grape_oauth2 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +11 -11
- data/Gemfile +23 -23
- data/Rakefile +11 -11
- data/grape_oauth2.gemspec +26 -27
- data/lib/grape_oauth2.rb +129 -129
- data/lib/grape_oauth2/configuration.rb +143 -143
- data/lib/grape_oauth2/configuration/class_accessors.rb +36 -36
- data/lib/grape_oauth2/configuration/validation.rb +71 -71
- data/lib/grape_oauth2/endpoints/authorize.rb +34 -34
- data/lib/grape_oauth2/endpoints/token.rb +72 -72
- data/lib/grape_oauth2/gem_version.rb +24 -24
- data/lib/grape_oauth2/generators/authorization.rb +44 -44
- data/lib/grape_oauth2/generators/base.rb +26 -26
- data/lib/grape_oauth2/generators/token.rb +62 -62
- data/lib/grape_oauth2/helpers/access_token_helpers.rb +52 -54
- data/lib/grape_oauth2/helpers/oauth_params.rb +41 -41
- data/lib/grape_oauth2/mixins/active_record/access_grant.rb +47 -47
- data/lib/grape_oauth2/mixins/active_record/access_token.rb +75 -75
- data/lib/grape_oauth2/mixins/active_record/client.rb +36 -35
- data/lib/grape_oauth2/mixins/mongoid/access_grant.rb +58 -58
- data/lib/grape_oauth2/mixins/mongoid/access_token.rb +88 -88
- data/lib/grape_oauth2/mixins/mongoid/client.rb +44 -41
- data/lib/grape_oauth2/mixins/sequel/access_grant.rb +68 -68
- data/lib/grape_oauth2/mixins/sequel/access_token.rb +86 -86
- data/lib/grape_oauth2/mixins/sequel/client.rb +54 -46
- data/lib/grape_oauth2/responses/authorization.rb +11 -10
- data/lib/grape_oauth2/responses/base.rb +56 -56
- data/lib/grape_oauth2/responses/token.rb +10 -10
- data/lib/grape_oauth2/scopes.rb +74 -74
- data/lib/grape_oauth2/strategies/authorization_code.rb +38 -38
- data/lib/grape_oauth2/strategies/base.rb +47 -47
- data/lib/grape_oauth2/strategies/client_credentials.rb +20 -20
- data/lib/grape_oauth2/strategies/password.rb +22 -22
- data/lib/grape_oauth2/strategies/refresh_token.rb +47 -47
- data/lib/grape_oauth2/unique_token.rb +20 -20
- data/lib/grape_oauth2/version.rb +14 -14
- data/spec/configuration/config_spec.rb +231 -231
- data/spec/configuration/version_spec.rb +12 -12
- data/spec/dummy/endpoints/custom_authorization.rb +25 -25
- data/spec/dummy/endpoints/custom_token.rb +35 -35
- data/spec/dummy/endpoints/status.rb +25 -25
- data/spec/dummy/grape_oauth2_config.rb +11 -11
- data/spec/dummy/orm/active_record/app/config/db.rb +7 -7
- data/spec/dummy/orm/active_record/app/models/access_code.rb +3 -3
- data/spec/dummy/orm/active_record/app/models/access_token.rb +3 -3
- data/spec/dummy/orm/active_record/app/models/application.rb +3 -3
- data/spec/dummy/orm/active_record/app/models/application_record.rb +3 -3
- data/spec/dummy/orm/active_record/app/models/user.rb +10 -10
- data/spec/dummy/orm/active_record/app/twitter.rb +36 -36
- data/spec/dummy/orm/active_record/config.ru +7 -7
- data/spec/dummy/orm/active_record/db/schema.rb +53 -53
- data/spec/dummy/orm/mongoid/app/config/db.rb +6 -6
- data/spec/dummy/orm/mongoid/app/config/mongoid.yml +21 -21
- data/spec/dummy/orm/mongoid/app/models/access_code.rb +3 -3
- data/spec/dummy/orm/mongoid/app/models/access_token.rb +3 -3
- data/spec/dummy/orm/mongoid/app/models/application.rb +3 -3
- data/spec/dummy/orm/mongoid/app/models/user.rb +11 -11
- data/spec/dummy/orm/mongoid/app/twitter.rb +34 -34
- data/spec/dummy/orm/mongoid/config.ru +5 -5
- data/spec/dummy/orm/sequel/app/config/db.rb +1 -1
- data/spec/dummy/orm/sequel/app/models/access_code.rb +4 -4
- data/spec/dummy/orm/sequel/app/models/access_token.rb +4 -4
- data/spec/dummy/orm/sequel/app/models/application.rb +4 -4
- data/spec/dummy/orm/sequel/app/models/application_record.rb +2 -2
- data/spec/dummy/orm/sequel/app/models/user.rb +11 -11
- data/spec/dummy/orm/sequel/app/twitter.rb +47 -47
- data/spec/dummy/orm/sequel/config.ru +5 -5
- data/spec/dummy/orm/sequel/db/schema.rb +50 -50
- data/spec/lib/scopes_spec.rb +50 -50
- data/spec/mixins/active_record/access_token_spec.rb +185 -185
- data/spec/mixins/active_record/client_spec.rb +104 -95
- data/spec/mixins/mongoid/access_token_spec.rb +185 -185
- data/spec/mixins/mongoid/client_spec.rb +104 -95
- data/spec/mixins/sequel/access_token_spec.rb +185 -185
- data/spec/mixins/sequel/client_spec.rb +105 -96
- data/spec/requests/flows/authorization_code_spec.rb +67 -67
- data/spec/requests/flows/client_credentials_spec.rb +101 -101
- data/spec/requests/flows/password_spec.rb +210 -210
- data/spec/requests/flows/refresh_token_spec.rb +222 -222
- data/spec/requests/flows/revoke_token_spec.rb +103 -103
- data/spec/requests/protected_resources_spec.rb +64 -64
- data/spec/spec_helper.rb +60 -60
- data/spec/support/api_helper.rb +11 -11
- metadata +50 -52
- data/.rspec +0 -2
- data/.rubocop.yml +0 -18
- data/.travis.yml +0 -42
- data/README.md +0 -820
- data/gemfiles/active_record.rb +0 -25
- data/gemfiles/mongoid.rb +0 -14
- data/gemfiles/sequel.rb +0 -24
- data/grape_oauth2.png +0 -0
@@ -1,47 +1,47 @@
|
|
1
|
-
module Grape
|
2
|
-
module OAuth2
|
3
|
-
module ActiveRecord
|
4
|
-
# Grape::OAuth2 Authorization Grant role mixin for ActiveRecord.
|
5
|
-
# Includes all the required API, associations, validations and callbacks.
|
6
|
-
module AccessGrant
|
7
|
-
extend ActiveSupport::Concern
|
8
|
-
|
9
|
-
included do
|
10
|
-
belongs_to :client, class_name: Grape::OAuth2.config.client_class_name,
|
11
|
-
foreign_key: :client_id
|
12
|
-
|
13
|
-
belongs_to :resource_owner, class_name: Grape::OAuth2.config.resource_owner_class_name,
|
14
|
-
foreign_key: :resource_owner_id
|
15
|
-
|
16
|
-
# resource_owner_id - required!
|
17
|
-
validates :client_id, :redirect_uri, presence: true
|
18
|
-
validates :token, presence: true, uniqueness: true
|
19
|
-
|
20
|
-
before_validation :generate_token, on: :create
|
21
|
-
before_validation :setup_expiration, on: :create
|
22
|
-
|
23
|
-
class << self
|
24
|
-
def create_for(client, resource_owner, redirect_uri, scopes = nil)
|
25
|
-
create(
|
26
|
-
client_id: client.id,
|
27
|
-
resource_owner_id: resource_owner && resource_owner.id,
|
28
|
-
redirect_uri: redirect_uri,
|
29
|
-
scopes: scopes.to_s
|
30
|
-
)
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
protected
|
35
|
-
|
36
|
-
def generate_token
|
37
|
-
self.token = Grape::OAuth2.config.token_generator.generate(attributes)
|
38
|
-
end
|
39
|
-
|
40
|
-
def setup_expiration
|
41
|
-
self.expires_at = Time.now.utc + Grape::OAuth2.config.authorization_code_lifetime if expires_at.nil?
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end
|
47
|
-
end
|
1
|
+
module Grape
|
2
|
+
module OAuth2
|
3
|
+
module ActiveRecord
|
4
|
+
# Grape::OAuth2 Authorization Grant role mixin for ActiveRecord.
|
5
|
+
# Includes all the required API, associations, validations and callbacks.
|
6
|
+
module AccessGrant
|
7
|
+
extend ActiveSupport::Concern
|
8
|
+
|
9
|
+
included do
|
10
|
+
belongs_to :client, class_name: Grape::OAuth2.config.client_class_name,
|
11
|
+
foreign_key: :client_id
|
12
|
+
|
13
|
+
belongs_to :resource_owner, class_name: Grape::OAuth2.config.resource_owner_class_name,
|
14
|
+
foreign_key: :resource_owner_id
|
15
|
+
|
16
|
+
# resource_owner_id - required!
|
17
|
+
validates :client_id, :redirect_uri, presence: true
|
18
|
+
validates :token, presence: true, uniqueness: true
|
19
|
+
|
20
|
+
before_validation :generate_token, on: :create
|
21
|
+
before_validation :setup_expiration, on: :create
|
22
|
+
|
23
|
+
class << self
|
24
|
+
def create_for(client, resource_owner, redirect_uri, scopes = nil)
|
25
|
+
create(
|
26
|
+
client_id: client.id,
|
27
|
+
resource_owner_id: resource_owner && resource_owner.id,
|
28
|
+
redirect_uri: redirect_uri,
|
29
|
+
scopes: scopes.to_s
|
30
|
+
)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
protected
|
35
|
+
|
36
|
+
def generate_token
|
37
|
+
self.token = Grape::OAuth2.config.token_generator.generate(attributes)
|
38
|
+
end
|
39
|
+
|
40
|
+
def setup_expiration
|
41
|
+
self.expires_at = Time.now.utc + Grape::OAuth2.config.authorization_code_lifetime if expires_at.nil?
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -1,75 +1,75 @@
|
|
1
|
-
module Grape
|
2
|
-
module OAuth2
|
3
|
-
module ActiveRecord
|
4
|
-
# Grape::OAuth2 Access Token role mixin for ActiveRecord.
|
5
|
-
# Includes all the required API, associations, validations and callbacks.
|
6
|
-
module AccessToken
|
7
|
-
extend ActiveSupport::Concern
|
8
|
-
|
9
|
-
included do
|
10
|
-
belongs_to :client, class_name: Grape::OAuth2.config.client_class_name,
|
11
|
-
foreign_key: :client_id
|
12
|
-
|
13
|
-
belongs_to :resource_owner, class_name: Grape::OAuth2.config.resource_owner_class_name,
|
14
|
-
foreign_key: :resource_owner_id
|
15
|
-
|
16
|
-
validates :token, presence: true, uniqueness: true
|
17
|
-
|
18
|
-
before_validation :setup_expiration, on: :create
|
19
|
-
before_validation :generate_tokens, on: :create
|
20
|
-
|
21
|
-
class << self
|
22
|
-
def create_for(client, resource_owner, scopes = nil)
|
23
|
-
create(
|
24
|
-
client: client,
|
25
|
-
resource_owner: resource_owner,
|
26
|
-
scopes: scopes.to_s
|
27
|
-
)
|
28
|
-
end
|
29
|
-
|
30
|
-
def authenticate(token, type: :access_token)
|
31
|
-
if type && type.to_sym == :refresh_token
|
32
|
-
find_by(refresh_token: token.to_s)
|
33
|
-
else
|
34
|
-
find_by(token: token.to_s)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
def expired?
|
40
|
-
!expires_at.nil? && Time.now.utc > expires_at
|
41
|
-
end
|
42
|
-
|
43
|
-
def revoked?
|
44
|
-
!revoked_at.nil? && revoked_at <= Time.now.utc
|
45
|
-
end
|
46
|
-
|
47
|
-
def revoke!(revoked_at = Time.now)
|
48
|
-
update_column :revoked_at, revoked_at.utc
|
49
|
-
end
|
50
|
-
|
51
|
-
def to_bearer_token
|
52
|
-
{
|
53
|
-
access_token: token,
|
54
|
-
expires_in: expires_at && Grape::OAuth2.config.access_token_lifetime.to_i,
|
55
|
-
refresh_token: refresh_token,
|
56
|
-
scope: scopes
|
57
|
-
}
|
58
|
-
end
|
59
|
-
|
60
|
-
protected
|
61
|
-
|
62
|
-
def generate_tokens
|
63
|
-
self.token = Grape::OAuth2.config.token_generator.generate(attributes) if token.blank?
|
64
|
-
self.refresh_token = Grape::OAuth2::UniqueToken.generate if Grape::OAuth2.config.issue_refresh_token
|
65
|
-
end
|
66
|
-
|
67
|
-
def setup_expiration
|
68
|
-
expires_in = Grape::OAuth2.config.access_token_lifetime
|
69
|
-
self.expires_at = Time.now + expires_in if expires_at.nil? && !expires_in.nil?
|
70
|
-
end
|
71
|
-
end
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
1
|
+
module Grape
|
2
|
+
module OAuth2
|
3
|
+
module ActiveRecord
|
4
|
+
# Grape::OAuth2 Access Token role mixin for ActiveRecord.
|
5
|
+
# Includes all the required API, associations, validations and callbacks.
|
6
|
+
module AccessToken
|
7
|
+
extend ActiveSupport::Concern
|
8
|
+
|
9
|
+
included do
|
10
|
+
belongs_to :client, class_name: Grape::OAuth2.config.client_class_name,
|
11
|
+
foreign_key: :client_id
|
12
|
+
|
13
|
+
belongs_to :resource_owner, class_name: Grape::OAuth2.config.resource_owner_class_name,
|
14
|
+
foreign_key: :resource_owner_id
|
15
|
+
|
16
|
+
validates :token, presence: true, uniqueness: true
|
17
|
+
|
18
|
+
before_validation :setup_expiration, on: :create
|
19
|
+
before_validation :generate_tokens, on: :create
|
20
|
+
|
21
|
+
class << self
|
22
|
+
def create_for(client, resource_owner, scopes = nil)
|
23
|
+
create(
|
24
|
+
client: client,
|
25
|
+
resource_owner: resource_owner,
|
26
|
+
scopes: scopes.to_s
|
27
|
+
)
|
28
|
+
end
|
29
|
+
|
30
|
+
def authenticate(token, type: :access_token)
|
31
|
+
if type && type.to_sym == :refresh_token
|
32
|
+
find_by(refresh_token: token.to_s)
|
33
|
+
else
|
34
|
+
find_by(token: token.to_s)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def expired?
|
40
|
+
!expires_at.nil? && Time.now.utc > expires_at
|
41
|
+
end
|
42
|
+
|
43
|
+
def revoked?
|
44
|
+
!revoked_at.nil? && revoked_at <= Time.now.utc
|
45
|
+
end
|
46
|
+
|
47
|
+
def revoke!(revoked_at = Time.now)
|
48
|
+
update_column :revoked_at, revoked_at.utc
|
49
|
+
end
|
50
|
+
|
51
|
+
def to_bearer_token
|
52
|
+
{
|
53
|
+
access_token: token,
|
54
|
+
expires_in: expires_at && Grape::OAuth2.config.access_token_lifetime.to_i,
|
55
|
+
refresh_token: refresh_token,
|
56
|
+
scope: scopes
|
57
|
+
}
|
58
|
+
end
|
59
|
+
|
60
|
+
protected
|
61
|
+
|
62
|
+
def generate_tokens
|
63
|
+
self.token = Grape::OAuth2.config.token_generator.generate(attributes) if token.blank?
|
64
|
+
self.refresh_token = Grape::OAuth2::UniqueToken.generate if Grape::OAuth2.config.issue_refresh_token
|
65
|
+
end
|
66
|
+
|
67
|
+
def setup_expiration
|
68
|
+
expires_in = Grape::OAuth2.config.access_token_lifetime
|
69
|
+
self.expires_at = Time.now + expires_in if expires_at.nil? && !expires_in.nil?
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -1,35 +1,36 @@
|
|
1
|
-
module Grape
|
2
|
-
module OAuth2
|
3
|
-
module ActiveRecord
|
4
|
-
# Grape::OAuth2 Client role mixin for ActiveRecord.
|
5
|
-
# Includes all the required API, associations, validations and callbacks.
|
6
|
-
module Client
|
7
|
-
extend ActiveSupport::Concern
|
8
|
-
|
9
|
-
included do
|
10
|
-
has_many :access_tokens, class_name: Grape::OAuth2.config.access_token_class_name,
|
11
|
-
|
12
|
-
|
13
|
-
validates :key,
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
self.
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
end
|
1
|
+
module Grape
|
2
|
+
module OAuth2
|
3
|
+
module ActiveRecord
|
4
|
+
# Grape::OAuth2 Client role mixin for ActiveRecord.
|
5
|
+
# Includes all the required API, associations, validations and callbacks.
|
6
|
+
module Client
|
7
|
+
extend ActiveSupport::Concern
|
8
|
+
|
9
|
+
included do
|
10
|
+
has_many :access_tokens, class_name: Grape::OAuth2.config.access_token_class_name,
|
11
|
+
foreign_key: :client_id, dependent: :delete_all
|
12
|
+
|
13
|
+
validates :key, :secret, presence: true
|
14
|
+
validates :key, uniqueness: true
|
15
|
+
|
16
|
+
before_validation :generate_keys, on: :create
|
17
|
+
|
18
|
+
def self.authenticate(key, secret = nil)
|
19
|
+
if secret.nil?
|
20
|
+
find_by(key: key)
|
21
|
+
else
|
22
|
+
find_by(key: key, secret: secret)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
protected
|
27
|
+
|
28
|
+
def generate_keys
|
29
|
+
self.key = Grape::OAuth2::UniqueToken.generate if key.blank?
|
30
|
+
self.secret = Grape::OAuth2::UniqueToken.generate if secret.blank?
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -1,58 +1,58 @@
|
|
1
|
-
module Grape
|
2
|
-
module OAuth2
|
3
|
-
module Mongoid
|
4
|
-
# Grape::OAuth2 Authorization Grant role mixin for Mongoid ORM.
|
5
|
-
# Includes all the required API, associations, validations and callbacks.
|
6
|
-
module AccessGrant
|
7
|
-
extend ActiveSupport::Concern
|
8
|
-
|
9
|
-
included do
|
10
|
-
include ::Mongoid::Document
|
11
|
-
include ::Mongoid::Timestamps
|
12
|
-
|
13
|
-
field :resource_owner_id, type: BSON::ObjectId
|
14
|
-
field :client_id, type: BSON::ObjectId
|
15
|
-
|
16
|
-
field :token, type: String
|
17
|
-
field :scopes, type: String
|
18
|
-
field :redirect_uri, type: String
|
19
|
-
|
20
|
-
field :expires_at, type: DateTime
|
21
|
-
|
22
|
-
belongs_to :client, class_name: Grape::OAuth2.config.client_class_name,
|
23
|
-
foreign_key: :client_id
|
24
|
-
|
25
|
-
belongs_to :resource_owner, class_name: Grape::OAuth2.config.resource_owner_class_name,
|
26
|
-
foreign_key: :resource_owner_id, optional: true # required!
|
27
|
-
|
28
|
-
before_validation :generate_token, on: :create
|
29
|
-
before_validation :setup_expiration, on: :create
|
30
|
-
|
31
|
-
index({ token: 1 }, unique: true)
|
32
|
-
index({ refresh_token: 1 }, unique: true, sparse: true)
|
33
|
-
|
34
|
-
class << self
|
35
|
-
def create_for(client, resource_owner, redirect_uri, scopes = nil)
|
36
|
-
create(
|
37
|
-
client_id: client.id,
|
38
|
-
resource_owner_id: resource_owner && resource_owner.id,
|
39
|
-
redirect_uri: redirect_uri,
|
40
|
-
scopes: scopes.to_s
|
41
|
-
)
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
protected
|
46
|
-
|
47
|
-
def generate_token
|
48
|
-
self.token = Grape::OAuth2.config.token_generator.generate(attributes)
|
49
|
-
end
|
50
|
-
|
51
|
-
def setup_expiration
|
52
|
-
self.expires_at = Time.now.utc + Grape::OAuth2.config.authorization_code_lifetime if expires_at.nil?
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
1
|
+
module Grape
|
2
|
+
module OAuth2
|
3
|
+
module Mongoid
|
4
|
+
# Grape::OAuth2 Authorization Grant role mixin for Mongoid ORM.
|
5
|
+
# Includes all the required API, associations, validations and callbacks.
|
6
|
+
module AccessGrant
|
7
|
+
extend ActiveSupport::Concern
|
8
|
+
|
9
|
+
included do
|
10
|
+
include ::Mongoid::Document
|
11
|
+
include ::Mongoid::Timestamps
|
12
|
+
|
13
|
+
field :resource_owner_id, type: BSON::ObjectId
|
14
|
+
field :client_id, type: BSON::ObjectId
|
15
|
+
|
16
|
+
field :token, type: String
|
17
|
+
field :scopes, type: String
|
18
|
+
field :redirect_uri, type: String
|
19
|
+
|
20
|
+
field :expires_at, type: DateTime
|
21
|
+
|
22
|
+
belongs_to :client, class_name: Grape::OAuth2.config.client_class_name,
|
23
|
+
foreign_key: :client_id
|
24
|
+
|
25
|
+
belongs_to :resource_owner, class_name: Grape::OAuth2.config.resource_owner_class_name,
|
26
|
+
foreign_key: :resource_owner_id, optional: true # required!
|
27
|
+
|
28
|
+
before_validation :generate_token, on: :create
|
29
|
+
before_validation :setup_expiration, on: :create
|
30
|
+
|
31
|
+
index({ token: 1 }, unique: true)
|
32
|
+
index({ refresh_token: 1 }, unique: true, sparse: true)
|
33
|
+
|
34
|
+
class << self
|
35
|
+
def create_for(client, resource_owner, redirect_uri, scopes = nil)
|
36
|
+
create(
|
37
|
+
client_id: client.id,
|
38
|
+
resource_owner_id: resource_owner && resource_owner.id,
|
39
|
+
redirect_uri: redirect_uri,
|
40
|
+
scopes: scopes.to_s
|
41
|
+
)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
protected
|
46
|
+
|
47
|
+
def generate_token
|
48
|
+
self.token = Grape::OAuth2.config.token_generator.generate(attributes)
|
49
|
+
end
|
50
|
+
|
51
|
+
def setup_expiration
|
52
|
+
self.expires_at = Time.now.utc + Grape::OAuth2.config.authorization_code_lifetime if expires_at.nil?
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
@@ -1,88 +1,88 @@
|
|
1
|
-
module Grape
|
2
|
-
module OAuth2
|
3
|
-
module Mongoid
|
4
|
-
# Grape::OAuth2 Access Token role mixin for Mongoid ORM.
|
5
|
-
# Includes all the required API, associations, validations and callbacks.
|
6
|
-
module AccessToken
|
7
|
-
extend ActiveSupport::Concern
|
8
|
-
|
9
|
-
included do
|
10
|
-
include ::Mongoid::Document
|
11
|
-
include ::Mongoid::Timestamps
|
12
|
-
|
13
|
-
field :resource_owner_id, type: BSON::ObjectId
|
14
|
-
field :client_id, type: BSON::ObjectId
|
15
|
-
|
16
|
-
belongs_to :client, class_name:
|
17
|
-
belongs_to :resource_owner, class_name:
|
18
|
-
|
19
|
-
field :token, type: String
|
20
|
-
field :refresh_token, type: String
|
21
|
-
field :scopes, type: String
|
22
|
-
|
23
|
-
field :expires_at, type: DateTime
|
24
|
-
field :revoked_at, type: DateTime
|
25
|
-
|
26
|
-
index({ token: 1 }, unique: true)
|
27
|
-
index({ refresh_token: 1 }, unique: true, sparse: true)
|
28
|
-
|
29
|
-
before_validation :setup_expiration, on: :create
|
30
|
-
before_validation :generate_tokens, on: :create
|
31
|
-
|
32
|
-
validates :token, presence: true, uniqueness: true
|
33
|
-
|
34
|
-
class << self
|
35
|
-
def create_for(client, resource_owner, scopes = nil)
|
36
|
-
create(
|
37
|
-
client: client,
|
38
|
-
resource_owner: resource_owner,
|
39
|
-
scopes: scopes.to_s
|
40
|
-
)
|
41
|
-
end
|
42
|
-
|
43
|
-
def authenticate(token, type: :access_token)
|
44
|
-
if type && type.to_sym == :refresh_token
|
45
|
-
find_by(refresh_token: token.to_s)
|
46
|
-
else
|
47
|
-
find_by(token: token.to_s)
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
def expired?
|
53
|
-
!expires_at.nil? && Time.now.utc > expires_at
|
54
|
-
end
|
55
|
-
|
56
|
-
def revoked?
|
57
|
-
!revoked_at.nil? && revoked_at <= Time.now.utc
|
58
|
-
end
|
59
|
-
|
60
|
-
def revoke!(revoked_at = Time.now)
|
61
|
-
update_attribute :revoked_at, revoked_at.utc
|
62
|
-
end
|
63
|
-
|
64
|
-
def to_bearer_token
|
65
|
-
{
|
66
|
-
access_token: token,
|
67
|
-
expires_in: expires_at && Grape::OAuth2.config.access_token_lifetime.to_i,
|
68
|
-
refresh_token: refresh_token,
|
69
|
-
scope: scopes
|
70
|
-
}
|
71
|
-
end
|
72
|
-
|
73
|
-
protected
|
74
|
-
|
75
|
-
def generate_tokens
|
76
|
-
self.token = Grape::OAuth2.config.token_generator.generate(attributes) if token.blank?
|
77
|
-
self.refresh_token = Grape::OAuth2::UniqueToken.generate if Grape::OAuth2.config.issue_refresh_token
|
78
|
-
end
|
79
|
-
|
80
|
-
def setup_expiration
|
81
|
-
expires_in = Grape::OAuth2.config.access_token_lifetime
|
82
|
-
self.expires_at = Time.now + expires_in if expires_at.nil? && !expires_in.nil?
|
83
|
-
end
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
87
|
-
end
|
88
|
-
end
|
1
|
+
module Grape
|
2
|
+
module OAuth2
|
3
|
+
module Mongoid
|
4
|
+
# Grape::OAuth2 Access Token role mixin for Mongoid ORM.
|
5
|
+
# Includes all the required API, associations, validations and callbacks.
|
6
|
+
module AccessToken
|
7
|
+
extend ActiveSupport::Concern
|
8
|
+
|
9
|
+
included do
|
10
|
+
include ::Mongoid::Document
|
11
|
+
include ::Mongoid::Timestamps
|
12
|
+
|
13
|
+
field :resource_owner_id, type: BSON::ObjectId
|
14
|
+
field :client_id, type: BSON::ObjectId
|
15
|
+
|
16
|
+
belongs_to :client, class_name: Grape::OAuth2.config.client_class_name, foreign_key: :client_id, optional: true
|
17
|
+
belongs_to :resource_owner, class_name: Grape::OAuth2.config.resource_owner_class_name, foreign_key: :resource_owner_id, optional: true
|
18
|
+
|
19
|
+
field :token, type: String
|
20
|
+
field :refresh_token, type: String
|
21
|
+
field :scopes, type: String
|
22
|
+
|
23
|
+
field :expires_at, type: DateTime
|
24
|
+
field :revoked_at, type: DateTime
|
25
|
+
|
26
|
+
index({ token: 1 }, unique: true)
|
27
|
+
index({ refresh_token: 1 }, unique: true, sparse: true)
|
28
|
+
|
29
|
+
before_validation :setup_expiration, on: :create
|
30
|
+
before_validation :generate_tokens, on: :create
|
31
|
+
|
32
|
+
validates :token, presence: true, uniqueness: true
|
33
|
+
|
34
|
+
class << self
|
35
|
+
def create_for(client, resource_owner, scopes = nil)
|
36
|
+
create(
|
37
|
+
client: client,
|
38
|
+
resource_owner: resource_owner,
|
39
|
+
scopes: scopes.to_s
|
40
|
+
)
|
41
|
+
end
|
42
|
+
|
43
|
+
def authenticate(token, type: :access_token)
|
44
|
+
if type && type.to_sym == :refresh_token
|
45
|
+
find_by(refresh_token: token.to_s)
|
46
|
+
else
|
47
|
+
find_by(token: token.to_s)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def expired?
|
53
|
+
!expires_at.nil? && Time.now.utc > expires_at
|
54
|
+
end
|
55
|
+
|
56
|
+
def revoked?
|
57
|
+
!revoked_at.nil? && revoked_at <= Time.now.utc
|
58
|
+
end
|
59
|
+
|
60
|
+
def revoke!(revoked_at = Time.now)
|
61
|
+
update_attribute :revoked_at, revoked_at.utc
|
62
|
+
end
|
63
|
+
|
64
|
+
def to_bearer_token
|
65
|
+
{
|
66
|
+
access_token: token,
|
67
|
+
expires_in: expires_at && Grape::OAuth2.config.access_token_lifetime.to_i,
|
68
|
+
refresh_token: refresh_token,
|
69
|
+
scope: scopes
|
70
|
+
}
|
71
|
+
end
|
72
|
+
|
73
|
+
protected
|
74
|
+
|
75
|
+
def generate_tokens
|
76
|
+
self.token = Grape::OAuth2.config.token_generator.generate(attributes) if token.blank?
|
77
|
+
self.refresh_token = Grape::OAuth2::UniqueToken.generate if Grape::OAuth2.config.issue_refresh_token
|
78
|
+
end
|
79
|
+
|
80
|
+
def setup_expiration
|
81
|
+
expires_in = Grape::OAuth2.config.access_token_lifetime
|
82
|
+
self.expires_at = Time.now + expires_in if expires_at.nil? && !expires_in.nil?
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|