Class: Rack::OAuth2::Server::AccessToken
- Inherits:
-
Object
- Object
- Rack::OAuth2::Server::AccessToken
- Defined in:
- lib/rack/oauth2/models/access_token.rb
Overview
Access token. This is what clients use to access resources.
An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.
Instance Attribute Summary collapse
-
#_id ⇒ Object
(also: #token)
readonly
Access token.
-
#client_id ⇒ Object
readonly
Client that was granted this access token.
-
#created_at ⇒ Object
readonly
When token was granted.
-
#expires_at ⇒ Object
readonly
When token expires for good.
-
#identity ⇒ Object
readonly
The identity we authorized access to.
-
#last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
-
#prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
-
#revoked ⇒ Object
Timestamp if revoked.
-
#scope ⇒ Object
readonly
The scope granted to this token.
Class Method Summary collapse
- .collection ⇒ Object
-
.count(filter = {}) ⇒ Object
Returns count of access tokens.
-
.for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
-
.from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
-
.from_token(token) ⇒ Object
Find AccessToken from token.
-
.get_token_for(identity, client, scope) ⇒ Object
Get an access token (create new one if necessary).
- .historical(filter = {}) ⇒ Object
Instance Method Summary collapse
-
#access! ⇒ Object
Updates the last access timestamp.
-
#revoke! ⇒ Object
Revokes this access token.
Instance Attribute Details
#_id ⇒ Object (readonly) Also known as: token
Access token. As unique as they come.
81 82 83 |
# File 'lib/rack/oauth2/models/access_token.rb', line 81 def _id @_id end |
#client_id ⇒ Object (readonly)
Client that was granted this access token.
86 87 88 |
# File 'lib/rack/oauth2/models/access_token.rb', line 86 def client_id @client_id end |
#created_at ⇒ Object (readonly)
When token was granted.
90 91 92 |
# File 'lib/rack/oauth2/models/access_token.rb', line 90 def created_at @created_at end |
#expires_at ⇒ Object (readonly)
When token expires for good.
92 93 94 |
# File 'lib/rack/oauth2/models/access_token.rb', line 92 def expires_at @expires_at end |
#identity ⇒ Object (readonly)
The identity we authorized access to.
84 85 86 |
# File 'lib/rack/oauth2/models/access_token.rb', line 84 def identity @identity end |
#last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
96 97 98 |
# File 'lib/rack/oauth2/models/access_token.rb', line 96 def last_access @last_access end |
#prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
98 99 100 |
# File 'lib/rack/oauth2/models/access_token.rb', line 98 def prev_access @prev_access end |
#revoked ⇒ Object
Timestamp if revoked.
94 95 96 |
# File 'lib/rack/oauth2/models/access_token.rb', line 94 def revoked @revoked end |
#scope ⇒ Object (readonly)
The scope granted to this token.
88 89 90 |
# File 'lib/rack/oauth2/models/access_token.rb', line 88 def scope @scope end |
Class Method Details
.collection ⇒ Object
75 76 77 |
# File 'lib/rack/oauth2/models/access_token.rb', line 75 def collection Server.database["oauth2.access_tokens"] end |
.count(filter = {}) ⇒ Object
Returns count of access tokens.
50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/rack/oauth2/models/access_token.rb', line 50 def count(filter = {}) select = {} if filter[:days] now = Time.now.to_i range = { :$gt=>now - filter[:days] * 86400, :$lte=>now } select[ filter[:revoked] ? :revoked : :created_at ] = range elsif filter.has_key?(:revoked) select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil } end select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id] collection.find(select).count end |
.for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
38 39 40 41 42 |
# File 'lib/rack/oauth2/models/access_token.rb', line 38 def for_client(client_id, offset = 0, limit = 100) client_id = BSON::ObjectId(client_id.to_s) collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }). map { |token| Server.new_instance self, token } end |
.from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
32 33 34 |
# File 'lib/rack/oauth2/models/access_token.rb', line 32 def from_identity(identity) collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields } end |
.from_token(token) ⇒ Object
Find AccessToken from token. Does not return revoked tokens.
13 14 15 |
# File 'lib/rack/oauth2/models/access_token.rb', line 13 def from_token(token) Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil }) end |
.get_token_for(identity, client, scope) ⇒ Object
Get an access token (create new one if necessary).
18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/rack/oauth2/models/access_token.rb', line 18 def get_token_for(identity, client, scope) raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope unless token = collection.find_one({ :identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil }) token = { :_id=>Server.secure_random, :identity=>identity, :scope=>scope, :client_id=>client.id, :created_at=>Time.now.to_i, :expires_at=>nil, :revoked=>nil } collection.insert token Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } }) end Server.new_instance self, token end |
.historical(filter = {}) ⇒ Object
63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/rack/oauth2/models/access_token.rb', line 63 def historical(filter = {}) days = filter[:days] || 60 select = { :$gt=> { :created_at=>Time.now - 86400 * days } } select = {} if filter[:client_id] select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) end raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }", select, { :granted=>0 }, "function (token, state) { state.granted++ }") raw.sort { |a, b| a["ts"] - b["ts"] } end |
Instance Method Details
#access! ⇒ Object
Updates the last access timestamp.
101 102 103 104 105 106 107 |
# File 'lib/rack/oauth2/models/access_token.rb', line 101 def access! today = (Time.now.to_i / 3600) * 3600 if last_access.nil? || last_access < today AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } }) self.last_access = today end end |
#revoke! ⇒ Object
Revokes this access token.
110 111 112 113 114 |
# File 'lib/rack/oauth2/models/access_token.rb', line 110 def revoke! self.revoked = Time.now.to_i AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } }) Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } }) end |