Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Regenerate access token when an already-authorized client tries to au…

…thorize with response_type=token.
  • Loading branch information...
commit 33d64ac8867de5fbdbc6b47d41aa9dadfd81c72a 1 parent cd5a39d
James Coglan jcoglan authored
5 lib/oauth2/model/authorization.rb
@@ -95,6 +95,11 @@ def generate_code
95 95 save && code
96 96 end
97 97
  98 + def generate_access_token
  99 + self.access_token ||= self.class.create_access_token
  100 + save && access_token
  101 + end
  102 +
98 103 def grants_access?(user, *scopes)
99 104 not expired? and user == owner and in_scope?(scopes)
100 105 end
10 lib/oauth2/provider/authorization.rb
@@ -20,13 +20,21 @@ def initialize(resource_owner, params, transport_error = nil)
20 20 @transport_error = transport_error
21 21
22 22 validate!
  23 +
23 24 return unless @owner and not @error
24 25
25 26 @model = Model::Authorization.for(@owner, @client)
26 27 return unless @model and @model.in_scope?(scopes) and not @model.expired?
27 28
28 29 @authorized = true
29   - @code = @model.generate_code
  30 +
  31 + if @params[RESPONSE_TYPE] =~ /code/
  32 + @code = @model.generate_code
  33 + end
  34 +
  35 + if @params[RESPONSE_TYPE] =~ /token/
  36 + @access_token = @model.generate_access_token
  37 + end
30 38 end
31 39
32 40 def scopes
20 spec/oauth2/provider_spec.rb
@@ -123,6 +123,26 @@
123 123 response['location'].should == 'https://client.example.com/cb?code=new_code'
124 124 end
125 125
  126 + describe "for token requests" do
  127 + before { params['response_type'] = 'token' }
  128 +
  129 + it "immediately redirects with a new token" do
  130 + OAuth2.should_receive(:random_string).and_return('new_access_token')
  131 + response = get(params)
  132 + response.code.to_i.should == 302
  133 + response['location'].should == 'https://client.example.com/cb#access_token=new_access_token'
  134 + end
  135 +
  136 + describe "with an invalid client_id" do
  137 + before { params['client_id'] = 'unknown_id' }
  138 +
  139 + it "does not generate any new tokens" do
  140 + OAuth2.should_not_receive(:random_string)
  141 + get(params)
  142 + end
  143 + end
  144 + end
  145 +
126 146 it "does not create a new Authorization" do
127 147 get(params)
128 148 OAuth2::Model::Authorization.count.should == 1

0 comments on commit 33d64ac

Please sign in to comment.
Something went wrong with that request. Please try again.