package Jifty::Plugin::OAuth::View;
use strict;
use warnings;
use Jifty::View::Declare -base;
=head1 NAME
Jifty::Plugin::OAuth::View - Views for OAuth-ey bits
=cut
=head2 oauth/response
Internal template. Do not use.
It returns OAuth parameters to the consumer in the HTTP response body.
=cut
template 'oauth/response' => sub {
my $params = get 'oauth_response';
if (ref($params) eq 'HASH') {
outs_raw join '&',
map { sprintf '%s=%s',
map { Jifty->web->escape_uri($_) }
$_, $params->{$_}
} keys %$params;
}
};
=head2 oauth
An OAuth description page very much geared towards Consumers, since they'll
most likely be the only ones visiting yourapp.com/oauth
=cut
template 'oauth' => page {
title => 'OAuth',
subtitle => 'Information',
}
content {
p {
b {
hyperlink(
url => "http://oauth.net/",
label => "OAuth",
target => "_blank",
)
};
outs " is an open protocol to allow secure authentication to users' private data. It's far more secure than users giving out their passwords."
}
h2 { "Users" }
p {
"OAuth is nearly transparent to end users. Through OAuth, other applications can have secure -- and time-limited -- read and write access to your data on this site."
}
p {
outs "Applications may ask you to ";
hyperlink(
label => "authorize a 'token' on our site",
url => Jifty->web->url(path => '/oauth/authorize'),
);
outs ". This is normal. We want to make sure you approve of other people looking at your data.";
}
h2 { "Consumers" }
p {
"This application supports OAuth. If you'd like to access the private resources of users of this site, you must first establish a Consumer Key, Consumer Secret, and, if applicable, RSA public key with us. You can do so by contacting " . (Jifty->config->framework('AdminEmail')||'us') . ".";
}
p {
"Once you have a Consumer Key and Consumer Secret, you may begin letting users grant you access to our site. The relevant URLs are:"
}
dl {
dt { "Request a Request Token" }
dd { Jifty->web->url(path => '/oauth/request_token') }
dt { "Obtain user authorization for a Request Token" }
dd { Jifty->web->url(path => '/oauth/authorize') }
dt { "Exchange a Request Token for an Access Token" }
dd { Jifty->web->url(path => '/oauth/access_token') }
}
p {
my $restful = 0;
for (@{ Jifty->config->framework('Plugins') }) {
if (defined $_->{REST}) {
$restful = 1;
last;
}
}
outs "While you have a valid access token, you may browse the site as the user normally does.";
if ($restful) {
outs " You may also use ";
hyperlink(
url => Jifty->web->url(path => '=/help'),
label => "our REST interface",
target => "_blank",
);
outs ".";
}
}
};
=head2 oauth/authorize
This is the page that Users see when authorizing a request token. It renders
the "insert token here" textbox if the consumer didn't put the request token
in the GET query, and (always) renders Allow/Deny buttons.
=cut
template 'oauth/authorize' => page {
title => 'OAuth',
subtitle => 'Someone wants stuff!',
}
content {
show '/oauth/help';
my $authorize = Jifty->web->new_action(
moniker => 'authorize_request_token',
class => 'AuthorizeRequestToken',
);
Jifty->web->form->start();
# if the site put the token in the request, then use it
# otherwise, prompt the user for it
my %args;
my $token = get 'token';
if ($token) {
$args{token} = $token;
}
else {
$authorize->form_field('token')->render;
}
$authorize->form_field('use_limit')->render;
$authorize->form_field('can_write')->render;
outs_raw $authorize->hidden(callback => get 'callback');
outs_raw($authorize->button(
label => 'Deny',
arguments => { %args, authorize => 'deny' },
));
outs_raw($authorize->button(
label => 'Allow',
arguments => { %args, authorize => 'allow' },
));
Jifty->web->form->end();
};
=head2 oauth/authorized
Displayed after the user authorizes or denies a request token. Uses a link
to the callback if provided, otherwise the site's URL.
=cut
template 'oauth/authorized' => page {
title => 'OAuth',
subtitle => 'Authorized',
}
content {
my $result = get 'result';
my $callback = $result->content('callback');
my $token = $result->content('token');
my $token_obj = $result->content('token_obj');
$callback ||= $token_obj->consumer->url;
if (!$callback) {
p { "Oops! " . $token_obj->consumer->name . " didn't tell us how to get you back to their service. If you do find your way back, you'll probably need this token: " . $token };
}
else {
$callback .= ($callback =~ /\?/ ? '&' : '?')
. 'oauth_token='
. $token;
set consumer => $token_obj->consumer;
p {
outs 'To return to ';
show '/oauth/consumer';
outs ', ';
hyperlink(
label => 'click here',
url => $callback,
);
outs '.';
};
}
};
=head2 oauth/help
This provides a very, very layman description of OAuth for users
=cut
private template 'oauth/help' => sub {
div {
p {
show '/oauth/consumer';
outs ' is trying to access your data on this site. If you trust this application, you may grant it access.';
}
p {
"If you're at all uncomfortable with the idea of someone rifling through your things, or don't know what this is, click Deny."
}
p {
hyperlink(
label => "Learn more about OAuth.",
url => "http://oauth.net/",
target => "_blank",
)
}
}
};
=head2 oauth/consumer
Renders the consumer's name, and if available, its URL as a link.
=cut
private template 'oauth/consumer' => sub {
my $consumer = (get 'consumer') || 'Some application';
span {
outs ref($consumer) ? $consumer->name : $consumer;
if (ref($consumer) && $consumer->url) {
outs ' <';
hyperlink(
url => $consumer->url,
label => $consumer->url,
target => "_blank",
);
outs ' >';
}
}
};
1;