Class: PadlockAuth::Token::AccessToken

Inherits:
AbstractAccessToken show all
Includes:
Mixins::HideAttribute
Defined in:
lib/padlock_auth/token/access_token.rb

Overview

Access token for simple token authentication.

Represents a string token that is compared to a secret key.

Does not allow for scopes, so it will always return false for any required

Instance Method Summary collapse

Methods inherited from AbstractAccessToken

#acceptable?, #invalid_token_reason

Constructor Details

#initialize(token, secret_key) ⇒ AccessToken

Initialize the access token with a token and secret key.



21
22
23
24
 
# File 'lib/padlock_auth/token/access_token.rb', line 21

def initialize(token, secret_key)
  @token = token
  @secret_key = secret_key
end

Instance Method Details

#accessible?Boolean

Check if the token matches the secret key.



30
31
32
33
 
# File 'lib/padlock_auth/token/access_token.rb', line 30

def accessible?
  # Compare the tokens in a time-constant manner, to mitigate timing attacks.
  ActiveSupport::SecurityUtils.secure_compare(@token, @secret_key)
end

#forbidden_token_reasonObject

The token secret_key does not permit any required scopes, so display a generic message



50
51
52
 
# File 'lib/padlock_auth/token/access_token.rb', line 50

def forbidden_token_reason
  :unknown
end

#includes_scope?(required_scopes) ⇒ Boolean

Check if the token includes the required scopes.

Simple tokens do not include scopes, so this method will return false for any required scopes.



42
43
44
45
46
 
# File 'lib/padlock_auth/token/access_token.rb', line 42

def includes_scope?(required_scopes)
  required_scopes.none?.tap do |result|
    Kernel.warn "[PADLOCK_AUTH] #{self.class} does not permit any required scopes" unless result
  end
end