Class: Rack::OAuth2::Server::AccessToken

Inherits:

Object

• Object
• Rack::OAuth2::Server::AccessToken

Defined in:

lib/rack/oauth2/models/access_token.rb

Overview

Access token. This is what clients use to access resources.

An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.

Instance Attribute Summary

• #_id ⇒ Object (also: #token) readonly

  Access token.

• #client_id ⇒ Object readonly

  Client that was granted this access token.

• #created_at ⇒ Object readonly

  When token was granted.

• #expires_at ⇒ Object readonly

  When token expires for good.

• #identity ⇒ Object readonly

  The identity we authorized access to.

• #last_access ⇒ Object

  Timestamp of last access using this token, rounded up to hour.

• #prev_access ⇒ Object

  Timestamp of previous access using this token, rounded up to hour.

• #revoked ⇒ Object

  Timestamp if revoked.

• #scope ⇒ Object readonly

  The scope granted to this token.

Class Method Summary

• .collection ⇒ Object
• .count(filter = {}) ⇒ Object

  Returns count of access tokens.

• .create_token_for(client, scope) ⇒ Object

  Creates a new AccessToken for the given client and scope.

• .for_client(client_id, offset = 0, limit = 100) ⇒ Object

  Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.

• .from_identity(identity) ⇒ Object

  Find all AccessTokens for an identity.

• .from_token(token) ⇒ Object

  Find AccessToken from token.

• .get_token_for(identity, client, scope) ⇒ Object

  Get an access token (create new one if necessary).

• .historical(filter = {}) ⇒ Object

Instance Method Summary

• #access! ⇒ Object

  Updates the last access timestamp.

• #revoke! ⇒ Object

  Revokes this access token.

Instance Attribute Details

#_id ⇒ Object (readonly) Also known as: token

Access token. As unique as they come.

# File 'lib/rack/oauth2/models/access_token.rb', line 91

def _id
  @_id
end

#client_id ⇒ Object (readonly)

Client that was granted this access token.

# File 'lib/rack/oauth2/models/access_token.rb', line 96

def client_id
  @client_id
end

#created_at ⇒ Object (readonly)

When token was granted.

# File 'lib/rack/oauth2/models/access_token.rb', line 100

def created_at
  @created_at
end

#expires_at ⇒ Object (readonly)

When token expires for good.

# File 'lib/rack/oauth2/models/access_token.rb', line 102

def expires_at
  @expires_at
end

#identity ⇒ Object (readonly)

The identity we authorized access to.

# File 'lib/rack/oauth2/models/access_token.rb', line 94

def identity
  @identity
end

#last_access ⇒ Object

Timestamp of last access using this token, rounded up to hour.

# File 'lib/rack/oauth2/models/access_token.rb', line 106

def last_access
  @last_access
end

#prev_access ⇒ Object

Timestamp of previous access using this token, rounded up to hour.

# File 'lib/rack/oauth2/models/access_token.rb', line 108

def prev_access
  @prev_access
end

#revoked ⇒ Object

Timestamp if revoked.

# File 'lib/rack/oauth2/models/access_token.rb', line 104

def revoked
  @revoked
end

#scope ⇒ Object (readonly)

The scope granted to this token.

# File 'lib/rack/oauth2/models/access_token.rb', line 98

def scope
  @scope
end

Class Method Details

.collection ⇒ Object

# File 'lib/rack/oauth2/models/access_token.rb', line 85

def collection
  Server.database["oauth2.access_tokens"]
end

.count(filter = {}) ⇒ Object

Returns count of access tokens.

Parameters:

• filter (Hash) (defaults to: {}) —

  Count only a subset of access tokens

Options Hash (filter):

• days (Integer) —

  Only count that many days (since now)

• revoked (Boolean) —

  Only count revoked (true) or non-revoked (false) tokens; count all tokens if nil

• client_id (String, ObjectId) —

  Only tokens grant to this client

# File 'lib/rack/oauth2/models/access_token.rb', line 60

def count(filter = {})
  select = {}
  if filter[:days]
    now = Time.now.to_i
    range = { :$gt=>now - filter[:days] * 86400, :$lte=>now }
    select[ filter[:revoked] ? :revoked : :created_at ] = range
  elsif filter.has_key?(:revoked)
    select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil }
  end
  select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id]
  collection.find(select).count
end

.create_token_for(client, scope) ⇒ Object

Creates a new AccessToken for the given client and scope.

# File 'lib/rack/oauth2/models/access_token.rb', line 13

def create_token_for(client, scope)
  scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope
  token = { :_id=>Server.secure_random, :scope=>scope, :client_id=>client.id,
            :created_at=>Time.now.to_i, :expires_at=>nil, :revoked=>nil }
  collection.insert token
  Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } })
  Server.new_instance self, token
end

.for_client(client_id, offset = 0, limit = 100) ⇒ Object

Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.

# File 'lib/rack/oauth2/models/access_token.rb', line 48

def for_client(client_id, offset = 0, limit = 100)
  client_id = BSON::ObjectId(client_id.to_s)
  collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }).
    map { |token| Server.new_instance self, token }
end

.from_identity(identity) ⇒ Object

Find all AccessTokens for an identity.

# File 'lib/rack/oauth2/models/access_token.rb', line 42

def from_identity(identity)
  collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields }
end

.from_token(token) ⇒ Object

Find AccessToken from token. Does not return revoked tokens.

# File 'lib/rack/oauth2/models/access_token.rb', line 23

def from_token(token)
  Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil })
end

.get_token_for(identity, client, scope) ⇒ Object

Get an access token (create new one if necessary).

Raises:

• (ArgumentError)

# File 'lib/rack/oauth2/models/access_token.rb', line 28

def get_token_for(identity, client, scope)
  raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
  scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope
  unless token = collection.find_one({ :identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil })
    token = { :_id=>Server.secure_random, :identity=>identity, :scope=>scope,
              :client_id=>client.id, :created_at=>Time.now.to_i,
              :expires_at=>nil, :revoked=>nil }
    collection.insert token
    Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } })
  end
  Server.new_instance self, token
end

.historical(filter = {}) ⇒ Object

# File 'lib/rack/oauth2/models/access_token.rb', line 73

def historical(filter = {})
  days = filter[:days] || 60
  select = { :$gt=> { :created_at=>Time.now - 86400 * days } }
  select = {}
  if filter[:client_id]
    select[:client_id] = BSON::ObjectId(filter[:client_id].to_s)
  end
  raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }",
    select, { :granted=>0 }, "function (token, state) { state.granted++ }")
  raw.sort { |a, b| a["ts"] - b["ts"] }
end

Instance Method Details

#access! ⇒ Object

Updates the last access timestamp.

# File 'lib/rack/oauth2/models/access_token.rb', line 111

def access!
  today = (Time.now.to_i / 3600) * 3600
  if last_access.nil? || last_access < today
    AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } })
    self.last_access = today
  end
end

#revoke! ⇒ Object

Revokes this access token.

# File 'lib/rack/oauth2/models/access_token.rb', line 120

def revoke!
  self.revoked = Time.now.to_i
  AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } })
  Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } })
end