benbonnet/google_login.rb

## google_login.rb
	def google_login # securite faible
        if params[:token]
            user = User.find(session[:user])
            token = params[:token]
            http = Net::HTTP.new('www.google.com', 443)
            http.use_ssl = true
            path = '/accounts/AuthSubSessionToken'
            headers = {'Authorization' => "AuthSubtoken=\"#{token}\""}
            resp, data = http.get(path, headers)

            if resp.code == "200"
                tok = ''
                data.split.each do |str|
                    if not (str =~ /Token=/).nil?
                        tok = str.gsub(/Token=/, '')
                    end
                end
                puts "TOKEN =============> #{tok}"
                api = Api.create(:api_type_id => 11, :token => tok, :user_id => user.id)
            end
            redirect_to :controller => "veeo", :action => "update_used_apis"
        else
            next_param      = "http%3A%2F%2Flocalhost:3000%2Fpublic%2Fgoogle_login"
            scope_param     = "http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds/default%2F"
            #scope_param    = "http%3A%2F%2Fdocs.google.com%2Ffeeds%2Fdocuments%2Fprivate%2Ffull%2F"

            ctc             = "http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F"
            nbook           = "http%3A%2F%2Fwww.google.com%2Fnotebook%2Ffeeds%2F"
            yt              = "http%3A%2F%2Fgdata.youtube.com"
            wmstrt          = "https%3A%2F%2Fwww.google.com%2Fwebmasters%2Ftools%2Ffeeds%2Fsites"
            finance         = "http%3A%2F%2Ffinance.google.com%2Ffinance%2Ffeeds%2F"
            picasa          = "http%3A%2F%2Fpicasaweb.google.com%2Fdata%2F"
            doc             = "http%3A%2F%2Fdocs.google.com%2Ffeeds"
            cal             = "http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds%2F"
            blgg            = "http%3A%2F%2Fwww.blogger.com%2Ffeeds%2F"
            feeds           = "http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F"

            scope_param     = "#{ctc}%20#{nbook}%20#{yt}%20#{wmstrt}%20#{finance}%20#{picasa}%20#{doc}%20#{cal}%20#{blgg}%20#{feeds}"

            secure_param    = "0"
            session_param   = "1"
            root_url        = "https://www.google.com/accounts/AuthSubRequest"
            query_string    = "?scope=#{scope_param}&session=#{session_param}&secure=#{secure_param}&next=#{next_param}"
            redirect_to root_url + query_string
        end
    end
	def google_login # securite faible
	if params[:token]
	user = User.find(session[:user])
	token = params[:token]
	http = Net::HTTP.new('www.google.com', 443)
	http.use_ssl = true
	path = '/accounts/AuthSubSessionToken'
	headers = {'Authorization' => "AuthSubtoken=\"#{token}\""}
	resp, data = http.get(path, headers)

	if resp.code == "200"
	tok = ''
	data.split.each do \|str\|
	if not (str =~ /Token=/).nil?
	tok = str.gsub(/Token=/, '')
	end
	end
	puts "TOKEN =============> #{tok}"
	api = Api.create(:api_type_id => 11, :token => tok, :user_id => user.id)
	end
	redirect_to :controller => "veeo", :action => "update_used_apis"
	else
	next_param = "http%3A%2F%2Flocalhost:3000%2Fpublic%2Fgoogle_login"
	scope_param = "http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds/default%2F"
	#scope_param = "http%3A%2F%2Fdocs.google.com%2Ffeeds%2Fdocuments%2Fprivate%2Ffull%2F"

	ctc = "http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F"
	nbook = "http%3A%2F%2Fwww.google.com%2Fnotebook%2Ffeeds%2F"
	yt = "http%3A%2F%2Fgdata.youtube.com"
	wmstrt = "https%3A%2F%2Fwww.google.com%2Fwebmasters%2Ftools%2Ffeeds%2Fsites"
	finance = "http%3A%2F%2Ffinance.google.com%2Ffinance%2Ffeeds%2F"
	picasa = "http%3A%2F%2Fpicasaweb.google.com%2Fdata%2F"
	doc = "http%3A%2F%2Fdocs.google.com%2Ffeeds"
	cal = "http%3A%2F%2Fwww.google.com%2Fcalendar%2Ffeeds%2F"
	blgg = "http%3A%2F%2Fwww.blogger.com%2Ffeeds%2F"
	feeds = "http%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F"

	scope_param = "#{ctc}%20#{nbook}%20#{yt}%20#{wmstrt}%20#{finance}%20#{picasa}%20#{doc}%20#{cal}%20#{blgg}%20#{feeds}"

	secure_param = "0"
	session_param = "1"
	root_url = "https://www.google.com/accounts/AuthSubRequest"
	query_string = "?scope=#{scope_param}&session=#{session_param}&secure=#{secure_param}&next=#{next_param}"
	redirect_to root_url + query_string
	end
	end