cartodb-4.42/app/controllers/oauth_controller.rb
2024-04-06 05:25:13 +00:00

47 lines
1.3 KiB
Ruby

require 'oauth/controllers/provider_controller'
require_dependency 'carto/user_authenticator'
class OauthController < ApplicationController
layout 'front_layout'
include OAuth::Controllers::ProviderController
include Carto::UserAuthenticator
ssl_required :authorize, :request_token, :access_token, :token, :test_request
ssl_allowed :access_token_with_xauth
# Don't force org urls
skip_before_filter :ensure_org_url_if_org_user
prepend_before_filter do
warden.custom_failure!
end
# XAuth ref: https://dev.twitter.com/docs/oauth/xauth
def access_token_with_xauth
if params[:x_auth_mode] == 'client_auth'
if user = authenticate(params[:x_auth_username], params[:x_auth_password])
@token = user.tokens.find_by(client_application: current_client_application, invalidated_at: nil)
@token = Carto::AccessToken.create(user: user.carto_user, client_application_id: current_client_application.id) if @token.blank?
if @token
render :text => @token.to_query
else
render_unauthorized
end
else
render_unauthorized
end
else
access_token_without_xauth
end
end
alias_method_chain :access_token, :xauth
protected
def render_unauthorized
head :unauthorized
end
end