added temporary special casing on app_url in authorizations controller

2011-06-23 19:12:57 -07:00 · 2011-06-23 19:12:57 -07:00 · d186246db0
commit d186246db0
parent bd84eaaf75
2 changed files with 55 additions and 1 deletions
--- a/app/controllers/authorizations_controller.rb
+++ b/app/controllers/authorizations_controller.rb
@ -34,8 +34,15 @@ class AuthorizationsController < ApplicationController
      manifest = JWT.decode(packaged_manifest['jwt'], public_key)

      message = verify(params[:signed_string], params[:signature], public_key)
-      unless message =='ok' 
+      if not (message =='ok')
        render :text => message, :status => 403
+      elsif manifest["homepage_url"].match(/^http:\/\/(localhost:\d+|chubbi\.es|cubbi\.es)\/$/).nil?
+        # This will only be temporary (less than a month) while we iron out the kinks in Diaspora Connect. Essentially, 
+        # whatever we release people will try to work off of and it sucks to build things on top of non-stable things. 
+        # We also started writing a gem that we'll release (around the same time) that makes becoming a Diaspora enabled 
+        # ruby project a breeze.  
+
+        render :nothing => true
      else
        client = OAuth2::Provider.client_class.create_or_reset_from_manifest!(manifest, public_key)

--- a/spec/controllers/authorizations_controller_spec.rb
+++ b/spec/controllers/authorizations_controller_spec.rb
@ -40,6 +40,53 @@ describe AuthorizationsController do
      @params_hash = {:type => 'client_associate', :manifest_url => "http://chubbi.es/manifest.json" }
    end

+    context 'special casing (temporary, read note in the controller)' do
+      def prepare_manifest(url)
+        manifest =   {
+          "name"         => "Chubbies",
+          "description"  => "The best way to chub.",
+          "homepage_url" => url,
+          "icon_url"     => "#",
+          "permissions_overview" => "I will use the permissions this way!",
+        }
+
+        packaged_manifest = {:public_key => @public_key.export, :jwt => JWT.encode(manifest, @private_key, "RS256")}.to_json
+
+        stub_request(:get, "http://#{url}/manifest.json"). 
+          to_return(:status => 200, :body =>  packaged_manifest, :headers => {})
+
+        @params_hash = {:type => 'client_associate', :manifest_url => "http://#{url}/manifest.json" }
+      end
+
+      it 'renders something for chubbies ' do
+        prepare_manifest("http://chubbi.es/")
+        @controller.stub!(:verify).and_return('ok')
+        post :token,  @params_hash
+        response.body.blank?.should be_false
+      end
+
+      it 'renders something for cubbies ' do
+        prepare_manifest("http://cubbi.es/")
+        @controller.stub!(:verify).and_return('ok')
+        post :token,  @params_hash
+        response.body.blank?.should be_false
+      end
+
+      it 'renders something for localhost' do
+        prepare_manifest("http://localhost:3423/")
+        @controller.stub!(:verify).and_return('ok')
+        post :token,  @params_hash
+        response.body.blank?.should be_false
+      end
+
+      it 'renders nothing for myspace' do
+        prepare_manifest("http://myspace.com/")
+        @controller.stub!(:verify).and_return('ok')
+        post :token,  @params_hash
+        response.body.blank?.should be_true
+      end
+    end
+
    it 'fetches the manifest' do
      @controller.stub!(:verify).and_return('ok')
      post :token,  @params_hash