Forked from pnomolos/application_controller.rb
Last active
December 29, 2015 07:29
-
-
Save holin/7636828 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Based on work from http://mifsud.me/simple-two-legged-oauth-provider-in-rails-2 | |
| # Note that you need a user with :api_key and :secret fields | |
| require 'oauth/request_proxy/rack_request' | |
| class ApplicationController < ActionController::Base | |
| protect_from_forgery | |
| protected | |
| def run_oauth_check | |
| req = OAuth::RequestProxy::RackRequest.new(request) | |
| return render :json => { :error => "Invalid request" }, | |
| :status => 400 unless req.parameters['oauth_consumer_key'] | |
| client = User.first :api_key => req.parameters['oauth_consumer_key'] | |
| return render :json => { :error => "Invalid credentials" }, | |
| :status => 401 if client.nil? | |
| begin | |
| signature = ::OAuth::Signature.build(::Rack::Request.new(env)) do |rp| | |
| [nil, client.secret] | |
| end | |
| return render :json => { :error => "Invalid credentials" }, | |
| :status => 401 unless signature.verify | |
| rescue ::OAuth::Signature::UnknownSignatureMethod => e | |
| return render :json => { :error => "Unknown signature method" }, :status => 400 | |
| end | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #https://github.com/opower/crazylegs | |
| gem install crazylegs | |
| include Crazylegs | |
| credentials = Credentials.new(consumer_key,shared_secret) | |
| url = SignedURL.new(credentials,"http://api.example.com/api/customers",'GET') | |
| url['accountNumber'] = '655321' | |
| signed_url = url.full_url | |
| # signed_url can now be requested of the remote server | |
| # If you want to use the header-based version | |
| url = SignedURL.new(credentials,"http://api.example.com/api/customers/12/address",'POST') | |
| signed_url,headers = url.full_url_using_headers | |
| # Now, you can POST signed_url as long as you included headers in your HTTP request | |
| # send request with curl | |
| curl -F [email protected] "http://localhost:3001/resource?oauth_consumer_key=consumer_key&oauth_nonce=1386835620.822221&oauth_signature=GXpFwroYXoRkH%2B64HJq9lN65fog%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1386835620&oauth_version=1.0" | |
| user header: | |
| curl -i -F [email protected] "http://localhost:3001/resource?foo=bar" -H "Authorization: OAuth oauth_consumer_key=consumer_key,oauth_nonce=1386837124.162156,oauth_signature=34Ac2tbu0HxY1Dasti9Lmg5c0oI%3D,oauth_signature_method=HMAC-SHA1,oauth_timestamp=1386837124,oauth_version=1.0" | |
| Signing 'POST&http%3A%2F%2Flocalhost%3A3001%2Fresource&oauth_consumer_key%3Dconsumer_key%26oauth_nonce%3D1386835620.822221%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1386835620%26oauth_version%3D1.0' with key 'clientsecret' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment