Class: OAuth2::Provider::Rack::AccessTokenHandler

Inherits:
Object
  • Object
show all
Defined in:
lib/oauth2/provider/rack/access_token_handler.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(app, env) ⇒ AccessTokenHandler


7
8
9
10
11
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 7

def initialize(app, env)
  @app = app
  @env = env
  @request = env['oauth2']
end

Instance Attribute Details

#appObject (readonly)

Returns the value of attribute app


5
6
7
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 5

def app
  @app
end

#envObject (readonly)

Returns the value of attribute env


5
6
7
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 5

def env
  @env
end

#requestObject (readonly)

Returns the value of attribute request


5
6
7
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 5

def request
  @request
end

Instance Method Details

#block_invalid_clientsObject


102
103
104
105
106
107
108
109
110
111
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 102

def block_invalid_clients
  with_required_params 'grant_type', 'client_id', 'client_secret' do |grant_type, client_id, client_secret|
    @oauth_client = OAuth2::Provider.client_class.find_by_oauth_identifier_and_oauth_secret(client_id, client_secret)
    if @oauth_client.nil?
      Responses.json_error 'invalid_client'
    elsif !@oauth_client.allow_grant_type?(grant_type)
      Responses.json_error 'unauthorized_client'
    end
  end
end

#block_unsupported_grant_typesObject


94
95
96
97
98
99
100
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 94

def block_unsupported_grant_types
  with_required_params 'grant_type' do |grant_type|
    unless respond_to?(grant_type_handler_method(grant_type), true)
      Responses.json_error 'unsupported_grant_type'
    end
  end
end

#grant_type_handler_method(grant_type) ⇒ Object


117
118
119
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 117

def grant_type_handler_method(grant_type)
  "handle_#{grant_type}_grant_type"
end

#handle_authorization_code_grant_typeObject


46
47
48
49
50
51
52
53
54
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 46

def handle_authorization_code_grant_type
  with_required_params 'code', 'redirect_uri' do |code, redirect_uri|
    if token = oauth_client.authorization_codes.claim(code, redirect_uri)
      token_response token
    else
      Responses.json_error 'invalid_grant'
    end
  end
end

#handle_basic_auth_headerObject


21
22
23
24
25
26
27
28
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 21

def handle_basic_auth_header
  with_required_params 'grant_type' do |grant_type|
    if grant_type == 'client_credentials' && request.env['HTTP_AUTHORIZATION'] =~ /^Basic/
      @env['oauth2'].params['client_id'], @env['oauth2'].params['client_secret'] = HTTPAuth::Basic.unpack_authorization(request.env['HTTP_AUTHORIZATION'])
      next
    end
  end
end

#handle_client_credentials_grant_typeObject


66
67
68
69
70
71
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 66

def handle_client_credentials_grant_type
  token_response OAuth2::Provider.access_token_class.create!(
    :authorization => OAuth2::Provider.authorization_class.create!(:resource_owner => oauth_client, :client => oauth_client),
    :refresh_token => nil
  )
end

#handle_grant_typeObject


30
31
32
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 30

def handle_grant_type
  send grant_type_handler_method(request.params["grant_type"])
end

#handle_password_grant_typeObject


34
35
36
37
38
39
40
41
42
43
44
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 34

def handle_password_grant_type
  with_required_params 'username', 'password' do |username, password|
    if resource_owner = OAuth2::Provider.resource_owner_class.authenticate_with_username_and_password(username, password)
      token_response OAuth2::Provider.access_token_class.create!(
        :authorization => OAuth2::Provider.authorization_class.create!(:resource_owner => resource_owner, :client => oauth_client)
      )
    else
      Responses.json_error 'invalid_grant'
    end
  end
end

#handle_refresh_token_grant_typeObject


56
57
58
59
60
61
62
63
64
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 56

def handle_refresh_token_grant_type
  with_required_params 'refresh_token' do |refresh_token|
    if token = oauth_client.access_tokens.refresh_with(refresh_token)
      token_response token
    else
      Responses.json_error 'invalid_grant'
    end
  end
end

#oauth_clientObject


113
114
115
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 113

def oauth_client
  @oauth_client
end

#processObject


13
14
15
16
17
18
19
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 13

def process
  if request.post?
    block_unsupported_grant_types || handle_basic_auth_header || block_invalid_clients || handle_grant_type
  else
    Responses.only_supported 'POST'
  end
end

#token_response(token) ⇒ Object


87
88
89
90
91
92
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 87

def token_response(token)
  json = token.as_json.tap do |json|
    json[:state] = request.params['state'] if request.params['state']
  end
  [200, {'Content-Type' => 'application/json', 'Cache-Control' => 'no-cache, no-store, max-age=0, must-revalidate'}, [ActiveSupport::JSON.encode(json)]]
end

#with_required_params(*names, &block) ⇒ Object


73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'lib/oauth2/provider/rack/access_token_handler.rb', line 73

def with_required_params(*names, &block)
  missing_params = names - request.params.keys
  if missing_params.empty?
    yield *request.params.values_at(*names)
  else
    if missing_params.size == 1
      Responses.json_error 'invalid_request', :description => "missing '#{missing_params.join}' parameter"
    else
      describe_parameters = missing_params.map{|x| "'#{x}'"}.join(", ")
      Responses.json_error 'invalid_request', :description => "missing #{describe_parameters} parameters"
    end
  end
end