diff --git a/app/controllers/devise/oauth2_providable/tokens_controller.rb b/app/controllers/devise/oauth2_providable/tokens_controller.rb index 55b003e..7d1e2a8 100644 --- a/app/controllers/devise/oauth2_providable/tokens_controller.rb +++ b/app/controllers/devise/oauth2_providable/tokens_controller.rb @@ -1,4 +1,5 @@ class Devise::Oauth2Providable::TokensController < ApplicationController + before_filter :clear_session before_filter :authenticate_user! skip_before_filter :verify_authenticity_token, :only => :create @@ -7,10 +8,31 @@ def create @access_token = @refresh_token.access_tokens.create!(:client => oauth2_current_client, :user => current_user) render :json => @access_token.token_response end + + def destroy + oauth2_current_refresh_token.destroy if oauth2_current_refresh_token + + oauth2_current_access_token.destroy if oauth2_current_access_token + + head :status => 204 + end + private + # clear the session, so devise does not use session cookie based auth in any case + # the iPhone SDK by default has a shared cookie jar for WebViews and NSURL Request's + # and thus will send a cookie to this method + def clear_session + session.clear + end + def oauth2_current_client env[Devise::Oauth2Providable::CLIENT_ENV_REF] end + + def oauth2_current_access_token + env[Devise::Oauth2Providable::ACCESS_TOKEN_ENV_REF] + end + def oauth2_current_refresh_token env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF] end diff --git a/app/models/devise/oauth2_providable/refresh_token.rb b/app/models/devise/oauth2_providable/refresh_token.rb index f1066e1..26116d5 100644 --- a/app/models/devise/oauth2_providable/refresh_token.rb +++ b/app/models/devise/oauth2_providable/refresh_token.rb @@ -1,5 +1,5 @@ class Devise::Oauth2Providable::RefreshToken < ActiveRecord::Base expires_according_to :refresh_token_expires_in - has_many :access_tokens + has_many :access_tokens, :dependent => :delete_all end diff --git a/config/routes.rb b/config/routes.rb index 392da90..8bde03d 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -3,5 +3,5 @@ resources :authorizations, :only => :create match 'authorize' => 'authorizations#new' - resource :token, :only => :create + resource :token, :only => [:create, :destroy] end diff --git a/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb b/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb index 113c2fa..1673625 100644 --- a/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb +++ b/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb @@ -11,6 +11,7 @@ def authenticate! @req.setup! token = Devise::Oauth2Providable::AccessToken.find_by_token @req.access_token env[Devise::Oauth2Providable::CLIENT_ENV_REF] = token.client if token + env[Devise::Oauth2Providable::ACCESS_TOKEN_ENV_REF] = token resource = token ? token.user : nil if validate(resource) success! resource diff --git a/lib/devise_oauth2_providable.rb b/lib/devise_oauth2_providable.rb index 76b8561..ce1cd73 100644 --- a/lib/devise_oauth2_providable.rb +++ b/lib/devise_oauth2_providable.rb @@ -15,6 +15,7 @@ module Devise module Oauth2Providable CLIENT_ENV_REF = 'oauth2.client' REFRESH_TOKEN_ENV_REF = "oauth2.refresh_token" + ACCESS_TOKEN_ENV_REF = "oauth2.access_token" class << self def random_id diff --git a/spec/routing/tokens_routing_spec.rb b/spec/routing/tokens_routing_spec.rb index efdbcba..442badd 100644 --- a/spec/routing/tokens_routing_spec.rb +++ b/spec/routing/tokens_routing_spec.rb @@ -8,5 +8,9 @@ it 'routes POST /oauth2/token' do post('/oauth2/token').should route_to('devise/oauth2_providable/tokens#create') end + + # it 'routes DELETE /oauth2/token' do + # post('/oauth2/token').should route_to('devise/oauth2_providable/tokens#destroy') + # end end -end +end \ No newline at end of file