devise_oauth2_providable 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- data/app/models/authorization_code.rb +3 -0
- data/lib/devise_oauth2_providable/version.rb +1 -1
- data/lib/token_endpoint.rb +37 -19
- metadata +4 -4
data/lib/token_endpoint.rb
CHANGED
@@ -10,28 +10,46 @@ class TokenEndpoint
|
|
10
10
|
Rack::OAuth2::Server::Token.new do |req, res|
|
11
11
|
client = Client.find_by_identifier(req.client_id) || req.invalid_client!
|
12
12
|
client.secret == req.client_secret || req.invalid_client!
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
res.access_token =
|
18
|
-
when :password
|
19
|
-
user = User.find_by_email(req.username) || req.invalid_grant!
|
20
|
-
req.invalid_grant! unless user.valid_password?(req.password)
|
21
|
-
res.access_token = user.access_tokens.create(:client => client).to_bearer_token(:with_refresh_token)
|
22
|
-
when :client_credentials
|
23
|
-
# NOTE: client is already authenticated here.
|
24
|
-
res.access_token = client.access_tokens.create.to_bearer_token
|
25
|
-
when :refresh_token
|
26
|
-
refresh_token = client.refresh_tokens.valid.find_by_token(req.refresh_token)
|
27
|
-
req.invalid_grant! unless refresh_token
|
28
|
-
res.access_token = refresh_token.access_tokens.create(:client => client, :user => refresh_token.user).to_bearer_token
|
13
|
+
|
14
|
+
token = access_token(req, client)
|
15
|
+
if token && token.save
|
16
|
+
include_bearer_token = [:authorization_code, :password].include?(req.grant_type) ? :with_refresh_token : false
|
17
|
+
res.access_token = token.to_bearer_token include_bearer_token
|
29
18
|
else
|
30
|
-
|
31
|
-
req.unsupported_grant_type!
|
19
|
+
req.invalid_grant!
|
32
20
|
end
|
33
21
|
end
|
34
22
|
end
|
35
23
|
|
24
|
+
# NOTE: extended assertion grant_types are not supported yet.
|
25
|
+
def access_token(req, client)
|
26
|
+
case req.grant_type
|
27
|
+
when :authorization_code
|
28
|
+
code = AuthorizationCode.valid.find_by_token(req.code)
|
29
|
+
return nil unless code.valid_request?(req)
|
30
|
+
code.access_token.build
|
31
|
+
when :password
|
32
|
+
resource = mapping.to.find_for_authentication(mapping.to.authentication_keys.first => req.username)
|
33
|
+
return nil unless resource
|
34
|
+
valid = resource.valid_for_authentication? { resource.valid_password?(req.password) }
|
35
|
+
return nil unless valid.is_a?(TrueClass)
|
36
|
+
resource.access_tokens.build(:client => client)
|
37
|
+
when :client_credentials
|
38
|
+
# NOTE: client is already authenticated here.
|
39
|
+
client.access_tokens.build
|
40
|
+
when :refresh_token
|
41
|
+
refresh_token = client.refresh_tokens.valid.find_by_token(req.refresh_token)
|
42
|
+
return nil unless refresh_token.present?
|
43
|
+
refresh_token.access_tokens.build(:client => client, :user => refresh_token.user)
|
44
|
+
else
|
45
|
+
nil
|
46
|
+
end
|
47
|
+
end
|
48
|
+
def mapping
|
49
|
+
Devise.mappings[scope]
|
50
|
+
end
|
51
|
+
#TODO: allow configurable mapping to other resources
|
52
|
+
def scope
|
53
|
+
:user
|
54
|
+
end
|
36
55
|
end
|
37
|
-
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_oauth2_providable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 19
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 1
|
9
|
-
-
|
10
|
-
version: 0.1.
|
9
|
+
- 4
|
10
|
+
version: 0.1.4
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Ryan Sonnek
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2011-
|
18
|
+
date: 2011-05-09 00:00:00 Z
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
21
21
|
name: rails
|