RubyGems - authlogic-oauth - Versions diffs - 1.0.7 → 1.0.8 - Mend

authlogic-oauth 1.0.7 → 1.0.8

Files changed (6) hide show

data/CHANGELOG.rdoc +5 -1
data/lib/authlogic_oauth/acts_as_authentic.rb +26 -23
data/lib/authlogic_oauth/oauth_process.rb +19 -15
data/lib/authlogic_oauth/session.rb +16 -14
data/lib/authlogic_oauth/version.rb +10 -10
metadata +2 -2

data/CHANGELOG.rdoc CHANGED

@@ -1,3 +1,7 @@
+== 1.0.8 release 2009-8-2
+* Fixing unauthorized errors when you before_filter :require_no_user on the UserController#create action.
 == 1.0.7 release 2009-7-20
 * Fixing a OAuth unauthorized error when updating a user object with new oauth token/secret via the 'Register with OAuth' helper.
@@ -15,7 +19,7 @@
 * Using oauth's callback_url parameter to control where the oauth server returns the user to the application.
   The callback_url parameter was temporarily disabled on major oauth sites due to security concerns, but has been resolved.
 * Removed the need to add specific oauth routes and an oauth_controller (YAY!).  This makes using the plugin much easier.
 == 1.0.1 released 2009-6-4

data/lib/authlogic_oauth/acts_as_authentic.rb CHANGED

@@ -6,7 +6,7 @@ module AuthlogicOauth
         add_acts_as_authentic_module(Methods, :prepend)
       end
     end
     module Config
       # The name of the oauth token field in the database.
       #
@@ -16,7 +16,7 @@ module AuthlogicOauth
         rw_config(:oauth_token_field, value, :oauth_token)
       end
       alias_method :oauth_token_field=, :oauth_token_field
       # The name of the oauth token secret field in the database.
       #
       # * <tt>Default:</tt> :oauth_secret
@@ -26,36 +26,36 @@ module AuthlogicOauth
       end
       alias_method :oauth_secret_field=, :oauth_secret_field
     end
     module Methods
       include OauthProcess
       # Set up some simple validations
       def self.included(klass)
         klass.class_eval do
           alias_method "#{oauth_token_field.to_s}=".to_sym, :oauth_token=
           alias_method "#{oauth_secret_field.to_s}=".to_sym, :oauth_secret=
         end
         return if !klass.column_names.include?(klass.oauth_token_field.to_s)
         klass.class_eval do
           validate :validate_by_oauth, :if => :authenticating_with_oauth?
           validates_uniqueness_of klass.oauth_token_field, :scope => validations_scope, :if => :using_oauth?
           validates_presence_of klass.oauth_secret_field, :scope => validations_scope, :if => :using_oauth?
           validates_length_of_password_field_options validates_length_of_password_field_options.merge(:if => :validate_password_with_oauth?)
           validates_confirmation_of_password_field_options validates_confirmation_of_password_field_options.merge(:if => :validate_password_with_oauth?)
           validates_length_of_password_confirmation_field_options validates_length_of_password_confirmation_field_options.merge(:if => :validate_password_with_oauth?)
           validates_length_of_login_field_options validates_length_of_login_field_options.merge(:if => :validate_password_with_oauth?)
           validates_format_of_login_field_options validates_format_of_login_field_options.merge(:if => :validate_password_with_oauth?)
         end
         # email needs to be optional for oauth
         klass.validate_email_field = false
       end
       def save(perform_validation = true, &block)
         if perform_validation && block_given? && redirecting_to_oauth_server?
           # Save attributes so they aren't lost during the authentication with the oauth server
@@ -63,58 +63,61 @@ module AuthlogicOauth
           redirect_to_oauth
           return false
         end
         result = super
         yield(result) if block_given?
         result
       end
       # Set the oauth fields
       def oauth_token=(value)
         write_attribute(oauth_token_field, value.blank? ? nil : value)
       end
       def oauth_secret=(value)
         write_attribute(oauth_secret_field, value.blank? ? nil : value)
       end
     private
       def authenticating_with_oauth?
-        (session_class.controller.params && !session_class.controller.params[:register_with_oauth].blank?) || oauth_response
+        # Initial request when user presses one of the button helpers
+        (session_class.controller.params && !session_class.controller.params[:register_with_oauth].blank?) ||
+        # When the oauth provider responds and we made the initial request
+        (oauth_response && session_class.controller.session && session_class.controller.session[:oauth_request_class] == self.class.name)
       end
       def authenticate_with_oauth
         # Restore any attributes which were saved before redirecting to the oauth server
         self.attributes = session_class.controller.session.delete(:authlogic_oauth_attributes)
         access_token = generate_access_token
         self.oauth_token = access_token.token
         self.oauth_secret = access_token.secret
       end
       def access_token
         OAuth::AccessToken.new(oauth,
         read_attribute(oauth_token_field),
         read_attribute(oauth_secret_field))
       end
       def using_oauth?
         respond_to?(oauth_token_field) && !oauth_token.blank?
       end
       def validate_password_with_oauth?
         !using_oauth? && require_password?
       end
       def oauth_token_field
         self.class.oauth_token_field
       end
       def oauth_secret_field
         self.class.oauth_secret_field
       end
     end
   end
 end

data/lib/authlogic_oauth/oauth_process.rb CHANGED

@@ -1,62 +1,66 @@
 module AuthlogicOauth
   module OauthProcess
   private
     def validate_by_oauth
       validate_email_field = false
       if oauth_response.blank?
         redirect_to_oauth
       else
         authenticate_with_oauth
       end
     end
     def redirecting_to_oauth_server?
       authenticating_with_oauth? && oauth_response.blank?
     end
     def redirect_to_oauth
       request = oauth.get_request_token :oauth_callback => build_callback_url
       oauth_controller.session[:oauth_request_token]        = request.token
       oauth_controller.session[:oauth_request_token_secret] = request.secret
+      # Store the class which is redirecting, so we can ensure other classes
+      # don't get confused and attempt to use the response
+      oauth_controller.session[:oauth_request_class] = self.class.name
       # Tell our rack callback filter what method the current request is using
       oauth_controller.session[:oauth_callback_method]      = oauth_controller.request.method
       oauth_controller.redirect_to request.authorize_url
     end
     def build_callback_url
       oauth_controller.url_for :controller => oauth_controller.controller_name, :action => oauth_controller.action_name
     end
     def request_token
       OAuth::RequestToken.new(oauth,
       oauth_controller.session[:oauth_request_token],
       oauth_controller.session[:oauth_request_token_secret])
     end
     def generate_access_token
       request_token.get_access_token(:oauth_verifier => oauth_controller.params[:oauth_verifier])
     end
     def oauth_response
       oauth_controller.params && oauth_controller.params[:oauth_token]
     end
     def oauth_controller
       is_auth_session? ? controller : session_class.controller
     end
     def oauth
       is_auth_session? ? self.class.oauth_consumer : session_class.oauth_consumer
     end
     def is_auth_session?
       self.is_a?(Authlogic::Session::Base)
     end
   end
 end

data/lib/authlogic_oauth/session.rb CHANGED

@@ -8,7 +8,7 @@ module AuthlogicOauth
         include Methods
       end
     end
     module Config
       # * <tt>Default:</tt> :find_by_oauth_token
       # * <tt>Accepts:</tt> Symbol
@@ -17,16 +17,16 @@ module AuthlogicOauth
       end
       alias_method :find_by_oauth_method=, :find_by_oauth_method
     end
     module Methods
       include OauthProcess
       def self.included(klass)
         klass.class_eval do
           validate :validate_by_oauth, :if => :authenticating_with_oauth?
         end
       end
       # Hooks into credentials so that you can pass a user who has already has an oauth access token.
       def credentials=(value)
         super
@@ -34,25 +34,27 @@ module AuthlogicOauth
         hash = values.first.is_a?(Hash) ? values.first.with_indifferent_access : nil
         self.record = hash[:priority_record] if !hash.nil? && hash.key?(:priority_record)
       end
       def record=(record)
         @record = record
       end
-      # Clears out the block if we are authenticating with oauth,
+      # Clears out the block if we are authenticating with oauth,
       # so that we can redirect without a DoubleRender error.
       def save(&block)
         block = nil if redirecting_to_oauth_server?
         super(&block)
       end
     private
       def authenticating_with_oauth?
-        # Test for attempted_record with oauth_response to avoid issues with updating a user with new oauth token/secret
-        (controller.params && !controller.params[:login_with_oauth].blank?) || (self.attempted_record.nil? && oauth_response)
+        # Initial request when user presses one of the button helpers
+        (controller.params && !controller.params[:login_with_oauth].blank?) ||
+        # When the oauth provider responds and we made the initial request
+        (oauth_response && controller.session && controller.session[:oauth_request_class] == self.class.name)
       end
       def authenticate_with_oauth
         if @record
           self.attempted_record = record
@@ -60,12 +62,12 @@ module AuthlogicOauth
           self.attempted_record = search_for_record(find_by_oauth_method, generate_access_token.token)
           #errors.add_to_base("Unable to authenticate with Twitter.")
         end
         if !attempted_record
           errors.add_to_base("Could not find user in our database, have you registered with your oauth account?")
         end
       end
       def find_by_oauth_method
         self.class.find_by_oauth_method
       end

data/lib/authlogic_oauth/version.rb CHANGED

@@ -4,45 +4,45 @@ module AuthlogicOauth
   # +tiny+ (or +patch+) number.
   class Version
     include Comparable
     # A convenience method for instantiating a new Version instance with the
     # given +major+, +minor+, and +tiny+ components.
     def self.[](major, minor, tiny)
       new(major, minor, tiny)
     end
     attr_reader :major, :minor, :tiny
     # Create a new Version object with the given components.
     def initialize(major, minor, tiny)
       @major, @minor, @tiny = major, minor, tiny
     end
     # Compare this version to the given +version+ object.
     def <=>(version)
       to_i <=> version.to_i
     end
     # Converts this version object to a string, where each of the three
     # version components are joined by the '.' character. E.g., 2.0.0.
     def to_s
       @to_s ||= [@major, @minor, @tiny].join(".")
     end
     # Converts this version to a canonical integer that may be compared
     # against other version objects.
     def to_i
       @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
     end
     def to_a
       [@major, @minor, @tiny]
     end
     MAJOR = 1
     MINOR = 0
-    TINY  = 7
+    TINY  = 8
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)
     # The current version as a String

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlogic-oauth
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.8
 platform: ruby
 authors:
 - John Allison
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-07-20 00:00:00 -04:00
+date: 2009-08-02 00:00:00 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency