Support for refresh tokens w/ no tests

2015-07-13 15:24:34 +02:00 · 2015-07-13 15:24:34 +02:00 · 9140c8244b
commit 9140c8244b
parent 9d9dc13272
4 changed files with 58 additions and 1 deletions
--- a/app/models/refresh_token.rb
+++ b/app/models/refresh_token.rb
@ -0,0 +1,26 @@
+class RefreshToken < ActiveRecord::Base
+  belongs_to :token
+
+  before_validation :setup, on: :create
+
+  validates :refresh_token, presence: true, uniqueness: true
+
+  attr_reader :refresh_token
+
+  def setup
+    self.refresh_token = SecureRandom.hex(32)
+    # No expipration date for now
+  end
+
+  # Finds the requested refresh token and destroys it if found; returns true if found, false otherwise
+  def valid?(token)
+    the_token = RefreshToken.find_by_refresh_token token
+    if the_token
+      RefreshToken.destroy_all refresh_token: the_token.refresh_token
+      Token.destroy_all refresh_token: the_token.refresh_token
+      true
+    else
+      false
+    end
+  end
+end
--- a/app/models/token.rb
+++ b/app/models/token.rb
@ -1,6 +1,7 @@
 class Token < ActiveRecord::Base
  belongs_to :user
  has_many :scopes, through: :scope_tokens
+  has_one :refresh_token

  before_validation :setup, on: :create

@ -10,6 +11,7 @@ class Token < ActiveRecord::Base

  def setup
    self.token = SecureRandom.hex(32)
+    self.refresh_token = RefreshToken.create!
    self.expires_at = 24.hours.from_now
  end

--- a/db/migrate/20150713132035_create_refresh_token.rb
+++ b/db/migrate/20150713132035_create_refresh_token.rb
@ -0,0 +1,14 @@
+class RefreshToken < ActiveRecord::Migration
+  def change
+    create_table :refresh_token do
+      t.belongs_to :token
+      t.string :refresh_token
+
+      t.timestamps null: false
+    end
+  end
+
+  def self.down
+    drop_table :refresh_token
+  end
+end
--- a/lib/openid_connect/token_endpoint.rb
+++ b/lib/openid_connect/token_endpoint.rb
@ -18,6 +18,8 @@ module OpenidConnect
      case req.grant_type
      when :password
        handle_password_flow(req, res)
+      when :refresh_token
+        handle_refresh_flow(req, res)
      else
        req.unsupported_grant_type!
      end
@ -27,7 +29,7 @@ module OpenidConnect
      user = User.find_for_database_authentication(username: req.username)
      if user
        if user.valid_password?(req.password)
-          res.access_token = user.tokens.create!.bearer_token
+          res.access_token = token! user
        else
          req.invalid_grant!
        end
@ -36,6 +38,15 @@ module OpenidConnect
      end
    end

+    def handle_refresh_flow(req, res)
+      user = OAuthApplication.find_by_client_id(req.client_id).user
+      if RefreshToken.valid?(req.refresh_token)
+        res.access_token = token! user
+      else
+        req.invalid_grant!
+      end
+    end
+
    def retrieve_client(req)
      OAuthApplication.find_by_client_id req.client_id
    end
@ -43,5 +54,9 @@ module OpenidConnect
    def app_valid?(o_auth_app, req)
      o_auth_app.client_secret == req.client_secret
    end
+
+    def token!(user)
+      user.tokens.create!.bearer_token
+    end
  end
 end