Class: OauthBwergemn::Oauth2
- Inherits:
-
Grape::Middleware::Base
- Object
- Grape::Middleware::Base
- OauthBwergemn::Oauth2
- Defined in:
- lib/oauth_bwergemn/oauth2.rb
Instance Attribute Summary collapse
-
#auth_strategy ⇒ Object
readonly
Returns the value of attribute auth_strategy.
Instance Method Summary collapse
- #access_scopes(access) ⇒ Object
- #args ⇒ Object
- #authorize! ⇒ Object
-
#before ⇒ Object
Grape middleware methods.
- #context ⇒ Object
-
#endpoint_protected? ⇒ Boolean
Authorization control.
- #is_args_include_as? ⇒ Boolean
- #is_args_include_validate? ⇒ Boolean
- #request ⇒ Object
- #scope_authorize!(access) ⇒ Object
- #scopes ⇒ Object
- #sync_scopes_from(resource, to:) ⇒ Object
- #the_request=(env) ⇒ Object
- #token ⇒ Object
- #token_optional? ⇒ Boolean
- #token_required? ⇒ Boolean
Instance Attribute Details
#auth_strategy ⇒ Object (readonly)
Returns the value of attribute auth_strategy.
7 8 9 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 7 def auth_strategy @auth_strategy end |
Instance Method Details
#access_scopes(access) ⇒ Object
59 60 61 62 63 64 65 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 59 def access_scopes access if OauthBwergemn.is_custom_scopes access.scopes.map!(&:to_sym) rescue [] else access.scopes.all.map!(&:to_sym) rescue [] end end |
#args ⇒ Object
43 44 45 46 47 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 43 def args results = {} auth_strategy.auth_scopes.map { |s| (results = results.merge(s)) if s.is_a?(Hash) } results end |
#authorize! ⇒ Object
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 94 def access = Doorkeeper::AccessToken.find_by(token: token) if access.present? if access.expired? raise OauthBwergemn::Errors::ExpiredToken end if access.revoked? raise OauthBwergemn::Errors::InvalidToken end else raise OauthBwergemn::Errors::InvalidToken end resource_as = (is_args_include_as? ? args[:as] : OauthBwergemn.default_resources) # rubocop:disable Security/Eval resource = eval(OauthBwergemn.resources[resource_as.to_sym]).where(id: access.resource_owner_id).last rescue nil # rubocop:enable Security/Eval sync_scopes_from resource, to: access if OauthBwergemn.is_custom_scopes resource else access end { resource_owner: resource, resource_credential: { access_token: access.token, scopes: (access_scopes access), token_type: 'bearer', expires_in: access.expires_in, refresh_token: access.refresh_token, created_at: access.created_at.to_i } } end |
#before ⇒ Object
Grape middleware methods
133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 133 def before set_auth_strategy(OauthBwergemn.auth_strategy) auth_strategy.api_context = context context.extend(OauthBwergemn::AuthMethods) context.protected_endpoint = endpoint_protected? return unless context.protected_endpoint? self.the_request = env if token_optional? && context.protected_endpoint? context.resource_token = token context.resource_owner = nil context.resource_credentials = nil response = rescue nil if response.present? context.resource_owner = response[:resource_owner] rescue nil context.resource_credentials = response[:resource_credentials] rescue nil end elsif token.present? && token_required? && context.protected_endpoint? response = context.resource_token = token context.resource_owner = response[:resource_owner] rescue nil context.resource_credentials = response[:resource_credentials] rescue nil elsif context.resource_owner.nil? && context.protected_endpoint? raise OauthBwergemn::Errors::InvalidToken else raise OauthBwergemn::Errors::InvalidToken end end |
#context ⇒ Object
9 10 11 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 9 def context env['api.endpoint'] end |
#endpoint_protected? ⇒ Boolean
Authorization control.
39 40 41 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 39 def endpoint_protected? auth_strategy.endpoint_protected? end |
#is_args_include_as? ⇒ Boolean
74 75 76 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 74 def is_args_include_as? args.key?(:as) end |
#is_args_include_validate? ⇒ Boolean
67 68 69 70 71 72 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 67 def is_args_include_validate? if args.key?(:validate) && ![true, false].include?(args[:validate]) raise OauthBwergemn::Errors::InvalidScope.new("Not valid scope '#{args[:validate]}' in `oauth2 scope`") end args.key?(:validate) end |
#request ⇒ Object
17 18 19 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 17 def request @_the_request end |
#scope_authorize!(access) ⇒ Object
78 79 80 81 82 83 84 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 78 def access if scopes.present? && access unless (scopes & (access_scopes access)).present? raise OauthBwergemn::Errors::InvalidScope.new('OAuth Scope is disallowed') end end end |
#scopes ⇒ Object
53 54 55 56 57 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 53 def scopes results = [] auth_strategy.auth_scopes.map { |s| (results << s) unless s.is_a?(Hash) } results.map! &:to_sym end |
#sync_scopes_from(resource, to:) ⇒ Object
49 50 51 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 49 def sync_scopes_from resource , to: to.update(scopes: resource.scopes.join(',')) rescue nil end |
#the_request=(env) ⇒ Object
13 14 15 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 13 def the_request=(env) @_the_request = ActionDispatch::Request.new(env) end |
#token ⇒ Object
21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 21 def token if request.headers['Authorization'].present? if request.headers['Authorization'].include?('bearer') token = request.headers['Authorization'].try('split', 'bearer').try(:last).try(:strip) elsif request.headers['Authorization'].include?('Bearer') token = request.headers['Authorization'].try('split', 'Bearer').try(:last).try(:strip) else token = request.headers['Authorization'] end else token = request.parameters['access_token'] end token end |
#token_optional? ⇒ Boolean
86 87 88 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 86 def token_optional? is_args_include_validate? && [true, false].include?(args[:validate]) && args[:validate].eql?(false) end |
#token_required? ⇒ Boolean
90 91 92 |
# File 'lib/oauth_bwergemn/oauth2.rb', line 90 def token_required? is_args_include_validate? && [true, false].include?(args[:validate]) && args[:validate].eql?(true) || is_args_include_validate?.blank? end |