform_current_user_is_developer?, #platform_current_user_is_guest?

Instance Method Details

#auth_failedObject



85
86
87
# File 'app/controllers/platform/oauth_controller.rb', line 85

def auth_failed
  render :layout => false  
end

#auth_successObject



81
82
83
# File 'app/controllers/platform/oauth_controller.rb', line 81

def auth_success
  render :layout => false  
end

#authorizeObject

tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.1 supports response_type = code, token



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'app/controllers/platform/oauth_controller.rb', line 32

def authorize
  if request_param(:client_id).blank?
    return redirect_with_response(:error_description => "client_id must be provided", :error => :invalid_request)
  end

  unless client_application
    return redirect_with_response(:error_description => "invalid client application id", :error => :unauthorized_client)
  end

  platform_store_oauth_redirect_params
  
  if platform_current_user_is_guest?
    return redirect_to()
  end

  if redirect_url_required? and redirect_url.blank?
    return redirect_with_response(:error_description => "redirect_uri must be provided as a parameter or in the application callback_url property", :error => :invalid_request)
  end
  
  unless ["code","token"].include?(response_type)
    return redirect_with_response(:error_description => "only code and token response types are currently supported", :error => :unsupported_response_type)
  end

  unless redirect_url_valid?(redirect_url)
    return redirect_with_response(:error_description => "redirect_uri cannot point to a different server than from the one it sent a request", :error => :invalid_request)
  end
  
  send("oauth2_authorize_#{response_type}")
end

#deauthorizeObject



105
106
107
108
109
110
# File 'app/controllers/platform/oauth_controller.rb', line 105

def deauthorize
  unless Platform::Config.current_user_is_guest?
    client_application.deauthorize_user if client_application
  end
  render_response(:result => "OK")
end

#invalidate_tokenObject

add jsonp support



99
100
101
102
103
# File 'app/controllers/platform/oauth_controller.rb', line 99

def invalidate_token
  token = Platform::Oauth::OauthToken.find_by_token(request_param(:access_token))
  token.invalidate! if token
  render_response(:result => "OK")
end

#logoutObject



112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'app/controllers/platform/oauth_controller.rb', line 112

def logout
  if Platform::Config.
    begin
      eval(Platform::Config.logout_method)
    rescue Exception => ex
      raise Platform::Exception.new("Failed to execute #{Platform::Config.logout_method} with exception: #{ex.message}")
    end
  else
    # handle default logout strategy
  end
  
  render_response(:result => "OK")
end

#request_tokenObject Also known as: token

tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.2 supported grant_type = authorization_code, password, refresh_token, client_credentials



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'app/controllers/platform/oauth_controller.rb', line 64

def request_token
  if request_param(:client_id).blank?
    return render_response(:error_description => "client_id must be provided", :error => :invalid_request)
  end

  unless client_application
    return render_response(:error_description => "invalid client application id", :error => :unauthorized_client)
  end
  
  unless ["authorization_code", "password", "refresh_token", "client_credentials"].include?(grant_type)
    return render_response(:error_description => "only authorization_code, password and refresh_token grant types are currently supported", :error => :unsupported_grant_type)
  end

  send("oauth2_request_token_#{grant_type}")
end

#validate_tokenObject



89
90
91
92
93
94
95
96
# File 'app/controllers/platform/oauth_controller.rb', line 89

def validate_token
  token = Platform::Oauth::OauthToken.find_by_token(request_param(:access_token))
  if token && token.authorized?
    render_response(:result => "OK")
  else
    render_response(:error => :invalid_token, :error_description => "invalid token")
  end
end

#xdObject



130
131
132
# File 'app/controllers/platform/oauth_controller.rb', line 130

def xd
	render :layout => false
end

#xd?Boolean

Returns:

  • (Boolean)


126
127
128
# File 'app/controllers/platform/oauth_controller.rb', line 126

def xd?
  ['popup', 'hidden'].include?(display)
end

#xd_statusObject

XD only method - for now



135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# File 'app/controllers/platform/oauth_controller.rb', line 135

def xd_status
  if params[:origin].blank?
    return redirect_with_response(:status => "unknown", :error => :invalid_request, :error_description => "origin must be specified")
  end
  
  unless client_application
    return redirect_with_response(:status => "unknown", :error => :invalid_request, :error_description => "client_id must be specified")
  end
  
  uri = URI.parse(params[:origin])
  unless uri.host == client_application.site_domain
    return redirect_with_response(:status => "unknown", :error => :invalid_request, :error_description => "Anauthorized access - invalid origin.")
  end
  
  if Platform::Config.current_user_is_guest?
    return redirect_with_response(:status => "unknown")
  end

  # implement authorized user
  if client_application.authorized_user?
    # add access token to the redirect
    access_token = client_application.create_access_token(:user=>Platform.current_user, :scope=>scope)
    refresh_token = client_application.create_refresh_token(:user=>Platform.current_user, :scope=>scope)
    return redirect_with_response(:status => "authorized", :access_token => access_token.token, :refresh_token => refresh_token.token, :expires_in => (access_token.valid_to.to_i - Time.now.to_i))
  end
  
  redirect_with_response(:status => "unauthorized")
end