Skip to content
This repository was archived by the owner on Nov 17, 2018. It is now read-only.

Commit 282d59b

Browse files
rofregrofreg
committed
OAuth: move storage of request token to cache, not the session (fixes weird Chrome login bug)
1 parent 3ebc768 commit 282d59b

File tree

1 file changed

+40
-27
lines changed

1 file changed

+40
-27
lines changed

app/controllers/user_controller.rb

Lines changed: 40 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -2,35 +2,25 @@ class UserController < ApplicationController
22
before_filter :check_for_credentials, except: [:login, :callback, :welcome]
33

44
def check_for_credentials
5-
unless session[:access_token]
5+
unless access_token
66
redirect_to login_path
77
end
88
end
99

1010
def login
11-
@consumer = OAuth::Consumer.new(ENV["SPLITWISE_API_KEY"], ENV["SPLITWISE_API_SECRET"], {
12-
:site => ENV["SPLITWISE_SITE"],
13-
:scheme => :header,
14-
:http_method => :post,
15-
:authorize_path => ENV["SPLITWISE_AUTHORIZE_URL"],
16-
:request_token_path => ENV["SPLITWISE_REQUEST_TOKEN_URL"],
17-
:access_token_path => ENV["SPLITWISE_ACCESS_TOKEN_URL"]
18-
})
19-
20-
@request_token = @consumer.get_request_token
21-
session[:request_token] = @request_token
22-
puts session.to_yaml
11+
@request_token = consumer.get_request_token
12+
Rails.cache.write(@request_token.token, @request_token.secret)
2313
redirect_to @request_token.authorize_url
2414
end
2515

2616
def callback
27-
puts session.to_yaml
28-
if session[:request_token]
29-
session[:access_token] = session[:request_token].get_access_token(:oauth_verifier => params[:oauth_verifier])
30-
after_callback
31-
else
32-
render :text => "Looks like something went wrong - sorry!"
33-
end
17+
request_token = OAuth::RequestToken.new(consumer, params[:oauth_token], Rails.cache.read(params[:oauth_token]))
18+
access_token = request_token.get_access_token(:oauth_verifier => params[:oauth_verifier])
19+
session[:access_token] = access_token.token
20+
session[:access_token_secret] = access_token.secret
21+
after_callback
22+
rescue
23+
render :text => "Looks like something went wrong - sorry!"
3424
end
3525

3626
def after_callback
@@ -48,39 +38,62 @@ def after_logout
4838

4939
# Actions with views
5040
def welcome
51-
if session[:access_token]
41+
if access_token
5242
after_callback
5343
end
5444
end
5545

5646
def balance_over_time
5747
@title = "Api Example \u00B7 Balance"
58-
@data = JSON.unparse(User.new(session[:access_token]).get_balance_over_time)
48+
@data = JSON.unparse(current_user.get_balance_over_time)
5949
end
6050

6151
def balances_over_time_with_friends
6252
@title = "Api Example \u00B7 Balance with friends"
63-
@data = JSON.unparse(User.new(session[:access_token]).get_balances_over_time_with_friends)
53+
@data = JSON.unparse(current_user.get_balances_over_time_with_friends)
6454
end
6555

6656
def expenses_over_time
6757
@title = "Api Example \u00B7 Expenses"
68-
@data = JSON.unparse(User.new(session[:access_token]).get_expenses_over_time_cumulative)
58+
@data = JSON.unparse(current_user.get_expenses_over_time_cumulative)
6959
end
7060

7161
def expenses_by_category
7262
@title = "Api Example \u00B7 Expenses by category"
73-
@data = JSON.unparse(User.new(session[:access_token]).get_expenses_by_category)
63+
@data = JSON.unparse(current_user.get_expenses_by_category)
7464
end
7565

7666
def expenses_by_category_over_time
7767
@title = "Api Example \u00B7 Category history"
78-
@data = JSON.unparse(User.new(session[:access_token]).get_expenses_by_category_over_time_cumulative)
68+
@data = JSON.unparse(current_user.get_expenses_by_category_over_time_cumulative)
7969
end
8070

8171
def expenses_matching
8272
@title = "Api Example \u00B7 Search an expense"
83-
@data = JSON.unparse(User.new(session[:access_token]).get_expenses_matching_cumulative(params[:query]))
73+
@data = JSON.unparse(current_user.get_expenses_matching_cumulative(params[:query]))
74+
end
75+
76+
private
77+
78+
def consumer
79+
@consumer ||= OAuth::Consumer.new(ENV["SPLITWISE_API_KEY"], ENV["SPLITWISE_API_SECRET"], {
80+
:site => ENV["SPLITWISE_SITE"],
81+
:scheme => :header,
82+
:http_method => :post,
83+
:authorize_path => ENV["SPLITWISE_AUTHORIZE_URL"],
84+
:request_token_path => ENV["SPLITWISE_REQUEST_TOKEN_URL"],
85+
:access_token_path => ENV["SPLITWISE_ACCESS_TOKEN_URL"]
86+
})
87+
end
88+
89+
def access_token
90+
if session[:access_token]
91+
@access_token ||= OAuth::AccessToken.new(consumer, session[:access_token], session[:access_token_secret])
92+
end
93+
end
94+
95+
def current_user
96+
@current_user ||= User.new(access_token)
8497
end
8598
end
8699

0 commit comments

Comments
 (0)