Code Index:

package Jifty::Plugin::OAuth::View
EOF

NAME

Jifty::Plugin::OAuth::View - Views for OAuth-ey bits

oauth/response

Internal template. Do not use.

It returns OAuth parameters to the consumer in the HTTP response body.

oauth

An OAuth description page very much geared towards Consumers, since they'll most likely be the only ones visiting yourapp.com/oauth

oauth/authorize

This is the page that Users see when authorizing a request token. It renders the "insert token here" textbox if the consumer didn't put the request token in the GET query, and (always) renders Allow/Deny buttons.

oauth/authorized

Displayed after the user authorizes or denies a request token. Uses a link to the callback if provided, otherwise the site's URL.

oauth/help

This provides a very, very layman description of OAuth for users

oauth/consumer

Renders the consumer's name, and if available, its URL as a link.

package Jifty::Plugin::OAuth::View; use strict; use warnings; use Jifty::View::Declare -base;

template 'oauth/response' => sub { my $params = get 'oauth_response'; if (ref($params) eq 'HASH') { outs_raw join '&', map { sprintf '%s=%s', map { Jifty->web->escape_uri($_) } $_, $params->{$_} } keys %$params; } };

template 'oauth' => page { title => 'OAuth', subtitle => 'Information', } content { p { b { hyperlink( url => "http://oauth.net/", label => "OAuth", target => "_blank", ) }; outs " is an open protocol to allow secure authentication to users' private data. It's far more secure than users giving out their passwords." } h2 { "Users" } p { "OAuth is nearly transparent to end users. Through OAuth, other applications can have secure -- and time-limited -- read and write access to your data on this site." } p { outs "Applications may ask you to "; hyperlink( label => "authorize a 'token' on our site", url => Jifty->web->url(path => '/oauth/authorize'), ); outs ". This is normal. We want to make sure you approve of other people looking at your data."; } h2 { "Consumers" } p { "This application supports OAuth. If you'd like to access the private resources of users of this site, you must first establish a Consumer Key, Consumer Secret, and, if applicable, RSA public key with us. You can do so by contacting " . (Jifty->config->framework('AdminEmail')||'us') . "."; } p { "Once you have a Consumer Key and Consumer Secret, you may begin letting users grant you access to our site. The relevant URLs are:" } dl { dt { "Request a Request Token" } dd { Jifty->web->url(path => '/oauth/request_token') } dt { "Obtain user authorization for a Request Token" } dd { Jifty->web->url(path => '/oauth/authorize') } dt { "Exchange a Request Token for an Access Token" } dd { Jifty->web->url(path => '/oauth/access_token') } } p { my $restful = 0; for (@{ Jifty->config->framework('Plugins') }) { if (defined $_->{REST}) { $restful = 1; last; } } outs "While you have a valid access token, you may browse the site as the user normally does."; if ($restful) { outs " You may also use "; hyperlink( url => Jifty->web->url(path => '=/help'), label => "our REST interface", target => "_blank", ); outs "."; } } };

template 'oauth/authorize' => page { title => 'OAuth', subtitle => 'Someone wants stuff!', } content { show '/oauth/help'; my $authorize = Jifty->web->new_action( moniker => 'authorize_request_token', class => 'AuthorizeRequestToken', ); Jifty->web->form->start(); # if the site put the token in the request, then use it # otherwise, prompt the user for it my %args; my $token = get 'token'; if ($token) { $args{token} = $token; } else { $authorize->form_field('token')->render; } $authorize->form_field('use_limit')->render; $authorize->form_field('can_write')->render; outs_raw $authorize->hidden(callback => get 'callback'); outs_raw($authorize->button( label => 'Deny', arguments => { %args, authorize => 'deny' }, )); outs_raw($authorize->button( label => 'Allow', arguments => { %args, authorize => 'allow' }, )); Jifty->web->form->end(); };

template 'oauth/authorized' => page { title => 'OAuth', subtitle => 'Authorized', } content { my $result = get 'result'; my $callback = $result->content('callback'); my $token = $result->content('token'); my $token_obj = $result->content('token_obj'); $callback ||= $token_obj->consumer->url; if (!$callback) { p { "Oops! " . $token_obj->consumer->name . " didn't tell us how to get you back to their service. If you do find your way back, you'll probably need this token: " . $token }; } else { $callback .= ($callback =~ /\?/ ? '&' : '?') . 'oauth_token=' . $token; set consumer => $token_obj->consumer; p { outs 'To return to '; show '/oauth/consumer'; outs ', '; hyperlink( label => 'click here', url => $callback, ); outs '.'; }; } };

private template 'oauth/help' => sub { div { p { show '/oauth/consumer'; outs ' is trying to access your data on this site. If you trust this application, you may grant it access.'; } p { "If you're at all uncomfortable with the idea of someone rifling through your things, or don't know what this is, click Deny." } p { hyperlink( label => "Learn more about OAuth.", url => "http://oauth.net/", target => "_blank", ) } } };

private template 'oauth/consumer' => sub { my $consumer = (get 'consumer') || 'Some application'; span { outs ref($consumer) ? $consumer->name : $consumer; if (ref($consumer) && $consumer->url) { outs ' <'; hyperlink( url => $consumer->url, label => $consumer->url, target => "_blank", ); outs ' >'; } } }; 1;