nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

A user can now revoke an application's token iz ms

Browse source
This commit is contained in:
Ilya Zhitomirskiy 2011-06-13 16:48:52 -07:00
parent 3d77186d35
commit ef0e48a7ff
4 changed files with 27 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/authorizations_controller.rb
View file

@ -1,7 +1,7 @@
class AuthorizationsController < ApplicationController class AuthorizationsController < ApplicationController
include OAuth2::Provider::Rack::AuthorizationCodesSupport include OAuth2::Provider::Rack::AuthorizationCodesSupport
before_filter :authenticate_user!, :except => :token before_filter :authenticate_user!, :except => :token
before_filter :block_invalid_authorization_code_requests, :except => [:token, :index] before_filter :block_invalid_authorization_code_requests, :except => [:token, :index, :destroy]
skip_before_filter :verify_authenticity_token, :only => :token skip_before_filter :verify_authenticity_token, :only => :token
@ -38,6 +38,13 @@ class AuthorizationsController < ApplicationController
@authorizations = current_user.authorizations @authorizations = current_user.authorizations
@applications = current_user.applications @applications = current_user.applications
end end
def destroy
## ID is actually the id of the client
auth = current_user.authorizations.where(:client_id => params[:id]).first
auth.revoke
redirect_to authorizations_path
end
end end
OAuth2::Provider.client_class.instance_eval do OAuth2::Provider.client_class.instance_eval do

2
config/routes.rb
View file

@ -120,7 +120,7 @@ Diaspora::Application.routes.draw do
post "/oauth/authorize" => "authorizations#create" post "/oauth/authorize" => "authorizations#create"
post "/oauth/token" => "authorizations#token" post "/oauth/token" => "authorizations#token"
resources :authorizations, :only => [:index] resources :authorizations, :only => [:index, :destroy]
resources :services, :only => [:index, :destroy] resources :services, :only => [:index, :destroy]
controller :services do controller :services do

12
features/oauth.feature
View file

@ -37,6 +37,18 @@ Feature: oauth
When I try to authorize Chubbies When I try to authorize Chubbies
When I press "Authorize" When I press "Authorize"
And I am on the authorizations page And I am on the authorizations page
Then I should see "Chubbies" Then I should see "Chubbies"
And I should see "The best way to chub." And I should see "The best way to chub."
Scenario: Removing Chubbies from the authorized applications list de-authorizes it
When I try to authorize Chubbies
When I press "Authorize"
And I am on the authorizations page
And I preemptively confirm the alert
And I follow "Delete"
Then I visit "/account?id=1" on Chubbies
Then I should see "Token invalid"

8
spec/chubbies/app.rb
View file

@ -57,8 +57,12 @@ module Chubbies
get '/account' do get '/account' do
if params['id'] && user = User.where(:id => params['id']).first if params['id'] && user = User.where(:id => params['id']).first
if user.access_token if user.access_token
@resource_response = user.access_token.token.get("/api/v0/me") begin
haml :response @resource_response = user.access_token.token.get("/api/v0/me")
haml :response
rescue OAuth2::AccessDenied
"Token invalid"
end
else else
"No access token." "No access token."
end end