Module: Oauth2Provider::ControllerMixin

Included in:
ApplicationController
Defined in:
lib/oauth2_provider/controller_mixin.rb

Instance Method Summary collapse

Instance Method Details

#_oauth_provider_authenticateObject



3
4
5
6
7
8
9
# File 'lib/oauth2_provider/controller_mixin.rb', line 3

def _oauth_provider_authenticate
  if api_request
    oauth_authorized   # uncomment to make all json API protected
  else
    session_auth
  end
end

#_oauth_provider_json_bodyObject



26
27
28
29
30
31
32
33
# File 'lib/oauth2_provider/controller_mixin.rb', line 26

def _oauth_provider_json_body
  body = request.body.read.to_s
  @body = if body.empty?
    HashWithIndifferentAccess.new({})
  else
    HashWithIndifferentAccess.new(Rack::Utils.parse_nested_query body)
  end
end

#_oauth_provider_normalize_tokenObject



49
50
51
52
53
54
55
56
57
58
# File 'lib/oauth2_provider/controller_mixin.rb', line 49

def _oauth_provider_normalize_token
  # Token in the body
  if (_oauth_provider_json_body and @body[:token])
    params[:token] = @body[:token]
  end
  # Token in the header
  if request.env["Authorization"]
    params[:token] = request.env["Authorization"].split(" ").last
  end
end

#api_requestObject



18
19
20
# File 'lib/oauth2_provider/controller_mixin.rb', line 18

def api_request
  json?
end

#json?Boolean

Returns:

  • (Boolean)


22
23
24
# File 'lib/oauth2_provider/controller_mixin.rb', line 22

def json?
  request.format == "application/json"
end

#oauth_authorizedObject



35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'lib/oauth2_provider/controller_mixin.rb', line 35

def oauth_authorized
  action = params[:controller] + "/" + params[:action]
  _oauth_provider_normalize_token
  @token = Oauth2Provider::OauthToken.to_adapter.find_first(token: params[:token], scope: action)
  if @token.nil? or @token.blocked?
    render text: "Unauthorized access.", status: 401
    return false
  else
    access = Oauth2Provider::OauthAccess.to_adapter.find_first(client_uri: @token.client_uri , resource_owner_uri: @token.resource_owner_uri)
    access.accessed!
    @current_user = User.to_adapter.find_first(id: @token.resource_owner_uri.split('/').last)
  end
end

#session_authObject



11
12
13
14
15
16
# File 'lib/oauth2_provider/controller_mixin.rb', line 11

def session_auth
  unless current_user
    render text: "Unauthorized access.", status: 401
    return false
  end
end