1340fca8f1
Require any attribute that is going to be mass assigned to be whitelisted, and whitelist those attributes which need it
46 lines
1.1 KiB
Ruby
46 lines
1.1 KiB
Ruby
class RequestToken < OauthToken
|
|
|
|
attr_accessor :provided_oauth_verifier
|
|
|
|
def authorize!(user)
|
|
return false if authorized?
|
|
self.user = user
|
|
self.authorized_at = Time.now
|
|
self.verifier = OAuth::Helper.generate_key(20)[0,20] unless oauth10?
|
|
self.save
|
|
end
|
|
|
|
def exchange!
|
|
return false unless authorized?
|
|
return false unless oauth10? || verifier == provided_oauth_verifier
|
|
|
|
RequestToken.transaction do
|
|
params = { :user => user, :client_application => client_application }
|
|
# copy the permissions from the authorised request token to the access token
|
|
client_application.permissions.each { |p|
|
|
params[p] = read_attribute(p)
|
|
}
|
|
|
|
access_token = AccessToken.create(params, :without_protection => true)
|
|
invalidate!
|
|
access_token
|
|
end
|
|
end
|
|
|
|
def to_query
|
|
if oauth10?
|
|
super
|
|
else
|
|
"#{super}&oauth_callback_confirmed=true"
|
|
end
|
|
end
|
|
|
|
def oob?
|
|
callback_url.nil? || callback_url.downcase == 'oob'
|
|
end
|
|
|
|
def oauth10?
|
|
(defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
|
|
end
|
|
|
|
end
|