File: token.rb

package info (click to toggle)
ruby-rack-oauth2 2.3.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 564 kB
  • sloc: ruby: 4,038; makefile: 4
file content (101 lines) | stat: -rw-r--r-- 3,139 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
require 'rack/auth/basic'

module Rack
  module OAuth2
    module Server
      class Token < Abstract::Handler
        def _call(env)
          request = Request.new(env)
          grant_type_for(request).new(&@authenticator)._call(env).finish
        rescue Rack::OAuth2::Server::Abstract::Error => e
          e.finish
        end

        private

        def grant_type_for(request)
          case request.grant_type
          when 'authorization_code'
            AuthorizationCode
          when 'password'
            Password
          when 'client_credentials'
            ClientCredentials
          when 'refresh_token'
            RefreshToken
          when URN::GrantType::JWT_BEARER
            JWTBearer
          when URN::GrantType::SAML2_BEARER
            SAML2Bearer
          when ''
            request.attr_missing!
          else
            extensions.detect do |extension|
              extension.grant_type_for? request.grant_type
            end || request.unsupported_grant_type!
          end
        end

        def extensions
          Extension.constants.sort.collect do |key|
            Extension.const_get key
          end
        end

        class Request < Abstract::Request
          attr_required :grant_type
          attr_optional :client_secret, :client_assertion, :client_assertion_type

          def initialize(env)
            auth = Rack::Auth::Basic::Request.new(env)
            if auth.provided? && auth.basic?
              @client_id, @client_secret = auth.credentials.map do |cred|
                Util.www_form_url_decode cred
              end
              super
            else
              super
              @client_secret = params['client_secret']
              @client_assertion = params['client_assertion']
              @client_assertion_type = params['client_assertion_type']
              if client_assertion.present? && client_assertion_type == URN::ClientAssertionType::JWT_BEARER
                require 'json/jwt'
                @client_id = JSON::JWT.decode(
                  client_assertion,
                  :skip_verification
                )[:sub] rescue nil
              end
            end
            @grant_type = params['grant_type'].to_s
          end
        end

        class Response < Abstract::Response
          attr_required :access_token

          def protocol_params
            access_token.token_response
          end

          def finish
            attr_missing!
            write Util.compact_hash(protocol_params).to_json
            headers['Content-Type'] = 'application/json'
            headers['Cache-Control'] = 'no-store'
            headers['Pragma'] = 'no-cache'
            super
          end
        end
      end
    end
  end
end

require 'rack/oauth2/server/token/authorization_code'
require 'rack/oauth2/server/token/password'
require 'rack/oauth2/server/token/client_credentials'
require 'rack/oauth2/server/token/refresh_token'
require 'rack/oauth2/server/token/jwt_bearer'
require 'rack/oauth2/server/token/saml2_bearer'
require 'rack/oauth2/server/token/extension'
require 'rack/oauth2/server/token/error'