RubyGems - authlogic-oauth - Versions diffs - 1.0.7 → 1.0.8 - Mend

authlogic-oauth 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

data/CHANGELOG.rdoc +5 -1
data/lib/authlogic_oauth/acts_as_authentic.rb +26 -23
data/lib/authlogic_oauth/oauth_process.rb +19 -15
data/lib/authlogic_oauth/session.rb +16 -14
data/lib/authlogic_oauth/version.rb +10 -10
metadata +2 -2

data/CHANGELOG.rdoc CHANGED

@@ -1,3 +1,7 @@
+== 1.0.8 release 2009-8-2
+* Fixing unauthorized errors when you before_filter :require_no_user on the UserController#create action.
 == 1.0.7 release 2009-7-20
 * Fixing a OAuth unauthorized error when updating a user object with new oauth token/secret via the 'Register with OAuth' helper.
@@ -15,7 +19,7 @@
 * Using oauth's callback_url parameter to control where the oauth server returns the user to the application.
   The callback_url parameter was temporarily disabled on major oauth sites due to security concerns, but has been resolved.
 * Removed the need to add specific oauth routes and an oauth_controller (YAY!).  This makes using the plugin much easier.
 == 1.0.1 released 2009-6-4

data/lib/authlogic_oauth/acts_as_authentic.rb CHANGED

@@ -6,7 +6,7 @@ module AuthlogicOauth
         add_acts_as_authentic_module(Methods, :prepend)
       end
     end
     module Config
       # The name of the oauth token field in the database.
       #
@@ -16,7 +16,7 @@ module AuthlogicOauth
         rw_config(:oauth_token_field, value, :oauth_token)
       end
       alias_method :oauth_token_field=, :oauth_token_field
       # The name of the oauth token secret field in the database.
       #
       # * <tt>Default:</tt> :oauth_secret
@@ -26,36 +26,36 @@ module AuthlogicOauth
       end
       alias_method :oauth_secret_field=, :oauth_secret_field
     end
     module Methods
       include OauthProcess
       # Set up some simple validations
       def self.included(klass)
         klass.class_eval do
           alias_method "#{oauth_token_field.to_s}=".to_sym, :oauth_token=
           alias_method "#{oauth_secret_field.to_s}=".to_sym, :oauth_secret=
         end
         return if !klass.column_names.include?(klass.oauth_token_field.to_s)
         klass.class_eval do
           validate :validate_by_oauth, :if => :authenticating_with_oauth?
           validates_uniqueness_of klass.oauth_token_field, :scope => validations_scope, :if => :using_oauth?
           validates_presence_of klass.oauth_secret_field, :scope => validations_scope, :if => :using_oauth?
           validates_length_of_password_field_options validates_length_of_password_field_options.merge(:if => :validate_password_with_oauth?)
           validates_confirmation_of_password_field_options validates_confirmation_of_password_field_options.merge(:if => :validate_password_with_oauth?)
           validates_length_of_password_confirmation_field_options validates_length_of_password_confirmation_field_options.merge(:if => :validate_password_with_oauth?)
           validates_length_of_login_field_options validates_length_of_login_field_options.merge(:if => :validate_password_with_oauth?)
           validates_format_of_login_field_options validates_format_of_login_field_options.merge(:if => :validate_password_with_oauth?)
         end
         # email needs to be optional for oauth
         klass.validate_email_field = false
       end
       def save(perform_validation = true, &block)
         if perform_validation && block_given? && redirecting_to_oauth_server?
           # Save attributes so they aren't lost during the authentication with the oauth server
@@ -63,58 +63,61 @@ module AuthlogicOauth
           redirect_to_oauth
           return false
         end
         result = super
         yield(result) if block_given?
         result
       end
       # Set the oauth fields
       def oauth_token=(value)
         write_attribute(oauth_token_field, value.blank? ? nil : value)
       end
       def oauth_secret=(value)
         write_attribute(oauth_secret_field, value.blank? ? nil : value)
       end
     private
       def authenticating_with_oauth?
-        (session_class.controller.params && !session_class.controller.params[:register_with_oauth].blank?) || oauth_response
+        # Initial request when user presses one of the button helpers
+        (session_class.controller.params && !session_class.controller.params[:register_with_oauth].blank?) ||
+        # When the oauth provider responds and we made the initial request
+        (oauth_response && session_class.controller.session && session_class.controller.session[:oauth_request_class] == self.class.name)
       end
       def authenticate_with_oauth
         # Restore any attributes which were saved before redirecting to the oauth server
         self.attributes = session_class.controller.session.delete(:authlogic_oauth_attributes)
         access_token = generate_access_token
         self.oauth_token = access_token.token
         self.oauth_secret = access_token.secret
       end
       def access_token
         OAuth::AccessToken.new(oauth,
         read_attribute(oauth_token_field),
         read_attribute(oauth_secret_field))
       end
       def using_oauth?
         respond_to?(oauth_token_field) && !oauth_token.blank?
       end
       def validate_password_with_oauth?
         !using_oauth? && require_password?
       end
       def oauth_token_field
         self.class.oauth_token_field
       end
       def oauth_secret_field
         self.class.oauth_secret_field
       end
     end
   end
 end

data/lib/authlogic_oauth/oauth_process.rb CHANGED

@@ -1,62 +1,66 @@
 module AuthlogicOauth
   module OauthProcess
   private
     def validate_by_oauth
       validate_email_field = false
       if oauth_response.blank?
         redirect_to_oauth
       else
         authenticate_with_oauth
       end
     end
     def redirecting_to_oauth_server?
       authenticating_with_oauth? && oauth_response.blank?
     end
     def redirect_to_oauth
       request = oauth.get_request_token :oauth_callback => build_callback_url
       oauth_controller.session[:oauth_request_token]        = request.token
       oauth_controller.session[:oauth_request_token_secret] = request.secret
+      # Store the class which is redirecting, so we can ensure other classes
+      # don't get confused and attempt to use the response
+      oauth_controller.session[:oauth_request_class] = self.class.name
       # Tell our rack callback filter what method the current request is using
       oauth_controller.session[:oauth_callback_method]      = oauth_controller.request.method
       oauth_controller.redirect_to request.authorize_url
     end
     def build_callback_url
       oauth_controller.url_for :controller => oauth_controller.controller_name, :action => oauth_controller.action_name
     end
     def request_token
       OAuth::RequestToken.new(oauth,
       oauth_controller.session[:oauth_request_token],
       oauth_controller.session[:oauth_request_token_secret])
     end
     def generate_access_token
       request_token.get_access_token(:oauth_verifier => oauth_controller.params[:oauth_verifier])
     end
     def oauth_response
       oauth_controller.params && oauth_controller.params[:oauth_token]
     end
     def oauth_controller
       is_auth_session? ? controller : session_class.controller
     end
     def oauth
       is_auth_session? ? self.class.oauth_consumer : session_class.oauth_consumer
     end
     def is_auth_session?
       self.is_a?(Authlogic::Session::Base)
     end
   end
 end

data/lib/authlogic_oauth/session.rb CHANGED

@@ -8,7 +8,7 @@ module AuthlogicOauth
         include Methods
       end
     end
     module Config
       # * <tt>Default:</tt> :find_by_oauth_token
       # * <tt>Accepts:</tt> Symbol
@@ -17,16 +17,16 @@ module AuthlogicOauth
       end
       alias_method :find_by_oauth_method=, :find_by_oauth_method
     end
     module Methods
       include OauthProcess
       def self.included(klass)
         klass.class_eval do
           validate :validate_by_oauth, :if => :authenticating_with_oauth?
         end
       end
       # Hooks into credentials so that you can pass a user who has already has an oauth access token.
       def credentials=(value)
         super
@@ -34,25 +34,27 @@ module AuthlogicOauth
         hash = values.first.is_a?(Hash) ? values.first.with_indifferent_access : nil
         self.record = hash[:priority_record] if !hash.nil? && hash.key?(:priority_record)
       end
       def record=(record)
         @record = record
       end
-      # Clears out the block if we are authenticating with oauth,
+      # Clears out the block if we are authenticating with oauth,
       # so that we can redirect without a DoubleRender error.
       def save(&block)
         block = nil if redirecting_to_oauth_server?
         super(&block)
       end
     private
       def authenticating_with_oauth?
-        # Test for attempted_record with oauth_response to avoid issues with updating a user with new oauth token/secret
-        (controller.params && !controller.params[:login_with_oauth].blank?) || (self.attempted_record.nil? && oauth_response)
+        # Initial request when user presses one of the button helpers
+        (controller.params && !controller.params[:login_with_oauth].blank?) ||
+        # When the oauth provider responds and we made the initial request
+        (oauth_response && controller.session && controller.session[:oauth_request_class] == self.class.name)
       end
       def authenticate_with_oauth
         if @record
           self.attempted_record = record
@@ -60,12 +62,12 @@ module AuthlogicOauth
           self.attempted_record = search_for_record(find_by_oauth_method, generate_access_token.token)
           #errors.add_to_base("Unable to authenticate with Twitter.")
         end
         if !attempted_record
           errors.add_to_base("Could not find user in our database, have you registered with your oauth account?")
         end
       end
       def find_by_oauth_method
         self.class.find_by_oauth_method
       end

data/lib/authlogic_oauth/version.rb CHANGED

@@ -4,45 +4,45 @@ module AuthlogicOauth
   # +tiny+ (or +patch+) number.
   class Version
     include Comparable
     # A convenience method for instantiating a new Version instance with the
     # given +major+, +minor+, and +tiny+ components.
     def self.[](major, minor, tiny)
       new(major, minor, tiny)
     end
     attr_reader :major, :minor, :tiny
     # Create a new Version object with the given components.
     def initialize(major, minor, tiny)
       @major, @minor, @tiny = major, minor, tiny
     end
     # Compare this version to the given +version+ object.
     def <=>(version)
       to_i <=> version.to_i
     end
     # Converts this version object to a string, where each of the three
     # version components are joined by the '.' character. E.g., 2.0.0.
     def to_s
       @to_s ||= [@major, @minor, @tiny].join(".")
     end
     # Converts this version to a canonical integer that may be compared
     # against other version objects.
     def to_i
       @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
     end
     def to_a
       [@major, @minor, @tiny]
     end
     MAJOR = 1
     MINOR = 0
-    TINY  = 7
+    TINY  = 8
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)
     # The current version as a String

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlogic-oauth
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.8
 platform: ruby
 authors:
 - John Allison
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-07-20 00:00:00 -04:00
+date: 2009-08-02 00:00:00 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency