Class: Rack::OAuth2::Server::AccessToken

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/oauth2/models/access_token.rb

Overview

Access token. This is what clients use to access resources.

An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#_idObject (readonly) Also known as: token

Access token. As unique as they come.



81
82
83
# File 'lib/rack/oauth2/models/access_token.rb', line 81

def _id
  @_id
end

#client_idObject (readonly)

Client that was granted this access token.



86
87
88
# File 'lib/rack/oauth2/models/access_token.rb', line 86

def client_id
  @client_id
end

#created_atObject (readonly)

When token was granted.



90
91
92
# File 'lib/rack/oauth2/models/access_token.rb', line 90

def created_at
  @created_at
end

#expires_atObject (readonly)

When token expires for good.



92
93
94
# File 'lib/rack/oauth2/models/access_token.rb', line 92

def expires_at
  @expires_at
end

#identityObject (readonly)

The identity we authorized access to.



84
85
86
# File 'lib/rack/oauth2/models/access_token.rb', line 84

def identity
  @identity
end

#last_accessObject

Timestamp of last access using this token, rounded up to hour.



96
97
98
# File 'lib/rack/oauth2/models/access_token.rb', line 96

def last_access
  @last_access
end

#prev_accessObject

Timestamp of previous access using this token, rounded up to hour.



98
99
100
# File 'lib/rack/oauth2/models/access_token.rb', line 98

def prev_access
  @prev_access
end

#revokedObject

Timestamp if revoked.



94
95
96
# File 'lib/rack/oauth2/models/access_token.rb', line 94

def revoked
  @revoked
end

#scopeObject (readonly)

The scope granted to this token.



88
89
90
# File 'lib/rack/oauth2/models/access_token.rb', line 88

def scope
  @scope
end

Class Method Details

.collectionObject



75
76
77
# File 'lib/rack/oauth2/models/access_token.rb', line 75

def collection
  Server.database["oauth2.access_tokens"]
end

.count(filter = {}) ⇒ Object

Returns count of access tokens.

Options Hash (filter):

  • days (Integer)

    Only count that many days (since now)

  • revoked (Boolean)

    Only count revoked (true) or non-revoked (false) tokens; count all tokens if nil

  • client_id (String, ObjectId)

    Only tokens grant to this client



50
51
52
53
54
55
56
57
58
59
60
61
# File 'lib/rack/oauth2/models/access_token.rb', line 50

def count(filter = {})
  select = {}
  if filter[:days]
    now = Time.now.to_i
    range = { :$gt=>now - filter[:days] * 86400, :$lte=>now }
    select[ filter[:revoked] ? :revoked : :created_at ] = range
  elsif filter.has_key?(:revoked)
    select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil }
  end
  select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id]
  collection.find(select).count
end

.for_client(client_id, offset = 0, limit = 100) ⇒ Object

Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.



38
39
40
41
42
# File 'lib/rack/oauth2/models/access_token.rb', line 38

def for_client(client_id, offset = 0, limit = 100)
  client_id = BSON::ObjectId(client_id.to_s)
  collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }).
    map { |token| Server.new_instance self, token }
end

.from_identity(identity) ⇒ Object

Find all AccessTokens for an identity.



32
33
34
# File 'lib/rack/oauth2/models/access_token.rb', line 32

def from_identity(identity)
  collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields }
end

.from_token(token) ⇒ Object

Find AccessToken from token. Does not return revoked tokens.



13
14
15
# File 'lib/rack/oauth2/models/access_token.rb', line 13

def from_token(token)
  Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil })
end

.get_token_for(identity, client, scope) ⇒ Object

Get an access token (create new one if necessary).

Raises:

  • (ArgumentError)


18
19
20
21
22
23
24
25
26
27
28
29
# File 'lib/rack/oauth2/models/access_token.rb', line 18

def get_token_for(identity, client, scope)
  raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
  scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope
  unless token = collection.find_one({ :identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil })
    token = { :_id=>Server.secure_random, :identity=>identity, :scope=>scope,
              :client_id=>client.id, :created_at=>Time.now.to_i,
              :expires_at=>nil, :revoked=>nil }
    collection.insert token
    Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } })
  end
  Server.new_instance self, token
end

.historical(filter = {}) ⇒ Object



63
64
65
66
67
68
69
70
71
72
73
# File 'lib/rack/oauth2/models/access_token.rb', line 63

def historical(filter = {})
  days = filter[:days] || 60
  select = { :$gt=> { :created_at=>Time.now - 86400 * days } }
  select = {}
  if filter[:client_id]
    select[:client_id] = BSON::ObjectId(filter[:client_id].to_s)
  end
  raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }",
    select, { :granted=>0 }, "function (token, state) { state.granted++ }")
  raw.sort { |a, b| a["ts"] - b["ts"] }
end

Instance Method Details

#access!Object

Updates the last access timestamp.



101
102
103
104
105
106
107
# File 'lib/rack/oauth2/models/access_token.rb', line 101

def access!
  today = (Time.now.to_i / 3600) * 3600
  if last_access.nil? || last_access < today
    AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } })
    self.last_access = today
  end
end

#revoke!Object

Revokes this access token.



110
111
112
113
114
# File 'lib/rack/oauth2/models/access_token.rb', line 110

def revoke!
  self.revoked = Time.now.to_i
  AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } })
  Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } })
end