Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

testing photo upload with oauth echo support

  • Loading branch information...
commit ecd7e68064b1f1bfc02e87809015126077d24bb5 1 parent a712d2a
@stevenhaddox authored
Showing with 17 additions and 2 deletions.
  1. +17 −2 app/controllers/photos_controller.rb
View
19 app/controllers/photos_controller.rb
@@ -109,6 +109,21 @@ def format_is_xml?(format=nil)
end
def check_login
- return true if current_user
+ require 'httparty'
+ # header auth only for now; also lock down the auth provider endpoint so we can't spoof
+ if(request.env["HTTP_X_AUTH_SERVICE_PROVIDER"] != 'https://api.twitter.com/1/account/verify_credentials.json' || request.env["HTTP_X_AUTH_SERVICE_PROVIDER"].blank?)
+ current_user = nil
+ else
+ auth_service_provider = request.env["HTTP_X_AUTH_SERVICE_PROVIDER"]
+ verify_credentials_authorization = request.env["HTTP_X_VERIFY_CREDENTIALS_AUTHORIZATION"]
+ end
+
+ auth_response = HTTParty.get(auth_service_provider, :format => :json, :headers => {'Authorization' => verify_credentials_authorization}) rescue nil
+ if !auth_response['screen_name'].blank?
+ current_user = User.find(:first, :conditions => {:login => auth_response['screen_name']})
+ end
+ logger.info(auth_response)
+
+ return true unless current_user.blank?
redirect_to login_path #redirect to a non SSL page to ensure we don't throw an error
- end
+ end
Please sign in to comment.
Something went wrong with that request. Please try again.