Class: Doorkeeper::SecretStoring::Base

Inherits:
Object
  • Object
show all
Defined in:
lib/doorkeeper/secret_storing/base.rb

Overview

Base class for secret storing, including common helpers

Direct Known Subclasses

BCrypt, Plain, Sha256Hash

Class Method Summary collapse

Class Method Details

.allows_restoring_secrets?Boolean

Determines whether this strategy supports restoring secrets from the database. This allows detecting users trying to use a non-restorable strategy with reuse_access_tokens.

Returns:

  • (Boolean)

42
43
44
# File 'lib/doorkeeper/secret_storing/base.rb', line 42

def self.allows_restoring_secrets?
  false
end

.restore_secret(_resource, _attribute) ⇒ Object

Return the restored value from the database as retrieved from the database.

Parameters:

  • resource

    The resource instance to act on

  • attribute

    The secret attribute to restore

Raises:

  • (NotImplementedError)

34
35
36
# File 'lib/doorkeeper/secret_storing/base.rb', line 34

def self.restore_secret(_resource, _attribute)
  raise NotImplementedError
end

.secret_matches?(input, stored) ⇒ Boolean

Securely compare the given input value with a stored value processed by transform_secret.

Returns:

  • (Boolean)

58
59
60
61
# File 'lib/doorkeeper/secret_storing/base.rb', line 58

def self.secret_matches?(input, stored)
  transformed_input = transform_secret(input)
  ActiveSupport::SecurityUtils.secure_compare transformed_input, stored
end

.store_secret(resource, attribute, plain_secret) ⇒ Object

Transform and store the given secret attribute => value pair used for safely storing the attribute

Parameters:

  • resource

    The model instance being modified

  • attribute

    The secret attribute

  • plain_secret

    The plain secret input / generated


22
23
24
25
26
27
# File 'lib/doorkeeper/secret_storing/base.rb', line 22

def self.store_secret(resource, attribute, plain_secret)
  transformed_value = transform_secret(plain_secret)
  resource.public_send(:"#{attribute}=", transformed_value)

  transformed_value
end

.transform_secret(_plain_secret) ⇒ Object

Return the value to be stored by the database used for looking up a database value.

Parameters:

  • plain_secret

    The plain secret input / generated

Raises:

  • (NotImplementedError)

12
13
14
# File 'lib/doorkeeper/secret_storing/base.rb', line 12

def self.transform_secret(_plain_secret)
  raise NotImplementedError
end

.validate_for(model) ⇒ Object

Determines what secrets this strategy is applicable for

Raises:

  • (ArgumentError)

48
49
50
51
52
53
# File 'lib/doorkeeper/secret_storing/base.rb', line 48

def self.validate_for(model)
  valid = %i[token application]
  return true if valid.include?(model.to_sym)

  raise ArgumentError, "'#{name}' can not be used for #{model}."
end