Class: Songkick::OAuth2::Provider::Authorization

Inherits:
Object
  • Object
show all
Defined in:
lib/songkick/oauth2/provider/authorization.rb

Constant Summary collapse

REQUIRED_PARAMS =
[RESPONSE_TYPE, CLIENT_ID, REDIRECT_URI]
VALID_PARAMS =
REQUIRED_PARAMS + [SCOPE, STATE]
VALID_RESPONSES =
[CODE, TOKEN, CODE_AND_TOKEN]

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resource_owner, params, transport_error = nil) ⇒ Authorization

Returns a new instance of Authorization



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/songkick/oauth2/provider/authorization.rb', line 15

def initialize(resource_owner, params, transport_error = nil)
  @owner  = resource_owner
  @params = params
  @scope  = params[SCOPE]
  @state  = params[STATE]

  @transport_error = transport_error

  validate!

  return unless @owner and not @error

  @model = @owner.oauth2_authorization_for(@client)
  return unless @model and @model.in_scope?(scopes) and not @model.expired?

  @authorized = true

  if @params[RESPONSE_TYPE] =~ /code/
    @code = @model.generate_code
  end

  if @params[RESPONSE_TYPE] =~ /token/
    @access_token = @model.generate_access_token
  end
end

Instance Attribute Details

#access_tokenObject (readonly)

Returns the value of attribute access_token



6
7
8
# File 'lib/songkick/oauth2/provider/authorization.rb', line 6

def access_token
  @access_token
end

#clientObject (readonly)

Returns the value of attribute client



6
7
8
# File 'lib/songkick/oauth2/provider/authorization.rb', line 6

def client
  @client
end

#codeObject (readonly)

Returns the value of attribute code



6
7
8
# File 'lib/songkick/oauth2/provider/authorization.rb', line 6

def code
  @code
end

#errorObject (readonly)

Returns the value of attribute error



6
7
8
# File 'lib/songkick/oauth2/provider/authorization.rb', line 6

def error
  @error
end

#error_descriptionObject (readonly)

Returns the value of attribute error_description



6
7
8
# File 'lib/songkick/oauth2/provider/authorization.rb', line 6

def error_description
  @error_description
end

#expires_inObject (readonly)

Returns the value of attribute expires_in



6
7
8
# File 'lib/songkick/oauth2/provider/authorization.rb', line 6

def expires_in
  @expires_in
end

#ownerObject (readonly)

Returns the value of attribute owner



6
7
8
# File 'lib/songkick/oauth2/provider/authorization.rb', line 6

def owner
  @owner
end

#refresh_tokenObject (readonly)

Returns the value of attribute refresh_token



6
7
8
# File 'lib/songkick/oauth2/provider/authorization.rb', line 6

def refresh_token
  @refresh_token
end

Instance Method Details

#deny_access!Object



68
69
70
71
72
# File 'lib/songkick/oauth2/provider/authorization.rb', line 68

def deny_access!
  @code = @access_token = @refresh_token = nil
  @error = ACCESS_DENIED
  @error_description = "The user denied you access"
end

#grant_access!(options = {}) ⇒ Object



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# File 'lib/songkick/oauth2/provider/authorization.rb', line 50

def grant_access!(options = {})
  @model = Model::Authorization.for(@owner, @client,
    :response_type => @params[RESPONSE_TYPE],
    :scope         => @scope,
    :duration      => options[:duration])

  @code          = @model.code
  @access_token  = @model.access_token
  @refresh_token = @model.refresh_token
  @expires_in    = @model.expires_in

  unless @params[RESPONSE_TYPE] == CODE
    @expires_in = @model.expires_in
  end

  @authorized = true
end

#paramsObject



74
75
76
77
78
# File 'lib/songkick/oauth2/provider/authorization.rb', line 74

def params
  params = {}
  VALID_PARAMS.each { |key| params[key] = @params[key] if @params.has_key?(key) }
  params
end

#redirect?Boolean

Returns:

  • (Boolean)


80
81
82
# File 'lib/songkick/oauth2/provider/authorization.rb', line 80

def redirect?
  @client and (@authorized or not valid?)
end

#redirect_uriObject



84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# File 'lib/songkick/oauth2/provider/authorization.rb', line 84

def redirect_uri
  return nil unless @client
  base_redirect_uri = @client.redirect_uri
  q = (base_redirect_uri =~ /\?/) ? '&' : '?'

  if not valid?
    query = to_query_string(ERROR, ERROR_DESCRIPTION, STATE)
    "#{ base_redirect_uri }#{ q }#{ query }"

  elsif @params[RESPONSE_TYPE] == CODE_AND_TOKEN
    query    = to_query_string(CODE, STATE)
    fragment = to_query_string(ACCESS_TOKEN, EXPIRES_IN, SCOPE)
    "#{ base_redirect_uri }#{ query.empty? ? '' : q + query }##{ fragment }"

  elsif @params[RESPONSE_TYPE] == TOKEN
    fragment = to_query_string(ACCESS_TOKEN, EXPIRES_IN, SCOPE, STATE)
    "#{ base_redirect_uri }##{ fragment }"

  else
    query = to_query_string(CODE, SCOPE, STATE)
    "#{ base_redirect_uri }#{ q }#{ query }"
  end
end

#response_bodyObject



108
109
110
111
112
113
# File 'lib/songkick/oauth2/provider/authorization.rb', line 108

def response_body
  warn "Songkick::OAuth2::Provider::Authorization no longer returns a response body "+
       "when the request is invalid. You should call valid? to determine "+
       "whether to render your login page or an error page."
  nil
end

#response_headersObject



115
116
117
# File 'lib/songkick/oauth2/provider/authorization.rb', line 115

def response_headers
  redirect? ? {} : {'Cache-Control' => 'no-store'}
end

#response_statusObject



119
120
121
122
123
# File 'lib/songkick/oauth2/provider/authorization.rb', line 119

def response_status
  return 302 if redirect?
  return 200 if valid?
  @client ? 302 : 400
end

#scopesObject



41
42
43
44
# File 'lib/songkick/oauth2/provider/authorization.rb', line 41

def scopes
  scopes = @scope ? @scope.split(/\s+/).delete_if { |s| s.empty? } : []
  Set.new(scopes)
end

#unauthorized_scopesObject



46
47
48
# File 'lib/songkick/oauth2/provider/authorization.rb', line 46

def unauthorized_scopes
  @model ? scopes.select { |s| not @model.in_scope?(s) } : scopes
end

#valid?Boolean

Returns:

  • (Boolean)


125
126
127
# File 'lib/songkick/oauth2/provider/authorization.rb', line 125

def valid?
  @error.nil?
end