问题
I have a controller action that may be hit by the client with a oauth client token (no authenticated user), or may be hit by an authorized client with an access token (for a specific user). I want to set up a nice little before filter to accomodate this. I tried:
oauthenticate :strategies => [:oauth10_request_token, :oauth10_access_token],
:interactive => false,
:only => [:wonky_action]
If I try to hit this action with an access-token request, then it complains because it tries to remember the OauthNonce twice. Here's what my ClientApplication.verify_request method looks like:
def self.verify_request(request, options = {}, &block)
begin
signature = OAuth::Signature.build(request, options, &block)
nonce = OauthNonce.remember(signature.request.nonce, signature.request.timestamp)
unless nonce
Rails.logger.warn "Oauth request failing because of invalid nonce."
return false
end
value = signature.verify
unless value
Rails.logger.warn "Signature verification failed."
end
value
rescue OAuth::Signature::UnknownSignatureMethod => e
false
end
end
Looking at this, the behavior is no surprise. It runs through the oauth10_request_token method, and remembers the nonce without a problem, but the token is not a request token, so it fails. Then, it tries to run through oauth10_access_token, and when it calls verify_request the second time, it tries to remember a nonce that we've already remembered.
The best solution I can come up with is to separate the Nonce-remembering from the rest of the request verification. In other words, the server would verify the nonce first, and then do the signature verification (or whatever else verify_request wants to do) as many times as it pleases.
I don't see a clear way to do this without forking Pelle's application_controller_methods file, but I'm hoping I'm just missing the obvious fix that one of you will suggest! Thanks for your help! In case you're interested, I'm using rails3 with pelle's oauth-plugin and his fork of oauth:
gem 'oauth', :git => "http://github.com/pelle/oauth.git", :require => 'oauth/server'
gem "oauth-plugin", :git => 'https://github.com/pelle/oauth-plugin.git', :branch => 'rails3'
来源:https://stackoverflow.com/questions/5811559/rails-oauth-plugin-multiple-strategies-causes-duplicate-nonce-error