Class: RockOAuth::Provider::Authorization

Inherits:

Object

• Object
• RockOAuth::Provider::Authorization

Defined in:

lib/rockoauth/provider/authorization.rb

Constant Summary

REQUIRED_PARAMS =

[RESPONSE_TYPE, CLIENT_ID, REDIRECT_URI]

VALID_PARAMS =

REQUIRED_PARAMS + [SCOPE, STATE]

VALID_RESPONSES =

[CODE, TOKEN, CODE_AND_TOKEN]

Instance Attribute Summary

• #access_token ⇒ Object readonly

  Returns the value of attribute access_token.

• #client ⇒ Object readonly

  Returns the value of attribute client.

• #code ⇒ Object readonly

  Returns the value of attribute code.

• #error ⇒ Object readonly

  Returns the value of attribute error.

• #error_description ⇒ Object readonly

  Returns the value of attribute error_description.

• #expires_in ⇒ Object readonly

  Returns the value of attribute expires_in.

• #owner ⇒ Object readonly

  Returns the value of attribute owner.

• #refresh_token ⇒ Object readonly

  Returns the value of attribute refresh_token.

Instance Method Summary

• #deny_access! ⇒ Object
• #grant_access!(options = {}) ⇒ Object
• #initialize(resource_owner, params, transport_error = nil) ⇒ Authorization constructor

  A new instance of Authorization.

• #params ⇒ Object
• #redirect? ⇒ Boolean
• #redirect_uri ⇒ Object
• #response_body ⇒ Object
• #response_headers ⇒ Object
• #response_status ⇒ Object
• #scopes ⇒ Object
• #unauthorized_scopes ⇒ Object
• #valid? ⇒ Boolean

Constructor Details

#initialize(resource_owner, params, transport_error = nil) ⇒ Authorization

Returns a new instance of Authorization.

# File 'lib/rockoauth/provider/authorization.rb', line 14

def initialize(resource_owner, params, transport_error = nil)
  @owner  = resource_owner
  @params = params
  @scope  = params[SCOPE]
  @state  = params[STATE]

  @transport_error = transport_error

  validate!

  return unless @owner and not @error

  @model = @owner.oauth2_authorization_for(@client)
  return unless @model and @model.in_scope?(scopes) and not @model.expired?

  @authorized = true

  if @params[RESPONSE_TYPE] =~ /code/
    @code = @model.generate_code
  end

  if @params[RESPONSE_TYPE] =~ /token/
    @access_token = @model.generate_access_token
  end
end

Instance Attribute Details

#access_token ⇒ Object (readonly)

Returns the value of attribute access_token.

# File 'lib/rockoauth/provider/authorization.rb', line 5

def access_token
  @access_token
end

#client ⇒ Object (readonly)

Returns the value of attribute client.

# File 'lib/rockoauth/provider/authorization.rb', line 5

def client
  @client
end

#code ⇒ Object (readonly)

Returns the value of attribute code.

# File 'lib/rockoauth/provider/authorization.rb', line 5

def code
  @code
end

#error ⇒ Object (readonly)

Returns the value of attribute error.

# File 'lib/rockoauth/provider/authorization.rb', line 5

def error
  @error
end

#error_description ⇒ Object (readonly)

Returns the value of attribute error_description.

# File 'lib/rockoauth/provider/authorization.rb', line 5

def error_description
  @error_description
end

#expires_in ⇒ Object (readonly)

Returns the value of attribute expires_in.

# File 'lib/rockoauth/provider/authorization.rb', line 5

def expires_in
  @expires_in
end

#owner ⇒ Object (readonly)

Returns the value of attribute owner.

# File 'lib/rockoauth/provider/authorization.rb', line 5

def owner
  @owner
end

#refresh_token ⇒ Object (readonly)

Returns the value of attribute refresh_token.

# File 'lib/rockoauth/provider/authorization.rb', line 5

def refresh_token
  @refresh_token
end

Instance Method Details

#deny_access! ⇒ Object

# File 'lib/rockoauth/provider/authorization.rb', line 67

def deny_access!
  @code = @access_token = @refresh_token = nil
  @error = ACCESS_DENIED
  @error_description = "The user denied you access"
end

#grant_access!(options = {}) ⇒ Object

# File 'lib/rockoauth/provider/authorization.rb', line 49

def grant_access!(options = {})
  @model = Model::Authorization.for(@owner, @client,
                                    :response_type => @params[RESPONSE_TYPE],
                                    :scope         => @scope,
                                    :duration      => options[:duration])

  @code          = @model.code
  @access_token  = @model.access_token
  @refresh_token = @model.refresh_token
  @expires_in    = @model.expires_in

  unless @params[RESPONSE_TYPE] == CODE
    @expires_in = @model.expires_in
  end

  @authorized = true
end

#params ⇒ Object

# File 'lib/rockoauth/provider/authorization.rb', line 73

def params
  params = {}
  VALID_PARAMS.each { |key| params[key] = @params[key] if @params.has_key?(key) }
  params
end

#redirect? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rockoauth/provider/authorization.rb', line 79

def redirect?
  @client and (@authorized or not valid?)
end

#redirect_uri ⇒ Object

# File 'lib/rockoauth/provider/authorization.rb', line 83

def redirect_uri
  return nil unless @client
  base_redirect_uri = @client.redirect_uri
  q = (base_redirect_uri =~ /\?/) ? '&' : '?'

  if not valid?
    query = to_query_string(ERROR, ERROR_DESCRIPTION, STATE)
    "#{ base_redirect_uri }#{ q }#{ query }"

  elsif @params[RESPONSE_TYPE] == CODE_AND_TOKEN
    query    = to_query_string(CODE, STATE)
    fragment = to_query_string(ACCESS_TOKEN, EXPIRES_IN, SCOPE)
    "#{ base_redirect_uri }#{ query.empty? ? '' : q + query }##{ fragment }"

  elsif @params[RESPONSE_TYPE] == TOKEN
    fragment = to_query_string(ACCESS_TOKEN, EXPIRES_IN, SCOPE, STATE)
    "#{ base_redirect_uri }##{ fragment }"

  else
    query = to_query_string(CODE, SCOPE, STATE)
    "#{ base_redirect_uri }#{ q }#{ query }"
  end
end

#response_body ⇒ Object

# File 'lib/rockoauth/provider/authorization.rb', line 107

def response_body
  warn "RockOAuth::Provider::Authorization no longer returns a response body "+
    "when the request is invalid. You should call valid? to determine "+
    "whether to render your login page or an error page."
  nil
end

#response_headers ⇒ Object

# File 'lib/rockoauth/provider/authorization.rb', line 114

def response_headers
  redirect? ? {} : {'Cache-Control' => 'no-store'}
end

#response_status ⇒ Object

# File 'lib/rockoauth/provider/authorization.rb', line 118

def response_status
  return 302 if redirect?
  return 200 if valid?
  @client ? 302 : 400
end

#scopes ⇒ Object

# File 'lib/rockoauth/provider/authorization.rb', line 40

def scopes
  scopes = @scope ? @scope.split(/\s+/).delete_if { |s| s.empty? } : []
  Set.new(scopes)
end

#unauthorized_scopes ⇒ Object

# File 'lib/rockoauth/provider/authorization.rb', line 45

def unauthorized_scopes
  @model ? scopes.select { |s| not @model.in_scope?(s) } : scopes
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/rockoauth/provider/authorization.rb', line 124

def valid?
  @error.nil?
end