Class: Rack::OAuth2::Server::AccessToken
- Inherits:
-
Object
- Object
- Rack::OAuth2::Server::AccessToken
- Defined in:
- lib/rack/oauth2/models/access_token.rb
Overview
Access token. This is what clients use to access resources.
An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.
Instance Attribute Summary collapse
-
#_id ⇒ Object
(also: #token)
readonly
Access token.
-
#client_id ⇒ Object
readonly
Client that was granted this access token.
-
#created_at ⇒ Object
readonly
When token was granted.
-
#expires_at ⇒ Object
readonly
When token expires for good.
-
#identity ⇒ Object
readonly
The identity we authorized access to.
-
#last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
-
#prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
-
#revoked ⇒ Object
Timestamp if revoked.
-
#scope ⇒ Object
readonly
The scope granted to this token.
Class Method Summary collapse
- .collection ⇒ Object
-
.count(filter = {}) ⇒ Object
Returns count of access tokens.
-
.create_token_for(client, scope, identity = nil, expires = nil) ⇒ Object
Creates a new AccessToken for the given client and scope.
-
.for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
-
.from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
-
.from_token(token) ⇒ Object
Find AccessToken from token.
-
.get_token_for(identity, client, scope, expires = nil) ⇒ Object
Get an access token (create new one if necessary).
- .historical(filter = {}) ⇒ Object
Instance Method Summary collapse
-
#access! ⇒ Object
Updates the last access timestamp.
-
#revoke! ⇒ Object
Revokes this access token.
Instance Attribute Details
#_id ⇒ Object (readonly) Also known as: token
Access token. As unique as they come.
101 102 103 |
# File 'lib/rack/oauth2/models/access_token.rb', line 101 def _id @_id end |
#client_id ⇒ Object (readonly)
Client that was granted this access token.
106 107 108 |
# File 'lib/rack/oauth2/models/access_token.rb', line 106 def client_id @client_id end |
#created_at ⇒ Object (readonly)
When token was granted.
110 111 112 |
# File 'lib/rack/oauth2/models/access_token.rb', line 110 def created_at @created_at end |
#expires_at ⇒ Object (readonly)
When token expires for good.
112 113 114 |
# File 'lib/rack/oauth2/models/access_token.rb', line 112 def expires_at @expires_at end |
#identity ⇒ Object (readonly)
The identity we authorized access to.
104 105 106 |
# File 'lib/rack/oauth2/models/access_token.rb', line 104 def identity @identity end |
#last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
116 117 118 |
# File 'lib/rack/oauth2/models/access_token.rb', line 116 def last_access @last_access end |
#prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
118 119 120 |
# File 'lib/rack/oauth2/models/access_token.rb', line 118 def prev_access @prev_access end |
#revoked ⇒ Object
Timestamp if revoked.
114 115 116 |
# File 'lib/rack/oauth2/models/access_token.rb', line 114 def revoked @revoked end |
#scope ⇒ Object (readonly)
The scope granted to this token.
108 109 110 |
# File 'lib/rack/oauth2/models/access_token.rb', line 108 def scope @scope end |
Class Method Details
.collection ⇒ Object
94 95 96 97 |
# File 'lib/rack/oauth2/models/access_token.rb', line 94 def collection prefix = Server.[:collection_prefix] Server.database["#{prefix}.access_tokens"] end |
.count(filter = {}) ⇒ Object
Returns count of access tokens.
69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/rack/oauth2/models/access_token.rb', line 69 def count(filter = {}) select = {} if filter[:days] now = Time.now.to_i range = { :$gt=>now - filter[:days] * 86400, :$lte=>now } select[ filter[:revoked] ? :revoked : :created_at ] = range elsif filter.has_key?(:revoked) select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil } end select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id] collection.find(select).count end |
.create_token_for(client, scope, identity = nil, expires = nil) ⇒ Object
Creates a new AccessToken for the given client and scope.
37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/rack/oauth2/models/access_token.rb', line 37 def create_token_for(client, scope, identity = nil, expires = nil) expires_at = Time.now.to_i + expires if expires && expires != 0 token = { :_id=>Server.secure_random, :scope=>scope, :client_id=>client.id, :created_at=>Time.now.to_i, :expires_at=>expires_at, :revoked=>nil, :last_access=>Time.now.to_i, :prev_access=>Time.now.to_i } token[:identity] = identity if identity collection.insert token Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } }) Server.new_instance self, token end |
.for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
57 58 59 60 61 |
# File 'lib/rack/oauth2/models/access_token.rb', line 57 def for_client(client_id, offset = 0, limit = 100) client_id = BSON::ObjectId(client_id.to_s) collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }). map { |token| Server.new_instance self, token } end |
.from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
51 52 53 |
# File 'lib/rack/oauth2/models/access_token.rb', line 51 def from_identity(identity) collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields } end |
.from_token(token) ⇒ Object
Find AccessToken from token. Does not return revoked tokens.
13 14 15 |
# File 'lib/rack/oauth2/models/access_token.rb', line 13 def from_token(token) Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil }) end |
.get_token_for(identity, client, scope, expires = nil) ⇒ Object
Get an access token (create new one if necessary).
You can set optional expiration in seconds. If zero or nil, token never expires.
21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/rack/oauth2/models/access_token.rb', line 21 def get_token_for(identity, client, scope, expires = nil) raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope token = collection.find_one({ :$or=>[{:expires_at=>nil}, {:expires_at=>{:$gt=>Time.now.to_i}}], :identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil}) unless token return create_token_for(client, scope, identity, expires) end Server.new_instance self, token end |
.historical(filter = {}) ⇒ Object
82 83 84 85 86 87 88 89 90 91 92 |
# File 'lib/rack/oauth2/models/access_token.rb', line 82 def historical(filter = {}) days = filter[:days] || 60 select = { :$gt=> { :created_at=>Time.now - 86400 * days } } select = {} if filter[:client_id] select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) end raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }", select, { :granted=>0 }, "function (token, state) { state.granted++ }") raw.sort { |a, b| a["ts"] - b["ts"] } end |
Instance Method Details
#access! ⇒ Object
Updates the last access timestamp.
121 122 123 124 125 126 127 |
# File 'lib/rack/oauth2/models/access_token.rb', line 121 def access! today = (Time.now.to_i / 3600) * 3600 if last_access.nil? || last_access < today AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } }) self.last_access = today end end |
#revoke! ⇒ Object
Revokes this access token.
130 131 132 133 134 |
# File 'lib/rack/oauth2/models/access_token.rb', line 130 def revoke! self.revoked = Time.now.to_i AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } }) Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } }) end |