Merge branch 'master' into openstreetbugs

Conflicts:
	app/views/site/index.html.erb

app/models/client_application.rb

@@ -6,6 +6,21 @@ class ClientApplication < ActiveRecord::Base
   validates_uniqueness_of :key
   before_validation_on_create :generate_keys
   
+  validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i
+  validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+  validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+
+  attr_accessor :token_callback_url
+  
+  def self.find_token(token_key)
+    token = OauthToken.find_by_token(token_key, :include => :client_application)
+    if token && token.authorized?
+      token
+    else
+      nil
+    end
+  end
+
   def self.verify_request(request, options = {}, &block)
     begin
       signature = OAuth::Signature.build(request, options, &block)
@@ -35,7 +50,7 @@ class ClientApplication < ActiveRecord::Base
   end
     
   def create_request_token
-    RequestToken.create :client_application => self
+    RequestToken.create :client_application => self, :callback_url => self.token_callback_url
   end
 
   # the permissions that this client would like from the user
@@ -52,8 +67,8 @@ protected
                  :allow_write_api, :allow_read_gpx, :allow_write_gpx ]
 
   def generate_keys
-    @oauth_client = oauth_server.generate_consumer_credentials
-    self.key = @oauth_client.key
-    self.secret = @oauth_client.secret
+    oauth_client = oauth_server.generate_consumer_credentials
+    self.key = oauth_client.key
+    self.secret = oauth_client.secret
   end
 end

app/models/notifier.rb

@@ -4,6 +4,7 @@ class Notifier < ActionMailer::Base
     subject I18n.t('notifier.signup_confirm.subject')
     body :url => url_for(:host => SERVER_URL,
                          :controller => "user", :action => "confirm",
+                         :display_name => user.display_name,
                          :confirm_string => token.token)
   end
 

app/models/request_token.rb

@@ -1,17 +1,23 @@
 class RequestToken < OauthToken
+
+  attr_accessor :provided_oauth_verifier
+
   def authorize!(user)
     return false if authorized?
     self.user = user
     self.authorized_at = Time.now
+    self.verifier = OAuth::Helper.generate_key(16)[0,20] unless oauth10?
     self.save
   end
-  
+
   def exchange!
     return false unless authorized?
+    return false unless oauth10? || verifier == provided_oauth_verifier
+
     RequestToken.transaction do
       params = { :user => user, :client_application => client_application }
       # copy the permissions from the authorised request token to the access token
-      client_application.permissions.each { |p| 
+      client_application.permissions.each { |p|
         params[p] = read_attribute(p)
       }
 
@@ -20,4 +26,21 @@ class RequestToken < OauthToken
       access_token
     end
   end
+
+  def to_query
+    if oauth10?
+      super
+    else
+      "#{super}&oauth_callback_confirmed=true"
+    end
+  end
+
+  def oob?
+    self.callback_url=='oob'
+  end
+
+  def oauth10?
+    (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
+  end
+
 end

app/models/trace.rb

@@ -149,15 +149,72 @@ class Trace < ActiveRecord::Base
     el1 = XML::Node.new 'gpx_file'
     el1['id'] = self.id.to_s
     el1['name'] = self.name.to_s
-    el1['lat'] = self.latitude.to_s
-    el1['lon'] = self.longitude.to_s
+    el1['lat'] = self.latitude.to_s if self.inserted
+    el1['lon'] = self.longitude.to_s if self.inserted
     el1['user'] = self.user.display_name
     el1['visibility'] = self.visibility
     el1['pending'] = (!self.inserted).to_s
     el1['timestamp'] = self.timestamp.xmlschema
+
+    el2 = XML::Node.new 'description'
+    el2 << self.description
+    el1 << el2
+
+    self.tags.each do |tag|
+      el2 = XML::Node.new('tag')
+      el2 << tag.tag
+      el1 << el2
+    end
+
     return el1
   end
 
+  # Read in xml as text and return it's Node object representation
+  def self.from_xml(xml, create=false)
+    begin
+      p = XML::Parser.string(xml)
+      doc = p.parse
+
+      doc.find('//osm/gpx_file').each do |pt|
+        return Trace.from_xml_node(pt, create)
+      end
+
+      raise OSM::APIBadXMLError.new("trace", xml, "XML doesn't contain an osm/gpx_file element.")
+    rescue LibXML::XML::Error, ArgumentError => ex
+      raise OSM::APIBadXMLError.new("trace", xml, ex.message)
+    end
+  end
+
+  def self.from_xml_node(pt, create=false)
+    trace = Trace.new
+    
+    raise OSM::APIBadXMLError.new("trace", pt, "visibility missing") if pt['visibility'].nil?
+    trace.visibility = pt['visibility']
+
+    unless create
+      raise OSM::APIBadXMLError.new("trace", pt, "ID is required when updating.") if pt['id'].nil?
+      trace.id = pt['id'].to_i
+      # .to_i will return 0 if there is no number that can be parsed. 
+      # We want to make sure that there is no id with zero anyway
+      raise OSM::APIBadUserInput.new("ID of trace cannot be zero when updating.") if trace.id == 0
+    end
+
+    # We don't care about the time, as it is explicitly set on create/update/delete
+    # We don't care about the visibility as it is implicit based on the action
+    # and set manually before the actual delete
+    trace.visible = true
+
+    description = pt.find('description').first
+    raise OSM::APIBadXMLError.new("trace", pt, "description missing") if description.nil?
+    trace.description = description.content
+
+    pt.find('tag').each do |tag|
+      trace.tags.build(:tag => tag.content)
+    end
+
+    return trace
+  end
+
   def xml_file
     # TODO *nix specific, could do to work on windows... would be functionally inferior though - check for '.gz'
     filetype = `/usr/bin/file -bz #{trace_name}`.chomp