devise_oauth2_providable 0.1.3 → 0.1.4

data/app/models/authorization_code.rb

@@ -6,4 +6,7 @@ class AuthorizationCode < ActiveRecord::Base
   def access_token
     @access_token ||= expired! && user.access_tokens.create(:client => client)
   end
+  def valid_request?(req)
+    self.redirect_uri == req.redirect_uri
+  end
 end

data/lib/devise_oauth2_providable/version.rb

@@ -1,5 +1,5 @@
 module Devise
   module Oauth2Providable
-    VERSION = "0.1.3"
+    VERSION = "0.1.4"
   end
 end

data/lib/token_endpoint.rb

@@ -10,28 +10,46 @@ class TokenEndpoint
     Rack::OAuth2::Server::Token.new do |req, res|
       client = Client.find_by_identifier(req.client_id) || req.invalid_client!
       client.secret == req.client_secret || req.invalid_client!
-      case req.grant_type
-      when :authorization_code
-        code = AuthorizationCode.valid.find_by_token(req.code)
-        req.invalid_grant! if code.blank? || code.redirect_uri != req.redirect_uri
-        res.access_token = code.access_token.to_bearer_token(:with_refresh_token)
-      when :password
-        user = User.find_by_email(req.username) || req.invalid_grant!
-        req.invalid_grant! unless user.valid_password?(req.password)
-        res.access_token = user.access_tokens.create(:client => client).to_bearer_token(:with_refresh_token)
-      when :client_credentials
-        # NOTE: client is already authenticated here.
-        res.access_token = client.access_tokens.create.to_bearer_token
-      when :refresh_token
-        refresh_token = client.refresh_tokens.valid.find_by_token(req.refresh_token)
-        req.invalid_grant! unless refresh_token
-        res.access_token = refresh_token.access_tokens.create(:client => client, :user => refresh_token.user).to_bearer_token
+
+      token = access_token(req, client)
+      if token && token.save
+        include_bearer_token = [:authorization_code, :password].include?(req.grant_type) ? :with_refresh_token : false
+        res.access_token = token.to_bearer_token include_bearer_token
       else
-        # NOTE: extended assertion grant_types are not supported yet.
-        req.unsupported_grant_type!
+        req.invalid_grant!
       end
     end
   end
 
+  # NOTE: extended assertion grant_types are not supported yet.
+  def access_token(req, client)
+    case req.grant_type
+    when :authorization_code
+      code = AuthorizationCode.valid.find_by_token(req.code)
+      return nil unless code.valid_request?(req)
+      code.access_token.build
+    when :password
+      resource = mapping.to.find_for_authentication(mapping.to.authentication_keys.first => req.username)
+      return nil unless resource
+      valid = resource.valid_for_authentication? { resource.valid_password?(req.password) }
+      return nil unless valid.is_a?(TrueClass)
+      resource.access_tokens.build(:client => client)
+    when :client_credentials
+      # NOTE: client is already authenticated here.
+      client.access_tokens.build
+    when :refresh_token
+      refresh_token = client.refresh_tokens.valid.find_by_token(req.refresh_token)
+      return nil unless refresh_token.present?
+      refresh_token.access_tokens.build(:client => client, :user => refresh_token.user)
+    else
+      nil
+    end
+  end
+  def mapping
+    Devise.mappings[scope]
+  end
+  #TODO: allow configurable mapping to other resources
+  def scope
+    :user
+  end
 end
-

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: devise_oauth2_providable
 version: !ruby/object:Gem::Version 
-  hash: 29
+  hash: 19
   prerelease: 
   segments: 
   - 0
   - 1
-  - 3
-  version: 0.1.3
+  - 4
+  version: 0.1.4
 platform: ruby
 authors: 
 - Ryan Sonnek
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-04-29 00:00:00 Z
+date: 2011-05-09 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rails