Rails oauth-plugin: multiple strategies causes duplicate nonce error

大兔子大兔子 提交于 2019-12-09 22:42:23

问题


I have a controller action that may be hit by the client with a oauth client token (no authenticated user), or may be hit by an authorized client with an access token (for a specific user). I want to set up a nice little before filter to accomodate this. I tried:

oauthenticate :strategies => [:oauth10_request_token, :oauth10_access_token], 
              :interactive => false, 
              :only => [:wonky_action] 

If I try to hit this action with an access-token request, then it complains because it tries to remember the OauthNonce twice. Here's what my ClientApplication.verify_request method looks like:

def self.verify_request(request, options = {}, &block) 
    begin 
        signature = OAuth::Signature.build(request, options, &block) 
        nonce = OauthNonce.remember(signature.request.nonce, signature.request.timestamp) 
        unless nonce 
            Rails.logger.warn "Oauth request failing because of invalid nonce." 
            return false 
        end 
        value = signature.verify 
        unless value 
            Rails.logger.warn "Signature verification failed." 
        end 
        value 
    rescue OAuth::Signature::UnknownSignatureMethod => e 
        false 
    end 
end

Looking at this, the behavior is no surprise. It runs through the oauth10_request_token method, and remembers the nonce without a problem, but the token is not a request token, so it fails. Then, it tries to run through oauth10_access_token, and when it calls verify_request the second time, it tries to remember a nonce that we've already remembered.

The best solution I can come up with is to separate the Nonce-remembering from the rest of the request verification. In other words, the server would verify the nonce first, and then do the signature verification (or whatever else verify_request wants to do) as many times as it pleases.

I don't see a clear way to do this without forking Pelle's application_controller_methods file, but I'm hoping I'm just missing the obvious fix that one of you will suggest! Thanks for your help! In case you're interested, I'm using rails3 with pelle's oauth-plugin and his fork of oauth:

gem 'oauth', :git => "http://github.com/pelle/oauth.git", :require => 'oauth/server' 
gem "oauth-plugin", :git => 'https://github.com/pelle/oauth-plugin.git', :branch => 'rails3'

来源:https://stackoverflow.com/questions/5811559/rails-oauth-plugin-multiple-strategies-causes-duplicate-nonce-error

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!