devise_oauth2_providable 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
@@ -6,4 +6,7 @@ class AuthorizationCode < ActiveRecord::Base
6
6
  def access_token
7
7
  @access_token ||= expired! && user.access_tokens.create(:client => client)
8
8
  end
9
+ def valid_request?(req)
10
+ self.redirect_uri == req.redirect_uri
11
+ end
9
12
  end
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module Oauth2Providable
3
- VERSION = "0.1.3"
3
+ VERSION = "0.1.4"
4
4
  end
5
5
  end
@@ -10,28 +10,46 @@ class TokenEndpoint
10
10
  Rack::OAuth2::Server::Token.new do |req, res|
11
11
  client = Client.find_by_identifier(req.client_id) || req.invalid_client!
12
12
  client.secret == req.client_secret || req.invalid_client!
13
- case req.grant_type
14
- when :authorization_code
15
- code = AuthorizationCode.valid.find_by_token(req.code)
16
- req.invalid_grant! if code.blank? || code.redirect_uri != req.redirect_uri
17
- res.access_token = code.access_token.to_bearer_token(:with_refresh_token)
18
- when :password
19
- user = User.find_by_email(req.username) || req.invalid_grant!
20
- req.invalid_grant! unless user.valid_password?(req.password)
21
- res.access_token = user.access_tokens.create(:client => client).to_bearer_token(:with_refresh_token)
22
- when :client_credentials
23
- # NOTE: client is already authenticated here.
24
- res.access_token = client.access_tokens.create.to_bearer_token
25
- when :refresh_token
26
- refresh_token = client.refresh_tokens.valid.find_by_token(req.refresh_token)
27
- req.invalid_grant! unless refresh_token
28
- res.access_token = refresh_token.access_tokens.create(:client => client, :user => refresh_token.user).to_bearer_token
13
+
14
+ token = access_token(req, client)
15
+ if token && token.save
16
+ include_bearer_token = [:authorization_code, :password].include?(req.grant_type) ? :with_refresh_token : false
17
+ res.access_token = token.to_bearer_token include_bearer_token
29
18
  else
30
- # NOTE: extended assertion grant_types are not supported yet.
31
- req.unsupported_grant_type!
19
+ req.invalid_grant!
32
20
  end
33
21
  end
34
22
  end
35
23
 
24
+ # NOTE: extended assertion grant_types are not supported yet.
25
+ def access_token(req, client)
26
+ case req.grant_type
27
+ when :authorization_code
28
+ code = AuthorizationCode.valid.find_by_token(req.code)
29
+ return nil unless code.valid_request?(req)
30
+ code.access_token.build
31
+ when :password
32
+ resource = mapping.to.find_for_authentication(mapping.to.authentication_keys.first => req.username)
33
+ return nil unless resource
34
+ valid = resource.valid_for_authentication? { resource.valid_password?(req.password) }
35
+ return nil unless valid.is_a?(TrueClass)
36
+ resource.access_tokens.build(:client => client)
37
+ when :client_credentials
38
+ # NOTE: client is already authenticated here.
39
+ client.access_tokens.build
40
+ when :refresh_token
41
+ refresh_token = client.refresh_tokens.valid.find_by_token(req.refresh_token)
42
+ return nil unless refresh_token.present?
43
+ refresh_token.access_tokens.build(:client => client, :user => refresh_token.user)
44
+ else
45
+ nil
46
+ end
47
+ end
48
+ def mapping
49
+ Devise.mappings[scope]
50
+ end
51
+ #TODO: allow configurable mapping to other resources
52
+ def scope
53
+ :user
54
+ end
36
55
  end
37
-
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_oauth2_providable
3
3
  version: !ruby/object:Gem::Version
4
- hash: 29
4
+ hash: 19
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
8
  - 1
9
- - 3
10
- version: 0.1.3
9
+ - 4
10
+ version: 0.1.4
11
11
  platform: ruby
12
12
  authors:
13
13
  - Ryan Sonnek
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-04-29 00:00:00 Z
18
+ date: 2011-05-09 00:00:00 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  name: rails