[Jifty-commit] r5149 - in jifty/trunk: lib/Jifty/Plugin lib/Jifty/Plugin/OAuth

Jifty commits jifty-commit at lists.jifty.org
Wed Feb 20 18:35:16 EST 2008 

Author: sartak
Date: Wed Feb 20 18:35:14 2008
New Revision: 5149

Modified:
   jifty/trunk/   (props changed)
   jifty/trunk/lib/Jifty/Plugin/OAuth.pm
   jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
   jifty/trunk/lib/Jifty/Plugin/OAuth/View.pm

Log:
 r51967 at onn:  sartak | 2008-02-20 18:35:01 -0500
 * More documentation
 * Add a Jifty->web->current_user->is_oauthed
 * Little display fixes


Modified: jifty/trunk/lib/Jifty/Plugin/OAuth.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth.pm	(original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth.pm	Wed Feb 20 18:35:14 2008
@@ -6,17 +6,50 @@
 
 our $VERSION = 0.01;
 
+sub init {
+    Jifty::CurrentUser->mk_accessors(qw(is_oauthed));
+}
+
 =head1 NAME
 
-Jifty::Plugin::OAuth
+Jifty::Plugin::OAuth - secure API authentication
 
 =head1 DESCRIPTION
 
-A OAuth web services API for your Jifty app.
+A OAuth web services API for your Jifty app. Other applications may have secure
+and limited access to your users' data.
+
+This plugin adds an C</oauth> set of URLs to your application, listed below. It
+also adds C<is_oauthed> to L<Jifty::CurrentUser>, so you may have additional
+restrictions on OAuth access (such as forbidding OAuthed users to change users'
+passwords).
+
+=head2 /oauth
+
+This lists some basic information about OAuth, and where to find more. It also
+tells consumers how they may gain OAuth-ability for your site.
+
+=head2 /oauth/request_token
+
+The URL that consumers POST to get a request token
+
+=head2 /oauth/authorize
+
+The URL at which users authorize request tokens
+
+=head2 /oauth/authorized
+
+After authorizing or denying a request token, users are directed here before
+going back to the consumer's site.
+
+=head2 /oauth/access_token
+
+The URL that consumers POST to trade an authorized request token for an access
+token
 
 =head1 WARNING
 
-This plugin is not yet complete. DO NOT USE IT.
+This plugin is beta. Please let us know if there are any issues with it.
 
 =head1 USAGE
 
@@ -148,6 +181,12 @@
 in a very secure manner. For example, a replay attack (an eavesdropper repeats
 a request made by a legitimate consumer) is actively defended against.
 
+=head1 METHODS
+
+=head2 init
+
+This adds an is_oauthed accessor to L<Jifty::CurrentUser>.
+
 =head1 SEE ALSO
 
 L<Net::OAuth::Request>, L<http://oauth.net/>

Modified: jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm	(original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm	Wed Feb 20 18:35:14 2008
@@ -31,11 +31,11 @@
 sub abortmsg {
     my ($code, $msg) = @_;
     if ($code) {
-        Jifty->log->debug("$code for ".Jifty->web->request->path.":" . $msg) if defined($msg);
+        Jifty->log->debug("$code for ".Jifty->web->request->path.": $msg") if defined($msg);
         abort($code);
     }
     elsif (defined $msg) {
-        Jifty->log->debug("OAuth denied for ".Jifty->web->request->path.":" . $msg);
+        Jifty->log->debug("OAuth denied for ".Jifty->web->request->path.": $msg");
     }
 }
 
@@ -103,7 +103,7 @@
 
 sub authorize {
     my @params = qw/token callback/;
-    abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->handler->stash->{oauth};
+    abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->web->current_user->is_oauthed;
 
     set no_abort => 1;
     my %oauth_params = get_parameters(@params);
@@ -130,7 +130,7 @@
 =cut
 
 sub authorize_post {
-    abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->handler->stash->{oauth};
+    abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->web->current_user->is_oauthed;
     my $result = Jifty->web->response->result("authorize_request_token");
     unless ($result && $result->success) {
         redirect '/oauth/authorize';
@@ -261,8 +261,8 @@
     abortmsg(undef, "Invalid signature (type: $oauth_params{signature_method})."), return unless $request->verify;
 
     $consumer->made_request(@oauth_params{qw/timestamp nonce/});
-    Jifty->handler->stash->{oauth} = 1;
     Jifty->web->temporary_current_user(Jifty->app_class('CurrentUser')->new(id => $access_token->auth_as));
+    Jifty->web->current_user->is_oauthed(1);
 }
 
 =head2 invalid_method

Modified: jifty/trunk/lib/Jifty/Plugin/OAuth/View.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth/View.pm	(original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth/View.pm	Wed Feb 20 18:35:14 2008
@@ -99,12 +99,13 @@
         outs "While you have a valid access token, you may browse the site as the user normally does.";
 
         if ($restful) {
-            outs " You may also use our REST interface. See ";
+            outs " You may also use ";
             hyperlink(
                 url    => Jifty->web->url(path => '=/help'),
-                label  => Jifty->web->url(path => '=/help'),
+                label  => "our REST interface",
                 target => "_blank",
-            )
+            );
+            outs ".";
         }
     }
 };

More information about the Jifty-commit mailing list