1
0

authorizations_controller.rb 903 B

123456789101112131415161718192021222324252627282930313233343536373839
  1. # frozen_string_literal: true
  2. class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
  3. skip_before_action :authenticate_resource_owner!
  4. before_action :store_current_location
  5. before_action :authenticate_resource_owner!
  6. before_action :set_cache_headers
  7. content_security_policy do |p|
  8. p.form_action(false)
  9. end
  10. include Localized
  11. private
  12. def store_current_location
  13. store_location_for(:user, request.url)
  14. end
  15. def render_success
  16. if skip_authorization? || (matching_token? && !truthy_param?('force_login'))
  17. redirect_or_render authorize_response
  18. elsif Doorkeeper.configuration.api_only
  19. render json: pre_auth
  20. else
  21. render :new
  22. end
  23. end
  24. def truthy_param?(key)
  25. ActiveModel::Type::Boolean.new.cast(params[key])
  26. end
  27. def set_cache_headers
  28. response.cache_control.replace(private: true, no_store: true)
  29. end
  30. end