refining the oauth API

NoamB · Feb 27, 2011 · 00a8fb2 · 00a8fb2
1 parent 919452d
commit 00a8fb2
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 40 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -14,41 +14,13 @@ class ApplicationController < ActionController::Base
     config.oauth_providers = [:twitter]
     config.twitter.key = "eYVNBjBDi33aa9GkA3w"
     config.twitter.secret = "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8"
-    config.twitter.callback_url = "http://0.0.0.0:3000/login_with_twitter_callback"
+    config.twitter.callback_url = "http://0.0.0.0:3000/oauth/twitter_callback"
   end
 
-  before_filter :require_login, :except => [:not_authenticated, :login_with_twitter, :login_with_twitter_callback]
+  before_filter :require_login, :except => [:not_authenticated]
 
   helper_method :current_users_list
 
-  # sends the user on a trip to twitter,
-  # and after authorizing there back to the callback url.
-  def login_with_twitter
-    login_with_provider(:twitter)
-  end
-
-  def login_with_twitter_callback
-    @access_token = get_access_token(:twitter)
-    if @user = login_from_access_token(@access_token.token, @access_token.secret)
-      redirect_to root_path, :notice => "Logged in from Twitter!"
-    else
-      begin
-        # try to create a new user
-        @user_hash = get_user_hash(:twitter)
-        @user = User.new(:email => @user_hash["screen_name"])
-        @user.crypted_password = "asd"
-        @user.salt = "asd"
-        @user.providers.build(:provider => "twitter", :access_token => @access_token.token, :access_token_secret => @access_token.secret)
-        @user.save!
-        reset_session # protect from session fixation attack
-        login_user(@user)
-        redirect_to root_path, :notice => "Logged in from Twitter!"
-      rescue
-        redirect_to root_path, :alert => "Failed to login from Twitter!"
-      end
-    end
-  end
-
   protected
 
   def not_authenticated

diff --git a/app/controllers/oauths_controller.rb b/app/controllers/oauths_controller.rb
@@ -0,0 +1,30 @@
+class OauthsController < ApplicationController
+  skip_before_filter :require_login
+
+  # sends the user on a trip to twitter,
+  # and after authorizing there back to the callback url.
+  def twitter
+    auth_at_provider(:twitter)
+  end
+
+  def twitter_callback
+    if @user = login_from_access_token
+      redirect_to root_path, :notice => "Logged in from Twitter!"
+    else
+      begin
+        @user_hash = get_user_hash(:twitter)
+        @user = User.create!(:email => @user_hash["screen_name"], 
+                             :providers_attributes => [{
+                               :provider => :twitter, 
+                               :access_token => @access_token.token, 
+                               :access_token_secret => @access_token.secret
+                             }])
+        reset_session # protect from session fixation attack
+        login_user(@user)
+        redirect_to root_path, :notice => "Logged in from Twitter!"
+      rescue
+        redirect_to root_path, :alert => "Failed to login from Twitter!"
+      end
+    end
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -1,5 +1,5 @@
 class User < ActiveRecord::Base
-  attr_accessible :email, :password, :password_confirmation
+  attr_accessible :email, :password, :password_confirmation, :providers_attributes
 
   has_many :providers, :class_name => "UserProvider", :dependent => :destroy
   accepts_nested_attributes_for :providers

diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
@@ -16,7 +16,7 @@
         	<%= link_to "Register", new_user_path %> |
         	<%= link_to "Login", :login %> |
 			<%= link_to 'Login from HTTP', login_from_http_users_path %> |
-			<%= link_to 'Login with Twitter', login_with_twitter_path %>
+			<%= link_to 'Login with Twitter', twitter_oauth_path %>
         <% end %>
 	</div>
 	<% if current_user %>

diff --git a/config/routes.rb b/config/routes.rb
@@ -4,7 +4,6 @@
   resources :users do
     collection do
       get :login_from_http
-      get :login_with_twitter
     end
     member do
       get :activate
@@ -17,8 +16,10 @@
   match 'login' => 'user_sessions#new', :as => :login
   match 'logout' => 'user_sessions#destroy', :as => :logout
 
-  match 'login_with_twitter' => 'application#login_with_twitter', :as => :login_with_twitter
-  match 'login_with_twitter_callback' => 'application#login_with_twitter_callback', :as => :login_with_twitter_callback
+  resource :oauth do
+    get :twitter
+    get :twitter_callback
+  end
 
   # The priority is based upon order of creation:
   # first created -> highest priority.

diff --git a/db/migrate/20101210151424_create_users.rb b/db/migrate/20101210151424_create_users.rb
@@ -1,9 +1,9 @@
 class CreateUsers < ActiveRecord::Migration
   def self.up
     create_table :users do |t|
-      t.string :email,                :null => false
-      t.string :crypted_password,     :null => false
-      t.string :salt,                 :null => false
+      t.string :email, :null => false
+      t.string :crypted_password
+      t.string :salt
 
       t.timestamps
     end    

diff --git a/db/schema.rb b/db/schema.rb
@@ -23,8 +23,8 @@
 
   create_table "users", :force => true do |t|
     t.string   "email",                                          :null => false
-    t.string   "crypted_password",                               :null => false
-    t.string   "salt",                                           :null => false
+    t.string   "crypted_password"
+    t.string   "salt"
     t.datetime "created_at"
     t.datetime "updated_at"
     t.string   "activation_state"