From 9140c8244ba38d9cb3cf3a53bfa55d393d726045 Mon Sep 17 00:00:00 2001
From: Augier <contact@c-henry.fr>
Date: Mon, 13 Jul 2015 15:24:34 +0200
Subject: [PATCH] Support for refresh tokens w/ no tests

---
 app/models/refresh_token.rb                   | 26 +++++++++++++++++++
 app/models/token.rb                           |  2 ++
 .../20150713132035_create_refresh_token.rb    | 14 ++++++++++
 lib/openid_connect/token_endpoint.rb          | 17 +++++++++++-
 4 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 app/models/refresh_token.rb
 create mode 100644 db/migrate/20150713132035_create_refresh_token.rb

diff --git a/app/models/refresh_token.rb b/app/models/refresh_token.rb
new file mode 100644
index 000000000..08fcc6f47
--- /dev/null
+++ b/app/models/refresh_token.rb
@@ -0,0 +1,26 @@
+class RefreshToken < ActiveRecord::Base
+  belongs_to :token
+
+  before_validation :setup, on: :create
+
+  validates :refresh_token, presence: true, uniqueness: true
+
+  attr_reader :refresh_token
+
+  def setup
+    self.refresh_token = SecureRandom.hex(32)
+    # No expipration date for now
+  end
+
+  # Finds the requested refresh token and destroys it if found; returns true if found, false otherwise
+  def valid?(token)
+    the_token = RefreshToken.find_by_refresh_token token
+    if the_token
+      RefreshToken.destroy_all refresh_token: the_token.refresh_token
+      Token.destroy_all refresh_token: the_token.refresh_token
+      true
+    else
+      false
+    end
+  end
+end
diff --git a/app/models/token.rb b/app/models/token.rb
index 7a36a3398..e50796a38 100644
--- a/app/models/token.rb
+++ b/app/models/token.rb
@@ -1,6 +1,7 @@
 class Token < ActiveRecord::Base
   belongs_to :user
   has_many :scopes, through: :scope_tokens
+  has_one :refresh_token
 
   before_validation :setup, on: :create
 
@@ -10,6 +11,7 @@ class Token < ActiveRecord::Base
 
   def setup
     self.token = SecureRandom.hex(32)
+    self.refresh_token = RefreshToken.create!
     self.expires_at = 24.hours.from_now
   end
 
diff --git a/db/migrate/20150713132035_create_refresh_token.rb b/db/migrate/20150713132035_create_refresh_token.rb
new file mode 100644
index 000000000..e03632e12
--- /dev/null
+++ b/db/migrate/20150713132035_create_refresh_token.rb
@@ -0,0 +1,14 @@
+class RefreshToken < ActiveRecord::Migration
+  def change
+    create_table :refresh_token do
+      t.belongs_to :token
+      t.string :refresh_token
+
+      t.timestamps null: false
+    end
+  end
+
+  def self.down
+    drop_table :refresh_token
+  end
+end
diff --git a/lib/openid_connect/token_endpoint.rb b/lib/openid_connect/token_endpoint.rb
index a524de61d..197d9021c 100644
--- a/lib/openid_connect/token_endpoint.rb
+++ b/lib/openid_connect/token_endpoint.rb
@@ -18,6 +18,8 @@ module OpenidConnect
       case req.grant_type
       when :password
         handle_password_flow(req, res)
+      when :refresh_token
+        handle_refresh_flow(req, res)
       else
         req.unsupported_grant_type!
       end
@@ -27,7 +29,7 @@ module OpenidConnect
       user = User.find_for_database_authentication(username: req.username)
       if user
         if user.valid_password?(req.password)
-          res.access_token = user.tokens.create!.bearer_token
+          res.access_token = token! user
         else
           req.invalid_grant!
         end
@@ -36,6 +38,15 @@ module OpenidConnect
       end
     end
 
+    def handle_refresh_flow(req, res)
+      user = OAuthApplication.find_by_client_id(req.client_id).user
+      if RefreshToken.valid?(req.refresh_token)
+        res.access_token = token! user
+      else
+        req.invalid_grant!
+      end
+    end
+
     def retrieve_client(req)
       OAuthApplication.find_by_client_id req.client_id
     end
@@ -43,5 +54,9 @@ module OpenidConnect
     def app_valid?(o_auth_app, req)
       o_auth_app.client_secret == req.client_secret
     end
+
+    def token!(user)
+      user.tokens.create!.bearer_token
+    end
   end
 end