Class: GrapeSimpleAuth::Oauth2

Inherits:

Grape::Middleware::Base

• Object
• Grape::Middleware::Base
• GrapeSimpleAuth::Oauth2

Defined in:

lib/grape_simple_auth/oauth2.rb

Instance Attribute Summary

• #auth_strategy ⇒ Object readonly

  Returns the value of attribute auth_strategy.

Instance Method Summary

• #auth_scopes ⇒ Object
• #authorize!(*scopes) ⇒ Object
• #before ⇒ Object

  Grape middleware methods.

• #context ⇒ Object
• #endpoint_protected? ⇒ Boolean

  Authorization control.

• #optional_endpoint? ⇒ Boolean
• #request ⇒ Object
• #the_request=(env) ⇒ Object
• #token ⇒ Object

Instance Attribute Details

#auth_strategy ⇒ Object (readonly)

Returns the value of attribute auth_strategy.

# File 'lib/grape_simple_auth/oauth2.rb', line 5

def auth_strategy
  @auth_strategy
end

Instance Method Details

#auth_scopes ⇒ Object

# File 'lib/grape_simple_auth/oauth2.rb', line 46

def auth_scopes
  return *nil unless auth_strategy.has_auth_scopes?
  auth_strategy.auth_scopes
end

#authorize!(*scopes) ⇒ Object

Raises:

• (GrapeSimpleAuth::Errors::InvalidToken)

# File 'lib/grape_simple_auth/oauth2.rb', line 51

def authorize!(*scopes)
  response = HTTParty.get(GrapeSimpleAuth.verify_url, {query: {access_token: token}})
  if response.code == 200
    scopes = response.parsed_response["data"]["credential"]["scopes"]
    unless auth_strategy.auth_scopes & scopes == auth_strategy.auth_scopes
      raise GrapeSimpleAuth::Errors::InvalidScope
    end
    return response
  end
  raise GrapeSimpleAuth::Errors::InvalidToken
end

#before ⇒ Object

Grape middleware methods

# File 'lib/grape_simple_auth/oauth2.rb', line 67

def before
  set_auth_strategy(GrapeSimpleAuth.auth_strategy)
  auth_strategy.api_context = context
  context.extend(GrapeSimpleAuth::AuthMethods)

  context.protected_endpoint = endpoint_protected?
  context.optional_endpoint = optional_endpoint?

  return unless context.protected_endpoint? || context.optional_endpoint?
  
  self.the_request = env
  
  if token.present? && (context.protected_endpoint? || context.optional_endpoint?)
    resp = authorize!(*auth_scopes)
    context.the_access_token = token
    context.current_user = resp.parsed_response["data"]["info"] rescue nil
    context.credentials = resp.parsed_response["data"]["credential"] rescue nil
  elsif token.nil? && context.protected_endpoint?
    raise GrapeSimpleAuth::Errors::InvalidToken
  end
end

#context ⇒ Object

# File 'lib/grape_simple_auth/oauth2.rb', line 7

def context
  env['api.endpoint']
end

#endpoint_protected? ⇒ Boolean

Authorization control.

Returns:

• (Boolean)

# File 'lib/grape_simple_auth/oauth2.rb', line 38

def endpoint_protected?
  auth_strategy.endpoint_protected?
end

#optional_endpoint? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/grape_simple_auth/oauth2.rb', line 42

def optional_endpoint?
  auth_strategy.optional_endpoint?
end

#request ⇒ Object

# File 'lib/grape_simple_auth/oauth2.rb', line 15

def request
  @_the_request
end

#the_request=(env) ⇒ Object

# File 'lib/grape_simple_auth/oauth2.rb', line 11

def the_request=(env)
  @_the_request = ActionDispatch::Request.new(env)
end

#token ⇒ Object

# File 'lib/grape_simple_auth/oauth2.rb', line 19

def token
  token = if request.headers["Authorization"].present?
    if request.headers["Authorization"].include?("bearer")
      request.headers["Authorization"].try("split", "bearer").try(:last).try(:strip)
    elsif request.headers["Authorization"].include?("Bearer")
      request.headers["Authorization"].try("split", "Bearer").try(:last).try(:strip)
    else
      request.headers["Authorization"]
    end
  else
    request.parameters["access_token"]
  end
end