class Doorkeeper::SecretStoring::Base

Base class for secret storing, including common helpers

Public Class Methods

allows_restoring_secrets?() click to toggle source

Determines whether this strategy supports restoring secrets from the database. This allows detecting users trying to use a non-restorable strategy with reuse_access_tokens.

# File lib/doorkeeper/secret_storing/base.rb, line 42
def self.allows_restoring_secrets?
  false
end
restore_secret(_resource, _attribute) click to toggle source

Return the restored value from the database @param resource The resource instance to act on @param attribute The secret attribute to restore as retrieved from the database.

# File lib/doorkeeper/secret_storing/base.rb, line 34
def self.restore_secret(_resource, _attribute)
  raise NotImplementedError
end
secret_matches?(input, stored) click to toggle source

Securely compare the given input value with a stored value processed by transform_secret.

# File lib/doorkeeper/secret_storing/base.rb, line 58
def self.secret_matches?(input, stored)
  transformed_input = transform_secret(input)
  ActiveSupport::SecurityUtils.secure_compare transformed_input, stored
end
store_secret(resource, attribute, plain_secret) click to toggle source

Transform and store the given secret attribute => value pair used for safely storing the attribute @param resource The model instance being modified @param attribute The secret attribute @param plain_secret The plain secret input / generated

# File lib/doorkeeper/secret_storing/base.rb, line 22
def self.store_secret(resource, attribute, plain_secret)
  transformed_value = transform_secret(plain_secret)
  resource.public_send(:"#{attribute}=", transformed_value)

  transformed_value
end
transform_secret(_plain_secret) click to toggle source

Return the value to be stored by the database used for looking up a database value. @param plain_secret The plain secret input / generated

# File lib/doorkeeper/secret_storing/base.rb, line 12
def self.transform_secret(_plain_secret)
  raise NotImplementedError
end
validate_for(model) click to toggle source

Determines what secrets this strategy is applicable for

# File lib/doorkeeper/secret_storing/base.rb, line 48
def self.validate_for(model)
  valid = %i[token application]
  return true if valid.include?(model.to_sym)

  raise ArgumentError, "'#{name}' can not be used for #{model}."
end