Diff
Deleted: branches/wf4ever/app/controllers/oauth_clients_controller.rb (3134 => 3135)
--- branches/wf4ever/app/controllers/oauth_clients_controller.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/controllers/oauth_clients_controller.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,170 +0,0 @@
-class OauthController < ApplicationController
- before_filter :login_required,:except=>[:request_token,:access_token,:test_request]
- before_filter :get_client_application, : [:show, :edit, :update, :destroy]
- before_filter :login_or_oauth_required,:
- before_filter :verify_oauth_consumer_signature, :
- # before_filter :verify_oauth_request_token, :
- # Uncomment the following if you are using restful_open_id_authentication
- skip_before_filter :verify_authenticity_token
-
- def request_token
- @token=current_client_application.create_request_token
- if @token
- render :text=>@token.to_query
- else
- render :nothing => true, :status => 401
- end
- end
-
- def access_token
- @token=current_token.exchange!
- if @token
- render :text=>@token.to_query
- else
- render :nothing => true, :status => 401
- end
- end
-
- def test_request
- render :text=>params.collect{|k,v|"#{k}=#{v}"}.join("&")
- end
-
- def authorize
- @client_applications=current_user.client_applications
- @token=RequestToken.find_by_token params[:oauth_token]
- if @token.client_application.nil?
- if redirect_url
- redirect_to redirect_url+"?oauth_failure=1"
- else
- render :action=""
- end
- end
- @address@hidden
- redirect_url=params[:oauth_callback]||@token.client_application.callback_url
- if (@token.client_application.key_type == 'System') || @client_applications.include?(@token.client_application)
- unless @token.invalidated?
- if request.post?
- if params[:authorize]=='1'
- @token.authorize!(current_user)
- if redirect_url
- redirect_to redirect_url+"address@hidden"
- else
- render :action=""
- end
- elsif params[:commit]=="Save Changes"
- @token.invalidate!
- if redirect_url
- redirect_to redirect_url+"?oauth_failure=1"
- else
- render :action=""
- end
- end
- end
- else
- if redirect_url
- redirect_to redirect_url+"?oauth_failure=1"
- else
- render :action=""
- end
- end
- else
- if redirect_url
- redirect_to redirect_url+"?oauth_failure=1"
- else
- render :action=""
- end
- end
- end
-
- def revoke
- @token=current_user.tokens.find_by_token params[:token]
- if @token
- @token.invalidate!
- flash[:notice]="You've revoked the token for address@hidden"
- end
- redirect_to oauth_url
- end
-
- def index
- @client_applications = current_user.client_applications
- @tokens = current_user.tokens.find :all, :conditions => 'oauth_tokens.invalidated_at is null and oauth_tokens.authorized_at is not null'
- end
-
- def new
- @permissions = TABLES['REST'][:data]
- @address@hidden
- @client_application = ClientApplication.new
- @permissions_for=[]
- end
-
- def create
- @client_application = current_user.client_applications.build(params[:client_application])
- if @client_application.save
- if params[:key_permissions]
- for key_permission in params[:key_permissions] do
- @key_permission = KeyPermission.new(:client_application_id => @client_application.id, :for ="" key_permission[0])
- @key_permission.save
- end
- end
- flash[:notice] = "Client Application successfully registered!"
- redirect_to :action ="" "show", :id => @client_application.id
- else
- render :action ="" "new"
- end
- end
-
- def show
- if (!(@client_application.user_id == current_user.id or @client_application.creator_id == current_user.id))
- @client_application = nil
- end
- @address@hidden
- end
-
- def edit
- @permissions = TABLES['REST'][:data]
- @address@hidden
- if (!(@client_application.user_id == current_user.id or @client_application.creator_id == current_user.id))
- @client_application = nil
- end
- @address@hidden
- unless @client_application.nil?
- @address@hidden
- end
- end
-
- def update
- if (current_user.admin? or @client_application.key_type=="User")
- @client_application.permissions.delete_all
- if params[:key_permissions]
- for key_permission in params[:key_permissions] do
- @key_permission = KeyPermission.new(:client_application_id => @client_application.id, :for ="" key_permission[0])
- @key_permission.save
- end
- end
- end
- if @client_application.update_attributes(params[:client_application])
- flash[:notice] = "Updated the client information successfully"
- redirect_to :action ="" "show", :id => @client_application.id
- else
- render :action ="" "edit"
- end
- end
-
- def destroy
- @client_application.destroy
- flash[:notice] = "Destroyed the client application registration"
- redirect_to :action ="" "index"
- end
-
- private
- def get_client_application
- unless @client_application = current_user.client_applications.find(params[:id])
- flash.now[:error] = "Wrong application id"
- raise ActiveRecord::RecordNotFound
- end
- unless Authorization.is_authorized?(action_name, nil, @client_application, current_user)
- flash.now[:error] = "Application not authorized"
- raise ActiveRecord::RecordNotFound
- end
- end
-end
Deleted: branches/wf4ever/app/controllers/oauth_controller.rb (3134 => 3135)
--- branches/wf4ever/app/controllers/oauth_controller.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/controllers/oauth_controller.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,31 +0,0 @@
-require 'oauth-plugin'
-require 'oauth/controllers/provider_controller'
-class OauthController < ApplicationController
- include OAuth::Controllers::ProviderController
-
- protected
- # Override this to match your authorization page form
- # It currently expects a checkbox called authorize
- # def user_authorizes_token?
- # params[:authorize] == '1'
- # end
-
- def user_authorizes_token?
- params[:authorize] == '1'
- end
-
- # should authenticate and return a user if valid password.
- # This example should work with most Authlogic or Devise. Uncomment it
- # def authenticate_user(username,password)
- # user = User.find_by_email params[:username]
- # if user && user.valid_password?(params[:password])
- # user
- # else
- # nil
- # end
- # end
-
- def authenticate_user(username, password)
- User.authenticate(username, password)
- end
-end
Copied: branches/wf4ever/app/controllers/oauth_controller.rb (from rev 3130, branches/wf4ever/app/controllers/oauth_controller.rb) (0 => 3135)
--- branches/wf4ever/app/controllers/oauth_controller.rb (rev 0)
+++ branches/wf4ever/app/controllers/oauth_controller.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -0,0 +1,188 @@
+class OauthController < ApplicationController
+ before_filter :login_required,:except=>[:request_token,:access_token,:test_request]
+ before_filter :find_client_application_auth, : :edit, :update, :destroy]
+ before_filter :login_or_oauth_required,:
+ before_filter :verify_oauth_consumer_signature, :
+ # before_filter :verify_oauth_request_token, :
+ # Uncomment the following if you are using restful_open_id_authentication
+ skip_before_filter :verify_authenticity_token
+
+ def request_token
+ @token=current_client_application.create_request_token
+ if @token
+ render :text=>@token.to_query
+ else
+ render :nothing => true, :status => 401
+ end
+ end
+
+ def access_token
+ @token=current_token.exchange!
+ if @token
+ render :text=>@token.to_query
+ else
+ render :nothing => true, :status => 401
+ end
+ end
+
+ def test_request
+ render :text=>params.collect{|k,v|"#{k}=#{v}"}.join("&")
+ end
+
+ def authorize
+ @client_applications=current_user.client_applications
+ @token=RequestToken.find_by_token params[:oauth_token]
+ if @token.client_application.nil?
+ if redirect_url
+ redirect_to redirect_url+"?oauth_failure=1"
+ else
+ render :action=""
+ end
+ end
+ @address@hidden
+ redirect_url=params[:oauth_callback]||@token.client_application.callback_url
+ if (@token.client_application.key_type == 'System') || @client_applications.include?(@token.client_application)
+ unless @token.invalidated?
+ if request.post?
+ if params[:authorize]=='1'
+ @token.authorize!(current_user)
+ if redirect_url
+ redirect_to redirect_url+"address@hidden"
+ else
+ render :action=""
+ end
+ elsif params[:commit]=="Save Changes"
+ @token.invalidate!
+ if redirect_url
+ redirect_to redirect_url+"?oauth_failure=1"
+ else
+ render :action=""
+ end
+ end
+ end
+ else
+ if redirect_url
+ redirect_to redirect_url+"?oauth_failure=1"
+ else
+ render :action=""
+ end
+ end
+ else
+ if redirect_url
+ redirect_to redirect_url+"?oauth_failure=1"
+ else
+ render :action=""
+ end
+ end
+ end
+
+ def revoke
+ @token=current_user.tokens.find_by_token params[:token]
+ if @token
+ @token.invalidate!
+ flash[:notice]="You've revoked the token for address@hidden"
+ end
+ redirect_to oauth_url
+ end
+
+ def index
+ @client_applications=current_user.client_applications
+ @admin_client_applications=ClientApplication.find(:all, :conditions => ["user_id != ? and creator_id = ?", current_user.id, current_user.id])
+ @tokens=current_user.tokens.find :all, :conditions=>'oauth_tokens.invalidated_at is null and oauth_tokens.authorized_at is not null'
+ end
+
+ def new
+ @permissions = TABLES['REST'][:data]
+ @address@hidden
+ @client_application=ClientApplication.new
+ @permissions_for=[]
+ end
+
+ def create
+ @client_application=current_user.client_applications.build(params[:client_application])
+ if @client_application.save
+ if params[:key_permissions]
+ for key_permission in params[:key_permissions] do
+ @key_permission = KeyPermission.new(:client_application_id => @client_application.id, :for ="" key_permission[0])
+ @key_permission.save
+ end
+ end
+ flash[:notice]="Client Application successfully registered!"
+ redirect_to :action=""
+ else
+ render :action=""
+ end
+ end
+
+ def show
+ if (!(@client_application.user_id == current_user.id or @client_application.creator_id == current_user.id))
+ @client_application = nil
+ end
+ @address@hidden
+ end
+
+ def edit
+ @permissions = TABLES['REST'][:data]
+ @address@hidden
+ if (!(@client_application.user_id == current_user.id or @client_application.creator_id == current_user.id))
+ @client_application = nil
+ end
+ @address@hidden
+ unless @client_application.nil?
+ @address@hidden
+ end
+ end
+
+ def update
+ if (current_user.admin? or @client_application.key_type=="User")
+ @client_application.permissions.delete_all
+ if params[:key_permissions]
+ for key_permission in params[:key_permissions] do
+ @key_permission = KeyPermission.new(:client_application_id => @client_application.id, :for ="" key_permission[0])
+ @key_permission.save
+ end
+ end
+ end
+ if @client_application.update_attributes(params[:client_application])
+ flash[:notice]="Client Application 'address@hidden' successfully updated!"
+ redirect_to :action=""
+ else
+ render :action=""
+ end
+ end
+
+ def destroy
+ address@hidden
+ @client_application.destroy
+ flash[:notice]="Registration for Client Application '#{client_application_name}' has been removed!"
+ redirect_to :action=""
+ end
+
+private
+
+ def find_client_application_auth
+ if action_name == 'update'
+ id = params[:client_application][:id]
+ else
+ id = params[:id]
+ end
+ begin
+ client_app=ClientApplication.find(id)
+ if Authorization.is_authorized?(action_name, nil, client_app, current_user)
+ @client_application = client_app
+ else
+ error("Client Application not found (id not authorized)", "is invalid (not authorized)")
+ end
+ rescue ActiveRecord::RecordNotFound
+ error("Client Application not found", "is invalid")
+ end
+ end
+
+ def error(notice, message, attr=:id)
+ flash[:error] = notice
+
+ respond_to do |format|
+ format.html { redirect_to oauth_url }
+ end
+ end
+end
Copied: branches/wf4ever/app/helpers/oauth_helper.rb (from rev 3130, branches/wf4ever/app/helpers/oauth_helper.rb) (0 => 3135)
--- branches/wf4ever/app/helpers/oauth_helper.rb (rev 0)
+++ branches/wf4ever/app/helpers/oauth_helper.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -0,0 +1,3 @@
+module OauthHelper
+
+end
Modified: branches/wf4ever/app/models/access_token.rb (3134 => 3135)
--- branches/wf4ever/app/models/access_token.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/models/access_token.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,16 +1,10 @@
-class AccessToken < OauthToken
- validates_presence_of :user, :secret
+class AccessToken<OauthToken
+ validates_presence_of :user
before_create :set_authorized_at
-
- # Implement this to return a hash or array of the capabilities the access token has
- # This is particularly useful if you have implemented user defined permissions.
- # def capabilities
- # {:invalidate=>"/oauth/invalidate",:capabilities=>"/oauth/capabilities"}
- # end
-
- protected
-
+
+ protected
+
def set_authorized_at
- self.authorized_at = Time.now
+ self.authorized_at=Time.now
end
-end
+end
\ No newline at end of file
Modified: branches/wf4ever/app/models/client_application.rb (3134 => 3135)
--- branches/wf4ever/app/models/client_application.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/models/client_application.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,60 +1,54 @@
require 'oauth'
class ClientApplication < ActiveRecord::Base
belongs_to :user
- has_many :tokens, :class_name => "OauthToken", :dependent => :destroy
- has_many :access_tokens
- has_many :oauth2_verifiers
- has_many :oauth_tokens
+ has_many :tokens,:class_name=>"OauthToken", :dependent => :destroy
has_many :permissions,
:class_name => "KeyPermission",
:order => "key_permissions.for",
:dependent => :destroy
belongs_to :creator,
:class_name => "User",
- :foreign_key => "creator_id"
- validates_presence_of :name, :url, :key, :secret
+ :foreign_key => "creator_id"
+ validates_presence_of :name,:url,:key,:secret
validates_uniqueness_of :key
before_validation_on_create :generate_keys
-
- validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&address@hidden/]))?/i
- validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&address@hidden/]))?/i, :allow_blank=>true
- validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&address@hidden/]))?/i, :allow_blank=>true
-
- attr_accessor :token_callback_url
-
+
def self.find_token(token_key)
- token = OauthToken.find_by_token(token_key, :include => :client_application)
- if token && token.authorized?
- token
- else
- nil
- end
+ token=OauthToken.find_by_token(token_key, :include => :client_application)
+ logger.info "Loaded #{token.token} which was authorized by (user_id=#{token.user_id}) on the #{token.authorized_at}"
+ return token if token.authorized?
+ nil
end
-
+
def self.verify_request(request, options = {}, &block)
begin
- signature = OAuth::Signature.build(request, options, &block)
- return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
- value = signature.verify
+ signature=OAuth::Signature.build(request,options,&block)
+ logger.info "Signature Base String: #{signature.signature_base_string}"
+ logger.info "Consumer: #{signature.send :consumer_key}"
+ logger.info "Token: #{signature.send :token}"
+ return false unless OauthNonce.remember(signature.request.nonce,signature.request.timestamp)
+ value=signature.verify
+# value=true
+ logger.info "Signature verification returned: #{value.to_s}"
value
- rescue OAuth::Signature::UnknownSignatureMethod => e
- false
+ rescue OAuth::Signature::UnknownSignatureMethod=>e
+ #logger.info "ERROR"+e.to_s
+ false
end
end
-
+
def oauth_server
- @oauth_server ||= OAuth::Server.new("http://your.site")
+ @oauth_server||=OAuth::Server.new "http://your.site"
end
-
+
def credentials
- @oauth_client ||= OAuth::Consumer.new(key, secret)
+ @oauth_client||=OAuth::Consumer.new key,secret
end
-
- # If your application requires passing in extra parameters handle it here
- def create_request_token(params={})
- RequestToken.create :client_application => self, :callback_url=>self.token_callback_url
+
+ def create_request_token
+ RequestToken.create :client_application=>self
end
-
+
def permissions_for
permissions_for= []
for key_permission in self.permissions do
@@ -62,11 +56,12 @@
end
permissions_for
end
-
-protected
-
+
+ protected
+
def generate_keys
- self.key = OAuth::Helper.generate_key(40)[0,40]
- self.secret = OAuth::Helper.generate_key(40)[0,40]
+ @oauth_client=oauth_server.generate_consumer_credentials
+ address@hidden
+ address@hidden
end
end
Deleted: branches/wf4ever/app/models/oauth2_token.rb (3134 => 3135)
--- branches/wf4ever/app/models/oauth2_token.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/models/oauth2_token.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,20 +0,0 @@
-class Oauth2Token < AccessToken
- attr_accessor :state
- def as_json(options={})
- d = {:access_token=>token, :token_type => 'bearer'}
- d[:expires_in] = expires_in if expires_at
- d
- end
-
- def to_query
- q = "access_token=#{token}&token_type=bearer"
- q << "&state=#{URI.escape(state)}" if @state
- q << "&expires_in=#{expires_in}" if expires_at
- q << "&scope=#{URI.escape(scope)}" if scope
- q
- end
-
- def expires_in
- expires_at.to_i - Time.now.to_i
- end
-end
Deleted: branches/wf4ever/app/models/oauth2_verifier.rb (3134 => 3135)
--- branches/wf4ever/app/models/oauth2_verifier.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/models/oauth2_verifier.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,35 +0,0 @@
-class Oauth2Verifier < OauthToken
- validates_presence_of :user
- attr_accessor :state
-
- def exchange!(params={})
- OauthToken.transaction do
- token = Oauth2Token.create! :user=>user,:client_application=>client_application, :scope => scope
- invalidate!
- token
- end
- end
-
- def code
- token
- end
-
- def redirect_url
- callback_url
- end
-
- def to_query
- q = "code=#{token}"
- q << "&state=#{URI.escape(state)}" if @state
- q
- end
-
- protected
-
- def generate_keys
- self.token = OAuth::Helper.generate_key(20)[0,20]
- self.expires_at = 10.minutes.from_now
- self.authorized_at = Time.now
- end
-
-end
Modified: branches/wf4ever/app/models/oauth_nonce.rb (3134 => 3135)
--- branches/wf4ever/app/models/oauth_nonce.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/models/oauth_nonce.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,12 +1,12 @@
# Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique.
# Thus you can use the same nonce with a different timestamp and viceversa.
class OauthNonce < ActiveRecord::Base
- validates_presence_of :nonce, :timestamp
- validates_uniqueness_of :nonce, :scope => :timestamp
-
+ validates_presence_of :nonce,:timestamp
+ validates_uniqueness_of :nonce,:scope=>:timestamp
+
# Remembers a nonce and it's associated timestamp. It returns false if it has already been used
- def self.remember(nonce, timestamp)
- oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp)
+ def self.remember(nonce,timestamp)
+ oauth_nonce=OauthNonce.create(:nonce=>nonce,:timestamp=>timestamp)
return false if oauth_nonce.new_record?
oauth_nonce
end
Modified: branches/wf4ever/app/models/oauth_token.rb (3134 => 3135)
--- branches/wf4ever/app/models/oauth_token.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/models/oauth_token.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -2,29 +2,31 @@
belongs_to :client_application
belongs_to :user
validates_uniqueness_of :token
- validates_presence_of :client_application, :token
+ validates_presence_of :client_application,:token,:secret
before_validation_on_create :generate_keys
-
+
def invalidated?
- invalidated_at != nil
+ invalidated_at!=nil
end
-
+
def invalidate!
- update_attribute(:invalidated_at, Time.now)
+ update_attribute(:invalidated_at,Time.now)
end
-
+
def authorized?
- authorized_at != nil && !invalidated?
+ authorized_at!=nil && !invalidated?
end
-
+
def to_query
"oauth_token=#{token}&oauth_token_secret=#{secret}"
end
-
+
protected
-
+
def generate_keys
- self.token = OAuth::Helper.generate_key(40)[0,40]
- self.secret = OAuth::Helper.generate_key(40)[0,40]
+ @oauth_token=client_application.oauth_server.generate_credentials
+ address@hidden
+ address@hidden
end
+
end
Modified: branches/wf4ever/app/models/request_token.rb (3134 => 3135)
--- branches/wf4ever/app/models/request_token.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/models/request_token.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,40 +1,18 @@
-class RequestToken < OauthToken
-
- attr_accessor :provided_oauth_verifier
-
+class RequestToken<OauthToken
+
def authorize!(user)
return false if authorized?
- self.user = user
- self.authorized_at = Time.now
- self.verifier=OAuth::Helper.generate_key(20)[0,20] unless oauth10?
+ self.user=user
+ self.authorized_at=Time.now
self.save
end
-
+
def exchange!
return false unless authorized?
- return false unless oauth10? || verifier==provided_oauth_verifier
-
RequestToken.transaction do
- access_token = AccessToken.create(:user => user, :client_application => client_application)
+ access_token=AccessToken.create(:user=>user,:client_application=>client_application)
invalidate!
access_token
end
end
-
- def to_query
- if oauth10?
- super
- else
- "#{super}&oauth_callback_confirmed=true"
- end
- end
-
- def oob?
- callback_url.nil? || callback_url.downcase == 'oob'
- end
-
- def oauth10?
- (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
- end
-
-end
+end
\ No newline at end of file
Copied: branches/wf4ever/app/views/oauth/_form.rhtml (from rev 3130, branches/wf4ever/app/views/oauth/_form.rhtml) (0 => 3135)
--- branches/wf4ever/app/views/oauth/_form.rhtml (rev 0)
+++ branches/wf4ever/app/views/oauth/_form.rhtml 2012-09-25 17:32:46 UTC (rev 3135)
@@ -0,0 +1,54 @@
+<div class="field">
+ <label for=""
+ <%=f.text_field :name %>
+</div>
+<div class="field">
+ <% if current_user.admin? %>
+ <label for=""
+ <% unless @client_application.id %>
+ <%= select_tag "client_application[key_type]", options_for_select([ "User", "System"], "User") %>
+ <% else %>
+ <%= select_tag "client_application[key_type]", options_for_select([ "User", "System"], @client_application.key_type) %>
+ <% end %>
+</div>
+<div class="field">
+ <label for="" User*</label><br/>
+ <% unless @client_application.id %>
+ <select id="client_application[user_id]" name="client_application[user_id]" %>
+ <% all_users().each do |u| %>
+ <option <%= 'selected="selected"' if u.id==current_user.id %> value="<%= u.id %>"><%= h(u.name) %></option><% end %>
+ </select>
+ <% else %>
+ <select id="client_application[user_id]" name="client_application[user_id]">
+ <% all_users().each do |u| %>
+ <option <%= 'selected="selected"' if address@hidden %> value="<%= u.id %>"><%= h(u.name) %></option><% end %>
+ </select>
+ <% end %>
+ <% else %>
+ <%= f.hidden_field :user_id, :value => current_user.id %>
+ <% unless @client_application.id %>
+ <%= f.hidden_field :key_type, :value => "User" %>
+ <% else %>
+ <%= f.hidden_field :key_type, :value => @client_application.key_type %>
+ <% end %>
+ <% end %>
+ <% unless @client_application.id %>
+ <%= f.hidden_field :creator_id, :value => current_user.id %>
+ <% else %>
+ <%= f.hidden_field :creator_id, :value => @client_application.creator_id %>
+ <% end %>
+
+</div>
+<div class="field">
+ <label for="" Application URL*</label><br/>
+ <%=f.text_field :url%>
+</div>
+<div class="field">
+ <label for="" URL*</label><br/>
+ <%=f.text_field :callback_url%>
+</div>
+<div class="field">
+ <label for="" URL</label><br/>
+ <%=f.text_field :support_url%>
+</div>
+
Modified: branches/wf4ever/app/views/oauth/authorize.rhtml (3134 => 3135)
--- branches/wf4ever/app/views/oauth/authorize.rhtml 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/views/oauth/authorize.rhtml 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,15 +1,15 @@
<h1>Authorize access to your account</h1>
-<p>Would you like to authorize <%= link_to @token.client_application.name,@token.client_application.url %> (<%= link_to @token.client_application.url,@token.client_application.url %>) to access your account?</p>
-<% form_tag authorize_url do %>
- <%= hidden_field_tag "oauth_token", @token.token %>
- <%- if params[:oauth_callback] -%>
- <%= hidden_field_tag "oauth_callback", params[:oauth_callback] %>
-<%- end -%>
+<p>Would you like to authorize <%=link_to @token.client_application.name,@token.client_application.url%> (<%=link_to @token.client_application.url,@token.client_application.url%>) to access your account?</p>
+<%form_tag authorize_url do %>
+<%=hidden_field_tag "oauth_token",@token.token%>
+<%-if params[:oauth_callback]-%>
+<%=hidden_field_tag "oauth_callback", params[:oauth_callback]%>
+<%-end-%>
<p>
- <%= check_box_tag 'authorize' %> authorize access
+ <%=check_box_tag 'authorize'%> authorize access
</p>
<p>
- <%= submit_tag %>
+ <%=submit_tag%>
</p>
-<% end %>
+<%end%>
<%= render :partial => "show_permissions" -%>
Copied: branches/wf4ever/app/views/oauth/index.rhtml (from rev 3130, branches/wf4ever/app/views/oauth/index.rhtml) (0 => 3135)
--- branches/wf4ever/app/views/oauth/index.rhtml (rev 0)
+++ branches/wf4ever/app/views/oauth/index.rhtml 2012-09-25 17:32:46 UTC (rev 3135)
@@ -0,0 +1,46 @@
+<h1>OAuth Client Applications</h1>
+<%unless @tokens.empty?%>
+<p>The following tokens have been issued to applications in your name</p>
+<table>
+ <tr><th>Application</th><th>Issued</th><th> </th></tr>
+ <address@hidden do |token|%>
+ <tr>
+ <td><%=link_to token.client_application.name,token.client_application.url%></td>
+ <td><%=token.authorized_at%></td>
+ <td>
+ <%form_tag :controller=>'oauth',:action="" do%>
+ <%=hidden_field_tag 'token',token.token%>
+ <%=submit_tag "Revoke!"%>
+ <%end%>
+ </td>
+ </tr>
+ <%end%>
+
+</table>
+<%end%>
+<h3>Your Registered Client Applications</h3>
+<%if @client_applications.empty?%>
+ <p>
+ Do you have an application you would like to register for use with us using the <a href="" standard?
+ </p>
+ <p>
+ You must register your web application before it can make OAuth requests to this service
+ </p>
+<%else%>
+ <address@hidden do |client|%>
+ <div><%=link_to client.name,:action=""
+ <%end%>
+<%end%>
+<% if current_user.admin? %>
+<h3>Client Applications You Have Created For Other Users</h3>
+<% if @admin_client_applications.empty? %>
+ <p>You do not currently have any client applications that you have created or other users.</p>
+<%else%>
+ <address@hidden do |client|%>
+ <div><%=link_to client.name,:action=""
+ <%end%>
+<% end %>
+<% end %>
+<ul class="sectionIcons">
+ <li><%= icon "register_application", {:controller =>'oauth',:action="" nil, nil, "Register Client Application" %></li>
+</ul>
Copied: branches/wf4ever/app/views/oauth/new.rhtml (from rev 3130, branches/wf4ever/app/views/oauth/new.rhtml) (0 => 3135)
--- branches/wf4ever/app/views/oauth/new.rhtml (rev 0)
+++ branches/wf4ever/app/views/oauth/new.rhtml 2012-09-25 17:32:46 UTC (rev 3135)
@@ -0,0 +1,7 @@
+<h1>Register a new application</h1>
+<% form_for :client_application, :url ="" { :action ="" :create } do |f| %>
+ <%= render :partial => "form", :locals => { :f => f } %>
+ <%= render :partial => "permissions", :locals => { :f => f } %>
+ <br/><br/>
+ <p style="text-align: center; font-weight: bold;"><%= submit_tag "Register" %></p>
+<% end %>
Deleted: branches/wf4ever/app/views/oauth/oauth2_authorize.html.erb (3134 => 3135)
--- branches/wf4ever/app/views/oauth/oauth2_authorize.html.erb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/app/views/oauth/oauth2_authorize.html.erb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,17 +0,0 @@
-<h1>Authorize access to your account</h1>
-<p>Would you like to authorize <%= link_to @token.client_application.name,@token.client_application.url %> (<%= link_to @token.client_application.url,@token.client_application.url %>) to access your account?</p>
-<% form_tag authorize_url do %>
- <%= hidden_field_tag "response_type", params[:response_type]%>
- <%= hidden_field_tag "client_id", params[:client_id]%>
- <%= hidden_field_tag "redirect_uri", params[:redirect_uri]%>
- <%= hidden_field_tag "state", params[:state]%>
- <%= hidden_field_tag "scope", params[:scope]%>
-
-<p>
- <%= check_box_tag 'authorize' %> authorize access
-</p>
-<p>
- <%= submit_tag %>
-</p>
-<% end %>
-<%= render :partial => "show_permissions" -%>
Copied: branches/wf4ever/app/views/oauth/show.rhtml (from rev 3130, branches/wf4ever/app/views/oauth/show.rhtml) (0 => 3135)
--- branches/wf4ever/app/views/oauth/show.rhtml (rev 0)
+++ branches/wf4ever/app/views/oauth/show.rhtml 2012-09-25 17:32:46 UTC (rev 3135)
@@ -0,0 +1,45 @@
+<ul class="sectionIcons">
+ <li><%= icon('manage', {:controller=>'oauth', :action="" :id=>@client_application.id}, nil, nil, 'Update Client Application')%></li>
+ <li><%= icon('destroy', {:controller=>'oauth', :action="" :id=>@client_application.id}, nil, { :confirm => 'Are you you wish to remove this client application?', :method => :revoke }, 'Remove Client Application') %></li>
+</ul>
+<h1>OAuth details for <address@hidden></h1>
+<p>
+ <b>Main Application URL:</b> <address@hidden>
+</p>
+<p>
+ <b>Key Type:</b> <address@hidden>
+</p>
+<% if current_user.admin? %>
+<p>
+ <b>For User:</b> <a href="" user_path(@client_application.user.id) %>"><address@hidden></a>
+</p>
+<% end %>
+<p>
+ <b>Callback URL:</b> <address@hidden>
+</p>
+<p>
+ <b>Support URL:</b> <address@hidden>
+</p>
+<p>
+ <b>Consumer Key:</b> <address@hidden>
+</p>
+<p>
+ <b>Consumer Secret:</b> <address@hidden>
+</p>
+<p>
+ <b>Request Token URL</b> http<%='s' if request.ssl?%>://<%=request.host_with_port%><address@hidden>
+</p>
+<p>
+ <b>Access Token URL</b> http<%='s' if request.ssl?%>://<%=request.host_with_port%><address@hidden>
+</p>
+<p>
+ <b>Authorize URL</b> http<%='s' if request.ssl?%>://<%=request.host_with_port%><address@hidden>
+</p>
+
+<p>
+ We support hmac-sha1 (recommended) as well as plain text in ssl mode.
+</p>
+
+<%= render :partial => "show_permissions" %>
+
+ <!--<p><%= TABLES['REST'][:data].inspect %></p> -->
Modified: branches/wf4ever/config/environment.rb (3134 => 3135)
--- branches/wf4ever/config/environment.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/config/environment.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -46,6 +46,7 @@
:mannie_taverna_scufl,
:mannie_taverna_t2flow,
:oauth,
+ :oauth_plugin,
:open_id_authentication,
:paginating_find,
:qrcode,
Modified: branches/wf4ever/config/routes.rb (3134 => 3135)
--- branches/wf4ever/config/routes.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/config/routes.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -202,15 +202,12 @@
map.resources :messages, :collection => { :sent => :get, :delete_all_selected => :delete }
# all oauth
- map.resources :oauth_clients
+ map.oauth '/oauth',:controller=>'oauth',:action=""
+ map.authorize '/oauth/authorize',:controller=>'oauth',:action=""
+ map.request_token '/oauth/request_token',:controller=>'oauth',:action=""
+ map.access_token '/oauth/access_token',:controller=>'oauth',:action=""
+ map.test_request '/oauth/test_request',:controller=>'oauth',:action=""
- map.test_request '/oauth/test_request', :controller => 'oauth', :action ="" 'test_request'
- map.token '/oauth/token', :controller => 'oauth', :action ="" 'token'
- map.access_token '/oauth/access_token', :controller => 'oauth', :action ="" 'access_token'
- map.request_token '/oauth/request_token', :controller => 'oauth', :action ="" 'request_token'
- map.authorize '/oauth/authorize', :controller => 'oauth', :action ="" 'authorize'
- map.oauth '/oauth', :controller => 'oauth', :action ="" 'index'
-
# User timeline
map.connect 'users/timeline', :controller => 'users', :action ="" 'timeline'
map.connect 'users/users_for_timeline', :controller => 'users', :action ="" 'users_for_timeline'
Deleted: branches/wf4ever/db/migrate/20120921144930_update_oauth_tables.rb (3134 => 3135)
--- branches/wf4ever/db/migrate/20120921144930_update_oauth_tables.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/db/migrate/20120921144930_update_oauth_tables.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -1,18 +0,0 @@
-# myExperiment: db/migrate/20120921144930_update_oauth_tables.rb
-#
-# Copyright (c) 2012 University of Manchester and the University of Southampton.
-# See license.txt for details.
-
-class UpdateOauthTables < ActiveRecord::Migration
- def self.up
- add_column :oauth_tokens, :callback_url, :string
- add_column :oauth_tokens, :verifier, :string, :limit => 20
- add_column :oauth_tokens, :scope, :string
- end
-
- def self.down
- drop_column :oauth_tokens, :callback_url
- drop_column :oauth_tokens, :verifier
- drop_column :oauth_tokens, :scope
- end
-end
Modified: branches/wf4ever/db/schema.rb (3134 => 3135)
--- branches/wf4ever/db/schema.rb 2012-09-25 17:29:10 UTC (rev 3134)
+++ branches/wf4ever/db/schema.rb 2012-09-25 17:32:46 UTC (rev 3135)
@@ -9,7 +9,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20120921144930) do
+ActiveRecord::Schema.define(:version => 20120605091404) do
create_table "activity_limits", :force => true do |t|
t.string "contributor_type", :null => false
@@ -400,9 +400,6 @@
t.datetime "invalidated_at"
t.datetime "created_at"
t.datetime "updated_at"
- t.string "callback_url"
- t.string "verifier", :limit => 20
- t.string "scope"
end
add_index "oauth_tokens", ["token"], :name => "index_oauth_tokens_on_token", :unique => true