Permalink
Browse files

Regenerate access token when an already-authorized client tries to au…

…thorize with response_type=token.
  • Loading branch information...
1 parent cd5a39d commit 33d64ac8867de5fbdbc6b47d41aa9dadfd81c72a @jcoglan jcoglan committed Mar 19, 2012
Showing with 34 additions and 1 deletion.
  1. +5 −0 lib/oauth2/model/authorization.rb
  2. +9 −1 lib/oauth2/provider/authorization.rb
  3. +20 −0 spec/oauth2/provider_spec.rb
View
5 lib/oauth2/model/authorization.rb
@@ -95,6 +95,11 @@ def generate_code
save && code
end
+ def generate_access_token
+ self.access_token ||= self.class.create_access_token
+ save && access_token
+ end
+
def grants_access?(user, *scopes)
not expired? and user == owner and in_scope?(scopes)
end
View
10 lib/oauth2/provider/authorization.rb
@@ -20,13 +20,21 @@ def initialize(resource_owner, params, transport_error = nil)
@transport_error = transport_error
validate!
+
return unless @owner and not @error
@model = Model::Authorization.for(@owner, @client)
return unless @model and @model.in_scope?(scopes) and not @model.expired?
@authorized = true
- @code = @model.generate_code
+
+ if @params[RESPONSE_TYPE] =~ /code/
+ @code = @model.generate_code
+ end
+
+ if @params[RESPONSE_TYPE] =~ /token/
+ @access_token = @model.generate_access_token
+ end
end
def scopes
View
20 spec/oauth2/provider_spec.rb
@@ -123,6 +123,26 @@
response['location'].should == 'https://client.example.com/cb?code=new_code'
end
+ describe "for token requests" do
+ before { params['response_type'] = 'token' }
+
+ it "immediately redirects with a new token" do
+ OAuth2.should_receive(:random_string).and_return('new_access_token')
+ response = get(params)
+ response.code.to_i.should == 302
+ response['location'].should == 'https://client.example.com/cb#access_token=new_access_token'
+ end
+
+ describe "with an invalid client_id" do
+ before { params['client_id'] = 'unknown_id' }
+
+ it "does not generate any new tokens" do
+ OAuth2.should_not_receive(:random_string)
+ get(params)
+ end
+ end
+ end
+
it "does not create a new Authorization" do
get(params)
OAuth2::Model::Authorization.count.should == 1

0 comments on commit 33d64ac

Please sign in to comment.