[Jifty-commit] r5149 - in jifty/trunk: lib/Jifty/Plugin lib/Jifty/Plugin/OAuth
Jifty commits
jifty-commit at lists.jifty.org
Wed Feb 20 18:35:16 EST 2008
Author: sartak
Date: Wed Feb 20 18:35:14 2008
New Revision: 5149
Modified:
jifty/trunk/ (props changed)
jifty/trunk/lib/Jifty/Plugin/OAuth.pm
jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
jifty/trunk/lib/Jifty/Plugin/OAuth/View.pm
Log:
r51967 at onn: sartak | 2008-02-20 18:35:01 -0500
* More documentation
* Add a Jifty->web->current_user->is_oauthed
* Little display fixes
Modified: jifty/trunk/lib/Jifty/Plugin/OAuth.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth.pm Wed Feb 20 18:35:14 2008
@@ -6,17 +6,50 @@
our $VERSION = 0.01;
+sub init {
+ Jifty::CurrentUser->mk_accessors(qw(is_oauthed));
+}
+
=head1 NAME
-Jifty::Plugin::OAuth
+Jifty::Plugin::OAuth - secure API authentication
=head1 DESCRIPTION
-A OAuth web services API for your Jifty app.
+A OAuth web services API for your Jifty app. Other applications may have secure
+and limited access to your users' data.
+
+This plugin adds an C</oauth> set of URLs to your application, listed below. It
+also adds C<is_oauthed> to L<Jifty::CurrentUser>, so you may have additional
+restrictions on OAuth access (such as forbidding OAuthed users to change users'
+passwords).
+
+=head2 /oauth
+
+This lists some basic information about OAuth, and where to find more. It also
+tells consumers how they may gain OAuth-ability for your site.
+
+=head2 /oauth/request_token
+
+The URL that consumers POST to get a request token
+
+=head2 /oauth/authorize
+
+The URL at which users authorize request tokens
+
+=head2 /oauth/authorized
+
+After authorizing or denying a request token, users are directed here before
+going back to the consumer's site.
+
+=head2 /oauth/access_token
+
+The URL that consumers POST to trade an authorized request token for an access
+token
=head1 WARNING
-This plugin is not yet complete. DO NOT USE IT.
+This plugin is beta. Please let us know if there are any issues with it.
=head1 USAGE
@@ -148,6 +181,12 @@
in a very secure manner. For example, a replay attack (an eavesdropper repeats
a request made by a legitimate consumer) is actively defended against.
+=head1 METHODS
+
+=head2 init
+
+This adds an is_oauthed accessor to L<Jifty::CurrentUser>.
+
=head1 SEE ALSO
L<Net::OAuth::Request>, L<http://oauth.net/>
Modified: jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth/Dispatcher.pm Wed Feb 20 18:35:14 2008
@@ -31,11 +31,11 @@
sub abortmsg {
my ($code, $msg) = @_;
if ($code) {
- Jifty->log->debug("$code for ".Jifty->web->request->path.":" . $msg) if defined($msg);
+ Jifty->log->debug("$code for ".Jifty->web->request->path.": $msg") if defined($msg);
abort($code);
}
elsif (defined $msg) {
- Jifty->log->debug("OAuth denied for ".Jifty->web->request->path.":" . $msg);
+ Jifty->log->debug("OAuth denied for ".Jifty->web->request->path.": $msg");
}
}
@@ -103,7 +103,7 @@
sub authorize {
my @params = qw/token callback/;
- abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->handler->stash->{oauth};
+ abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->web->current_user->is_oauthed;
set no_abort => 1;
my %oauth_params = get_parameters(@params);
@@ -130,7 +130,7 @@
=cut
sub authorize_post {
- abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->handler->stash->{oauth};
+ abortmsg(403, "Cannot authorize tokens as an OAuthed user") if Jifty->web->current_user->is_oauthed;
my $result = Jifty->web->response->result("authorize_request_token");
unless ($result && $result->success) {
redirect '/oauth/authorize';
@@ -261,8 +261,8 @@
abortmsg(undef, "Invalid signature (type: $oauth_params{signature_method})."), return unless $request->verify;
$consumer->made_request(@oauth_params{qw/timestamp nonce/});
- Jifty->handler->stash->{oauth} = 1;
Jifty->web->temporary_current_user(Jifty->app_class('CurrentUser')->new(id => $access_token->auth_as));
+ Jifty->web->current_user->is_oauthed(1);
}
=head2 invalid_method
Modified: jifty/trunk/lib/Jifty/Plugin/OAuth/View.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/OAuth/View.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/OAuth/View.pm Wed Feb 20 18:35:14 2008
@@ -99,12 +99,13 @@
outs "While you have a valid access token, you may browse the site as the user normally does.";
if ($restful) {
- outs " You may also use our REST interface. See ";
+ outs " You may also use ";
hyperlink(
url => Jifty->web->url(path => '=/help'),
- label => Jifty->web->url(path => '=/help'),
+ label => "our REST interface",
target => "_blank",
- )
+ );
+ outs ".";
}
}
};
More information about the Jifty-commit
mailing list