Switch web site to use OAuth 2

tomhughes · Jun 27, 2021 · b4a1e41 · b4a1e41
1 parent 90360df
commit b4a1e41
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 42 deletions.
diff --git a/app/assets/javascripts/oauth.js b/app/assets/javascripts/oauth.js
@@ -1,26 +1,11 @@
-//= require ohauth/ohauth
-
 $(document).ready(function () {
   var application_data = $("head").data();
 
-  function makeAbsolute(url) {
-    var a = document.createElement("a");
-    a.href = url;
-    return a.href;
-  }
-
-  if (application_data.token) {
-    var headerGenerator = window.ohauth.headerGenerator({
-      consumer_key: application_data.consumerKey,
-      consumer_secret: application_data.consumerSecret,
-      token: application_data.token,
-      token_secret: application_data.tokenSecret
-    });
-
-    $.ajaxPrefilter(function (options, jqxhr) {
+  if (application_data.oauthToken) {
+    $.ajaxPrefilter(function (options) {
       if (options.oauth) {
         options.headers = options.headers || {};
-        options.headers.Authorization = headerGenerator(options.type, makeAbsolute(options.url), jqxhr.data);
+        options.headers.Authorization = "Bearer " + application_data.oauthToken;
       }
     });
   }

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -67,7 +67,7 @@ def require_user
   end
 
   def require_oauth
-    @oauth_token = current_user.access_token(Settings.oauth_key) if current_user && Settings.key?(:oauth_key)
+    @oauth_token = current_user.oauth_token(Settings.oauth_application) if current_user && Settings.key?(:oauth_application)
   end
 
   ##

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
@@ -58,13 +58,7 @@ def application_data
     end
 
     data[:location] = session[:location] if session[:location]
-
-    if oauth_token
-      data[:token] = oauth_token.token
-      data[:token_secret] = oauth_token.secret
-      data[:consumer_key] = oauth_token.client_application.key
-      data[:consumer_secret] = oauth_token.client_application.secret
-    end
+    data[:oauth_token] = oauth_token.token if oauth_token
 
     data
   end

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -288,11 +288,23 @@ def spam_check
   end
 
   ##
-  # return an oauth access token for a specified application
+  # return an oauth 1 access token for a specified application
   def access_token(application_key)
     ClientApplication.find_by(:key => application_key).access_token_for_user(self)
   end
 
+  ##
+  # return an oauth 2 access token for a specified application
+  def oauth_token(application_id)
+    application = Doorkeeper.config.application_model.find_by(:uid => application_id)
+
+    Doorkeeper.config.access_token_model.find_or_create_for(
+      :application => application,
+      :resource_owner => self,
+      :scopes => application.scopes
+    )
+  end
+
   def fingerprint
     digest = Digest::SHA256.new
     digest.update(email)

diff --git a/config/settings.yml b/config/settings.yml
@@ -84,8 +84,8 @@ oauth_10_support: true
 nominatim_url: "https://nominatim.openstreetmap.org/"
 # Default editor
 default_editor: "id"
-# OAuth consumer key for the web site
-#oauth_key: ""
+# OAuth application for the web site
+#oauth_application: ""
 # OAuth consumer key for iD
 #id_key: ""
 # Imagery to return in capabilities as blacklisted

diff --git a/package.json b/package.json
@@ -8,7 +8,6 @@
     "js-cookie": "^2.2.1",
     "leaflet": "^1.6.0",
     "leaflet.locatecontrol": "^0.74.0",
-    "ohauth": "^1.0.0",
     "qs": "^6.9.4"
   },
   "devDependencies": {

diff --git a/yarn.lock b/yarn.lock
@@ -550,11 +550,6 @@ js-yaml@^3.13.1:
     argparse "^1.0.7"
     esprima "^4.0.0"
 
-jshashes@~1.0.8:
-  version "1.0.8"
-  resolved "https://registry.yarnpkg.com/jshashes/-/jshashes-1.0.8.tgz#f60d837428383abf73ab022e1542e6614bd75514"
-  integrity sha512-btmQZ/w1rj8Lb6nEwvhjM7nBYoj54yaEFo2PWh3RkxZ8qNwuvOxvQYN/JxVuwoMmdIluL+XwYVJ+pEEZoSYybQ==
-
 json-schema-traverse@^0.4.1:
   version "0.4.1"
   resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660"
@@ -625,13 +620,6 @@ object-inspect@^1.9.0:
   resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.9.0.tgz#c90521d74e1127b67266ded3394ad6116986533a"
   integrity sha512-i3Bp9iTqwhaLZBxGkRfo5ZbE07BQRT7MGu8+nNgwW9ItGp1TzCTw2DLEoWwjClxBjOFI/hWljTAmYGCEwmtnOw==
 
-ohauth@^1.0.0:
-  version "1.0.1"
-  resolved "https://registry.yarnpkg.com/ohauth/-/ohauth-1.0.1.tgz#a5d4ab8e5390bb1cad68a58cc9c58630173c02f2"
-  integrity sha512-R9ZUN3+FVCwzeOOHCJpzA9jw/byRxp5O9X06mTL6Sp/LIQn/rLrMv6cwYctX+hoIKzRUsalGJXZ1kG5wBmSskQ==
-  dependencies:
-    jshashes "~1.0.8"
-
 once@^1.3.0:
   version "1.4.0"
   resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1"