2014-12-19 09:15:29 -05:00
|
|
|
class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
|
2015-04-16 08:03:37 -04:00
|
|
|
before_action :authenticate_resource_owner!
|
2015-05-01 04:39:11 -04:00
|
|
|
|
|
|
|
|
layout 'profile'
|
2014-12-19 09:15:29 -05:00
|
|
|
|
|
|
|
|
def new
|
|
|
|
|
if pre_auth.authorizable?
|
|
|
|
|
if skip_authorization? || matching_token?
|
|
|
|
|
auth = authorization.authorize
|
2016-02-19 08:22:06 -05:00
|
|
|
session.delete(:user_return_to)
|
2014-12-19 09:15:29 -05:00
|
|
|
redirect_to auth.redirect_uri
|
|
|
|
|
else
|
|
|
|
|
render "doorkeeper/authorizations/new"
|
|
|
|
|
end
|
|
|
|
|
else
|
|
|
|
|
render "doorkeeper/authorizations/error"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# TODO: Handle raise invalid authorization
|
|
|
|
|
def create
|
|
|
|
|
redirect_or_render authorization.authorize
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
|
redirect_or_render authorization.deny
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def matching_token?
|
2014-12-25 09:46:28 -05:00
|
|
|
Doorkeeper::AccessToken.matching_token_for(pre_auth.client,
|
|
|
|
|
current_resource_owner.id,
|
|
|
|
|
pre_auth.scopes)
|
2014-12-19 09:15:29 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def redirect_or_render(auth)
|
|
|
|
|
if auth.redirectable?
|
|
|
|
|
redirect_to auth.redirect_uri
|
|
|
|
|
else
|
|
|
|
|
render json: auth.body, status: auth.status
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def pre_auth
|
2014-12-25 09:46:28 -05:00
|
|
|
@pre_auth ||=
|
|
|
|
|
Doorkeeper::OAuth::PreAuthorization.new(Doorkeeper.configuration,
|
2014-12-19 09:15:29 -05:00
|
|
|
server.client_via_uid,
|
|
|
|
|
params)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def authorization
|
|
|
|
|
@authorization ||= strategy.request
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def strategy
|
2014-12-25 09:46:28 -05:00
|
|
|
@strategy ||= server.authorization_request(pre_auth.response_type)
|
2014-12-19 09:15:29 -05:00
|
|
|
end
|
|
|
|
|
end
|
