Class: Platform::OauthController

Inherits:

BaseController

• Object
• ApplicationController
• BaseController
• Platform::OauthController

Defined in:

app/controllers/platform/oauth_controller.rb

Overview

OAuth 2.0 Spec URL: tools.ietf.org/html/draft-ietf-oauth-v2-20

Instance Method Summary

• #auth_failed ⇒ Object
• #auth_success ⇒ Object
• #authorize ⇒ Object

  tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.1 supports response_type = code, token.

• #deauthorize ⇒ Object
• #invalidate_token ⇒ Object

  add jsonp support.

• #logout ⇒ Object
• #request_token ⇒ Object (also: #token)

  tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.2 supported grant_type = authorization_code, password, refresh_token, client_credentials.

• #validate_token ⇒ Object
• #xd ⇒ Object
• #xd? ⇒ Boolean
• #xd_status ⇒ Object

  XD only method - for now.

Methods inherited from BaseController

#mobile_device?, #platform_current_developer, #platform_current_user, #platform_current_user_is_admin?, #platform_current_user_is_developer?, #platform_current_user_is_guest?

Instance Method Details

#auth_failed ⇒ Object

# File 'app/controllers/platform/oauth_controller.rb', line 85

def auth_failed
  render :layout => false  
end

#auth_success ⇒ Object

# File 'app/controllers/platform/oauth_controller.rb', line 81

def auth_success
  render :layout => false  
end

#authorize ⇒ Object

tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.1 supports response_type = code, token

# File 'app/controllers/platform/oauth_controller.rb', line 32

def authorize
  if request_param(:client_id).blank?
    return redirect_with_response(:error_description => "client_id must be provided", :error => :invalid_request)
  end

  unless client_application
    return redirect_with_response(:error_description => "invalid client application id", :error => :unauthorized_client)
  end

  platform_store_oauth_redirect_params
  
  if platform_current_user_is_guest?
    return redirect_to(platform_login_url)
  end

  if redirect_url_required? and redirect_url.blank?
    return redirect_with_response(:error_description => "redirect_uri must be provided as a parameter or in the application callback_url property", :error => :invalid_request)
  end
  
  unless ["code","token"].include?(response_type)
    return redirect_with_response(:error_description => "only code and token response types are currently supported", :error => :unsupported_response_type)
  end

  unless redirect_url_valid?(redirect_url)
    return redirect_with_response(:error_description => "redirect_uri cannot point to a different server than from the one it sent a request", :error => :invalid_request)
  end
  
  send("oauth2_authorize_#{response_type}")
end

#deauthorize ⇒ Object

# File 'app/controllers/platform/oauth_controller.rb', line 105

def deauthorize
  unless Platform::Config.current_user_is_guest?
    client_application.deauthorize_user if client_application
  end
  render_response(:result => "OK")
end

#invalidate_token ⇒ Object

add jsonp support

# File 'app/controllers/platform/oauth_controller.rb', line 99

def invalidate_token
  token = Platform::Oauth::OauthToken.find_by_token(request_param(:access_token))
  token.invalidate! if token
  render_response(:result => "OK")
end

#logout ⇒ Object

# File 'app/controllers/platform/oauth_controller.rb', line 112

def logout
  if Platform::Config.site_user_info_enabled?
    begin
      eval(Platform::Config.logout_method)
    rescue Exception => ex
      raise Platform::Exception.new("Failed to execute #{Platform::Config.logout_method} with exception: #{ex.message}")
    end
  else
    # handle default logout strategy
  end
  
  render_response(:result => "OK")
end

#request_token ⇒ Object Also known as: token

tools.ietf.org/html/draft-ietf-oauth-v2-16#section-4.2 supported grant_type = authorization_code, password, refresh_token, client_credentials

# File 'app/controllers/platform/oauth_controller.rb', line 64

def request_token
  if request_param(:client_id).blank?
    return render_response(:error_description => "client_id must be provided", :error => :invalid_request)
  end

  unless client_application
    return render_response(:error_description => "invalid client application id", :error => :unauthorized_client)
  end
  
  unless ["authorization_code", "password", "refresh_token", "client_credentials"].include?(grant_type)
    return render_response(:error_description => "only authorization_code, password and refresh_token grant types are currently supported", :error => :unsupported_grant_type)
  end

  send("oauth2_request_token_#{grant_type}")
end

#validate_token ⇒ Object

# File 'app/controllers/platform/oauth_controller.rb', line 89

def validate_token
  token = Platform::Oauth::OauthToken.find_by_token(request_param(:access_token))
  if token && token.authorized?
    render_response(:result => "OK")
  else
    render_response(:error => :invalid_token, :error_description => "invalid token")
  end
end

#xd ⇒ Object

# File 'app/controllers/platform/oauth_controller.rb', line 130

def xd
	render :layout => false
end

#xd? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/controllers/platform/oauth_controller.rb', line 126

def xd?
  ['popup', 'hidden'].include?(display)
end

#xd_status ⇒ Object

XD only method - for now

# File 'app/controllers/platform/oauth_controller.rb', line 135

def xd_status
  if params[:origin].blank?
    return redirect_with_response(:status => "unknown", :error => :invalid_request, :error_description => "origin must be specified")
  end
  
  unless client_application
    return redirect_with_response(:status => "unknown", :error => :invalid_request, :error_description => "client_id must be specified")
  end
  
  uri = URI.parse(params[:origin])
  unless uri.host == client_application.site_domain
    return redirect_with_response(:status => "unknown", :error => :invalid_request, :error_description => "Anauthorized access - invalid origin.")
  end
  
  if Platform::Config.current_user_is_guest?
    return redirect_with_response(:status => "unknown")
  end

  # implement authorized user
  if client_application.authorized_user?
    # add access token to the redirect
    access_token = client_application.create_access_token(:user=>Platform.current_user, :scope=>scope)
    refresh_token = client_application.create_refresh_token(:user=>Platform.current_user, :scope=>scope)
    return redirect_with_response(:status => "authorized", :access_token => access_token.token, :refresh_token => refresh_token.token, :expires_in => (access_token.valid_to.to_i - Time.now.to_i))
  end
  
  redirect_with_response(:status => "unauthorized")
end