From d186246db0588d71df8f75c39ade24e2a6ea7935 Mon Sep 17 00:00:00 2001
From: Ilyaaaaaaaaaaaaa Zhitomirskiy <ilya@joindiaspora.com>
Date: Thu, 23 Jun 2011 19:12:57 -0700
Subject: [PATCH] added temporary special casing on app_url in authorizations
 controller

---
 app/controllers/authorizations_controller.rb  |  9 +++-
 .../authorizations_controller_spec.rb         | 47 +++++++++++++++++++
 2 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/app/controllers/authorizations_controller.rb b/app/controllers/authorizations_controller.rb
index 6da21ff8f..7ca84e012 100644
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@@ -34,8 +34,15 @@ class AuthorizationsController < ApplicationController
       manifest = JWT.decode(packaged_manifest['jwt'], public_key)
 
       message = verify(params[:signed_string], params[:signature], public_key)
-      unless message =='ok' 
+      if not (message =='ok')
         render :text => message, :status => 403
+      elsif manifest["homepage_url"].match(/^http:\/\/(localhost:\d+|chubbi\.es|cubbi\.es)\/$/).nil?
+        # This will only be temporary (less than a month) while we iron out the kinks in Diaspora Connect. Essentially, 
+        # whatever we release people will try to work off of and it sucks to build things on top of non-stable things. 
+        # We also started writing a gem that we'll release (around the same time) that makes becoming a Diaspora enabled 
+        # ruby project a breeze.  
+
+        render :nothing => true
       else
         client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest, public_key)
 
diff --git a/spec/controllers/authorizations_controller_spec.rb b/spec/controllers/authorizations_controller_spec.rb
index 761f04a41..8a45aa30f 100644
--- a/spec/controllers/authorizations_controller_spec.rb
+++ b/spec/controllers/authorizations_controller_spec.rb
@@ -40,6 +40,53 @@ describe AuthorizationsController do
       @params_hash = {:type => 'client_associate', :manifest_url => "http://chubbi.es/manifest.json" }
     end
 
+    context 'special casing (temporary, read note in the controller)' do
+      def prepare_manifest(url)
+        manifest =   {
+          "name"         => "Chubbies",
+          "description"  => "The best way to chub.",
+          "homepage_url" => url,
+          "icon_url"     => "#",
+          "permissions_overview" => "I will use the permissions this way!",
+        }
+
+        packaged_manifest = {:public_key => @public_key.export, :jwt => JWT.encode(manifest, @private_key, "RS256")}.to_json
+
+        stub_request(:get, "http://#{url}/manifest.json"). 
+          to_return(:status => 200, :body =>  packaged_manifest, :headers => {})
+
+        @params_hash = {:type => 'client_associate', :manifest_url => "http://#{url}/manifest.json" }
+      end
+
+      it 'renders something for chubbies ' do
+        prepare_manifest("http://chubbi.es/")
+        @controller.stub!(:verify).and_return('ok')
+        post :token,  @params_hash
+        response.body.blank?.should be_false
+      end
+
+      it 'renders something for cubbies ' do
+        prepare_manifest("http://cubbi.es/")
+        @controller.stub!(:verify).and_return('ok')
+        post :token,  @params_hash
+        response.body.blank?.should be_false
+      end
+
+      it 'renders something for localhost' do
+        prepare_manifest("http://localhost:3423/")
+        @controller.stub!(:verify).and_return('ok')
+        post :token,  @params_hash
+        response.body.blank?.should be_false
+      end
+
+      it 'renders nothing for myspace' do
+        prepare_manifest("http://myspace.com/")
+        @controller.stub!(:verify).and_return('ok')
+        post :token,  @params_hash
+        response.body.blank?.should be_true
+      end
+    end
+
     it 'fetches the manifest' do
       @controller.stub!(:verify).and_return('ok')
       post :token,  @params_hash