add application config for customizing token expiration

BRMatt · Oct 28, 2011 · 0de0d37 · 0de0d37
1 parent ae648f6
commit 0de0d37
Show file tree

Hide file tree

Showing 12 changed files with 79 additions and 59 deletions.
diff --git a/app/models/devise/oauth2_providable/access_token.rb b/app/models/devise/oauth2_providable/access_token.rb
@@ -1,8 +1,5 @@
-require 'expirable_token'
-
 class Devise::Oauth2Providable::AccessToken < ActiveRecord::Base
-  include ExpirableToken
-  self.default_lifetime = 15.minutes
+  expires_according_to :access_token_expires_in
 
   before_validation :restrict_expires_at, :on => :create, :if => :refresh_token
   belongs_to :refresh_token

diff --git a/app/models/devise/oauth2_providable/authorization_code.rb b/app/models/devise/oauth2_providable/authorization_code.rb
@@ -1,7 +1,6 @@
-require 'expirable_token'
-
 class Devise::Oauth2Providable::AuthorizationCode < ActiveRecord::Base
-  include ExpirableToken
+  expires_according_to :authorization_code_expires_in
+
   def access_token
     @access_token ||= expired! && user.access_tokens.create(:client => client)
   end

diff --git a/app/models/devise/oauth2_providable/refresh_token.rb b/app/models/devise/oauth2_providable/refresh_token.rb
@@ -1,7 +1,5 @@
-require 'expirable_token'
-
 class Devise::Oauth2Providable::RefreshToken < ActiveRecord::Base
-  include ExpirableToken
-  self.default_lifetime = 1.month
+  expires_according_to :refresh_token_expires_in
+
   has_many :access_tokens
 end
diff --git a/lib/devise/oauth2_providable/engine.rb b/lib/devise/oauth2_providable/engine.rb
@@ -1,9 +1,14 @@
 module Devise
   module Oauth2Providable
     class Engine < Rails::Engine
+      config.devise_oauth2_providable = ActiveSupport::OrderedOptions.new
+      config.devise_oauth2_providable.access_token_expires_in       = 15.minutes
+      config.devise_oauth2_providable.refresh_token_expires_in      = 1.month
+      config.devise_oauth2_providable.authorization_code_expires_in = 1.minute
+
       engine_name 'oauth2'
       isolate_namespace Devise::Oauth2Providable
-      initializer "devise_oauth2_providable.initialize_application" do |app|
+      initializer "devise_oauth2_providable.initialize_application", :before=> :load_config_initializers do |app|
         app.config.filter_parameters << :client_secret
       end
     end

diff --git a/lib/devise/oauth2_providable/expirable_token.rb b/lib/devise/oauth2_providable/expirable_token.rb
@@ -0,0 +1,57 @@
+require 'active_support/concern'
+require 'active_record'
+
+module Devise
+  module Oauth2Providable
+    module ExpirableToken
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+        def expires_according_to(config_name)
+          cattr_accessor :default_lifetime
+          self.default_lifetime = Rails.application.config.devise_oauth2_providable[config_name]
+
+          belongs_to :user
+          belongs_to :client
+
+          after_initialize :init_token, :on => :create, :unless => :token?
+          after_initialize :init_expires_at, :on => :create, :unless => :expires_at?
+          validates :expires_at, :presence => true
+          validates :client, :presence => true
+          validates :token, :presence => true, :uniqueness => true
+
+          scope :not_expired, lambda {
+            where(self.arel_table[:expires_at].gteq(Time.now.utc))
+          }
+          default_scope not_expired
+
+          include LocalInstanceMethods
+        end
+      end
+
+      module LocalInstanceMethods
+        # number of seconds until the token expires
+        def expires_in
+          (expires_at - Time.now.utc).to_i
+        end
+
+        # forcefully expire the token
+        def expired!
+          self.expires_at = Time.now.utc
+          self.save!
+        end
+
+        private
+
+        def init_token
+          self.token = Devise::Oauth2Providable.random_id
+        end
+        def init_expires_at
+          self.expires_at = self.default_lifetime.from_now
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send :include, Devise::Oauth2Providable::ExpirableToken
diff --git a/lib/devise/oauth2_providable/strategies/oauth2_authorization_code_grant_type_strategy.rb b/lib/devise/oauth2_providable/strategies/oauth2_authorization_code_grant_type_strategy.rb
@@ -8,7 +8,7 @@ def grant_type
       end
 
       def authenticate!
-        if client && code = client.authorization_codes.valid.find_by_token(params[:code])
+        if client && code = client.authorization_codes.find_by_token(params[:code])
           success! code.user
         elsif !halted?
           oauth_error! :invalid_grant, 'invalid authorization code request'

diff --git a/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb b/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb
@@ -9,7 +9,7 @@ def valid?
       end
       def authenticate!
         @req.setup!
-        token = Devise::Oauth2Providable::AccessToken.valid.find_by_token @req.access_token
+        token = Devise::Oauth2Providable::AccessToken.find_by_token @req.access_token
         env[Devise::Oauth2Providable::CLIENT_ENV_REF] = token.client if token
         resource = token ? token.user : nil
         if validate(resource)

diff --git a/lib/devise/oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy.rb b/lib/devise/oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy.rb
@@ -8,7 +8,7 @@ def grant_type
       end
 
       def authenticate!
-        if client && refresh_token = client.refresh_tokens.valid.find_by_token(params[:refresh_token])
+        if client && refresh_token = client.refresh_tokens.find_by_token(params[:refresh_token])
           env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF] = refresh_token
           success! refresh_token.user
         elsif !halted?

diff --git a/lib/devise/oauth2_providable/version.rb b/lib/devise/oauth2_providable/version.rb
@@ -1,5 +1,5 @@
 module Devise
   module Oauth2Providable
-    VERSION = "1.0.1"
+    VERSION = "1.0.2"
   end
 end
diff --git a/lib/devise_oauth2_providable.rb b/lib/devise_oauth2_providable.rb
@@ -1,6 +1,7 @@
 require 'devise'
 require 'rack/oauth2'
 require 'devise/oauth2_providable/engine'
+require 'devise/oauth2_providable/expirable_token'
 require 'devise/oauth2_providable/strategies/oauth2_providable_strategy'
 require 'devise/oauth2_providable/strategies/oauth2_password_grant_type_strategy'
 require 'devise/oauth2_providable/strategies/oauth2_refresh_token_grant_type_strategy'

diff --git a/lib/expirable_token.rb b/lib/expirable_token.rb
diff --git a/spec/dummy/config/application.rb b/spec/dummy/config/application.rb
@@ -40,6 +40,12 @@ class Application < Rails::Application
 
     # Version of your assets, change this if you want to expire all your assets
     config.assets.version = '1.0'
+
+
+    # (optional) configure token expiration
+    # config.devise_oauth2_providable.access_token_expires_in         = 1.second # 15.minute default
+    # config.devise_oauth2_providable.refresh_token_expires_in        = 1.minute # 1.month default
+    # config.devise_oauth2_providable.authorization_token_expires_in  = 5.seconds # 1.minute default
   end
 end