Class: Rack::OAuth2::Server::AccessToken
- Inherits:
-
Object
- Object
- Rack::OAuth2::Server::AccessToken
- Defined in:
- lib/rack/oauth2/models/access_token.rb
Overview
Access token. This is what clients use to access resources.
An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.
Instance Attribute Summary collapse
-
#_id ⇒ Object
(also: #token)
readonly
Access token.
-
#client_id ⇒ Object
readonly
Client that was granted this access token.
-
#created_at ⇒ Object
readonly
When token was granted.
-
#expires_at ⇒ Object
readonly
When token expires for good.
-
#identity ⇒ Object
readonly
The identity we authorized access to.
-
#last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
-
#prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
-
#revoked ⇒ Object
Timestamp if revoked.
-
#scope ⇒ Object
readonly
The scope granted to this token.
Class Method Summary collapse
- .collection ⇒ Object
-
.count(filter = {}) ⇒ Object
Returns count of access tokens.
-
.create_token_for(client, scope) ⇒ Object
Creates a new AccessToken for the given client and scope.
-
.for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
-
.from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
-
.from_token(token) ⇒ Object
Find AccessToken from token.
-
.get_token_for(identity, client, scope) ⇒ Object
Get an access token (create new one if necessary).
- .historical(filter = {}) ⇒ Object
Instance Method Summary collapse
-
#access! ⇒ Object
Updates the last access timestamp.
-
#revoke! ⇒ Object
Revokes this access token.
Instance Attribute Details
#_id ⇒ Object (readonly) Also known as: token
Access token. As unique as they come.
91 92 93 |
# File 'lib/rack/oauth2/models/access_token.rb', line 91 def _id @_id end |
#client_id ⇒ Object (readonly)
Client that was granted this access token.
96 97 98 |
# File 'lib/rack/oauth2/models/access_token.rb', line 96 def client_id @client_id end |
#created_at ⇒ Object (readonly)
When token was granted.
100 101 102 |
# File 'lib/rack/oauth2/models/access_token.rb', line 100 def created_at @created_at end |
#expires_at ⇒ Object (readonly)
When token expires for good.
102 103 104 |
# File 'lib/rack/oauth2/models/access_token.rb', line 102 def expires_at @expires_at end |
#identity ⇒ Object (readonly)
The identity we authorized access to.
94 95 96 |
# File 'lib/rack/oauth2/models/access_token.rb', line 94 def identity @identity end |
#last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
106 107 108 |
# File 'lib/rack/oauth2/models/access_token.rb', line 106 def last_access @last_access end |
#prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
108 109 110 |
# File 'lib/rack/oauth2/models/access_token.rb', line 108 def prev_access @prev_access end |
#revoked ⇒ Object
Timestamp if revoked.
104 105 106 |
# File 'lib/rack/oauth2/models/access_token.rb', line 104 def revoked @revoked end |
#scope ⇒ Object (readonly)
The scope granted to this token.
98 99 100 |
# File 'lib/rack/oauth2/models/access_token.rb', line 98 def scope @scope end |
Class Method Details
.collection ⇒ Object
85 86 87 |
# File 'lib/rack/oauth2/models/access_token.rb', line 85 def collection Server.database["oauth2.access_tokens"] end |
.count(filter = {}) ⇒ Object
Returns count of access tokens.
60 61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/rack/oauth2/models/access_token.rb', line 60 def count(filter = {}) select = {} if filter[:days] now = Time.now.to_i range = { :$gt=>now - filter[:days] * 86400, :$lte=>now } select[ filter[:revoked] ? :revoked : :created_at ] = range elsif filter.has_key?(:revoked) select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil } end select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id] collection.find(select).count end |
.create_token_for(client, scope) ⇒ Object
Creates a new AccessToken for the given client and scope.
13 14 15 16 17 18 19 20 |
# File 'lib/rack/oauth2/models/access_token.rb', line 13 def create_token_for(client, scope) scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope token = { :_id=>Server.secure_random, :scope=>scope, :client_id=>client.id, :created_at=>Time.now.to_i, :expires_at=>nil, :revoked=>nil } collection.insert token Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } }) Server.new_instance self, token end |
.for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
48 49 50 51 52 |
# File 'lib/rack/oauth2/models/access_token.rb', line 48 def for_client(client_id, offset = 0, limit = 100) client_id = BSON::ObjectId(client_id.to_s) collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }). map { |token| Server.new_instance self, token } end |
.from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
42 43 44 |
# File 'lib/rack/oauth2/models/access_token.rb', line 42 def from_identity(identity) collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields } end |
.from_token(token) ⇒ Object
Find AccessToken from token. Does not return revoked tokens.
23 24 25 |
# File 'lib/rack/oauth2/models/access_token.rb', line 23 def from_token(token) Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil }) end |
.get_token_for(identity, client, scope) ⇒ Object
Get an access token (create new one if necessary).
28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/rack/oauth2/models/access_token.rb', line 28 def get_token_for(identity, client, scope) raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope unless token = collection.find_one({ :identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil }) token = { :_id=>Server.secure_random, :identity=>identity, :scope=>scope, :client_id=>client.id, :created_at=>Time.now.to_i, :expires_at=>nil, :revoked=>nil } collection.insert token Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } }) end Server.new_instance self, token end |
.historical(filter = {}) ⇒ Object
73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/rack/oauth2/models/access_token.rb', line 73 def historical(filter = {}) days = filter[:days] || 60 select = { :$gt=> { :created_at=>Time.now - 86400 * days } } select = {} if filter[:client_id] select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) end raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }", select, { :granted=>0 }, "function (token, state) { state.granted++ }") raw.sort { |a, b| a["ts"] - b["ts"] } end |
Instance Method Details
#access! ⇒ Object
Updates the last access timestamp.
111 112 113 114 115 116 117 |
# File 'lib/rack/oauth2/models/access_token.rb', line 111 def access! today = (Time.now.to_i / 3600) * 3600 if last_access.nil? || last_access < today AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } }) self.last_access = today end end |
#revoke! ⇒ Object
Revokes this access token.
120 121 122 123 124 |
# File 'lib/rack/oauth2/models/access_token.rb', line 120 def revoke! self.revoked = Time.now.to_i AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } }) Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } }) end |