From 474f5bd89605d2037f11324960b2dfc5600216bb Mon Sep 17 00:00:00 2001
From: Konstantin Haase <konstantin.mailinglists@googlemail.com>
Date: Mon, 17 Sep 2012 23:58:57 +0200
Subject: [PATCH] start working on post_message auth flow

---
 Gemfile.lock                                 |  4 +-
 lib/travis/api/app/endpoint/authorization.rb | 48 +++++++++++++++++---
 script/server                                |  2 +-
 3 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 43304774..2fb74178 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -32,7 +32,7 @@ GIT
 
 GIT
   remote: git://github.com/travis-ci/travis-core.git
-  revision: b71c3be388451581f2ca60e6fd862c2bfc56bfb6
+  revision: 73679d7263ded28620dac7815e4aed253a8191d3
   specs:
     travis-core (0.0.1)
       actionmailer (~> 3.2.3)
@@ -53,7 +53,7 @@ GIT
 
 GIT
   remote: git://github.com/travis-ci/travis-support.git
-  revision: 27857bb4f5425b8aacc9b26e4661688dca962fb0
+  revision: b150763d253331de9adadcb5b39f7df5efccb676
   specs:
     travis-support (0.0.1)
 
diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb
index 6d90e9be..2df888e9 100644
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@@ -1,4 +1,6 @@
 require 'travis/api/app'
+require 'addressable/uri'
+require 'faraday'
 
 class Travis::Api::App
   class Endpoint
@@ -58,14 +60,31 @@ class Travis::Api::App
       #
       # * **token**: GitHub token for checking authorization (required)
       post '/github' do
-        data   = GH.with(token: params[:token].to_s) { GH['user'] }
-        scopes = parse_scopes data.headers['x-oauth-scopes']
-        user   = User.find_by_login(data['login'])
+        { 'access_token' => github_to_travis(params[:token]) }
+      end
 
-        halt 403, 'not a Travis user'   if user.nil?
-        halt 403, 'insufficient access' unless acceptable? scopes
+      get '/post_message' do
+        config   = Travis.config.oauth2
+        endpoint = Addressable::URI.parse(config.authorization_server)
+        values   = {
+          client_id:    config.client_id,
+          scope:        config.scope,
+          redirect_uri: url
+        }
 
-        { 'access_token' => generate_token(user) }
+        if params[:code]
+          endpoint.path          = config.access_token_path
+          values[:code]          = params[:code]
+          values[:state]         = params[:state] if params[:state]
+          values[:client_secret] = config.client_secret
+
+          token = github_to_travis get_token(endpoint.to_s, values)
+          { 'access_token' => token }
+        else
+          endpoint.path         = config.authorize_path
+          endpoint.query_values = values
+          redirect to(endpoint.to_s)
+        end
       end
 
       error Faraday::Error::ClientError do
@@ -74,6 +93,23 @@ class Travis::Api::App
 
       private
 
+        def github_to_travis(token)
+          data   = GH.with(token: token.to_s) { GH['user'] }
+          scopes = parse_scopes data.headers['x-oauth-scopes']
+          user   = User.find_by_login(data['login'])
+
+          halt 403, 'not a Travis user'   if user.nil?
+          halt 403, 'insufficient access' unless acceptable? scopes
+
+          generate_token(user)
+        end
+
+        def get_token(endoint, value)
+          response   = Faraday.get(endoint, value)
+          parameters = Addressable::URI.form_unencode(response.body)
+          parameters.assoc("access_token").last
+        end
+
         def parse_scopes(data)
           data.gsub(/\s/,'').split(',') if data
         end
diff --git a/script/server b/script/server
index ef6391d4..d7e105dd 100755
--- a/script/server
+++ b/script/server
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 cd "$(dirname "$0")/.."
-[ $PORT ]     || PORT=5000
+[ $PORT ]     || PORT=3000
 [ $RACK_ENV ] || RACK_ENV=development
 
 cmd="ruby -I lib -S bundle exec ruby -I lib -S thin start -p $PORT -e $RACK_ENV --threaded"