Module: Unimatrix::Authorization

Defined in:

lib/unimatrix/authorization/error.rb,
lib/unimatrix/authorization/parser.rb,
lib/unimatrix/authorization/policy.rb,
lib/unimatrix/authorization/railtie.rb,
lib/unimatrix/authorization/request.rb,
lib/unimatrix/authorization/resource.rb,
lib/unimatrix/authorization/response.rb,
lib/unimatrix/authorization/operation.rb,
lib/unimatrix/authorization/resource_owner.rb,
lib/unimatrix/authorization/resource_server.rb,
lib/unimatrix/authorization/client_credentials_grant.rb,
lib/unimatrix/authorization/filters/requires_policies.rb,
lib/unimatrix/authorization/filters/requires_resource_owner.rb

Defined Under Namespace

Modules: ClassMethods Classes: ClientCredentialsGrant, Error, Operation, Parser, Policy, Railtie, Request, RequiresPolicies, RequiresResourceOwner, Resource, ResourceOwner, ResourceServer, Response

Class Method Summary

• .included(controller) ⇒ Object

Instance Method Summary

• #policies ⇒ Object
• #policies=(attributes) ⇒ Object
• #request_client_token(client_id, client_secret) ⇒ Object
• #request_policies(resource_name, access_token, realm_uuid, resource_server) ⇒ Object
• #request_resource_owner(access_token) ⇒ Object
• #resource_owner ⇒ Object
• #resource_owner=(attributes) ⇒ Object
• #retrieve_client_token(client_id, client_secret) ⇒ Object
• #retrieve_policies(resource_name, access_token, realm_uuid, resource_server) ⇒ Object

  In Rails app, this is overwritten by #retrieve_policies in railtie.rb.

• #retrieve_resource_owner(access_token) ⇒ Object

  In Rails app, this is overwritten by #retrieve_resource_owner in railtie.rb.

Class Method Details

.included(controller) ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 68

def self.included( controller )
  controller.extend( ClassMethods )
end

Instance Method Details

#policies ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 76

def policies
  @policies ||= begin
    # Used by Archivist requires_permission filter. TODO: deprecate
    retrieve_policies(
      @resource_name,
      params[ :access_token ],
      realm_uuid,
      @resource_server
    )
  end
end

#policies=(attributes) ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 72

def policies=( attributes )
  @policies = attributes
end

#request_client_token(client_id, client_secret) ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 114

def request_client_token( client_id, client_secret )
  if client_id && client_secret
    ClientCredentialsGrant.new(
      client_id: client_id,
      client_secret: client_secret
    ).request_token( with_expiry: true )
  else
    nil
  end
end

#request_policies(resource_name, access_token, realm_uuid, resource_server) ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 102

def request_policies( resource_name, access_token, realm_uuid, resource_server )
  if resource_name && access_token
    realm_uuid = realm_uuid || '*'
    Operation.new( '/policies' ).where(
      access_token: access_token,
      resource: "realm/#{ realm_uuid }::#{ resource_server }::#{ resource_name }/*"
    ).read
  else
    nil
  end
end

#request_resource_owner(access_token) ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_resource_owner.rb', line 61

def request_resource_owner( access_token )
  Operation.new( '/resource_owner' ).where( access_token: access_token ).read
end

#resource_owner ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_resource_owner.rb', line 48

def resource_owner
  @resource_owner ||= begin
    retrieve_resource_owner( params[ :access_token ] )
  end
end

#resource_owner=(attributes) ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_resource_owner.rb', line 44

def resource_owner=( attributes )
  @resource_owner = attributes
end

#retrieve_client_token(client_id, client_secret) ⇒ Object

# File 'lib/unimatrix/authorization/railtie.rb', line 39

def retrieve_client_token( client_id, client_secret )
  if client_id && client_secret
    key        = [ client_id, client_secret ].join
    expires_in = nil
    
    token = Rails.cache.fetch(
      "keymaker-client_token-#{ Digest::SHA1.hexdigest( key ) }",
      expires_in: 1.minute
    ) do
      token_hash = request_client_token( client_id, client_secret )
      
      if token_hash && token_hash[ :expires_in ] && token_hash[ :expires_in ] < 60
        expires_in = token_hash[ :expires_in ]
      end
      
      token_hash[ :access_token ] rescue nil
    end
    
    if expires_in
      Rails.cache.write(
        "keymaker-client_token-#{ Digest::SHA1.hexdigest( key ) }",
        token,
        expires_in: expires_in
      )
    end
    
    token
  else
    nil
  end
end

#retrieve_policies(resource_name, access_token, realm_uuid, resource_server) ⇒ Object

In Rails app, this is overwritten by #retrieve_policies in railtie.rb

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 89

def retrieve_policies( resource_name, access_token, realm_uuid, resource_server )
  if resource_name && access_token
    key = [ resource_name, access_token, realm_uuid, resource_server ].join

    Rails.cache.fetch(
      "keymaker-policies-#{ Digest::SHA1.hexdigest( key ) }",
      expires_in: 1.minute
    ) do
      request_policies( resource_name, access_token, realm_uuid, resource_server )
    end
  else
    nil
  end
end

#retrieve_resource_owner(access_token) ⇒ Object

In Rails app, this is overwritten by #retrieve_resource_owner in railtie.rb

# File 'lib/unimatrix/authorization/filters/requires_resource_owner.rb', line 55

def retrieve_resource_owner( access_token )
  if access_token
    Rails.cache.fetch(
      "keymaker-resource_owner-#{ Digest::SHA1.hexdigest( access_token ) }",
      expires_in: 1.minute
    ) do
      request_resource_owner( access_token )
    end
  else
    nil
  end
end