Sha256: 770f0548c847730bd4ef3ea72c5058af89b2d93f432317b82e536d9fe81efbb3

Contents?: true

Size: 1.94 KB

Versions: 3

Compression:

Stored size: 1.94 KB

Contents

module Rack
  module OAuth2
    class Server

      # The access grant is a nonce, new grant created each time we need it and
      # good for redeeming one access token.
      class AccessGrant < ActiveRecord::Base
        belongs_to :client, :class_name => 'Rack::OAuth2::Server::Client'

        # Find AccessGrant from authentication code.
        def self.from_code(code)
          first(:conditions => {:code => code, :revoked => nil})
        end

        # Create a new access grant.
        def self.create(identity, client, scope, redirect_uri = nil, expires = nil)
          raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
          scope = Utils.normalize_scope(scope) & Utils.normalize_scope(client.scope) # Only allowed scope
          expires_at = Time.now.to_i + (expires || 300)

          attributes = {
            :code => Server.secure_random,
            :identity=>identity,
            :scope=>scope,
            :client_id=>client.id,
            :redirect_uri=>client.redirect_uri || redirect_uri,
            :created_at=>Time.now.to_i,
            :expires_at=>expires_at
          }

          super(attributes)
        end

        # Authorize access and return new access token.
        #
        # Access grant can only be redeemed once, but client can make multiple
        # requests to obtain it, so we need to make sure only first request is
        # successful in returning access token, futher requests raise
        # InvalidGrantError.
        def authorize!
          raise InvalidGrantError, "You can't use the same access grant twice" if self.access_token || self.revoked
          access_token = AccessToken.get_token_for(identity, client, scope)
          update_attributes(:access_token => access_token.token, :granted_at => Time.now)
          access_token
        end

        def revoke!
          update_attributes(:revoked => Time.now)
        end
      end

    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
tpitale-rack-oauth2-server-2.2.1.2 lib/rack/oauth2/models/access_grant.rb
tpitale-rack-oauth2-server-2.2.1.1 lib/rack/oauth2/models/access_grant.rb
tpitale-rack-oauth2-server-2.2.1 lib/rack/oauth2/models/access_grant.rb