From 3fc0f64c56f33e2a8013813872400e3666dc720c Mon Sep 17 00:00:00 2001
From: theworldbright <kent@kentshikama.com>
Date: Sun, 13 Sep 2015 14:13:38 -0700
Subject: [PATCH] Move openid controllers to openid connect namespace

---
 Gemfile                                            |  2 +-
 Gemfile.lock                                       | 14 +++++++-------
 app/controllers/openid/connect_controller.rb       |  4 ----
 app/controllers/{openid => openid_connect}/LICENSE |  0
 .../authorizations_controller.rb                   | 12 ++++++------
 .../discovery_controller.rb                        |  0
 config/routes.rb                                   |  7 +++----
 7 files changed, 17 insertions(+), 22 deletions(-)
 delete mode 100644 app/controllers/openid/connect_controller.rb
 rename app/controllers/{openid => openid_connect}/LICENSE (100%)
 rename app/controllers/{openid => openid_connect}/authorizations_controller.rb (80%)
 rename app/controllers/{openid => openid_connect}/discovery_controller.rb (100%)

diff --git a/Gemfile b/Gemfile
index 4eb4c33bd..b2bc08b19 100644
--- a/Gemfile
+++ b/Gemfile
@@ -150,7 +150,7 @@ gem "twitter",            "5.15.0"
 gem "omniauth-wordpress", "0.2.2"
 
 # OpenID Connect
-gem "openid_connect"
+gem "openid_connect", "0.8.3"
 
 # Serializers
 
diff --git a/Gemfile.lock b/Gemfile.lock
index bef65ab00..4369e1425 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -522,17 +522,17 @@ GEM
     open_graph_reader (0.6.1)
       faraday (~> 0.9.0)
       nokogiri (~> 1.6)
-    openid_connect (0.9.2)
+    openid_connect (0.8.3)
       activemodel
-      attr_required (>= 1.0.0)
+      attr_required (>= 0.0.5)
       json (>= 1.4.3)
-      json-jwt (>= 1.5.0)
-      rack-oauth2 (>= 1.2.1)
-      swd (>= 1.0.0)
+      json-jwt (>= 0.5.5)
+      rack-oauth2 (>= 1.0.0)
+      swd (>= 0.1.2)
       tzinfo
       validate_email
       validate_url
-      webfinger (>= 1.0.1)
+      webfinger (>= 0.0.2)
     orm_adapter (0.5.0)
     parser (2.2.3.0)
       ast (>= 1.1, < 3.0)
@@ -942,7 +942,7 @@ DEPENDENCIES
   omniauth-twitter (= 1.2.1)
   omniauth-wordpress (= 0.2.2)
   open_graph_reader (= 0.6.1)
-  openid_connect
+  openid_connect (= 0.8.3)
   pg (= 0.18.4)
   pronto (= 0.5.3)
   pronto-haml (= 0.5.0)
diff --git a/app/controllers/openid/connect_controller.rb b/app/controllers/openid/connect_controller.rb
deleted file mode 100644
index c552988a6..000000000
--- a/app/controllers/openid/connect_controller.rb
+++ /dev/null
@@ -1,4 +0,0 @@
-class ConnectController < ApplicationController
-  def show
-  end
-end
diff --git a/app/controllers/openid/LICENSE b/app/controllers/openid_connect/LICENSE
similarity index 100%
rename from app/controllers/openid/LICENSE
rename to app/controllers/openid_connect/LICENSE
diff --git a/app/controllers/openid/authorizations_controller.rb b/app/controllers/openid_connect/authorizations_controller.rb
similarity index 80%
rename from app/controllers/openid/authorizations_controller.rb
rename to app/controllers/openid_connect/authorizations_controller.rb
index f1d407043..fcbe04dfa 100644
--- a/app/controllers/openid/authorizations_controller.rb
+++ b/app/controllers/openid_connect/authorizations_controller.rb
@@ -5,31 +5,31 @@ class AuthorizationsController < ApplicationController
     render :error, status: e.status
   end
 
+  before_action :authenticate_user!
+
   def new
     call_authorization_endpoint
   end
 
   def create
-    call_authorization_endpoint :allow_approval, params[:approve]
+    call_authorization_endpoint :is_create, params[:approve]
   end
 
   private
 
-  def call_authorization_endpoint(allow_approval = false, approved = false)
-    endpoint = AuthorizationEndpoint.new allow_approval, approved
+  def call_authorization_endpoint(is_create = false, approved = false)
+    endpoint = AuthorizationEndpoint.new current_user, is_create, approved
     rack_response = *endpoint.call(request.env)
     @client, @response_type, @redirect_uri, @scopes, @_request_, @request_uri, @request_object = *[
         endpoint.client, endpoint.response_type, endpoint.redirect_uri, endpoint.scopes, endpoint._request_, endpoint.request_uri, endpoint.request_object
     ]
-    require_authentication
     if (
-    !allow_approval &&
+    !is_create &&
         (max_age = @request_object.try(:id_token).try(:max_age)) &&
         current_account.last_logged_in_at < max_age.seconds.ago
     )
       flash[:notice] = 'Exceeded Max Age, Login Again'
       unauthenticate!
-      require_authentication
     end
     respond_as_rack_app *rack_response
   end
diff --git a/app/controllers/openid/discovery_controller.rb b/app/controllers/openid_connect/discovery_controller.rb
similarity index 100%
rename from app/controllers/openid/discovery_controller.rb
rename to app/controllers/openid_connect/discovery_controller.rb
diff --git a/config/routes.rb b/config/routes.rb
index 58c7d7445..520068e76 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -234,14 +234,13 @@ Diaspora::Application.routes.draw do
   root :to => 'home#show'
 
   #OpenID Connect & OAuth
-  resource :openid do
+  namespace :openid_connect do
+    resources :clients, only: :create
     resources :authorizations, only: [:new, :create]
-    match 'connect', to: 'connect#show', via: [:get, :post]
-    match '.well-known/:id', to: 'discovery#show' , via: [:get, :post]
     post 'access_tokens', to: proc { |env| OpenidConnect::TokenEndpoint.new.call(env) }
   end
 
   api_version(module: "Api::V0", path: {value: "api/v0"}, default: true) do
-    match 'user', to: 'users#show', via: :get
+    match 'user', to: 'users#show', via: [:get, :post]
   end
 end