Module: DoorkeeperMongodb::Mixins::Mongoid::AccessTokenMixin::ClassMethods

Defined in:
lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb

Instance Method Summary collapse

Instance Method Details

#authorized_tokens_for(application_id, resource_owner) ⇒ Doorkeeper::AccessToken

Looking for not revoked Access Token records that belongs to specific Application and Resource Owner.

Parameters:

  • application_id (Integer)

    ID of the Application model instance

  • resource_owner (Mongoid::Document)

    ID of the Resource Owner model instance

Returns:



250
251
252
253
254
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 250

def authorized_tokens_for(application_id, resource_owner)
  send(order_method, created_at_desc)
    .by_resource_owner(resource_owner)
    .where(application_id: application_id, revoked_at: nil)
end

#by_previous_refresh_token(previous_refresh_token) ⇒ Object 



99
100
101
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 99

def by_previous_refresh_token(previous_refresh_token)
  where(refresh_token: previous_refresh_token).first
end

#by_refresh_token(refresh_token) ⇒ Doorkeeper::AccessToken?

Returns an instance of the Doorkeeper::AccessToken with specific token value.

Parameters:

  • refresh_token (#to_s)

    refresh token value (any object that responds to ‘#to_s`)

Returns:



81
82
83
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 81

def by_refresh_token(refresh_token)
  find_by_plaintext_token(:refresh_token, refresh_token)
end

#by_token(token) ⇒ Doorkeeper::AccessToken?

Returns an instance of the Doorkeeper::AccessToken with specific token value.

Parameters:

  • token (#to_s)

    token value (any object that responds to ‘#to_s`)

Returns:



68
69
70
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 68

def by_token(token)
  find_by_plaintext_token(:token, token)
end

#create_for(application:, resource_owner:, scopes:, **token_attributes) ⇒ Doorkeeper::AccessToken

Creates a not expired AccessToken record with a matching set of scopes that belongs to specific Application and Resource Owner.

Parameters:

  • application (Doorkeeper::Application)

    Application instance

  • resource_owner (Mongoid::Document, Integer)

    Resource Owner model instance or it’s ID

  • scopes (#to_s)

    set of scopes (any object that responds to ‘#to_s`)

  • token_attributes (Hash)

    Additional attributes to use when creating a token

Options Hash (**token_attributes):

  • :expires_in (Integer)

    token lifetime in seconds

  • :use_refresh_token (Boolean)

    whether to use the refresh token

Returns:



227
228
229
230
231
232
233
234
235
236
237
238
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 227

def create_for(application:, resource_owner:, scopes:, **token_attributes)
  token_attributes[:application_id] = application&.id
  token_attributes[:scopes] = scopes.to_s

  if Doorkeeper.configuration.try(:polymorphic_resource_owner?)
    token_attributes[:resource_owner] = resource_owner
  else
    token_attributes[:resource_owner_id] = resource_owner_id_for(resource_owner)
  end

  create!(token_attributes)
end

#fallback_secret_strategyObject 



275
276
277
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 275

def fallback_secret_strategy
  ::Doorkeeper.configuration.token_secret_fallback_strategy
end

#find_access_token_in_batches(relation, *_args, &block) ⇒ Object 



121
122
123
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 121

def find_access_token_in_batches(relation, *_args, &block)
  relation.all.each(&block)
end

#find_matching_token(relation, application, scopes) ⇒ Object 



125
126
127
128
129
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 125

def find_matching_token(relation, application, scopes)
  relation.detect do |token|
    scopes_match?(token.scopes, scopes, application.try(:scopes))
  end
end

#find_or_create_for(*args) ⇒ Doorkeeper::AccessToken

Looking for not expired AccessToken record with a matching set of scopes that belongs to specific Application and Resource Owner. If it doesn’t exists - then creates it.

Parameters:

  • application (Doorkeeper::Application)

    Application instance

  • resource_owner (Mongoid::Document, Integer)

    Resource Owner model instance or it’s ID

  • scopes (#to_s)

    set of scopes (any object that responds to ‘#to_s`)

  • expires_in (Integer)

    token lifetime in seconds

  • use_refresh_token (Boolean)

    whether to use the refresh token

Returns:



174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 174

def find_or_create_for(*args)
  # [NOTE]: For backward compatibility with Doorkeeper < 5.4
  attributes = if args.size > 1
                 {
                   application: args[0],
                   resource_owner: args[1],
                   scopes: args[2],
                   expires_in: args[3],
                   use_refresh_token: args[4],
                 }
               else
                 args.first
               end

  application = attributes[:application]
  resource_owner = attributes[:resource_owner]
  scopes = attributes[:scopes]
  expires_in = attributes[:expires_in]
  use_refresh_token = attributes[:use_refresh_token]

  if Doorkeeper.configuration.reuse_access_token
    access_token = matching_token_for(application, resource_owner, scopes)

    return access_token if access_token&.reusable?
  end

  create_for(
    application: application,
    resource_owner: resource_owner,
    scopes: scopes,
    expires_in: expires_in,
    use_refresh_token: use_refresh_token,
  )
end

#last_authorized_token_for(application_id, resource_owner) ⇒ Doorkeeper::AccessToken?

Convenience method for backwards-compatibility, return the last matching token for the given Application and Resource Owner.

Parameters:

  • application_id (Integer)

    ID of the Application model instance

  • resource_owner (Mongoid::Document, Integer)

    ID of the Resource Owner model instance

Returns:



267
268
269
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 267

def last_authorized_token_for(application_id, resource_owner)
  authorized_tokens_for(application_id, resource_owner).first
end

#matching_token_for(application, resource_owner, scopes) ⇒ Doorkeeper::AccessToken?

Looking for not revoked Access Token with a matching set of scopes that belongs to specific Application and Resource Owner.

Parameters:

  • application (Doorkeeper::Application)

    Application instance

  • resource_owner (Mongoid::Document, Integer)

    Resource Owner model instance or it’s ID

  • scopes (String, Doorkeeper::OAuth::Scopes)

    set of scopes

Returns:



116
117
118
119
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 116

def matching_token_for(application, resource_owner, scopes)
  tokens = authorized_tokens_for(application&.id, resource_owner)
  find_matching_token(tokens, application, scopes)
end

#revoke_all_for(application_id, resource_owner, clock = Time) ⇒ Object

Revokes AccessToken records that have not been revoked and associated with the specific Application and Resource Owner.

Parameters:

  • application_id (Integer)

    ID of the Application

  • resource_owner (Mongoid::Document)

    instance of the Resource Owner model



93
94
95
96
97
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 93

def revoke_all_for(application_id, resource_owner, clock = Time)
  by_resource_owner(resource_owner)
    .where(application_id: application_id, revoked_at: nil)
    .update_all(revoked_at: clock.now.utc)
end

#scopes_match?(token_scopes, param_scopes, app_scopes) ⇒ Boolean

Checks whether the token scopes match the scopes from the parameters or Application scopes (if present).

Parameters:

  • token_scopes (#to_s)

    set of scopes (any object that responds to ‘#to_s`)

  • param_scopes (Doorkeeper::OAuth::Scopes)

    scopes from params

  • app_scopes (Doorkeeper::OAuth::Scopes)

    Application scopes

Returns:

  • (Boolean)

    true if the param scopes match the token scopes, and all the param scopes are defined in the application (or in the server configuration if the application doesn’t define any scopes), and false in other cases



146
147
148
149
150
151
152
153
154
155
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 146

def scopes_match?(token_scopes, param_scopes, app_scopes)
  return true if token_scopes.empty? && param_scopes.empty?

  (token_scopes.sort == param_scopes.sort) &&
    Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
      scope_str: param_scopes.to_s,
      server_scopes: Doorkeeper.configuration.scopes,
      app_scopes: app_scopes,
    )
end

#secret_strategyObject 



271
272
273
 
# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 271

def secret_strategy
  ::Doorkeeper.configuration.token_secret_strategy
end