Class: Doorkeeper::AccessGrant
- Inherits:
-
Object
- Object
- Doorkeeper::AccessGrant
- Includes:
- Models::Accessible, Models::Expirable, Models::Revocable, Models::Scopes, Models::SecretStorable, NoBrainer::Document, OAuth::Helpers, Timestamps
- Defined in:
- lib/support/orm/rethinkdb/access_grant.rb
Class Method Summary collapse
- .by_token(token) ⇒ Object
-
.fallback_secret_strategy ⇒ Doorkeeper::SecretStoring::Base
Determine the fallback storing strategy Unless configured, there will be no fallback.
- .find_by_plaintext_token(attr, token) ⇒ Object
-
.generate_code_challenge(code_verifier) ⇒ #to_s
suitable for PKCE validation.
- .pkce_supported? ⇒ Boolean
-
.secret_strategy ⇒ Doorkeeper::SecretStoring::Base
Determines the secret storing transformer Unless configured otherwise, uses the plain secret strategy.
Instance Method Summary collapse
- #lock! ⇒ Object
-
#plaintext_token ⇒ Object
We keep a volatile copy of the raw token for initial communication The stored refresh_token may be mapped and not available in cleartext.
- #revoke(clock = Time) ⇒ Object
- #transaction ⇒ Object
- #uses_pkce? ⇒ Boolean
Class Method Details
.by_token(token) ⇒ Object
35 36 37 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 35 def by_token(token) find_by_plaintext_token(:token, token) end |
.fallback_secret_strategy ⇒ Doorkeeper::SecretStoring::Base
Determine the fallback storing strategy Unless configured, there will be no fallback
74 75 76 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 74 def fallback_secret_strategy ::Doorkeeper.config.token_secret_fallback_strategy end |
.find_by_plaintext_token(attr, token) ⇒ Object
39 40 41 42 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 39 def find_by_plaintext_token(attr, token) # We are not implementing the fallback strategy where(attr => secret_strategy.transform_secret(token.to_s)).first end |
.generate_code_challenge(code_verifier) ⇒ #to_s
suitable for PKCE validation
49 50 51 52 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 49 def generate_code_challenge(code_verifier) padded_result = Base64.urlsafe_encode64(Digest::SHA256.digest(code_verifier)) padded_result.split("=")[0] # Remove any trailing '=' end |
.pkce_supported? ⇒ Boolean
54 55 56 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 54 def pkce_supported? true end |
.secret_strategy ⇒ Doorkeeper::SecretStoring::Base
Determines the secret storing transformer Unless configured otherwise, uses the plain secret strategy
64 65 66 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 64 def secret_strategy ::Doorkeeper.config.token_secret_strategy end |
Instance Method Details
#lock! ⇒ Object
83 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 83 def lock!; end |
#plaintext_token ⇒ Object
We keep a volatile copy of the raw token for initial communication The stored refresh_token may be mapped and not available in cleartext.
Some strategies allow restoring stored secrets (e.g. symmetric encryption) while hashing strategies do not, so you cannot rely on this value returning a present value for persisted tokens.
95 96 97 98 99 100 101 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 95 def plaintext_token if secret_strategy.allows_restoring_secrets? secret_strategy.restore_secret(self, :token) else @raw_token end end |
#revoke(clock = Time) ⇒ Object
103 104 105 106 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 103 def revoke(clock = Time) self.revoked_at = clock.now.utc self.save! end |
#transaction ⇒ Object
82 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 82 def transaction; yield; end |
#uses_pkce? ⇒ Boolean
85 86 87 |
# File 'lib/support/orm/rethinkdb/access_grant.rb', line 85 def uses_pkce? self.code_challenge.present? end |