Class: Core::Services::Authorizations

Inherits:

Base

• Object
• Base
• Core::Services::Authorizations

Includes:

Singleton

Defined in:

lib/core/services/authorizations.rb

Overview

Service managing authorization codes. These codes represent the access a user is giving to an application on all or part of its data.

Author:

• Vincent Courtois <courtois.vincent@outlook.com>

Instance Method Summary

• #create_from_session(session_id: nil, client_id: nil, **ignored) ⇒ Code::Decorators::Authorization

  Creates an authorization to access to the data of the user for the application.

• #get_by_code(authorization_code: nil, **_ignored) ⇒ Core::Models::OAuth::Authorization

  Gets an authorization code by its corresponding value.

• #get_by_credentials(client_id: nil, client_secret: nil, authorization_code: nil, **_ignored) ⇒ Core::Models::OAuth::Authorization

  Gets the authorization code corresponding to the provided value if it is linked to the application matching the provided credentials.

Methods inherited from Base

#bad_request_err, #forbidden_err, #require_parameters, #unknown_err

Instance Method Details

#create_from_session(session_id: nil, client_id: nil, **ignored) ⇒ Code::Decorators::Authorization

Creates an authorization to access to the data of the user for the application. The user is identified by the UUID of its current connection session.

WARNING

this method should NOT be used outside of the authentication backend.

Parameters:

• session_id (String) (defaults to: nil) —

  the unique identifier of the current session of the user.

• client_id (String) (defaults to: nil) —

  the unique public identifier of the application.

Returns:

• (Code::Decorators::Authorization) —

  the created authorization

Raises:

• (Core::Helpers::Errors::BadRequest) —

  if any of the parameters is not given

• (Core::Helpers::Errors::NotFound) —

  if the session or the application is not found

# File 'lib/core/services/authorizations.rb', line 21

def create_from_session(session_id: nil, client_id: nil, **ignored)
  session = Core.svc.sessions.get_by_id(session_id: session_id)
  application = Core.svc.applications.get_by_id(client_id: client_id)
  authorization = Core::Models::OAuth::Authorization.create(
    account: session.account,
    application: application
  )
  Core::Decorators::Authorization.new(authorization)
end

#get_by_code(authorization_code: nil, **_ignored) ⇒ Core::Models::OAuth::Authorization

Gets an authorization code by its corresponding value.

Parameters:

• authorization_code (String) (defaults to: nil) —

  the code value of the authorization object.

Returns:

• (Core::Models::OAuth::Authorization) —

  the authorization object.

Raises:

• (Core::Helpers::Errors::NotFound) —

  if the authorization code is not found.

# File 'lib/core/services/authorizations.rb', line 60

def get_by_code(authorization_code: nil, **_ignored)
  require_parameters authorization_code: authorization_code
  authorization = Core::Models::OAuth::Authorization.find_by(code: authorization_code)
  raise unknown_err(field: 'authorization_code') if authorization.nil?

  Core::Decorators::Authorization.new(authorization)
end

#get_by_credentials(client_id: nil, client_secret: nil, authorization_code: nil, **_ignored) ⇒ Core::Models::OAuth::Authorization

Gets the authorization code corresponding to the provided value if it is linked to the application matching the provided credentials. Otherwise it raises errors.

Parameters:

• client_id (String) (defaults to: nil) —

  the UUID of the application.

• client_secret (String) (defaults to: nil) —

  the password of the application.

• authorization_code (String) (defaults to: nil) —

  the code of the authorization you’re trying to get.

Returns:

• (Core::Models::OAuth::Authorization) —

  the authorization code object if found.

Raises:

• (Core::Helpers::Errors::NotFound) —

  if the application or the authorization is unknown

• (Core::Helpers::Errors::BadRequest) —

  if any parameter is nil.

• (Core::Helpers::Errors::Forbidden) —

  if the secret does not match the application, or the authorization code does not belong to the application.

# File 'lib/core/services/authorizations.rb', line 44

def get_by_credentials(client_id: nil, client_secret: nil, authorization_code: nil, **_ignored)
  require_parameters authorization_code: authorization_code
  application = Core.svc.applications.get_by_credentials(
    client_id: client_id,
    client_secret: client_secret
  )
  authorization = get_by_code(authorization_code: authorization_code)
  raise mismatch_error if authorization.application.id.to_s != application.id.to_s

  authorization
end