Class: Rack::OAuth2::Server::AuthRequest

Inherits:

Object

• Object
• Rack::OAuth2::Server::AuthRequest

Defined in:

lib/rack/oauth2/models/auth_request.rb

Overview

Authorization request. Represents request on behalf of client to access particular scope. Use this to keep state from incoming authorization request to grant/deny redirect.

Instance Attribute Summary

• #_id ⇒ Object (also: #id) readonly

  Request identifier.

• #access_token ⇒ Object

  If granted, the access token.

• #authorized_at ⇒ Object

  Keeping track of things.

• #client_id ⇒ Object readonly

  Client making this request.

• #created_at ⇒ Object readonly

  Does what it says on the label.

• #grant_code ⇒ Object

  If granted, the access grant code.

• #redirect_uri ⇒ Object readonly

  Redirect back to this URL.

• #response_type ⇒ Object readonly

  Response type: either code or token.

• #revoked ⇒ Object

  Timestamp if revoked.

• #scope ⇒ Object readonly

  scope of this request: array of names.

• #state ⇒ Object readonly

  Client requested we return state on redirect.

Class Method Summary

• .collection ⇒ Object
• .create(client, scope, redirect_uri, response_type, state) ⇒ Object

  Create a new authorization request.

• .find(request_id) ⇒ Object

  Find AuthRequest from identifier.

Instance Method Summary

• #deny! ⇒ Object

  Deny access.

• #grant!(identity, expires_in = nil) ⇒ Object

  Grant access to the specified identity.

Instance Attribute Details

#_id ⇒ Object (readonly) Also known as: id

Request identifier. We let the database pick this one out.

# File 'lib/rack/oauth2/models/auth_request.rb', line 37

def _id
  @_id
end

#access_token ⇒ Object

If granted, the access token.

# File 'lib/rack/oauth2/models/auth_request.rb', line 54

def access_token
  @access_token
end

#authorized_at ⇒ Object

Keeping track of things.

# File 'lib/rack/oauth2/models/auth_request.rb', line 56

def authorized_at
  @authorized_at
end

#client_id ⇒ Object (readonly)

Client making this request.

# File 'lib/rack/oauth2/models/auth_request.rb', line 40

def client_id
  @client_id
end

#created_at ⇒ Object (readonly)

Does what it says on the label.

# File 'lib/rack/oauth2/models/auth_request.rb', line 48

def created_at
  @created_at
end

#grant_code ⇒ Object

If granted, the access grant code.

# File 'lib/rack/oauth2/models/auth_request.rb', line 52

def grant_code
  @grant_code
end

#redirect_uri ⇒ Object (readonly)

Redirect back to this URL.

# File 'lib/rack/oauth2/models/auth_request.rb', line 44

def redirect_uri
  @redirect_uri
end

#response_type ⇒ Object (readonly)

Response type: either code or token.

# File 'lib/rack/oauth2/models/auth_request.rb', line 50

def response_type
  @response_type
end

#revoked ⇒ Object

Timestamp if revoked.

# File 'lib/rack/oauth2/models/auth_request.rb', line 58

def revoked
  @revoked
end

#scope ⇒ Object (readonly)

scope of this request: array of names.

# File 'lib/rack/oauth2/models/auth_request.rb', line 42

def scope
  @scope
end

#state ⇒ Object (readonly)

Client requested we return state on redirect.

# File 'lib/rack/oauth2/models/auth_request.rb', line 46

def state
  @state
end

Class Method Details

.collection ⇒ Object

# File 'lib/rack/oauth2/models/auth_request.rb', line 30

def collection
  prefix = Server.options[:collection_prefix]
  Server.database["#{prefix}.auth_requests"]
end

.create(client, scope, redirect_uri, response_type, state) ⇒ Object

Create a new authorization request. This holds state, so in addition to client ID and scope, we need to know the URL to redirect back to and any state value to pass back in that redirect.

# File 'lib/rack/oauth2/models/auth_request.rb', line 20

def create(client, scope, redirect_uri, response_type, state)
  scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope
  fields = { :client_id=>client.id, :scope=>scope, :redirect_uri=>client.redirect_uri || redirect_uri,
             :response_type=>response_type, :state=>state,
             :grant_code=>nil, :authorized_at=>nil,
             :created_at=>Time.now.to_i, :revoked=>nil }
  fields[:_id] = collection.insert(fields)
  Server.new_instance self, fields
end

.find(request_id) ⇒ Object

Find AuthRequest from identifier.

# File 'lib/rack/oauth2/models/auth_request.rb', line 11

def find(request_id)
  id = BSON::ObjectId(request_id.to_s)
  Server.new_instance self, collection.find_one(id)
rescue BSON::InvalidObjectId
end

Instance Method Details

#deny! ⇒ Object

Deny access.

# File 'lib/rack/oauth2/models/auth_request.rb', line 79

def deny!
  self.authorized_at = Time.now.to_i
  self.class.collection.update({ :_id=>id }, { :$set=>{ :authorized_at=>authorized_at } })
end

#grant!(identity, expires_in = nil) ⇒ Object

Grant access to the specified identity.

Raises:

• (ArgumentError)

# File 'lib/rack/oauth2/models/auth_request.rb', line 61

def grant!(identity, expires_in = nil)
  raise ArgumentError, "Must supply a identity" unless identity
  return if revoked
  client = Client.find(client_id) or return
  self.authorized_at = Time.now.to_i
  if response_type == "code" # Requested authorization code
    access_grant = AccessGrant.create(identity, client, scope, redirect_uri)
    self.grant_code = access_grant.code
    self.class.collection.update({ :_id=>id, :revoked=>nil }, { :$set=>{ :grant_code=>access_grant.code, :authorized_at=>authorized_at } })
  else # Requested access token
    access_token = AccessToken.get_token_for(identity, client, scope, expires_in)
    self.access_token = access_token.token
    self.class.collection.update({ :_id=>id, :revoked=>nil, :access_token=>nil }, { :$set=>{ :access_token=>access_token.token, :authorized_at=>authorized_at } })
  end
  true
end