Class: Rack::OAuth2::Server::AccessToken

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Rack::OAuth2::Server::AccessToken

Defined in:

lib/rack/oauth2/models/access_token.rb

Overview

Access token. This is what clients use to access resources.

An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.

Class Method Summary

• .count(filter = {}) ⇒ Object

  Returns count of access tokens.

• .create_token_for(client, scope) ⇒ Object

  Creates a new AccessToken for the given client and scope.

• .for_client(client_id, offset = 0, limit = 100) ⇒ Object

  Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.

• .from_identity(identity) ⇒ Object

  Find all AccessTokens for an identity.

• .from_token(token) ⇒ Object

  Find AccessToken from token.

• .get_token_for(identity, client, scope) ⇒ Object

  Get an access token (create new one if necessary).

Instance Method Summary

• #access! ⇒ Object

  Updates the last access timestamp.

• #revoke! ⇒ Object

  Revokes this access token.

Class Method Details

.count(filter = {}) ⇒ Object

Returns count of access tokens.

Parameters:

• filter (Hash) (defaults to: {}) —

  Count only a subset of access tokens

Options Hash (filter):

• days (Integer) —

  Only count that many days (since now)

• revoked (Boolean) —

  Only count revoked (true) or non-revoked (false) tokens; count all tokens if nil

• client_id (String, ObjectId) —

  Only tokens grant to this client

# File 'lib/rack/oauth2/models/access_token.rb', line 74

def self.count(filter = {})
  conditions = []
  if filter[:days]
    now = Time.now
    start_time = now - (filter[:days] * 86400)

    key = filter[:revoked] ? 'revoked' : 'created_at'
    conditions = ["#{key} > ? AND #{key} <= ?", start_time, now]
  elsif filter.has_key?(:revoked)
    conditions = ["revoked " + (filter[:revoked] ? "IS NOT NULL" : "IS NULL")]
  end

  if filter.has_key?(:client_id)
    conditions.first = conditions.empty? ? "client_id = ?" : " AND client_id = ?"
    conditions << filter[:client_id]
  end

  super(:conditions => conditions)
end

.create_token_for(client, scope) ⇒ Object

Creates a new AccessToken for the given client and scope.

# File 'lib/rack/oauth2/models/access_token.rb', line 13

def self.create_token_for(client, scope)
  scope = Utils.normalize_scope(scope) & Utils.normalize_scope(client.scope) # Only allowed scope

  attributes = {
    :code => Server.secure_random,
    :scope => scope.join(' '),
    :client => client
  }

  create(attributes)

  # Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } })
  # Server.new_instance self, token
end

.for_client(client_id, offset = 0, limit = 100) ⇒ Object

Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.

# File 'lib/rack/oauth2/models/access_token.rb', line 64

def self.for_client(client_id, offset = 0, limit = 100)
  all(:conditions => {:client_id => client.id}, :offset => offset, :limit => limit, :order => :created_at)
end

.from_identity(identity) ⇒ Object

Find all AccessTokens for an identity.

# File 'lib/rack/oauth2/models/access_token.rb', line 58

def self.from_identity(identity)
  all(:condition => {:identity => identity})
end

.from_token(token) ⇒ Object

Find AccessToken from token. Does not return revoked tokens.

# File 'lib/rack/oauth2/models/access_token.rb', line 29

def self.from_token(token) # token == code??
  first(:conditions => {:code => token, :revoked => nil})
end

.get_token_for(identity, client, scope) ⇒ Object

Get an access token (create new one if necessary).

Raises:

• (ArgumentError)

# File 'lib/rack/oauth2/models/access_token.rb', line 34

def self.get_token_for(identity, client, scope)
  raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
  scope = Utils.normalize_scope(scope) & Utils.normalize_scope(client.scope) # Only allowed scope

  token = first(:conditions => {:identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil})

  token ||= begin
    attributes = {
      :code => Server.secure_random,
      :identity => identity,
      :scope => scope.join(' '),
      :client_id => client.id
    }

    create(attributes)
    # Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } })
  end

  token
end

Instance Method Details

#access! ⇒ Object

Updates the last access timestamp.

# File 'lib/rack/oauth2/models/access_token.rb', line 109

def access!
  today = (Time.now.to_i / 3600) * 3600
  if last_access.nil? || last_access < today
    AccessToken.update_all({:last_access=>today, :prev_access=>last_access}, {:code => code})
    reload
  end
end

#revoke! ⇒ Object

Revokes this access token.

# File 'lib/rack/oauth2/models/access_token.rb', line 118

def revoke!
  revoked = Time.now
  AccessToken.update_all({:revoked=>revoked}, {:id => id})
  reload

  # Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } })
end