Permalink
Browse files

hack for oauth_echo with f4t?

  • Loading branch information...
1 parent ac985ad commit ec4b4fdcea640052b348ea53194b8c8acb340d88 @stevenhaddox committed Aug 1, 2010
Showing with 20 additions and 0 deletions.
  1. +20 −0 app/controllers/photos_controller.rb
@@ -109,6 +109,26 @@ def format_is_xml?(format=nil)
end
def check_login
+ _authenticate_oauth_echo unless current_user
return true if current_user
redirect_to login_path #redirect to a non SSL page to ensure we don't throw an error
end
+
+ def _authenticate_oauth_echo
+ require 'httparty'
+ # header auth only for now; also lock down the auth provider endpoint so we can't spoof
+ if(request.env["HTTP_X_AUTH_SERVICE_PROVIDER"] != 'https://api.twitter.com/1/account/verify_credentials.json' || request.env["HTTP_X_AUTH_SERVICE_PROVIDER"].blank?)
+ return false
+ else
+ auth_service_provider = request.env["HTTP_X_AUTH_SERVICE_PROVIDER"]
+ verify_credentials_authorization = request.env["HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION"]
+ end
+
+ auth_response = HTTParty.get(auth_service_provider, :format => :json, :headers => {'Authorization' => verify_credentials_authorization}) rescue nil
+ if !auth_response['screen_name'].blank?
+ current_user = User.find(:first, :conditions => {:login => auth_response['screen_name']})
+ return current_user
+ end
+ logger.info(auth_response)
+ return false
+ end

0 comments on commit ec4b4fd

Please sign in to comment.