Commit 0923253

mo <mo@mokhan.ca>
2018-10-28 17:57:18
delegate to Token.revoked?(jti)
main
1 parent 3b1b50a
Changed files (4)
app
controllers
oauth
tokens_controller.rb
models
token.rb
views
oauth
metadata
show.json.jbuilder
spec
requests
well-known
oauth_spec.rb
app/controllers/oauth/tokens_controller.rb
@@ -17,7 +17,7 @@ module Oauth
 
     def introspect
       claims = Token.claims_for(params[:token], token_type: :any)
-      if claims.empty? || revoked_tokens[claims[:jti]]
+      if claims.empty? || Token.revoked?(claims[:jti])
         render json: { active: false }, status: :ok
       else
         render json: claims.merge(active: true), status: :ok
@@ -68,7 +68,7 @@ module Oauth
       user.issue_tokens_to(current_client)
     end
 
-    def assertion_grant(raw)
+    def saml_assertion_grant(raw)
       assertion = Saml::Kit::Assertion.new(
         Base64.urlsafe_decode64(raw)
       )
@@ -93,14 +93,10 @@ module Oauth
       when 'password'
         password_grant(params[:username], params[:password])
       when 'urn:ietf:params:oauth:grant-type:saml2-bearer' # RFC7522
-        assertion_grant(params[:assertion])
+        saml_assertion_grant(params[:assertion])
         # when 'urn:ietf:params:oauth:grant-type:jwt-bearer' # RFC7523
         # raise NotImplementedError
       end
     end
-
-    def revoked_tokens
-      Token.revoked_token_identifiers
-    end
   end
 end
app/models/token.rb
@@ -58,13 +58,10 @@ class Token < ApplicationRecord
 
   class << self
     def revoked?(jti)
-      revoked_token_identifiers[jti]
-    end
-
-    def revoked_token_identifiers
-      Rails.cache.fetch("revoked-tokens", expires_in: 10.minutes) do
+      revoked = Rails.cache.fetch("revoked-tokens", expires_in: 10.minutes) do
         Hash[Token.revoked.pluck(:id).map { |x| [x, true] }]
       end
+      revoked[jti]
     end
 
     def claims_for(token, token_type: :access)
app/views/oauth/metadata/show.json.jbuilder
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 json.issuer root_url
 json.authorization_endpoint oauth_authorizations_url
 json.token_endpoint oauth_tokens_url
spec/requests/well-known/oauth_spec.rb
@@ -1,8 +1,11 @@
+# frozen_string_literal: true
+
 require 'rails_helper'
 
 RSpec.describe "/.well-known/oauth-authorization-server" do
   describe "GET /.well-known/oauth-authorization-server" do
     let(:json) { JSON.parse(response.body, symbolize_names: true) }
+
     before { get "/.well-known/oauth-authorization-server" }
 
     specify { expect(response).to have_http_status(:ok) }