Sha256: 770f0548c847730bd4ef3ea72c5058af89b2d93f432317b82e536d9fe81efbb3
Contents?: true
Size: 1.94 KB
Versions: 3
Compression:
Stored size: 1.94 KB
Contents
module Rack
module OAuth2
class Server
# The access grant is a nonce, new grant created each time we need it and
# good for redeeming one access token.
class AccessGrant < ActiveRecord::Base
belongs_to :client, :class_name => 'Rack::OAuth2::Server::Client'
# Find AccessGrant from authentication code.
def self.from_code(code)
first(:conditions => {:code => code, :revoked => nil})
end
# Create a new access grant.
def self.create(identity, client, scope, redirect_uri = nil, expires = nil)
raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
scope = Utils.normalize_scope(scope) & Utils.normalize_scope(client.scope) # Only allowed scope
expires_at = Time.now.to_i + (expires || 300)
attributes = {
:code => Server.secure_random,
:identity=>identity,
:scope=>scope,
:client_id=>client.id,
:redirect_uri=>client.redirect_uri || redirect_uri,
:created_at=>Time.now.to_i,
:expires_at=>expires_at
}
super(attributes)
end
# Authorize access and return new access token.
#
# Access grant can only be redeemed once, but client can make multiple
# requests to obtain it, so we need to make sure only first request is
# successful in returning access token, futher requests raise
# InvalidGrantError.
def authorize!
raise InvalidGrantError, "You can't use the same access grant twice" if self.access_token || self.revoked
access_token = AccessToken.get_token_for(identity, client, scope)
update_attributes(:access_token => access_token.token, :granted_at => Time.now)
access_token
end
def revoke!
update_attributes(:revoked => Time.now)
end
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems