resetting the token instead if the app already exists, should move the lookup to be homepage url

2011-06-15 16:36:35 -07:00 · 2011-06-15 16:36:35 -07:00 · 78253b6885
commit 78253b6885
parent 9366b7243a
3 changed files with 30 additions and 10 deletions
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@ -20,24 +20,23 @@ class AuthorizationsController < ApplicationController
  end

  def token
-    if(params[:type] == 'client_associate' && params[:manifest_url])
+    unless(params[:type] == 'client_associate' && params[:manifest_url])
+      render :text => "bad request", :status => 403
+      return
+    end
      manifest = JSON.parse(RestClient.get(params[:manifest_url]).body)

      message = verify(params[:signed_string], params[:signature], manifest['public_key'])
      unless message =='ok' 
        render :text => message, :status => 403
      else
-        client = OAuth2::Provider.client_class.create_from_manifest!(manifest)
+        client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest)

        render :json => {:client_id => client.oauth_identifier,
                         :client_secret => client.oauth_secret,
                         :expires_in => 0,
                         :flows_supported => "",
                        }
-
-      end
-    else
-      render :text => "bad request", :status => 403
      end
  end

@ -84,7 +83,14 @@ class AuthorizationsController < ApplicationController
 end

 OAuth2::Provider.client_class.instance_eval do
-  def self.create_from_manifest! manifest
+  def self.create_or_reset_from_manifest! manifest
+    if obj = find_by_name(manifest['name'])
+      obj.oauth_identifier = OAuth2::Provider::Random.base62(16)
+      obj.oauth_secret = OAuth2::Provider::Random.base62(32)
+      obj.save!
+      obj
+    else
      create!(manifest)
    end
  end
+end
--- a/features/oauth.feature
+++ b/features/oauth.feature
@ -23,7 +23,7 @@ Feature: oauth
    Then I should be on "/account" on Chubbies
    Then I should see "No access token."

-  Scenario: Authorize Chubbies when Chubbies is already registeded
+  Scenario: Authorize Chubbies when Chubbies is already connected
    Given Chubbies is registered on my pod
    When I try to authorize Chubbies
    And there is only one Chubbies
@ -33,6 +33,20 @@ Feature: oauth
    And I should see my "profile.birthday"
    And I should see my "name"

+  Scenario: Authorize Chubbies when the pod knows about Chubbies
+    Given Chubbies is registered on my pod
+    When I try to authorize Chubbies
+    And I visit "/reset" on Chubbies
+    And I go to the destroy user session page
+
+    When I try to authorize Chubbies
+    And there is only one Chubbies
+
+    When I press "Authorize"
+    Then I should be on "/account" on Chubbies
+    And I should see my "profile.birthday"
+    And I should see my "name"
+  
  Scenario: Authorize Chubbies should place it on the authorized applications page
    When I try to authorize Chubbies

--- a/features/step_definitions/oauth_steps.rb
+++ b/features/step_definitions/oauth_steps.rb
@ -8,7 +8,7 @@ end

 Given /^Chubbies is registered on my pod$/ do
  manifest = JSON.parse(RestClient.get("localhost:#{Chubbies::PORT}/manifest.json").body)
-  client = OAuth2::Provider.client_class.create_from_manifest!(manifest)
+  client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest)
  params = {:client_id => client.oauth_identifier,
            :client_secret => client.oauth_secret,
            :host => "localhost:9887"}