Skip to content

Instantly share code, notes, and snippets.

@benbonnet
Created May 28, 2009 14:03
Show Gist options
  • Save benbonnet/119316 to your computer and use it in GitHub Desktop.
Save benbonnet/119316 to your computer and use it in GitHub Desktop.
def google_login # securite faible
if params[:token]
user = User.find(session[:user])
token = params[:token]
http = Net::HTTP.new('www.google.com', 443)
http.use_ssl = true
path = '/accounts/AuthSubSessionToken'
headers = {'Authorization' => "AuthSubtoken=\"#{token}\""}
resp, data = http.get(path, headers)
if resp.code == "200"
tok = ''
data.split.each do |str|
if not (str =~ /Token=/).nil?
tok = str.gsub(/Token=/, '')
end
end
puts "TOKEN =============> #{tok}"
api = Api.create(:api_type_id => 11, :token => tok, :user_id => user.id)
end
redirect_to :controller => "veeo", :action => "update_used_apis"
else
next_param = "http%3A%2F%2Flocalhost:3000%2Fpublic%2Fgoogle_login"
scope_param = "http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds/default%2F"
#scope_param = "http%3A%2F%2Fdocs.google.com%2Ffeeds%2Fdocuments%2Fprivate%2Ffull%2F"
ctc = "http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F"
nbook = "http%3A%2F%2Fwww.google.com%2Fnotebook%2Ffeeds%2F"
yt = "http%3A%2F%2Fgdata.youtube.com"
wmstrt = "https%3A%2F%2Fwww.google.com%2Fwebmasters%2Ftools%2Ffeeds%2Fsites"
finance = "http%3A%2F%2Ffinance.google.com%2Ffinance%2Ffeeds%2F"
picasa = "http%3A%2F%2Fpicasaweb.google.com%2Fdata%2F"
doc = "http%3A%2F%2Fdocs.google.com%2Ffeeds"
cal = "http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds%2F"
blgg = "http%3A%2F%2Fwww.blogger.com%2Ffeeds%2F"
feeds = "http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F"
scope_param = "#{ctc}%20#{nbook}%20#{yt}%20#{wmstrt}%20#{finance}%20#{picasa}%20#{doc}%20#{cal}%20#{blgg}%20#{feeds}"
secure_param = "0"
session_param = "1"
root_url = "https://www.google.com/accounts/AuthSubRequest"
query_string = "?scope=#{scope_param}&session=#{session_param}&secure=#{secure_param}&next=#{next_param}"
redirect_to root_url + query_string
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment