access_grant.rb in rack-oauth2-server-2.0.0.beta6

- old
+ new

@@ -11,13 +11,14 @@
             Server.new_instance self, collection.find_one({ :_id=>code, :revoked=>nil })
           end
 
           # Create a new access grant.
           def create(identity, client, scope, redirect_uri = nil, expires = nil)
+            raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
             scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope
             expires_at = Time.now.to_i + (expires || 300)
-            fields = { :_id=>Server.secure_random, :identity=>identity.to_s, :scope=>scope,
+            fields = { :_id=>Server.secure_random, :identity=>identity, :scope=>scope,
                        :client_id=>client.id, :redirect_uri=>client.redirect_uri || redirect_uri,
                        :created_at=>Time.now.to_i, :expires_at=>expires_at, :granted_at=>nil,
                        :access_token=>nil, :revoked=>nil }
             collection.insert fields
             Server.new_instance self, fields
@@ -55,10 +56,10 @@
         # Access grant can only be redeemed once, but client can make multiple
         # requests to obtain it, so we need to make sure only first request is
         # successful in returning access token, futher requests raise
         # InvalidGrantError.
         def authorize!
-          raise InvalidGrantError if self.access_token || self.revoked
+          raise InvalidGrantError, "You can't use the same access grant twice" if self.access_token || self.revoked
           client = Client.find(client_id) or raise InvalidGrantError
           access_token = AccessToken.get_token_for(identity, client, scope)
           self.access_token = access_token.token
           self.granted_at = Time.now.to_i
           self.class.collection.update({ :_id=>code, :access_token=>nil, :revoked=>nil }, { :$set=>{ :granted_at=>granted_at, :access_token=>access_token.token } }, :safe=>true)