47 lines
1.3 KiB
Ruby
47 lines
1.3 KiB
Ruby
require 'oauth/controllers/provider_controller'
|
|
require_dependency 'carto/user_authenticator'
|
|
|
|
class OauthController < ApplicationController
|
|
layout 'front_layout'
|
|
include OAuth::Controllers::ProviderController
|
|
include Carto::UserAuthenticator
|
|
|
|
ssl_required :authorize, :request_token, :access_token, :token, :test_request
|
|
ssl_allowed :access_token_with_xauth
|
|
|
|
# Don't force org urls
|
|
skip_before_filter :ensure_org_url_if_org_user
|
|
|
|
prepend_before_filter do
|
|
warden.custom_failure!
|
|
end
|
|
|
|
# XAuth ref: https://dev.twitter.com/docs/oauth/xauth
|
|
def access_token_with_xauth
|
|
if params[:x_auth_mode] == 'client_auth'
|
|
if user = authenticate(params[:x_auth_username], params[:x_auth_password])
|
|
@token = user.tokens.find_by(client_application: current_client_application, invalidated_at: nil)
|
|
@token = Carto::AccessToken.create(user: user.carto_user, client_application_id: current_client_application.id) if @token.blank?
|
|
|
|
if @token
|
|
render :text => @token.to_query
|
|
else
|
|
render_unauthorized
|
|
end
|
|
else
|
|
render_unauthorized
|
|
end
|
|
else
|
|
access_token_without_xauth
|
|
end
|
|
end
|
|
alias_method_chain :access_token, :xauth
|
|
|
|
|
|
protected
|
|
|
|
def render_unauthorized
|
|
head :unauthorized
|
|
end
|
|
end
|