diff --git a/Rakefile b/Rakefile
index 240f5c0..136f689 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,7 +1,6 @@
require "bundler/gem_tasks"
APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
-load 'rails/tasks/engine.rake'
require 'rspec/core/rake_task'
RSpec::Core::RakeTask.new('spec')
diff --git a/app/controllers/devise/oauth2_providable/authorizations_controller.rb b/app/controllers/devise/oauth2_providable/authorizations_controller.rb
index 72c39cb..6502fa6 100644
--- a/app/controllers/devise/oauth2_providable/authorizations_controller.rb
+++ b/app/controllers/devise/oauth2_providable/authorizations_controller.rb
@@ -1,8 +1,6 @@
module Devise
module Oauth2Providable
- class AuthorizationsController < ApplicationController
- before_filter :authenticate_user!
-
+ class AuthorizationsController < Devise::Oauth2Providable::BaseController
rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e|
@error = e
render :error, :status => e.status
@@ -32,6 +30,7 @@ def respond(status, header, response)
def authorize_endpoint(allow_approval = false)
Rack::OAuth2::Server::Authorize.new do |req, res|
@client = Client.find_by_identifier(req.client_id) || req.bad_request!
+ @state = req.state
res.redirect_uri = @redirect_uri = req.verify_redirect_uri!(@client.redirect_uri)
if allow_approval
if params[:approve].present?
diff --git a/app/controllers/devise/oauth2_providable/base_controller.rb b/app/controllers/devise/oauth2_providable/base_controller.rb
new file mode 100644
index 0000000..d38ee85
--- /dev/null
+++ b/app/controllers/devise/oauth2_providable/base_controller.rb
@@ -0,0 +1,3 @@
+class Devise::Oauth2Providable::BaseController < ApplicationController
+ before_filter :authenticate_user!
+end
diff --git a/app/controllers/devise/oauth2_providable/tokens_controller.rb b/app/controllers/devise/oauth2_providable/tokens_controller.rb
index 55b003e..a4cc3ed 100644
--- a/app/controllers/devise/oauth2_providable/tokens_controller.rb
+++ b/app/controllers/devise/oauth2_providable/tokens_controller.rb
@@ -1,5 +1,4 @@
-class Devise::Oauth2Providable::TokensController < ApplicationController
- before_filter :authenticate_user!
+class Devise::Oauth2Providable::TokensController < Devise::Oauth2Providable::BaseController
skip_before_filter :verify_authenticity_token, :only => :create
def create
diff --git a/app/views/devise/oauth2_providable/authorizations/_form.html.erb b/app/views/devise/oauth2_providable/authorizations/_form.html.erb
index 57bfee6..77c89b5 100644
--- a/app/views/devise/oauth2_providable/authorizations/_form.html.erb
+++ b/app/views/devise/oauth2_providable/authorizations/_form.html.erb
@@ -2,6 +2,7 @@
<%= hidden_field_tag :client_id, client.identifier %>
<%= hidden_field_tag :response_type, response_type %>
<%= hidden_field_tag :redirect_uri, redirect_uri %>
+ <%= hidden_field_tag :state, state %>
<%= submit_tag action.to_s.capitalize %>
<%= hidden_field_tag action, true %>
<% end %>
diff --git a/app/views/devise/oauth2_providable/authorizations/new.html.erb b/app/views/devise/oauth2_providable/authorizations/new.html.erb
index f1f2ae5..952ee85 100644
--- a/app/views/devise/oauth2_providable/authorizations/new.html.erb
+++ b/app/views/devise/oauth2_providable/authorizations/new.html.erb
@@ -1,4 +1,4 @@
<%= link_to @client.name, @client.website %> is requesting permission to access your resources.
-<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :action => :approve %>
-<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :action => :deny %>
+<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :state => @state, :action => :approve %>
+<%= render 'devise/oauth2_providable/authorizations/form', :client => @client, :response_type => @response_type, :redirect_uri => @redirect_uri, :state => @state, :action => :deny %>
diff --git a/devise_oauth2_providable.gemspec b/devise_oauth2_providable.gemspec
index 74b6a2c..02472fe 100644
--- a/devise_oauth2_providable.gemspec
+++ b/devise_oauth2_providable.gemspec
@@ -16,13 +16,13 @@ Gem::Specification.new do |s|
s.add_runtime_dependency(%q, [">= 3.1.0"])
s.add_runtime_dependency(%q, [">= 1.4.3"])
- s.add_runtime_dependency(%q, ["~> 0.11.0"])
- s.add_development_dependency(%q, ['2.6.1'])
+ s.add_runtime_dependency(%q, [">= 0.11.0"])
+ s.add_development_dependency(%q, ['>=2.6.1'])
s.add_development_dependency(%q, ['1.3.5'])
- s.add_development_dependency(%q, ['1.0.0.beta3'])
- s.add_development_dependency(%q, ['0.9.6.2'])
- s.add_development_dependency(%q, ['2.2.0'])
- s.add_development_dependency(%q, ['0.0.1'])
+ s.add_development_dependency(%q, ['>=1.0.0.beta3'])
+ s.add_development_dependency(%q, ['>=0.9.6.2'])
+ s.add_development_dependency(%q, ['>=2.2.0'])
+ s.add_development_dependency(%q, ['>=0.0.1'])
s.add_development_dependency(%q, ['0.9.2.2'])
s.files = `git ls-files`.split("\n")
diff --git a/lib/devise/oauth2_providable/engine.rb b/lib/devise/oauth2_providable/engine.rb
index 0869344..4f170d5 100644
--- a/lib/devise/oauth2_providable/engine.rb
+++ b/lib/devise/oauth2_providable/engine.rb
@@ -7,7 +7,6 @@ class Engine < Rails::Engine
config.devise_oauth2_providable.authorization_code_expires_in = 1.minute
engine_name 'oauth2'
- isolate_namespace Devise::Oauth2Providable
initializer "devise_oauth2_providable.initialize_application", :before=> :load_config_initializers do |app|
app.config.filter_parameters << :client_secret
end
diff --git a/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb b/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb
index 3c0784d..52795ff 100644
--- a/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb
+++ b/lib/devise/oauth2_providable/strategies/oauth2_grant_type_strategy.rb
@@ -4,7 +4,7 @@ module Devise
module Strategies
class Oauth2GrantTypeStrategy < Authenticatable
def valid?
- params[:controller] == 'devise/oauth2_providable/tokens' && request.post? && params[:grant_type] == grant_type
+ env['action_controller.instance'].kind_of?(Devise::Oauth2Providable::TokensController) && request.post? && params[:grant_type] == grant_type
end
# defined by subclass
diff --git a/spec/rails_app/db/migrate/20110523015635_add_pet_column_to_users.rb b/spec/rails_app/db/migrate/20110523015635_add_pet_column_to_users.rb
new file mode 100644
index 0000000..1f1f061
--- /dev/null
+++ b/spec/rails_app/db/migrate/20110523015635_add_pet_column_to_users.rb
@@ -0,0 +1,9 @@
+class AddPetColumnToUsers < ActiveRecord::Migration
+ def self.up
+ add_column :users, :pet, :string
+ end
+
+ def self.down
+ remove_column :users, :pet
+ end
+end