-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
application.rb
94 lines (77 loc) · 3.13 KB
/
application.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# frozen_string_literal: true
module Doorkeeper
class Application < ActiveRecord::Base
self.table_name = "#{table_name_prefix}oauth_applications#{table_name_suffix}"
include ApplicationMixin
has_many :access_grants, dependent: :delete_all, class_name: "Doorkeeper::AccessGrant"
has_many :access_tokens, dependent: :delete_all, class_name: "Doorkeeper::AccessToken"
validates :name, :secret, :uid, presence: true
validates :uid, uniqueness: { case_sensitive: true }
validates :redirect_uri, "doorkeeper/redirect_uri": true
validates :confidential, inclusion: { in: [true, false] }
validate :scopes_match_configured, if: :enforce_scopes?
before_validation :generate_uid, :generate_secret, on: :create
has_many :authorized_tokens, -> { where(revoked_at: nil) }, class_name: "AccessToken"
has_many :authorized_applications, through: :authorized_tokens, source: :application
# Returns Applications associated with active (not revoked) Access Tokens
# that are owned by the specific Resource Owner.
#
# @param resource_owner [ActiveRecord::Base]
# Resource Owner model instance
#
# @return [ActiveRecord::Relation]
# Applications authorized for the Resource Owner
#
def self.authorized_for(resource_owner)
resource_access_tokens = AccessToken.active_for(resource_owner)
where(id: resource_access_tokens.select(:application_id).distinct)
end
# Revokes AccessToken and AccessGrant records that have not been revoked and
# associated with the specific Application and Resource Owner.
#
# @param resource_owner [ActiveRecord::Base]
# instance of the Resource Owner model
#
def self.revoke_tokens_and_grants_for(id, resource_owner)
AccessToken.revoke_all_for(id, resource_owner)
AccessGrant.revoke_all_for(id, resource_owner)
end
# We keep a volatile copy of the raw secret for initial communication
# The stored refresh_token may be mapped and not available in cleartext.
#
# Some strategies allow restoring stored secrets (e.g. symmetric encryption)
# while hashing strategies do not, so you cannot rely on this value
# returning a present value for persisted tokens.
def plaintext_secret
if secret_strategy.allows_restoring_secrets?
secret_strategy.restore_secret(self, :secret)
else
@raw_secret
end
end
def to_json(options)
serializable_hash(except: :secret)
.merge(secret: plaintext_secret)
.to_json(options)
end
private
def generate_uid
self.uid = UniqueToken.generate if uid.blank?
end
def generate_secret
return unless secret.blank?
@raw_secret = UniqueToken.generate
secret_strategy.store_secret(self, :secret, @raw_secret)
end
def scopes_match_configured
if scopes.present? &&
!ScopeChecker.valid?(scope_str: scopes.to_s,
server_scopes: Doorkeeper.configuration.scopes)
errors.add(:scopes, :not_match_configured)
end
end
def enforce_scopes?
Doorkeeper.configuration.enforce_configured_scopes?
end
end
end