Class: Doorkeeper::SecretStoring::Base

Inherits:

Object

• Object
• Doorkeeper::SecretStoring::Base

Defined in:

lib/doorkeeper/secret_storing/base.rb

Overview

Base class for secret storing, including common helpers

Direct Known Subclasses

BCrypt, Plain, Sha256Hash

Class Method Summary

• .allows_restoring_secrets? ⇒ Boolean

  Determines whether this strategy supports restoring secrets from the database.

• .restore_secret(_resource, _attribute) ⇒ Object

  Return the restored value from the database as retrieved from the database.

• .secret_matches?(input, stored) ⇒ Boolean

  Securely compare the given input value with a stored value processed by transform_secret.

• .store_secret(resource, attribute, plain_secret) ⇒ Object

  Transform and store the given secret attribute => value pair used for safely storing the attribute.

• .transform_secret(_plain_secret) ⇒ Object

  Return the value to be stored by the database used for looking up a database value.

• .validate_for(model) ⇒ Object

  Determines what secrets this strategy is applicable for.

Class Method Details

.allows_restoring_secrets? ⇒ Boolean

Determines whether this strategy supports restoring secrets from the database. This allows detecting users trying to use a non-restorable strategy with reuse_access_tokens.

Returns:

• (Boolean)

# File 'lib/doorkeeper/secret_storing/base.rb', line 42

def self.allows_restoring_secrets?
  false
end

.restore_secret(_resource, _attribute) ⇒ Object

Return the restored value from the database as retrieved from the database.

Parameters:

• resource —

  The resource instance to act on

• attribute —

  The secret attribute to restore

Raises:

• (NotImplementedError)

# File 'lib/doorkeeper/secret_storing/base.rb', line 34

def self.restore_secret(_resource, _attribute)
  raise NotImplementedError
end

.secret_matches?(input, stored) ⇒ Boolean

Securely compare the given input value with a stored value processed by transform_secret.

Returns:

• (Boolean)

# File 'lib/doorkeeper/secret_storing/base.rb', line 58

def self.secret_matches?(input, stored)
  transformed_input = transform_secret(input)
  ActiveSupport::SecurityUtils.secure_compare transformed_input, stored
end

.store_secret(resource, attribute, plain_secret) ⇒ Object

Transform and store the given secret attribute => value pair used for safely storing the attribute

Parameters:

• resource —

  The model instance being modified

• attribute —

  The secret attribute

• plain_secret —

  The plain secret input / generated

# File 'lib/doorkeeper/secret_storing/base.rb', line 22

def self.store_secret(resource, attribute, plain_secret)
  transformed_value = transform_secret(plain_secret)
  resource.public_send(:"#{attribute}=", transformed_value)

  transformed_value
end

.transform_secret(_plain_secret) ⇒ Object

Return the value to be stored by the database used for looking up a database value.

Parameters:

• plain_secret —

  The plain secret input / generated

Raises:

• (NotImplementedError)

# File 'lib/doorkeeper/secret_storing/base.rb', line 12

def self.transform_secret(_plain_secret)
  raise NotImplementedError
end

.validate_for(model) ⇒ Object

Determines what secrets this strategy is applicable for

Raises:

• (ArgumentError)

# File 'lib/doorkeeper/secret_storing/base.rb', line 48

def self.validate_for(model)
  valid = %i[token application]
  return true if valid.include?(model.to_sym)

  raise ArgumentError, "'#{name}' can not be used for #{model}."
end