# Yahoo! BBAuth login
# bbauth.rb
# Richard Crowley
# richarddcrowley.org
# 4-2-2007

# See the Yahoo! BBAuth API at http://developer.yahoo.com/auth/
# This controller is based on
# http://metaatem.net/2006/09/29/using-yahoos-bbauth-with-rails
# but augmented to get back a web services session ID

class BBAuthController < ActionController::Base
	require 'md5'
	require 'net/http'
	before_filter :load

	# Builds login URL
	#   Matching view should ask the user to click the URL to login
	def index
		ts = Time.new.to_i
		base = "/WSLogin/V1/wslogin?appid=#{@@creds['application_id']}&ts=#{ts}"
		hash = MD5.new("#{base}#{@@creds['shared_secret']}")
		@url = "https://api.login.yahoo.com#{base}&sig=#{hash}&send_userhash=1"
	end

	# Receives the user after login and requests web services session ID
	#   This is the URL to specify when signing up for an application ID
	#   If the default route is used, the URL is /login/cred
	def cred
		uri = request.request_uri
		uri = uri.gsub(/&sig=#{params[:sig]}/, '') + @@creds['shared_secret']
		@valid = MD5.new(uri) == params[:sig] and
				 params[:appid].to_s == @@creds['application_id']
		if @valid
			session[:token] = params[:token]
			session[:userhash] = params[:userhash]
			ts = Time.new.to_i
			base = '/WSLogin/V1/wspwtoken_login?appid=' +
				   @@creds['application_id'] + "&ts=#{ts}&token=" +
				   params[:token]
			hash = MD5.new("#{base}#{@@creds['shared_secret']}")
			uri = URI.parse("https://api.login.yahoo.com#{base}&sig=#{hash}")
			http = Net::HTTP.new(uri.host, Net::HTTP.https_default_port)
			http.use_ssl = true
			resp = http.get(uri.request_uri, nil)
			doc = REXML::Document.new(resp.body).root
			unless doc.elements['//Success']
				flash[:error] = 'Error getting WSSID.  Please try again.'
				redirect_to :controller => 'login'
			end
			session[:wssid] = doc.elements['//WSSID'].text.strip
			session[:ycookie] = doc.elements['//Cookie'].text.strip
			redirect_to :controller => 'inbox'
		else
			flash[:error] = 'Error logging in.  Please try again.'
			redirect_to :controller => 'login'
		end
	end

	# Logout
	#   Stored here but can be routed to be /logout easily
	def logout
		reset_session
		redirect_to :controller => 'login'
	end

protected

	# Load our configuration file
	def load
		@@creds = YAML::load_file("#{RAILS_ROOT}/config/ymail.yml")
	end

end