class Oauth2Token include Mongoid::Document include Mongoid::Timestamps CODE_EXPIRY = 60 # Lifetime of token authorization code in seconds. TOKEN_EXPIRY = 0 # Lifetime of token in seconds. 0 will never expire token. field :client_id, :type => String field :user_id, :type => String field :redirect_url, :type => String field :token, :type => String field :secret, :type => String field :code, :type => String field :code_expires_at, :type => Time field :token_expires_at, :type => Time index :client_id index :token index :code validates :client_id, :redirect_url, :presence => true validates :token, :code, :uniqueness => {:allow_blank => true} before_create :generate_code # Returns a token by given parameters. # If +token+ is given a valid Oauth2Token will be returned. # If +client_id+ and +redirect_url+ is given the +code+ provided will be exchanged for a token. def self.find!(args = {}) if tok = args[:token] token = Oauth2Token.where(:token => tok).first raise Vidibus::Oauth2Server::InvalidTokenError unless token raise Vidibus::Oauth2Server::ExpiredTokenError if token.token_expires_at and token.token_expires_at < Time.now else client_id = args[:client_id] redirect_url = args[:redirect_url] code = args[:code] raise Vidibus::Oauth2Server::MissingClientIdError if client_id.blank? raise Vidibus::Oauth2Server::MissingRedirectUrlError if redirect_url.blank? raise Vidibus::Oauth2Server::MissingCodeError if code.blank? token = Oauth2Token.where(:client_id => client_id).and(:code => code).first raise Vidibus::Oauth2Server::InvalidCodeError unless token raise Vidibus::Oauth2Server::InvalidRedirectUrlError unless redirect_url == token.redirect_url token.exchange! end token end # Exchanges the code for a token if given code is valid and has not expired yet. def exchange! raise Vidibus::Oauth2Server::InvalidCodeError unless code raise Vidibus::Oauth2Server::ExpiredCodeError unless code_expires_at >= Time.now self.code = nil self.code_expires_at = nil self.token = SecureRandom.hex(60) self.token_expires_at = Time.now + TOKEN_EXPIRY if TOKEN_EXPIRY > 0 save! return code end protected # Generate a random code def generate_code self.code = SecureRandom.hex(60) self.code_expires_at = Time.now + CODE_EXPIRY end end