Class: Rack::OAuth2::Server::AccessToken
- Inherits:
-
Object
- Object
- Rack::OAuth2::Server::AccessToken
- Defined in:
- lib/rack/oauth2/models/access_token.rb
Overview
Access token. This is what clients use to access resources.
An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.
Instance Attribute Summary collapse
-
#_id ⇒ Object
(also: #token)
readonly
Access token.
-
#client_id ⇒ Object
readonly
Client that was granted this access token.
-
#created_at ⇒ Object
readonly
When token was granted.
-
#expires_at ⇒ Object
readonly
When token expires for good.
-
#identity ⇒ Object
readonly
The identity we authorized access to.
-
#last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
-
#prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
-
#revoked ⇒ Object
Timestamp if revoked.
-
#scope ⇒ Object
readonly
The scope granted to this token.
Class Method Summary collapse
- .collection ⇒ Object
-
.count(filter = {}) ⇒ Object
Returns count of access tokens.
-
.create_token_for(client, scope, identity = nil, expires = nil) ⇒ Object
Creates a new AccessToken for the given client and scope.
-
.for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
-
.from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
-
.from_token(token) ⇒ Object
Find AccessToken from token.
-
.get_token_for(identity, client, scope, expires = nil) ⇒ Object
Get an access token (create new one if necessary).
- .historical(filter = {}) ⇒ Object
Instance Method Summary collapse
-
#access! ⇒ Object
Updates the last access timestamp.
-
#revoke! ⇒ Object
Revokes this access token.
Instance Attribute Details
permalink #_id ⇒ Object (readonly) Also known as: token
Access token. As unique as they come.
99 100 101 |
# File 'lib/rack/oauth2/models/access_token.rb', line 99 def _id @_id end |
permalink #client_id ⇒ Object (readonly)
Client that was granted this access token.
104 105 106 |
# File 'lib/rack/oauth2/models/access_token.rb', line 104 def client_id @client_id end |
permalink #created_at ⇒ Object (readonly)
When token was granted.
108 109 110 |
# File 'lib/rack/oauth2/models/access_token.rb', line 108 def created_at @created_at end |
permalink #expires_at ⇒ Object (readonly)
When token expires for good.
110 111 112 |
# File 'lib/rack/oauth2/models/access_token.rb', line 110 def expires_at @expires_at end |
permalink #identity ⇒ Object (readonly)
The identity we authorized access to.
102 103 104 |
# File 'lib/rack/oauth2/models/access_token.rb', line 102 def identity @identity end |
permalink #last_access ⇒ Object
Timestamp of last access using this token, rounded up to hour.
114 115 116 |
# File 'lib/rack/oauth2/models/access_token.rb', line 114 def last_access @last_access end |
permalink #prev_access ⇒ Object
Timestamp of previous access using this token, rounded up to hour.
116 117 118 |
# File 'lib/rack/oauth2/models/access_token.rb', line 116 def prev_access @prev_access end |
permalink #revoked ⇒ Object
Timestamp if revoked.
112 113 114 |
# File 'lib/rack/oauth2/models/access_token.rb', line 112 def revoked @revoked end |
permalink #scope ⇒ Object (readonly)
The scope granted to this token.
106 107 108 |
# File 'lib/rack/oauth2/models/access_token.rb', line 106 def scope @scope end |
Class Method Details
permalink .collection ⇒ Object
[View source]
92 93 94 95 |
# File 'lib/rack/oauth2/models/access_token.rb', line 92 def collection prefix = Server.[:collection_prefix] Server.database["#{prefix}.access_tokens"] end |
permalink .count(filter = {}) ⇒ Object
Returns count of access tokens.
67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/rack/oauth2/models/access_token.rb', line 67 def count(filter = {}) select = {} if filter[:days] now = Time.now.to_i range = { :$gt=>now - filter[:days] * 86400, :$lte=>now } select[ filter[:revoked] ? :revoked : :created_at ] = range elsif filter.has_key?(:revoked) select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil } end select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id] collection.find(select).count end |
permalink .create_token_for(client, scope, identity = nil, expires = nil) ⇒ Object
Creates a new AccessToken for the given client and scope.
37 38 39 40 41 42 43 44 45 46 |
# File 'lib/rack/oauth2/models/access_token.rb', line 37 def create_token_for(client, scope, identity = nil, expires = nil) expires_at = Time.now.to_i + expires if expires && expires != 0 token = { :_id=>Server.secure_random, :scope=>scope, :client_id=>client.id, :created_at=>Time.now.to_i, :expires_at=>expires_at, :revoked=>nil } token[:identity] = identity if identity collection.insert token Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } }) Server.new_instance self, token end |
permalink .for_client(client_id, offset = 0, limit = 100) ⇒ Object
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
55 56 57 58 59 |
# File 'lib/rack/oauth2/models/access_token.rb', line 55 def for_client(client_id, offset = 0, limit = 100) client_id = BSON::ObjectId(client_id.to_s) collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }). map { |token| Server.new_instance self, token } end |
permalink .from_identity(identity) ⇒ Object
Find all AccessTokens for an identity.
49 50 51 |
# File 'lib/rack/oauth2/models/access_token.rb', line 49 def from_identity(identity) collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields } end |
permalink .from_token(token) ⇒ Object
Find AccessToken from token. Does not return revoked tokens.
13 14 15 |
# File 'lib/rack/oauth2/models/access_token.rb', line 13 def from_token(token) Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil }) end |
permalink .get_token_for(identity, client, scope, expires = nil) ⇒ Object
Get an access token (create new one if necessary).
You can set optional expiration in seconds. If zero or nil, token never expires.
21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/rack/oauth2/models/access_token.rb', line 21 def get_token_for(identity, client, scope, expires = nil) raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope token = collection.find_one({ :$or=>[{:expires_at=>nil}, {:expires_at=>{:$gt=>Time.now.to_i}}], :identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil}) unless token return create_token_for(client, scope, identity, expires) end Server.new_instance self, token end |
permalink .historical(filter = {}) ⇒ Object
[View source]
80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/rack/oauth2/models/access_token.rb', line 80 def historical(filter = {}) days = filter[:days] || 60 select = { :$gt=> { :created_at=>Time.now - 86400 * days } } select = {} if filter[:client_id] select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) end raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }", select, { :granted=>0 }, "function (token, state) { state.granted++ }") raw.sort { |a, b| a["ts"] - b["ts"] } end |
Instance Method Details
permalink #access! ⇒ Object
Updates the last access timestamp.
119 120 121 122 123 124 125 |
# File 'lib/rack/oauth2/models/access_token.rb', line 119 def access! today = (Time.now.to_i / 3600) * 3600 if last_access.nil? || last_access < today AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } }) self.last_access = today end end |
permalink #revoke! ⇒ Object
Revokes this access token.
128 129 130 131 132 |
# File 'lib/rack/oauth2/models/access_token.rb', line 128 def revoke! self.revoked = Time.now.to_i AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } }) Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } }) end |