From ea71ebebdcc93a167a7d83e4a5f4e6a35dd1f53d Mon Sep 17 00:00:00 2001 From: Matt Button Date: Sun, 20 Nov 2011 16:39:37 +0000 Subject: [PATCH] Adapt authorizations controller to be scope agnostic, refs #23 --- .../authorizations_controller.rb | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/app/controllers/devise/oauth2_providable/authorizations_controller.rb b/app/controllers/devise/oauth2_providable/authorizations_controller.rb index fd453e9..12ac1ea 100644 --- a/app/controllers/devise/oauth2_providable/authorizations_controller.rb +++ b/app/controllers/devise/oauth2_providable/authorizations_controller.rb @@ -1,7 +1,8 @@ module Devise module Oauth2Providable class AuthorizationsController < ApplicationController - before_filter :authenticate_user! + include Devise::Controllers::InternalHelpers + before_filter :authenticate_scope! rescue_from Rack::OAuth2::Server::Authorize::BadRequest do |e| @error = e @@ -37,13 +38,13 @@ def authorize_endpoint(allow_approval = false) if params[:approve].present? case req.response_type when :code - authorization_code = current_user.authorization_codes.create(:client => @client, :redirect_uri => @redirect_uri) + authorization_code = resource.authorization_codes.create(:client => @client, :redirect_uri => @redirect_uri) res.code = authorization_code.token when :token - access_token = current_user.access_tokens.create(:client => @client).token + access_token = resource.access_tokens.create(:client => @client).token bearer_token = Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token) res.access_token = bearer_token - res.uid = current_user.id + res.uid = resource.id end res.approve! else @@ -54,6 +55,13 @@ def authorize_endpoint(allow_approval = false) end end end + + # Authenticates the current scope and gets the current resource from the session. + # Taken from devise + def authenticate_scope! + send(:"authenticate_#{resource_name}!", :force => true) + self.resource = send(:"current_#{resource_name}") + end end end end