Class: RockOAuth::Model::Authorization

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• RockOAuth::Model::Authorization

Extended by:

Hashing

Defined in:

lib/rockoauth/model/authorization.rb

Class Method Summary

• .create_access_token ⇒ Object
• .create_code(client) ⇒ Object
• .create_refresh_token(client) ⇒ Object
• .for(owner, client, attributes = {}) ⇒ Object

Instance Method Summary

• #exchange! ⇒ Object
• #expired? ⇒ Boolean
• #expires_in ⇒ Object
• #generate_access_token ⇒ Object
• #generate_code ⇒ Object
• #grants_access?(user, *scopes) ⇒ Boolean
• #in_scope?(request_scope) ⇒ Boolean
• #scopes ⇒ Object

Methods included from Hashing

hashes_attributes

Class Method Details

.create_access_token ⇒ Object

# File 'lib/rockoauth/model/authorization.rb', line 32

def self.create_access_token
  RockOAuth.generate_id do |token|
    hash = RockOAuth.hashify(token)
    Helpers.count(self, :access_token_hash => hash).zero?
  end
end

.create_code(client) ⇒ Object

# File 'lib/rockoauth/model/authorization.rb', line 26

def self.create_code(client)
  RockOAuth.generate_id do |code|
    Helpers.count(client.authorizations, :code => code).zero?
  end
end

.create_refresh_token(client) ⇒ Object

# File 'lib/rockoauth/model/authorization.rb', line 39

def self.create_refresh_token(client)
  RockOAuth.generate_id do |refresh_token|
    hash = RockOAuth.hashify(refresh_token)
    Helpers.count(client.authorizations, :refresh_token_hash => hash).zero?
  end
end

.for(owner, client, attributes = {}) ⇒ Object

# File 'lib/rockoauth/model/authorization.rb', line 46

def self.for(owner, client, attributes = {})
  return nil unless owner and client

  unless client.is_a?(Client)
    raise ArgumentError, "The argument should be a #{Client}, instead it was a #{client.class}"
  end

  instance = owner.oauth2_authorization_for(client) ||
    new do |authorization|
    authorization.owner  = owner
    authorization.client = client
  end

  case attributes[:response_type]
  when CODE
    instance.code ||= create_code(client)
  when TOKEN
    instance.access_token  ||= create_access_token
    instance.refresh_token ||= create_refresh_token(client)
  when CODE_AND_TOKEN
    instance.code = create_code(client)
    instance.access_token  ||= create_access_token
    instance.refresh_token ||= create_refresh_token(client)
  end

  if attributes[:duration]
    instance.expires_at = Time.now + attributes[:duration].to_i
  else
    instance.expires_at = nil
  end

  scopes = instance.scopes + (attributes[:scopes] || [])
  scopes += attributes[:scope].split(/\s+/) if attributes[:scope]
  instance.scope = scopes.empty? ? nil : scopes.entries.join(' ')

  instance.save && instance

rescue Object => error
  if Model.duplicate_record_error?(error)
    retry
  else
    raise error
  end
end

Instance Method Details

#exchange! ⇒ Object

# File 'lib/rockoauth/model/authorization.rb', line 91

def exchange!
  self.code          = nil
  self.access_token  = self.class.create_access_token
  self.refresh_token = nil
  save!
end

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rockoauth/model/authorization.rb', line 98

def expired?
  return false unless expires_at
  expires_at < Time.now
end

#expires_in ⇒ Object

# File 'lib/rockoauth/model/authorization.rb', line 103

def expires_in
  expires_at && (expires_at - Time.now).ceil
end

#generate_access_token ⇒ Object

# File 'lib/rockoauth/model/authorization.rb', line 112

def generate_access_token
  self.access_token ||= self.class.create_access_token
  save && access_token
end

#generate_code ⇒ Object

# File 'lib/rockoauth/model/authorization.rb', line 107

def generate_code
  self.code ||= self.class.create_code(client)
  save && code
end

#grants_access?(user, *scopes) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rockoauth/model/authorization.rb', line 117

def grants_access?(user, *scopes)
  not expired? and user == owner and in_scope?(scopes)
end

#in_scope?(request_scope) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rockoauth/model/authorization.rb', line 121

def in_scope?(request_scope)
  [*request_scope].all?(&scopes.method(:include?))
end

#scopes ⇒ Object

# File 'lib/rockoauth/model/authorization.rb', line 125

def scopes
  scopes = scope ? scope.split(/\s+/) : []
  Set.new(scopes)
end