Module: Oauth2Provider::ControllerMixin
- Included in:
- ApplicationController
- Defined in:
- lib/oauth2_provider/controller_mixin.rb
Instance Method Summary collapse
- #_oauth_provider_authenticate ⇒ Object
- #_oauth_provider_json_body ⇒ Object
- #_oauth_provider_normalize_token ⇒ Object
- #api_request ⇒ Object
- #json? ⇒ Boolean
- #oauth_authorized ⇒ Object
- #session_auth ⇒ Object
Instance Method Details
#_oauth_provider_authenticate ⇒ Object
3 4 5 6 7 8 9 |
# File 'lib/oauth2_provider/controller_mixin.rb', line 3 def _oauth_provider_authenticate if api_request # uncomment to make all json API protected else session_auth end end |
#_oauth_provider_json_body ⇒ Object
26 27 28 29 30 31 32 33 |
# File 'lib/oauth2_provider/controller_mixin.rb', line 26 def _oauth_provider_json_body body = request.body.read.to_s @body = if body.empty? HashWithIndifferentAccess.new({}) else HashWithIndifferentAccess.new(Rack::Utils.parse_nested_query body) end end |
#_oauth_provider_normalize_token ⇒ Object
49 50 51 52 53 54 55 56 57 58 |
# File 'lib/oauth2_provider/controller_mixin.rb', line 49 def _oauth_provider_normalize_token # Token in the body if (_oauth_provider_json_body and @body[:token]) params[:token] = @body[:token] end # Token in the header if request.env["Authorization"] params[:token] = request.env["Authorization"].split(" ").last end end |
#api_request ⇒ Object
18 19 20 |
# File 'lib/oauth2_provider/controller_mixin.rb', line 18 def api_request json? end |
#json? ⇒ Boolean
22 23 24 |
# File 'lib/oauth2_provider/controller_mixin.rb', line 22 def json? request.format == "application/json" end |
#oauth_authorized ⇒ Object
35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/oauth2_provider/controller_mixin.rb', line 35 def action = params[:controller] + "/" + params[:action] _oauth_provider_normalize_token @token = Oauth2Provider::OauthToken.to_adapter.find_first(token: params[:token], scope: action) if @token.nil? or @token.blocked? render text: "Unauthorized access.", status: 401 return false else access = Oauth2Provider::OauthAccess.to_adapter.find_first(client_uri: @token.client_uri , resource_owner_uri: @token.resource_owner_uri) access.accessed! @current_user = User.to_adapter.find_first(id: @token.resource_owner_uri.split('/').last) end end |
#session_auth ⇒ Object
11 12 13 14 15 16 |
# File 'lib/oauth2_provider/controller_mixin.rb', line 11 def session_auth unless current_user render text: "Unauthorized access.", status: 401 return false end end |