Class: Rack::OAuth2::Server::AuthRequest

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/oauth2/models/auth_request.rb

Overview

Authorization request. Represents request on behalf of client to access particular scope. Use this to keep state from incoming authorization request to grant/deny redirect.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#_idObject (readonly) Also known as: id

Request identifier. We let the database pick this one out.



35
36
37
# File 'lib/rack/oauth2/models/auth_request.rb', line 35

def _id
  @_id
end

#access_tokenObject

If granted, the access token.



52
53
54
# File 'lib/rack/oauth2/models/auth_request.rb', line 52

def access_token
  @access_token
end

#authorized_atObject

Keeping track of things.



54
55
56
# File 'lib/rack/oauth2/models/auth_request.rb', line 54

def authorized_at
  @authorized_at
end

#client_idObject (readonly)

Client making this request.



38
39
40
# File 'lib/rack/oauth2/models/auth_request.rb', line 38

def client_id
  @client_id
end

#created_atObject (readonly)

Does what it says on the label.



46
47
48
# File 'lib/rack/oauth2/models/auth_request.rb', line 46

def created_at
  @created_at
end

#grant_codeObject

If granted, the access grant code.



50
51
52
# File 'lib/rack/oauth2/models/auth_request.rb', line 50

def grant_code
  @grant_code
end

#redirect_uriObject (readonly)

Redirect back to this URL.



42
43
44
# File 'lib/rack/oauth2/models/auth_request.rb', line 42

def redirect_uri
  @redirect_uri
end

#response_typeObject (readonly)

Response type: either code or token.



48
49
50
# File 'lib/rack/oauth2/models/auth_request.rb', line 48

def response_type
  @response_type
end

#revokedObject

Timestamp if revoked.



56
57
58
# File 'lib/rack/oauth2/models/auth_request.rb', line 56

def revoked
  @revoked
end

#scopeObject (readonly)

scope of this request: array of names.



40
41
42
# File 'lib/rack/oauth2/models/auth_request.rb', line 40

def scope
  @scope
end

#stateObject (readonly)

Client requested we return state on redirect.



44
45
46
# File 'lib/rack/oauth2/models/auth_request.rb', line 44

def state
  @state
end

Class Method Details

.collectionObject



29
30
31
# File 'lib/rack/oauth2/models/auth_request.rb', line 29

def collection
  Server.database["oauth2.auth_requests"]
end

.create(client, scope, redirect_uri, response_type, state) ⇒ Object

Create a new authorization request. This holds state, so in addition to client ID and scope, we need to know the URL to redirect back to and any state value to pass back in that redirect.



19
20
21
22
23
24
25
26
27
# File 'lib/rack/oauth2/models/auth_request.rb', line 19

def create(client, scope, redirect_uri, response_type, state)
  scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope
  fields = { :client_id=>client.id, :scope=>scope, :redirect_uri=>client.redirect_uri || redirect_uri,
             :response_type=>response_type, :state=>state,
             :grant_code=>nil, :authorized_at=>nil,
             :created_at=>Time.now.to_i, :revoked=>nil }
  fields[:_id] = collection.insert(fields)
  Server.new_instance self, fields
end

.find(request_id) ⇒ Object

Find AuthRequest from identifier.



11
12
13
14
# File 'lib/rack/oauth2/models/auth_request.rb', line 11

def find(request_id)
  id = BSON::ObjectId(request_id.to_s)
  Server.new_instance self, collection.find_one(id)
end

Instance Method Details

#deny!Object

Deny access.



77
78
79
80
# File 'lib/rack/oauth2/models/auth_request.rb', line 77

def deny!
  self.authorized_at = Time.now.to_i
  self.class.collection.update({ :_id=>id }, { :$set=>{ :authorized_at=>authorized_at } })
end

#grant!(identity) ⇒ Object

Grant access to the specified identity.

Raises:

  • (ArgumentError)


59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'lib/rack/oauth2/models/auth_request.rb', line 59

def grant!(identity)
  raise ArgumentError, "Must supply a identity" unless identity
  return if revoked
  client = Client.find(client_id) or return
  self.authorized_at = Time.now.to_i
  if response_type == "code" # Requested authorization code
    access_grant = AccessGrant.create(identity, client, scope, redirect_uri)
    self.grant_code = access_grant.code
    self.class.collection.update({ :_id=>id, :revoked=>nil }, { :$set=>{ :grant_code=>access_grant.code, :authorized_at=>authorized_at } })
  else # Requested access token
    access_token = AccessToken.get_token_for(identity, client, scope)
    self.access_token = access_token.token
    self.class.collection.update({ :_id=>id, :revoked=>nil, :access_token=>nil }, { :$set=>{ :access_token=>access_token.token, :authorized_at=>authorized_at } })
  end
  true
end