Class: Doorkeeper::AccessToken
- Inherits:
-
Object
- Object
- Doorkeeper::AccessToken
- Includes:
- Rethinkdb::Timestamps, Models::Accessible, Models::Expirable, Models::Reusable, Models::Revocable, Models::Scopes, Models::SecretStorable, NoBrainer::Document, OAuth::Helpers
- Defined in:
- lib/support/orm/rethinkdb/access_token.rb
Instance Attribute Summary collapse
-
#use_refresh_token ⇒ Object
writeonly
Sets the attribute use_refresh_token.
Class Method Summary collapse
-
.by_previous_refresh_token(previous_refresh_token) ⇒ Doorkeeper::AccessToken?
Returns an instance of the Doorkeeper::AccessToken found by previous refresh token.
-
.by_refresh_token(refresh_token) ⇒ Doorkeeper::AccessToken?
Returns an instance of the Doorkeeper::AccessToken with specific token value.
-
.by_token(token) ⇒ Doorkeeper::AccessToken?
Returns an instance of the Doorkeeper::AccessToken with specific token value.
- .create_for(application:, resource_owner:, scopes:, **token_attributes) ⇒ Object
-
.fallback_secret_strategy ⇒ Object
Determine the fallback storing strategy Unless configured, there will be no fallback.
- .find_by_plaintext_token(attr, token) ⇒ Object
-
.find_or_create_for(application:, resource_owner:, scopes:, **token_attributes) ⇒ Doorkeeper::AccessToken
Looking for not expired AccessToken record with a matching set of scopes that belongs to specific Application and Resource Owner.
-
.last_authorized_token_for(application_id, resource_owner_id) ⇒ Doorkeeper::AccessToken?
Looking for not revoked Access Token record that belongs to specific Application and Resource Owner.
-
.matching_token_for(application, resource_owner_or_id, scopes) ⇒ Doorkeeper::AccessToken?
Looking for not expired Access Token with a matching set of scopes that belongs to specific Application and Resource Owner.
- .refresh_token_revoked_on_use? ⇒ Boolean
-
.revoke_all_for(application_id, resource_owner) ⇒ Object
Revokes AccessToken records that have not been revoked and associated with the specific Application and Resource Owner.
-
.scopes_match?(token_scopes, param_scopes, app_scopes) ⇒ Boolean
Checks whether the token scopes match the scopes from the parameters or Application scopes (if present).
-
.secret_strategy ⇒ Doorkeeper::SecretStoring::Base
Determines the secret storing transformer Unless configured otherwise, uses the plain secret strategy.
Instance Method Summary collapse
-
#acceptable?(scopes) ⇒ Boolean
Indicates if token is acceptable for specific scopes.
-
#as_json(_options = {}) ⇒ Hash
JSON representation of the Access Token instance.
- #lock! ⇒ Object
- #revoke(clock = Time) ⇒ Object
-
#revoke_previous_refresh_token! ⇒ Object
Revokes token with ‘:refresh_token` equal to `:previous_refresh_token` and clears `:previous_refresh_token` attribute.
-
#same_credential?(access_token) ⇒ Boolean
Indicates whether the token instance have the same credential as the other Access Token.
-
#token_type ⇒ Object
Access Token type: Bearer.
- #transaction ⇒ Object
- #use_refresh_token? ⇒ Boolean
Methods included from Rethinkdb::Timestamps
#created_at, #revoked_at, #revoked_at=
Instance Attribute Details
#use_refresh_token=(value) ⇒ Object (writeonly)
Sets the attribute use_refresh_token
18 19 20 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 18 def use_refresh_token=(value) @use_refresh_token = value end |
Class Method Details
.by_previous_refresh_token(previous_refresh_token) ⇒ Doorkeeper::AccessToken?
Returns an instance of the Doorkeeper::AccessToken found by previous refresh token. Keep in mind that value of the previous_refresh_token isn’t encrypted using secrets strategy.
86 87 88 89 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 86 def by_previous_refresh_token(previous_refresh_token) return nil unless previous_refresh_token.present? where(previous_refresh_token: previous_refresh_token).first end |
.by_refresh_token(refresh_token) ⇒ Doorkeeper::AccessToken?
Returns an instance of the Doorkeeper::AccessToken with specific token value.
71 72 73 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 71 def by_refresh_token(refresh_token) find_by_plaintext_token(:refresh_token, refresh_token) end |
.by_token(token) ⇒ Doorkeeper::AccessToken?
Returns an instance of the Doorkeeper::AccessToken with specific token value.
58 59 60 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 58 def by_token(token) find_by_plaintext_token(:token, token) end |
.create_for(application:, resource_owner:, scopes:, **token_attributes) ⇒ Object
200 201 202 203 204 205 206 207 208 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 200 def create_for(application:, resource_owner:, scopes:, **token_attributes) token_attributes[:application_id] = application&.id token_attributes[:scopes] = scopes.to_s resource_owner = resource_owner.try(:id) || resource_owner token_attributes[:resource_owner_id] = resource_owner || application.try(:owner_id) create!(**token_attributes) end |
.fallback_secret_strategy ⇒ Object
Determine the fallback storing strategy Unless configured, there will be no fallback
223 224 225 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 223 def fallback_secret_strategy ::Doorkeeper.config.token_secret_fallback_strategy end |
.find_by_plaintext_token(attr, token) ⇒ Object
44 45 46 47 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 44 def find_by_plaintext_token(attr, token) # We are not implementing the fallback strategy where(attr => secret_strategy.transform_secret(token.to_s)).first end |
.find_or_create_for(application:, resource_owner:, scopes:, **token_attributes) ⇒ Doorkeeper::AccessToken
Looking for not expired AccessToken record with a matching set of scopes that belongs to specific Application and Resource Owner. If it doesn’t exists - then creates it.
183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 183 def find_or_create_for(application:, resource_owner:, scopes:, **token_attributes) resource_owner = resource_owner.try(:id) || resource_owner if Doorkeeper.config.reuse_access_token access_token = matching_token_for(application, resource_owner, scopes) return access_token if access_token&.reusable? end create!( application_id: application.try(:id), resource_owner_id: resource_owner || application.try(:owner_id), scopes: scopes.to_s, **token_attributes, ) end |
.last_authorized_token_for(application_id, resource_owner_id) ⇒ Doorkeeper::AccessToken?
Looking for not revoked Access Token record that belongs to specific Application and Resource Owner.
116 117 118 119 120 121 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 116 def (application_id, resource_owner_id) resource_owner_id = resource_owner_id.try(:id) || resource_owner_id result = where(application_id: application_id, resource_owner_id: resource_owner_id).last return nil unless result result[:revoked_at] ? nil : result end |
.matching_token_for(application, resource_owner_or_id, scopes) ⇒ Doorkeeper::AccessToken?
Looking for not expired Access Token with a matching set of scopes that belongs to specific Application and Resource Owner.
136 137 138 139 140 141 142 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 136 def matching_token_for(application, resource_owner_or_id, scopes) resource_owner_id = resource_owner_or_id.try(:id) || resource_owner_or_id token = (application.try(:id), resource_owner_id) if token && scopes_match?(token.scopes, scopes, application.try(:scopes)) token end end |
.refresh_token_revoked_on_use? ⇒ Boolean
40 41 42 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 40 def refresh_token_revoked_on_use? true end |
.revoke_all_for(application_id, resource_owner) ⇒ Object
Revokes AccessToken records that have not been revoked and associated with the specific Application and Resource Owner.
99 100 101 102 103 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 99 def revoke_all_for(application_id, resource_owner) where(application_id: application_id, resource_owner_id: resource_owner.id).each do |at| at.revoke end end |
.scopes_match?(token_scopes, param_scopes, app_scopes) ⇒ Boolean
Checks whether the token scopes match the scopes from the parameters or Application scopes (if present).
157 158 159 160 161 162 163 164 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 157 def scopes_match?(token_scopes, param_scopes, app_scopes) (!token_scopes.present? && !param_scopes.present?) || Doorkeeper::OAuth::Helpers::ScopeChecker.match?( token_scopes.to_s, param_scopes, app_scopes ) end |
.secret_strategy ⇒ Doorkeeper::SecretStoring::Base
Determines the secret storing transformer Unless configured otherwise, uses the plain secret strategy
216 217 218 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 216 def secret_strategy ::Doorkeeper.config.token_secret_strategy end |
Instance Method Details
#acceptable?(scopes) ⇒ Boolean
Indicates if token is acceptable for specific scopes.
273 274 275 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 273 def acceptable?(scopes) accessible? && includes_scope?(*scopes) end |
#as_json(_options = {}) ⇒ Hash
JSON representation of the Access Token instance.
244 245 246 247 248 249 250 251 252 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 244 def as_json( = {}) { resource_owner_id: resource_owner_id, scopes: scopes, expires_in_seconds: expires_in_seconds, application: { uid: application.try(:uid) }, created_at: created_at.to_i } end |
#lock! ⇒ Object
316 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 316 def lock!; end |
#revoke(clock = Time) ⇒ Object
310 311 312 313 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 310 def revoke(clock = Time) self.revoked_at = clock.now.utc self.save! end |
#revoke_previous_refresh_token! ⇒ Object
Revokes token with ‘:refresh_token` equal to `:previous_refresh_token` and clears `:previous_refresh_token` attribute.
304 305 306 307 308 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 304 def revoke_previous_refresh_token! return unless self.class.refresh_token_revoked_on_use? self.previous_refresh_token = '' self.save! end |
#same_credential?(access_token) ⇒ Boolean
Indicates whether the token instance have the same credential as the other Access Token.
261 262 263 264 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 261 def same_credential?(access_token) application_id == access_token.application_id && resource_owner_id == access_token.resource_owner_id end |
#token_type ⇒ Object
Access Token type: Bearer.
232 233 234 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 232 def token_type 'bearer' end |
#transaction ⇒ Object
315 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 315 def transaction; yield; end |
#use_refresh_token? ⇒ Boolean
236 237 238 239 |
# File 'lib/support/orm/rethinkdb/access_token.rb', line 236 def use_refresh_token? @use_refresh_token ||= false !!@use_refresh_token end |