diff --git a/Rakefile b/Rakefile index 240f5c0..136f689 100644 --- a/Rakefile +++ b/Rakefile @@ -1,7 +1,6 @@ require "bundler/gem_tasks" APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__) -load 'rails/tasks/engine.rake' require 'rspec/core/rake_task' RSpec::Core::RakeTask.new('spec') diff --git a/app/controllers/devise/oauth2_providable/authorizations_controller.rb b/app/controllers/devise/oauth2_providable/authorizations_controller.rb index 72c39cb..6502fa6 100644 --- a/app/controllers/devise/oauth2_providable/authorizations_controller.rb +++ b/app/controllers/devise/oauth2_providable/authorizations_controller.rb @@ -1,8 +1,6 @@ module Devise module Oauth2Providable - class AuthorizationsController < ApplicationController - before_filter :authenticate_user! - + class AuthorizationsController < Devise::Oauth2Providable::BaseController rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e| @error = e render :error, :status => e.status @@ -32,6 +30,7 @@ def respond(status, header, response) def authorize_endpoint(allow_approval = false) Rack::OAuth2::Server::Authorize.new do |req, res| @client = Client.find_by_identifier(req.client_id) || req.bad_request! + @state = req.state res.redirect_uri = @redirect_uri = req.verify_redirect_uri!(@client.redirect_uri) if allow_approval if params[:approve].present? diff --git a/app/controllers/devise/oauth2_providable/base_controller.rb b/app/controllers/devise/oauth2_providable/base_controller.rb new file mode 100644 index 0000000..d38ee85 --- /dev/null +++ b/app/controllers/devise/oauth2_providable/base_controller.rb @@ -0,0 +1,3 @@ +class Devise::Oauth2Providable::BaseController < ApplicationController + before_filter :authenticate_user! +end diff --git a/app/controllers/devise/oauth2_providable/tokens_controller.rb b/app/controllers/devise/oauth2_providable/tokens_controller.rb index 55b003e..a4cc3ed 100644 --- a/app/controllers/devise/oauth2_providable/tokens_controller.rb +++ b/app/controllers/devise/oauth2_providable/tokens_controller.rb @@ -1,5 +1,4 @@ -class Devise::Oauth2Providable::TokensController < ApplicationController - before_filter :authenticate_user! +class Devise::Oauth2Providable::TokensController < Devise::Oauth2Providable::BaseController skip_before_filter :verify_authenticity_token, :only => :create def create diff --git a/app/views/devise/oauth2_providable/authorizations/_form.html.erb b/app/views/devise/oauth2_providable/authorizations/_form.html.erb index 57bfee6..77c89b5 100644 --- a/app/views/devise/oauth2_providable/authorizations/_form.html.erb +++ b/app/views/devise/oauth2_providable/authorizations/_form.html.erb @@ -2,6 +2,7 @@ <%= hidden_field_tag :client_id, client.identifier %> <%= hidden_field_tag :response_type, response_type %> <%= hidden_field_tag :redirect_uri, redirect_uri %> + <%= hidden_field_tag :state, state %> <%= submit_tag action.to_s.capitalize %> <%= hidden_field_tag action, true %> <% end %> diff --git a/app/views/devise/oauth2_providable/authorizations/new.html.erb b/app/views/devise/oauth2_providable/authorizations/new.html.erb index f1f2ae5..952ee85 100644 --- a/app/views/devise/oauth2_providable/authorizations/new.html.erb +++ b/app/views/devise/oauth2_providable/authorizations/new.html.erb @@ -1,4 +1,4 @@

<%= link_to @client.name, @client.website %> is requesting permission to access your resources.

-<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :action => :approve %> -<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :action => :deny %> +<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :state => @state, :action => :approve %> +<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :state => @state, :action => :deny %> diff --git a/devise_oauth2_providable.gemspec b/devise_oauth2_providable.gemspec index 74b6a2c..02472fe 100644 --- a/devise_oauth2_providable.gemspec +++ b/devise_oauth2_providable.gemspec @@ -16,13 +16,13 @@ Gem::Specification.new do |s| s.add_runtime_dependency(%q, [">= 3.1.0"]) s.add_runtime_dependency(%q, [">= 1.4.3"]) - s.add_runtime_dependency(%q, ["~> 0.11.0"]) - s.add_development_dependency(%q, ['2.6.1']) + s.add_runtime_dependency(%q, [">= 0.11.0"]) + s.add_development_dependency(%q, ['>=2.6.1']) s.add_development_dependency(%q, ['1.3.5']) - s.add_development_dependency(%q, ['1.0.0.beta3']) - s.add_development_dependency(%q, ['0.9.6.2']) - s.add_development_dependency(%q, ['2.2.0']) - s.add_development_dependency(%q, ['0.0.1']) + s.add_development_dependency(%q, ['>=1.0.0.beta3']) + s.add_development_dependency(%q, ['>=0.9.6.2']) + s.add_development_dependency(%q, ['>=2.2.0']) + s.add_development_dependency(%q, ['>=0.0.1']) s.add_development_dependency(%q, ['0.9.2.2']) s.files = `git ls-files`.split("\n") diff --git a/lib/devise/oauth2_providable/engine.rb b/lib/devise/oauth2_providable/engine.rb index 0869344..4f170d5 100644 --- a/lib/devise/oauth2_providable/engine.rb +++ b/lib/devise/oauth2_providable/engine.rb @@ -7,7 +7,6 @@ class Engine < Rails::Engine config.devise_oauth2_providable.authorization_code_expires_in = 1.minute engine_name 'oauth2' - isolate_namespace Devise::Oauth2Providable initializer "devise_oauth2_providable.initialize_application", :before=> :load_config_initializers do |app| app.config.filter_parameters << :client_secret end diff --git a/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb b/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb index 3c0784d..52795ff 100644 --- a/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb +++ b/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb @@ -4,7 +4,7 @@ module Devise module Strategies class Oauth2GrantTypeStrategy < Authenticatable def valid? - params[:controller] == 'devise/oauth2_providable/tokens' && request.post? && params[:grant_type] == grant_type + env['action_controller.instance'].kind_of?(Devise::Oauth2Providable::TokensController) && request.post? && params[:grant_type] == grant_type end # defined by subclass diff --git a/spec/rails_app/db/migrate/20110523015635_add_pet_column_to_users.rb b/spec/rails_app/db/migrate/20110523015635_add_pet_column_to_users.rb new file mode 100644 index 0000000..1f1f061 --- /dev/null +++ b/spec/rails_app/db/migrate/20110523015635_add_pet_column_to_users.rb @@ -0,0 +1,9 @@ +class AddPetColumnToUsers < ActiveRecord::Migration + def self.up + add_column :users, :pet, :string + end + + def self.down + remove_column :users, :pet + end +end