Class: OAuth2::Provider::Authorization

Inherits:
Object
  • Object
show all
Defined in:
lib/oauth2/provider/authorization.rb

Constant Summary collapse

REQUIRED_PARAMS = 
[RESPONSE_TYPE, CLIENT_ID, REDIRECT_URI]
VALID_PARAMS = 
REQUIRED_PARAMS + [SCOPE, STATE]
VALID_RESPONSES = 
[CODE, TOKEN, CODE_AND_TOKEN]

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resource_owner, params) ⇒ Authorization

Returns a new instance of Authorization.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/oauth2/provider/authorization.rb', line 14

def initialize(resource_owner, params)
  @owner  = resource_owner
  @params = params
  @scope  = params[SCOPE]
  @state  = params[STATE]
  
  validate!
  return unless @owner and not @error
  
  @model = Model::Authorization.for(@owner, @client)
  return unless @model and @model.in_scope?(scopes) and not @model.expired?
  
  @authorized = true
  @code = @model.generate_code
end

Instance Attribute Details

#access_tokenObject (readonly)

Returns the value of attribute access_token.



5
6
7
 
# File 'lib/oauth2/provider/authorization.rb', line 5

def access_token
  @access_token
end

#clientObject (readonly)

Returns the value of attribute client.



5
6
7
 
# File 'lib/oauth2/provider/authorization.rb', line 5

def client
  @client
end

#codeObject (readonly)

Returns the value of attribute code.



5
6
7
 
# File 'lib/oauth2/provider/authorization.rb', line 5

def code
  @code
end

#errorObject (readonly)

Returns the value of attribute error.



5
6
7
 
# File 'lib/oauth2/provider/authorization.rb', line 5

def error
  @error
end

#error_descriptionObject (readonly)

Returns the value of attribute error_description.



5
6
7
 
# File 'lib/oauth2/provider/authorization.rb', line 5

def error_description
  @error_description
end

#expires_inObject (readonly)

Returns the value of attribute expires_in.



5
6
7
 
# File 'lib/oauth2/provider/authorization.rb', line 5

def expires_in
  @expires_in
end

#ownerObject (readonly)

Returns the value of attribute owner.



5
6
7
 
# File 'lib/oauth2/provider/authorization.rb', line 5

def owner
  @owner
end

#refresh_tokenObject (readonly)

Returns the value of attribute refresh_token.



5
6
7
 
# File 'lib/oauth2/provider/authorization.rb', line 5

def refresh_token
  @refresh_token
end

Instance Method Details

#deny_access!Object 



57
58
59
60
61
 
# File 'lib/oauth2/provider/authorization.rb', line 57

def deny_access!
  @code = @access_token = @refresh_token = nil
  @error = ACCESS_DENIED
  @error_description = "The user denied you access"
end

#grant_access!(options = {}) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/oauth2/provider/authorization.rb', line 38

def grant_access!(options = {})
  @model = Model::Authorization.for_response_type(@params[RESPONSE_TYPE],
    :owner    => @owner,
    :client   => @client,
    :scope    => @scope,
    :duration => options[:duration])
  
  @code          = @model.code
  @access_token  = @model.access_token
  @refresh_token = @model.refresh_token
  @expires_in    = @model.expires_in
  
  unless @params[RESPONSE_TYPE] == CODE
    @expires_in  = @model.expires_in
  end
  
  @authorized = true
end

#paramsObject 



63
64
65
66
67
 
# File 'lib/oauth2/provider/authorization.rb', line 63

def params
  params = {}
  VALID_PARAMS.each { |key| params[key] = @params[key] if @params.has_key?(key) }
  params
end

#redirect?Boolean

Returns:

  • (Boolean) 


69
70
71
 
# File 'lib/oauth2/provider/authorization.rb', line 69

def redirect?
  @client and (@authorized or not valid?)
end

#redirect_uriObject 



73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/oauth2/provider/authorization.rb', line 73

def redirect_uri
  return nil unless @client
  base_redirect_uri = @client.redirect_uri
  
  if not valid?
    query = to_query_string(ERROR, ERROR_DESCRIPTION, STATE)
    "#{ base_redirect_uri }?#{ query }"
  
  elsif @params[RESPONSE_TYPE] == CODE_AND_TOKEN
    query    = to_query_string(CODE, STATE)
    fragment = to_query_string(ACCESS_TOKEN, EXPIRES_IN, SCOPE)
    "#{ base_redirect_uri }#{ query.empty? ? '' : '?' + query }##{ fragment }"
  
  elsif @params[RESPONSE_TYPE] == 'token'
    fragment = to_query_string(ACCESS_TOKEN, EXPIRES_IN, SCOPE, STATE)
    "#{ base_redirect_uri }##{ fragment }"
  
  else
    query = to_query_string(CODE, SCOPE, STATE)
    "#{ base_redirect_uri }?#{ query }"
  end
end

#response_bodyObject 



96
97
98
99
100
101
 
# File 'lib/oauth2/provider/authorization.rb', line 96

def response_body
  return nil if @client and valid?
  JSON.unparse(
    ERROR             => INVALID_REQUEST,
    ERROR_DESCRIPTION => 'This is not a valid OAuth request')
end

#response_headersObject 



103
104
105
 
# File 'lib/oauth2/provider/authorization.rb', line 103

def response_headers
  valid? ? {} : Exchange::RESPONSE_HEADERS
end

#response_statusObject 



107
108
109
110
 
# File 'lib/oauth2/provider/authorization.rb', line 107

def response_status
  return 200 if valid?
  @client ? 302 : 400
end

#scopesObject 



30
31
32
 
# File 'lib/oauth2/provider/authorization.rb', line 30

def scopes
  @scope ? @scope.split(/\s+/).delete_if { |s| s.empty? } : []
end

#unauthorized_scopesObject 



34
35
36
 
# File 'lib/oauth2/provider/authorization.rb', line 34

def unauthorized_scopes
  @model ? scopes.select { |s| not @model.in_scope?(s) } : scopes
end

#valid?Boolean

Returns:

  • (Boolean) 


112
113
114
 
# File 'lib/oauth2/provider/authorization.rb', line 112

def valid?
  @error.nil?
end