Class: SSO::Server::Doorkeeper::AccessTokenMarker

Inherits:

Object

• Object
• SSO::Server::Doorkeeper::AccessTokenMarker

Includes:

Logging

Defined in:

lib/sso/server/doorkeeper/access_token_marker.rb

Instance Attribute Summary

• #request ⇒ Object readonly

  Returns the value of attribute request.

• #response ⇒ Object readonly

  Returns the value of attribute response.

Instance Method Summary

• #applicable? ⇒ Boolean
• #authorization_grant_flow? ⇒ Boolean
• #call(env) ⇒ Object
• #grant_token ⇒ Object
• #grant_type ⇒ Object
• #handle_authorization_grant_flow ⇒ Object
• #handle_password_flow ⇒ Object
• #initialize(app) ⇒ AccessTokenMarker constructor

  A new instance of AccessTokenMarker.

• #outgoing_access_token ⇒ Object
• #parsed_response_body ⇒ Object
• #password_flow? ⇒ Boolean
• #response_body ⇒ Object
• #response_code ⇒ Object
• #session ⇒ Object
• #warden ⇒ Object

Methods included from Logging

#debug, #error, #fatal, #info, #logger, #progname, #warn

Constructor Details

#initialize(app) ⇒ AccessTokenMarker

Returns a new instance of AccessTokenMarker.

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 10

def initialize(app)
  @app = app
end

Instance Attribute Details

#request ⇒ Object (readonly)

Returns the value of attribute request.

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 7

def request
  @request
end

#response ⇒ Object (readonly)

Returns the value of attribute response.

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 7

def response
  @response
end

Instance Method Details

#applicable? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 32

def applicable?
  request.method == 'POST' &&
    (authorization_grant_flow? || password_flow?) &&
    response_code == 200 &&
    response_body &&
    outgoing_access_token
end

#authorization_grant_flow? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 88

def authorization_grant_flow?
  grant_token.present?
end

#call(env) ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 14

def call(env)
  @env = env
  @request = ::ActionDispatch::Request.new @env
  @response = @app.call @env

  return response unless applicable?

  if authorization_grant_flow?
    handle_authorization_grant_flow
  elsif password_flow?
    handle_password_flow
  else
    fail NotImplementedError
  end

  response
end

#grant_token ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 96

def grant_token
  params['code']
end

#grant_type ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 100

def grant_type
  params['grant_type']
end

#handle_authorization_grant_flow ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 40

def handle_authorization_grant_flow
  # We cannot rely on looking up session[:passport_id] here because the end-user might have cookies disabled.
  # The only thing we can really rely on to identify the Passport is the incoming grant token.
  debug { %(Detected outgoing "Access Token" #{outgoing_access_token.inspect} of the "Authorization Code Grant" flow) }
  debug { %(This Access Token belongs to "Authorization Grant Token" #{grant_token.inspect}. Augmenting related Passport with it...) }
  registration = ::SSO::Server::Passports.register_access_token_from_grant grant_token: grant_token, access_token: outgoing_access_token

  return if registration.success?
  warn { 'The passport could not be augmented via the authorizaton grant. Destroying warden session.' }
  warden.logout
end

#handle_password_flow ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 52

def handle_password_flow
  local_passport_id = session[:passport_id] # <- We know this always exists because it was set in this very response
  debug { %(Detected outgoing "Access Token" #{outgoing_access_token.inspect} of the "Resource Owner Password Credentials Grant" flow.) }
  debug { %(Augmenting local Passport #{local_passport_id.inspect} with this outgoing Access Token...) }
  registration = ::SSO::Server::Passports.register_access_token_from_id passport_id: local_passport_id, access_token: outgoing_access_token

  return if registration.success?
  warn { 'The passport could not be augmented via the access token. Destroying warden session.' }
  warden.logout
end

#outgoing_access_token ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 79

def outgoing_access_token
  return unless parsed_response_body
  parsed_response_body['access_token']
end

#parsed_response_body ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 71

def parsed_response_body
  return unless response_body
  ::JSON.parse response_body
rescue JSON::ParserError => exception
  Trouble.notify exception
  nil
end

#password_flow? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 92

def password_flow?
  grant_type == 'password'
end

#response_body ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 63

def response_body
  response.last.first.presence
end

#response_code ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 67

def response_code
  response.first
end

#session ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 104

def session
  @env['rack.session']
end

#warden ⇒ Object

# File 'lib/sso/server/doorkeeper/access_token_marker.rb', line 84

def warden
  request.env['warden']
end