Class: Api::OpenidConnect::Authorization

Inherits:
ApplicationRecord show all
Defined in:
app/models/api/openid_connect/authorization.rb

Constant Summary collapse

SCOPES =
%w[
  contacts:modify
  contacts:read
  conversations
  email
  interactions
  name
  nickname
  notifications
  openid
  picture
  private:modify
  private:read
  profile
  profile:modify
  profile:read_private
  public:modify
  public:read
  sub
  tags:modify
  tags:read
].freeze

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.find_by_client_id_and_user(client_id, user) ⇒ Object


88
89
90
91
# File 'app/models/api/openid_connect/authorization.rb', line 88

def self.find_by_client_id_and_user(client_id, user)
  app = Api::OpenidConnect::OAuthApplication.where(client_id: client_id)
  find_by(o_auth_application: app, user: user)
end

.find_by_client_id_user_and_scopes(client_id, user, scopes) ⇒ Object


77
78
79
80
81
82
83
84
85
86
# File 'app/models/api/openid_connect/authorization.rb', line 77

def self.find_by_client_id_user_and_scopes(client_id, user, scopes)
  app = Api::OpenidConnect::OAuthApplication.where(client_id: client_id)
  authorizations = where(o_auth_application: app, user: user).all
  authorizations.each do |authorization|
    if authorization.scopes.uniq.sort == Array(scopes).uniq.sort
      return authorization
    end
  end
  nil
end

.find_by_refresh_token(client_id, refresh_token) ⇒ Object


93
94
95
96
# File 'app/models/api/openid_connect/authorization.rb', line 93

def self.find_by_refresh_token(client_id, refresh_token)
  app = Api::OpenidConnect::OAuthApplication.where(client_id: client_id)
  find_by(o_auth_application: app, refresh_token: refresh_token)
end

.use_code(code) ⇒ Object


98
99
100
101
102
103
104
105
106
107
108
109
# File 'app/models/api/openid_connect/authorization.rb', line 98

def self.use_code(code)
  return unless code
  auth = find_by(code: code)
  return unless auth
  if auth.code_used
    auth.destroy
    nil
  else
    auth.update!(code_used: true)
    auth
  end
end

Instance Method Details

#accessible?(required_scopes = nil) ⇒ Boolean

Returns:

  • (Boolean)

56
57
58
59
60
# File 'app/models/api/openid_connect/authorization.rb', line 56

def accessible?(required_scopes=nil)
  Array(required_scopes).all? { |required_scope|
    scopes.include? required_scope
  }
end

#create_access_tokenObject


69
70
71
# File 'app/models/api/openid_connect/authorization.rb', line 69

def create_access_token
  o_auth_access_tokens.create!.bearer_token
end

#create_codeObject


62
63
64
65
66
67
# File 'app/models/api/openid_connect/authorization.rb', line 62

def create_code
  SecureRandom.hex(32).tap do |code|
    update!(code: code)
    update!(code_used: false)
  end
end

#create_id_tokenObject


73
74
75
# File 'app/models/api/openid_connect/authorization.rb', line 73

def create_id_token
  IdToken.new(self, nonce)
end

#setupObject


44
45
46
# File 'app/models/api/openid_connect/authorization.rb', line 44

def setup
  self.refresh_token = SecureRandom.hex(32)
end

#validate_scope_namesObject


48
49
50
51
52
53
# File 'app/models/api/openid_connect/authorization.rb', line 48

def validate_scope_names
  return unless scopes
  scopes.each do |scope|
    errors.add(:scope, "is not a valid scope name") unless SCOPES.include? scope
  end
end