Module: DoorkeeperMongodb::Mixins::Mongoid::AccessTokenMixin::ClassMethods

Defined in:

lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb

Instance Method Summary

• #authorized_tokens_for(application_id, resource_owner) ⇒ Doorkeeper::AccessToken

  Looking for not revoked Access Token records that belongs to specific Application and Resource Owner.

• #by_previous_refresh_token(previous_refresh_token) ⇒ Object
• #by_refresh_token(refresh_token) ⇒ Doorkeeper::AccessToken^?

  Returns an instance of the Doorkeeper::AccessToken with specific token value.

• #by_token(token) ⇒ Doorkeeper::AccessToken^?

  Returns an instance of the Doorkeeper::AccessToken with specific token value.

• #create_for(application:, resource_owner:, scopes:, **token_attributes) ⇒ Doorkeeper::AccessToken

  Creates a not expired AccessToken record with a matching set of scopes that belongs to specific Application and Resource Owner.

• #fallback_secret_strategy ⇒ Object
• #find_access_token_in_batches(relation, *_args, &block) ⇒ Object
• #find_matching_token(relation, application, scopes) ⇒ Object
• #find_or_create_for(*args) ⇒ Doorkeeper::AccessToken

  Looking for not expired AccessToken record with a matching set of scopes that belongs to specific Application and Resource Owner.

• #last_authorized_token_for(application_id, resource_owner) ⇒ Doorkeeper::AccessToken^?

  Convenience method for backwards-compatibility, return the last matching token for the given Application and Resource Owner.

• #matching_token_for(application, resource_owner, scopes, include_expired: true) ⇒ Doorkeeper::AccessToken^?

  Looking for not revoked Access Token with a matching set of scopes that belongs to specific Application and Resource Owner.

• #revoke_all_for(application_id, resource_owner, clock = Time) ⇒ Object

  Revokes AccessToken records that have not been revoked and associated with the specific Application and Resource Owner.

• #scopes_match?(token_scopes, param_scopes, app_scopes) ⇒ Boolean

  Checks whether the token scopes match the scopes from the parameters or Application scopes (if present).

• #secret_strategy ⇒ Object

Instance Method Details

#authorized_tokens_for(application_id, resource_owner) ⇒ Doorkeeper::AccessToken

Looking for not revoked Access Token records that belongs to specific Application and Resource Owner.

Parameters:

• application_id (Integer) —

  ID of the Application model instance

• resource_owner (Mongoid::Document) —

  ID of the Resource Owner model instance

Returns:

• (Doorkeeper::AccessToken) —

  array of matching AccessToken objects

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 276

def authorized_tokens_for(application_id, resource_owner)
  send(order_method, created_at_desc)
    .by_resource_owner(resource_owner)
    .where(application_id: application_id, revoked_at: nil)
end

#by_previous_refresh_token(previous_refresh_token) ⇒ Object

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 119

def by_previous_refresh_token(previous_refresh_token)
  where(refresh_token: previous_refresh_token).first
end

#by_refresh_token(refresh_token) ⇒ Doorkeeper::AccessToken^?

Returns an instance of the Doorkeeper::AccessToken with specific token value.

Parameters:

• refresh_token (#to_s) —

  refresh token value (any object that responds to ‘#to_s`)

Returns:

• (Doorkeeper::AccessToken, nil) —

  AccessToken object or nil if there is no record with such refresh token

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 101

def by_refresh_token(refresh_token)
  find_by_plaintext_token(:refresh_token, refresh_token)
end

#by_token(token) ⇒ Doorkeeper::AccessToken^?

Returns an instance of the Doorkeeper::AccessToken with specific token value.

Parameters:

• token (#to_s) —

  token value (any object that responds to ‘#to_s`)

Returns:

• (Doorkeeper::AccessToken, nil) —

  AccessToken object or nil if there is no record with such token

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 88

def by_token(token)
  find_by_plaintext_token(:token, token)
end

#create_for(application:, resource_owner:, scopes:, **token_attributes) ⇒ Doorkeeper::AccessToken

Creates a not expired AccessToken record with a matching set of scopes that belongs to specific Application and Resource Owner.

Parameters:

• application (Doorkeeper::Application) —

  Application instance

• resource_owner (Mongoid::Document, Integer) —

  Resource Owner model instance or it’s ID

• scopes (#to_s) —

  set of scopes (any object that responds to ‘#to_s`)

• token_attributes (Hash) —

  Additional attributes to use when creating a token

Options Hash (**token_attributes):

• :expires_in (Integer) —

  token lifetime in seconds

• :use_refresh_token (Boolean) —

  whether to use the refresh token

Returns:

• (Doorkeeper::AccessToken) —

  new access token

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 253

def create_for(application:, resource_owner:, scopes:, **token_attributes)
  token_attributes[:application_id] = application&.id
  token_attributes[:scopes] = scopes.to_s

  if Doorkeeper.configuration.try(:polymorphic_resource_owner?)
    token_attributes[:resource_owner] = resource_owner
  else
    token_attributes[:resource_owner_id] = resource_owner_id_for(resource_owner)
  end

  create!(token_attributes)
end

#fallback_secret_strategy ⇒ Object

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 301

def fallback_secret_strategy
  ::Doorkeeper.configuration.token_secret_fallback_strategy
end

#find_access_token_in_batches(relation, *_args, &block) ⇒ Object

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 142

def find_access_token_in_batches(relation, *_args, &block)
  relation.all.each(&block)
end

#find_matching_token(relation, application, scopes) ⇒ Object

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 146

def find_matching_token(relation, application, scopes)
  relation.detect do |token|
    scopes_match?(token.scopes, scopes, application.try(:scopes))
  end
end

#find_or_create_for(*args) ⇒ Doorkeeper::AccessToken

Looking for not expired AccessToken record with a matching set of scopes that belongs to specific Application and Resource Owner. If it doesn’t exists - then creates it.

Parameters:

• application (Doorkeeper::Application) —

  Application instance

• resource_owner (Mongoid::Document, Integer) —

  Resource Owner model instance or it’s ID

• scopes (#to_s) —

  set of scopes (any object that responds to ‘#to_s`)

• expires_in (Integer) —

  token lifetime in seconds

• use_refresh_token (Boolean) —

  whether to use the refresh token

Returns:

• (Doorkeeper::AccessToken) —

  existing record or a new one

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 195

def find_or_create_for(*args)
  # [NOTE]: For backward compatibility with Doorkeeper < 5.4
  attributes = if args.size > 1
                 {
                   application: args[0],
                   resource_owner: args[1],
                   scopes: args[2],
                   expires_in: args[3],
                   use_refresh_token: args[4],
                 }
               else
                 args.first
               end

  application = attributes[:application]
  resource_owner = attributes[:resource_owner]
  scopes = attributes[:scopes]
  expires_in = attributes[:expires_in]
  use_refresh_token = attributes[:use_refresh_token]

  token_attributes = attributes.except(
    :application, :resource_owner, :scopes, :expires_in, :use_refresh_token
  )

  if Doorkeeper.configuration.reuse_access_token
    access_token = matching_token_for(application, resource_owner, scopes)

    return access_token if access_token&.reusable?
  end

  create_for(
    application: application,
    resource_owner: resource_owner,
    scopes: scopes,
    expires_in: expires_in,
    use_refresh_token: use_refresh_token,
    **token_attributes,
  )
end

#last_authorized_token_for(application_id, resource_owner) ⇒ Doorkeeper::AccessToken^?

Convenience method for backwards-compatibility, return the last matching token for the given Application and Resource Owner.

Parameters:

• application_id (Integer) —

  ID of the Application model instance

• resource_owner (Mongoid::Document, Integer) —

  ID of the Resource Owner model instance

Returns:

• (Doorkeeper::AccessToken, nil) —

  matching AccessToken object or nil if nothing was found

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 293

def last_authorized_token_for(application_id, resource_owner)
  authorized_tokens_for(application_id, resource_owner).first
end

#matching_token_for(application, resource_owner, scopes, include_expired: true) ⇒ Doorkeeper::AccessToken^?

Looking for not revoked Access Token with a matching set of scopes that belongs to specific Application and Resource Owner.

Parameters:

• application (Doorkeeper::Application) —

  Application instance

• resource_owner (Mongoid::Document, Integer) —

  Resource Owner model instance or it’s ID

• scopes (String, Doorkeeper::OAuth::Scopes) —

  set of scopes

Returns:

• (Doorkeeper::AccessToken, nil) —

  Access Token instance or nil if matching record was not found

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 136

def matching_token_for(application, resource_owner, scopes, include_expired: true)
  tokens = authorized_tokens_for(application&.id, resource_owner)
  tokens = tokens.not_expired unless include_expired
  find_matching_token(tokens, application, scopes)
end

#revoke_all_for(application_id, resource_owner, clock = Time) ⇒ Object

Revokes AccessToken records that have not been revoked and associated with the specific Application and Resource Owner.

Parameters:

• application_id (Integer) —

  ID of the Application

• resource_owner (Mongoid::Document) —

  instance of the Resource Owner model

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 113

def revoke_all_for(application_id, resource_owner, clock = Time)
  by_resource_owner(resource_owner)
    .where(application_id: application_id, revoked_at: nil)
    .update_all(revoked_at: clock.now.utc)
end

#scopes_match?(token_scopes, param_scopes, app_scopes) ⇒ Boolean

Checks whether the token scopes match the scopes from the parameters or Application scopes (if present).

Parameters:

• token_scopes (#to_s) —

  set of scopes (any object that responds to ‘#to_s`)

• param_scopes (Doorkeeper::OAuth::Scopes) —

  scopes from params

• app_scopes (Doorkeeper::OAuth::Scopes) —

  Application scopes

Returns:

• (Boolean) —

  true if the param scopes match the token scopes, and all the param scopes are defined in the application (or in the server configuration if the application doesn’t define any scopes), and false in other cases

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 167

def scopes_match?(token_scopes, param_scopes, app_scopes)
  return true if token_scopes.empty? && param_scopes.empty?

  (token_scopes.sort == param_scopes.sort) &&
    Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
      scope_str: param_scopes.to_s,
      server_scopes: Doorkeeper.configuration.scopes,
      app_scopes: app_scopes,
    )
end

#secret_strategy ⇒ Object

# File 'lib/doorkeeper-mongodb/mixins/mongoid/access_token_mixin.rb', line 297

def secret_strategy
  ::Doorkeeper.configuration.token_secret_strategy
end