Class: Rack::OAuth2::Server::AccessToken
- Inherits:
-
Object
- Object
- Rack::OAuth2::Server::AccessToken
- Defined in:
- lib/rack/oauth2/models/access_token.rb
Overview
Access token. This is what clients use to access resources.
An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.
Instance Attribute Summary collapse
-
#_id ⇒ Object
(also: #token)
readonly
Access token.
-
#client_id ⇒ Object
readonly
Client that was granted this access token.
-
#created_at ⇒ Object
readonly
When token was granted.
-
#expires_at ⇒ Object
readonly
When token expires for good.
-
#identity ⇒ Object
readonly
The identity we authorized access to.
-
#last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
-
#prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
-
#revoked ⇒ Object
Timestamp if revoked.
-
#scope ⇒ Object
readonly
The scope granted to this token.
Class Method Summary collapse
- .collection ⇒ Object
-
.count(filter = {}) ⇒ Object
Returns count of access tokens.
-
.for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
-
.from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
-
.from_token(token) ⇒ Object
Find AccessToken from token.
-
.get_token_for(identity, client, scope, expires = nil) ⇒ Object
Get an access token (create new one if necessary).
- .historical(filter = {}) ⇒ Object
Instance Method Summary collapse
-
#access! ⇒ Object
Updates the last access timestamp.
-
#revoke! ⇒ Object
Revokes this access token.
Instance Attribute Details
#_id ⇒ Object (readonly) Also known as: token
Access token. As unique as they come.
86 87 88 |
# File 'lib/rack/oauth2/models/access_token.rb', line 86 def _id @_id end |
#client_id ⇒ Object (readonly)
Client that was granted this access token.
91 92 93 |
# File 'lib/rack/oauth2/models/access_token.rb', line 91 def client_id @client_id end |
#created_at ⇒ Object (readonly)
When token was granted.
95 96 97 |
# File 'lib/rack/oauth2/models/access_token.rb', line 95 def created_at @created_at end |
#expires_at ⇒ Object (readonly)
When token expires for good.
97 98 99 |
# File 'lib/rack/oauth2/models/access_token.rb', line 97 def expires_at @expires_at end |
#identity ⇒ Object (readonly)
The identity we authorized access to.
89 90 91 |
# File 'lib/rack/oauth2/models/access_token.rb', line 89 def identity @identity end |
#last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
101 102 103 |
# File 'lib/rack/oauth2/models/access_token.rb', line 101 def last_access @last_access end |
#prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
103 104 105 |
# File 'lib/rack/oauth2/models/access_token.rb', line 103 def prev_access @prev_access end |
#revoked ⇒ Object
Timestamp if revoked.
99 100 101 |
# File 'lib/rack/oauth2/models/access_token.rb', line 99 def revoked @revoked end |
#scope ⇒ Object (readonly)
The scope granted to this token.
93 94 95 |
# File 'lib/rack/oauth2/models/access_token.rb', line 93 def scope @scope end |
Class Method Details
.collection ⇒ Object
79 80 81 82 |
# File 'lib/rack/oauth2/models/access_token.rb', line 79 def collection prefix = Server.[:collection_prefix] Server.database["#{prefix}.access_tokens"] end |
.count(filter = {}) ⇒ Object
Returns count of access tokens.
54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/rack/oauth2/models/access_token.rb', line 54 def count(filter = {}) select = {} if filter[:days] now = Time.now.to_i range = { :$gt=>now - filter[:days] * 86400, :$lte=>now } select[ filter[:revoked] ? :revoked : :created_at ] = range elsif filter.has_key?(:revoked) select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil } end select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id] collection.find(select).count end |
.for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
42 43 44 45 46 |
# File 'lib/rack/oauth2/models/access_token.rb', line 42 def for_client(client_id, offset = 0, limit = 100) client_id = BSON::ObjectId(client_id.to_s) collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }). map { |token| Server.new_instance self, token } end |
.from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
36 37 38 |
# File 'lib/rack/oauth2/models/access_token.rb', line 36 def from_identity(identity) collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields } end |
.from_token(token) ⇒ Object
Find AccessToken from token. Does not return revoked tokens.
13 14 15 |
# File 'lib/rack/oauth2/models/access_token.rb', line 13 def from_token(token) Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil }) end |
.get_token_for(identity, client, scope, expires = nil) ⇒ Object
Get an access token (create new one if necessary).
You can set optional expiration in seconds. If zero or nil, token never expires.
21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/rack/oauth2/models/access_token.rb', line 21 def get_token_for(identity, client, scope, expires = nil) raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope unless token = collection.find_one({ :identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil }) expires_at = Time.now.to_i + expires if expires && expires != 0 token = { :_id=>Server.secure_random, :identity=>identity, :scope=>scope, :client_id=>client.id, :created_at=>Time.now.to_i, :expires_at=>expires_at, :revoked=>nil } collection.insert token Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } }) end Server.new_instance self, token end |
.historical(filter = {}) ⇒ Object
67 68 69 70 71 72 73 74 75 76 77 |
# File 'lib/rack/oauth2/models/access_token.rb', line 67 def historical(filter = {}) days = filter[:days] || 60 select = { :$gt=> { :created_at=>Time.now - 86400 * days } } select = {} if filter[:client_id] select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) end raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }", select, { :granted=>0 }, "function (token, state) { state.granted++ }") raw.sort { |a, b| a["ts"] - b["ts"] } end |
Instance Method Details
#access! ⇒ Object
Updates the last access timestamp.
106 107 108 109 110 111 112 |
# File 'lib/rack/oauth2/models/access_token.rb', line 106 def access! today = (Time.now.to_i / 3600) * 3600 if last_access.nil? || last_access < today AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } }) self.last_access = today end end |
#revoke! ⇒ Object
Revokes this access token.
115 116 117 118 119 |
# File 'lib/rack/oauth2/models/access_token.rb', line 115 def revoke! self.revoked = Time.now.to_i AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } }) Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } }) end |