Permalink
Browse files

Chubbies now sees that it has no secret and registers itself.

  • Loading branch information...
1 parent 381b851 commit e121b0fe6d1e663e5688d88ad191e0092f66094d @danielgrippi danielgrippi committed with maxwell Jun 2, 2011
@@ -1,7 +1,9 @@
class AuthorizationsController < ApplicationController
include OAuth2::Provider::Rack::AuthorizationCodesSupport
- before_filter :authenticate_user!
- before_filter :block_invalid_authorization_code_requests
+ before_filter :authenticate_user!, :except => :token
+ before_filter :block_invalid_authorization_code_requests, :except => :token
+
+ skip_before_filter :verify_authenticity_token, :only => :token
def new
@client = oauth2_authorization_request.client
@@ -14,5 +16,22 @@ def create
deny_authorization_code
end
end
+
+ def token
+ if(params[:type] == 'client_associate' && params[:redirect_uri] && params[:name])
+ client = OAuth2::Provider.client_class.create!(:name => params[:name])
+
+ render :json => {:client_id => client.oauth_identifier,
+ :client_secret => client.oauth_secret,
+ :expires_in => 0,
+ :flows_supported => "",
+ :user_endpoint_url => "bob"}
+
+ #redirect_to("#{params[:redirect_uri]}?#{query_string}")
+
+ else
+ render :text => "bad request", :status => 403
+ end
+ end
end
View
@@ -71,6 +71,8 @@
get "/oauth/authorize" => "authorizations#new"
post "/oauth/authorize" => "authorizations#create"
+ post "/oauth/token" => "authorizations#token"
+
#Temporary token_authenticable route
resource :token, :only => [:show, :create]
View
@@ -7,7 +7,6 @@ Feature: oauth
And a user with username "bob" and password "secret"
Scenario: Authorize Chubbies
- Given Chubbies is registered on my pod
When I visit "/" on Chubbies
And I try to authorize Chubbies
Then I should see "Authorize Chubbies?"
@@ -18,7 +17,6 @@ Feature: oauth
And I should see my "name"
Scenario: Not authorize Chubbies
- Given Chubbies is registered on my pod
When I visit "/" on Chubbies
And I try to authorize Chubbies
Then I should see "Authorize Chubbies?"
@@ -27,3 +25,14 @@ Feature: oauth
Then I should be on "/callback" on Chubbies
Then I should see "What is your major malfunction?"
+ Scenario: Authorize Chubbies
+ Given Chubbies is registered on my pod
+ When I visit "/" on Chubbies
+ And I try to authorize Chubbies
+ Then I should see "Authorize Chubbies?"
+
+ When I press "Yes"
+ Then I should be on "/account" on Chubbies
+ And I should see my "profile.birthday"
+ And I should see my "name"
+
@@ -20,6 +20,11 @@
end
When /^I try to authorize Chubbies$/ do
+ # We need to reset the tokens saved in Chubbies,
+ # as we are clearing the Diaspora DB every scenario
+ Then 'I visit "/reset" on Chubbies'
+ Then 'I visit "/" on Chubbies'
+ ###
And 'I follow "Log in with Diaspora"'
Then 'I should be on the new user session page'
And "I fill in \"Username\" with \"#{@me.username}\""
@@ -3,4 +3,5 @@ source :rubygems
gem 'sinatra'
gem 'haml'
-gem 'httparty'
+gem 'httparty'
+gem 'json'
@@ -5,6 +5,7 @@ GEM
haml (3.0.18)
httparty (0.7.4)
crack (= 0.1.8)
+ json (1.4.6)
rack (1.2.2)
sinatra (1.2.6)
rack (~> 1.1)
@@ -17,4 +18,5 @@ PLATFORMS
DEPENDENCIES
haml
httparty
+ json
sinatra
@@ -3,6 +3,7 @@
require 'sinatra'
require 'haml'
require 'httparty'
+require 'json'
def resource_host
url = "http://localhost:"
@@ -14,8 +15,8 @@ def resource_host
url
end
-CLIENT_ID = 'abcdefgh12345678'
-CLIENT_SECRET = 'secret'
+@@client_id = nil
+@@client_secret = nil
RESOURCE_HOST = resource_host
enable :sessions
@@ -34,7 +35,11 @@ def get_with_access_token(path)
end
def authorize_url
- RESOURCE_HOST + "/oauth/authorize?client_id=#{CLIENT_ID}&client_secret=#{CLIENT_SECRET}&redirect_uri=#{redirect_uri}"
+ RESOURCE_HOST + "/oauth/authorize?client_id=#{@@client_id}&client_secret=#{@@client_secret}&redirect_uri=#{redirect_uri}"
+ end
+
+ def token_url
+ RESOURCE_HOST + "/oauth/token"
end
def access_token_url
@@ -48,28 +53,55 @@ def access_token_url
get '/callback' do
unless params["error"]
- response = HTTParty.post(access_token_url, :body => {
- :client_id => CLIENT_ID,
- :client_secret => CLIENT_SECRET,
- :redirect_uri => redirect_uri,
- :code => params["code"],
- :grant_type => 'authorization_code'}
- )
-
- session[:access_token] = response["access_token"]
- redirect '/account'
+
+ if(params["client_id"] && params["client_secret"])
+ @@client_id = params["client_id"]
+ @@client_secret = params["client_secret"]
+ redirect '/account'
+
+ else
+ response = HTTParty.post(access_token_url, :body => {
+ :client_id => @@client_id,
+ :client_secret => @@client_secret,
+ :redirect_uri => redirect_uri,
+ :code => params["code"],
+ :grant_type => 'authorization_code'}
+ )
+
+ session[:access_token] = response["access_token"]
+ redirect '/account'
+ end
else
"What is your major malfunction?"
end
end
get '/account' do
- if access_token
- @resource_server = RESOURCE_HOST
- @url = "/api/v0/me.json"
- @resource_response = get_with_access_token(@url)
- haml :response
+ if !@@client_id && !@@client_secret
+ response = HTTParty.post(token_url, :body => {
+ :type => :client_associate,
+ :name => :Chubbies,
+ :redirect_uri => redirect_uri
+ })
+
+ json = JSON.parse(response.body)
+
+ @@client_id = json["client_id"]
+ @@client_secret = json["client_secret"]
+
+ redirect '/account'
+
else
- redirect authorize_url
+ if access_token
+ @resource_response = get_with_access_token("/api/v0/me")
+ haml :response
+ else
+ redirect authorize_url
+ end
end
end
+
+get '/reset' do
+ @@client_id = nil
+ @@client_secret = nil
+end

0 comments on commit e121b0f

Please sign in to comment.