开发者

Rails oauth-plugin: multiple strategies causes duplicate nonce error

问答 作者:

I have a controller action that may be hit by the client with a oauth client token (no authenticated user), or may be hit by an authorized client with an access token (for a specific user). I want to set up a nice little before filter to accomodate this. I tried: 

oauthenticate :strategies => [:oauth10_request_token, :oauth10_access_token], 
              :interactive => false, 
              :only => [:wonky_action]

If I try to hit this action with an access-token request, then it complains because it tries to remember the OauthNonce twice. Here's what my ClientApplication.verify_request method looks like:

def self.verify_request(request, options = {}, &block) 
    begin 
        signature = OAuth::Signature.build(request, options, &block) 
        nonce = OauthNonce.remember(signature.request.nonce, signature.request.timestamp) 
        unless nonce 
            Rails.logger.warn "Oauth request failing because of invalid nonce." 
            return false 
        end 
        value = signature.verify 
        unless value 
            Rails.logger.warn "Signature verification failed." 
        end 
        value 
    rescue OAuth::Signature::UnknownSignatureMethod => e 
        false 
    end 
end

Looking at this, the behavior is no surprise. It runs through the oauth10_request_token method, and remembers the nonce without a problem, but the token is not a request tok开发者_JAVA技巧en, so it fails. Then, it tries to run through oauth10_access_token, and when it calls verify_request the second time, it tries to remember a nonce that we've already remembered.

The best solution I can come up with is to separate the Nonce-remembering from the rest of the request verification. In other words, the server would verify the nonce first, and then do the signature verification (or whatever else verify_request wants to do) as many times as it pleases.

I don't see a clear way to do this without forking Pelle's application_controller_methods file, but I'm hoping I'm just missing the obvious fix that one of you will suggest! Thanks for your help! In case you're interested, I'm using rails3 with pelle's oauth-plugin and his fork of oauth: 

gem 'oauth', :git => "http://github.com/pelle/oauth.git", :require => 'oauth/server' 
gem "oauth-plugin", :git => 'https://github.com/pelle/oauth-plugin.git', :branch => 'rails3'

继续阅读:oauthoauth-providerruby-on-railsruby-on-rails-3

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9