class Doorkeeper::AccessToken

Attributes

use_refresh_token[W]

Public Class Methods

by_refresh_token(refresh_token) click to toggle source

Returns an instance of the Doorkeeper::AccessToken with specific token value.

@param refresh_token [#to_s]

refresh token value (any object that responds to `#to_s`)

@return [Doorkeeper::AccessToken, nil] AccessToken object or nil

if there is no record with such refresh token
# File lib/support/orm/couchbase/access_token.rb, line 67
def by_refresh_token(refresh_token)
    tok = self.find_by_refresh_token(refresh_token)
    return tok if tok

    # legacy - required for existing systems
    id = AccessToken.bucket.get("refresh-#{refresh_token}", quiet: true)
    find_by_id(id) if id
end
find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token) click to toggle source

Looking for not expired AccessToken record with a matching set of scopes that belongs to specific Application and Resource Owner. If it doesn't exists - then creates it.

@param application [Doorkeeper::Application]

Application instance

@param resource_owner_id [ActiveRecord::Base, Integer]

Resource Owner model instance or it's ID

@param scopes [#to_s]

set of scopes (any object that responds to `#to_s`)

@param expires_in [Integer]

token lifetime in seconds

@param use_refresh_token [Boolean]

whether to use the refresh token

@return [Doorkeeper::AccessToken] existing record or a new one

# File lib/support/orm/couchbase/access_token.rb, line 166
def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)
    if Doorkeeper.configuration.reuse_access_token
        access_token = matching_token_for(application, resource_owner_id, scopes)
        if access_token && !access_token.expired?
            return access_token
        end
    end

    create!(
        application_id:    application.try(:id),
        resource_owner_id: resource_owner_id,
        scopes:            scopes.to_s,
        expires_in:        expires_in,
        use_refresh_token: use_refresh_token
    )
end
last_authorized_token_for(application_id, resource_owner_id) click to toggle source

Looking for not revoked Access Token record that belongs to specific Application and Resource Owner.

@param application_id [Integer]

ID of the Application model instance

@param resource_owner_id [Integer]

ID of the Resource Owner model instance

@return [Doorkeeper::AccessToken, nil] matching AccessToken object or

nil if nothing was found
# File lib/support/orm/couchbase/access_token.rb, line 101
def last_authorized_token_for(application_id, resource_owner_id)
    result = by_application_id_and_resource_owner_id(key: [application_id, resource_owner_id]).first
    result[:revoked_at] ? result : nil
end
matching_token_for(application, resource_owner_or_id, scopes) click to toggle source

Looking for not expired Access Token with a matching set of scopes that belongs to specific Application and Resource Owner.

@param application [Doorkeeper::Application]

Application instance

@param resource_owner_or_id [ActiveRecord::Base, Integer]

Resource Owner model instance or it's ID

@param scopes [String, Doorkeeper::OAuth::Scopes]

set of scopes

@return [Doorkeeper::AccessToken, nil] Access Token instance or

nil if matching record was not found
# File lib/support/orm/couchbase/access_token.rb, line 119
def matching_token_for(application, resource_owner_or_id, scopes)
    resource_owner_id = resource_owner_or_id.try(:id) || resource_owner_or_id
    token = last_authorized_token_for(application.try(:id), resource_owner_id)
    if token && scopes_match?(token.scopes, scopes, application.try(:scopes))
        token
    end
end
refresh_token_revoked_on_use?() click to toggle source
# File lib/support/orm/couchbase/access_token.rb, line 43
def refresh_token_revoked_on_use?
    true
end
revoke_all_for(application_id, resource_owner) click to toggle source

Revokes AccessToken records that have not been revoked and associated with the specific Application and Resource Owner.

@param application_id [Integer]

ID of the Application

@param resource_owner [ActiveRecord::Base]

instance of the Resource Owner model
# File lib/support/orm/couchbase/access_token.rb, line 84
def revoke_all_for(application_id, resource_owner)
    by_application_id_and_resource_owner_id(key: [application_id, resource_owner.id]).stream do |at|
        at.revoke
    end
end
scopes_match?(token_scopes, param_scopes, app_scopes) click to toggle source

Checks whether the token scopes match the scopes from the parameters or Application scopes (if present).

@param token_scopes [#to_s]

set of scopes (any object that responds to `#to_s`)

@param param_scopes [String]

scopes from params

@param app_scopes [String]

Application scopes

@return [Boolean] true if all scopes and blank or matches

and false in other cases
# File lib/support/orm/couchbase/access_token.rb, line 140
def scopes_match?(token_scopes, param_scopes, app_scopes)
    (!token_scopes.present? && !param_scopes.present?) ||
        Doorkeeper::OAuth::Helpers::ScopeChecker.match?(
            token_scopes.to_s,
            param_scopes,
            app_scopes
        )
end

Public Instance Methods

acceptable?(scopes) click to toggle source

Indicates if token is acceptable for specific scopes.

@param scopes [Array<String>] scopes

@return [Boolean] true if record is accessible and includes scopes or

false in other cases
# File lib/support/orm/couchbase/access_token.rb, line 243
def acceptable?(scopes)
    accessible? && includes_scope?(*scopes)
end
as_json(_options = {}) click to toggle source

JSON representation of the Access Token instance.

@return [Hash] hash with token data

# File lib/support/orm/couchbase/access_token.rb, line 200
def as_json(_options = {})
    {
        resource_owner_id:  resource_owner_id,
        scopes:             scopes,
        expires_in_seconds: expires_in_seconds,
        application:        { uid: application.try(:uid) },
        created_at:         created_at.to_i
    }
end
lock!() click to toggle source
# File lib/support/orm/couchbase/access_token.rb, line 249
def lock!; end
same_credential?(access_token) click to toggle source

Indicates whether the token instance have the same credential as the other Access Token.

@param access_token [Doorkeeper::AccessToken] other token

@return [Boolean] true if credentials are same of false in other cases

# File lib/support/orm/couchbase/access_token.rb, line 230
def same_credential?(access_token)
    application_id == access_token.application_id &&
    resource_owner_id == access_token.resource_owner_id
end
save(**options) click to toggle source

Lets make sure these keys are not clogging up the database forever

Calls superclass method
# File lib/support/orm/couchbase/access_token.rb, line 212
def save(**options)
    if use_refresh_token?
        options[:ttl] = self.created_at + 6.months
    else
        options[:ttl] = self.created_at + self.expires_in + 30
    end
    super(**options)
end
token_type() click to toggle source

Access Token type: Bearer. @see tools.ietf.org/html/rfc6750

The OAuth 2.0 Authorization Framework: Bearer Token Usage
# File lib/support/orm/couchbase/access_token.rb, line 188
def token_type
    'bearer'
end
transaction() { || ... } click to toggle source
# File lib/support/orm/couchbase/access_token.rb, line 248
def transaction; yield; end
use_refresh_token?() click to toggle source
# File lib/support/orm/couchbase/access_token.rb, line 192
def use_refresh_token?
    @use_refresh_token ||= false
    !!@use_refresh_token
end

Private Instance Methods

generate_refresh_token() click to toggle source

Generates refresh token with UniqueToken generator.

@return [String] refresh token value

# File lib/support/orm/couchbase/access_token.rb, line 263
def generate_refresh_token
    if self.refresh_token.blank?
        write_attribute :refresh_token, UniqueToken.generate
    end
end
generate_token() click to toggle source
# File lib/support/orm/couchbase/access_token.rb, line 269
def generate_token
    return if self.token.present?

    self.created_at ||= Time.now.utc

    generator = Doorkeeper.configuration.access_token_generator.constantize
    self.id = self.token = generator.generate(
        resource_owner_id: resource_owner_id,
        scopes: scopes,
        application: application,
        expires_in: expires_in,
        created_at: created_at
    )
rescue NoMethodError
    raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
rescue NameError
    raise Errors::TokenGeneratorNotFound, "#{generator} not found"
end