Class: Rack::OAuth2::Server::AccessToken

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/oauth2/models/access_token.rb

Overview

Access token. This is what clients use to access resources.

An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#_idObject (readonly) Also known as: token

Access token. As unique as they come.


99
100
101
 
# File 'lib/rack/oauth2/models/access_token.rb', line 99

def _id
  @_id
end

#client_idObject (readonly)

Client that was granted this access token.


104
105
106
 
# File 'lib/rack/oauth2/models/access_token.rb', line 104

def client_id
  @client_id
end

#created_atObject (readonly)

When token was granted.


108
109
110
 
# File 'lib/rack/oauth2/models/access_token.rb', line 108

def created_at
  @created_at
end

#expires_atObject (readonly)

When token expires for good.


110
111
112
 
# File 'lib/rack/oauth2/models/access_token.rb', line 110

def expires_at
  @expires_at
end

#identityObject (readonly)

The identity we authorized access to.


102
103
104
 
# File 'lib/rack/oauth2/models/access_token.rb', line 102

def identity
  @identity
end

#last_accessObject

Timestamp of last access using this token, rounded up to hour.


114
115
116
 
# File 'lib/rack/oauth2/models/access_token.rb', line 114

def last_access
  @last_access
end

#prev_accessObject

Timestamp of previous access using this token, rounded up to hour.


116
117
118
 
# File 'lib/rack/oauth2/models/access_token.rb', line 116

def prev_access
  @prev_access
end

#revokedObject

Timestamp if revoked.


112
113
114
 
# File 'lib/rack/oauth2/models/access_token.rb', line 112

def revoked
  @revoked
end

#scopeObject (readonly)

The scope granted to this token.


106
107
108
 
# File 'lib/rack/oauth2/models/access_token.rb', line 106

def scope
  @scope
end

Class Method Details

.collectionObject

[View source]

92
93
94
95
 
# File 'lib/rack/oauth2/models/access_token.rb', line 92

def collection
  prefix = Server.options[:collection_prefix]
  Server.database["#{prefix}.access_tokens"]
end

.count(filter = {}) ⇒ Object

Returns count of access tokens.

Parameters:

  • filter (Hash) (defaults to: {})

    Count only a subset of access tokens

Options Hash (filter):

  • days (Integer)

    Only count that many days (since now)

  • revoked (Boolean)

    Only count revoked (true) or non-revoked (false) tokens; count all tokens if nil

  • client_id (String, ObjectId)

    Only tokens grant to this client

[View source]

67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/rack/oauth2/models/access_token.rb', line 67

def count(filter = {})
  select = {}
  if filter[:days]
    now = Time.now.to_i
    range = { :$gt=>now - filter[:days] * 86400, :$lte=>now }
    select[ filter[:revoked] ? :revoked : :created_at ] = range
  elsif filter.has_key?(:revoked)
    select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil }
  end
  select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id]
  collection.find(select).count
end

.create_token_for(client, scope, identity = nil, expires = nil) ⇒ Object

Creates a new AccessToken for the given client and scope.

[View source]

37
38
39
40
41
42
43
44
45
46
 
# File 'lib/rack/oauth2/models/access_token.rb', line 37

def create_token_for(client, scope, identity = nil, expires = nil)
  expires_at = Time.now.to_i + expires if expires && expires != 0
  token = { :_id=>Server.secure_random, :scope=>scope,
            :client_id=>client.id, :created_at=>Time.now.to_i,
            :expires_at=>expires_at, :revoked=>nil }
  token[:identity] = identity if identity
  collection.insert token
  Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } })
  Server.new_instance self, token
end

.for_client(client_id, offset = 0, limit = 100) ⇒ Object

Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.

[View source]

55
56
57
58
59
 
# File 'lib/rack/oauth2/models/access_token.rb', line 55

def for_client(client_id, offset = 0, limit = 100)
  client_id = BSON::ObjectId(client_id.to_s)
  collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }).
    map { |token| Server.new_instance self, token }
end

.from_identity(identity) ⇒ Object

Find all AccessTokens for an identity.

[View source]

49
50
51
 
# File 'lib/rack/oauth2/models/access_token.rb', line 49

def from_identity(identity)
  collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields }
end

.from_token(token) ⇒ Object

Find AccessToken from token. Does not return revoked tokens.

[View source]

13
14
15
 
# File 'lib/rack/oauth2/models/access_token.rb', line 13

def from_token(token)
  Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil })
end

.get_token_for(identity, client, scope, expires = nil) ⇒ Object

Get an access token (create new one if necessary).

You can set optional expiration in seconds. If zero or nil, token never expires.

Raises:

  • (ArgumentError)
[View source]

21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/rack/oauth2/models/access_token.rb', line 21

def get_token_for(identity, client, scope, expires = nil)
  raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
  scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope

  token = collection.find_one({
    :$or=>[{:expires_at=>nil}, {:expires_at=>{:$gt=>Time.now.to_i}}],
    :identity=>identity, :scope=>scope,
    :client_id=>client.id, :revoked=>nil})

  unless token
    return create_token_for(client, scope, identity, expires)
  end
  Server.new_instance self, token
end

.historical(filter = {}) ⇒ Object

[View source]

80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/rack/oauth2/models/access_token.rb', line 80

def historical(filter = {})
  days = filter[:days] || 60
  select = { :$gt=> { :created_at=>Time.now - 86400 * days } }
  select = {}
  if filter[:client_id]
    select[:client_id] = BSON::ObjectId(filter[:client_id].to_s)
  end
  raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }",
    select, { :granted=>0 }, "function (token, state) { state.granted++ }")
  raw.sort { |a, b| a["ts"] - b["ts"] }
end

Instance Method Details

#access!Object

Updates the last access timestamp.

[View source]

119
120
121
122
123
124
125
 
# File 'lib/rack/oauth2/models/access_token.rb', line 119

def access!
  today = (Time.now.to_i / 3600) * 3600
  if last_access.nil? || last_access < today
    AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } })
    self.last_access = today
  end
end

#revoke!Object

Revokes this access token.

[View source]

128
129
130
131
132
 
# File 'lib/rack/oauth2/models/access_token.rb', line 128

def revoke!
  self.revoked = Time.now.to_i
  AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } })
  Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } })
end