Commit 2c29a23
Changed files (7)
app
controllers
models
spec
requests
system
app/controllers/oauths_controller.rb
@@ -23,14 +23,14 @@ class OauthsController < ApplicationController
response.headers['Pragma'] = 'no-cache'
if params[:grant_type] == 'authorization_code'
- authorization = Authorization.active.find_by!(code: params[:code])
- @access_token, @refresh_token = authorization.exchange
+ authorization = current_client.authorizations.active.find_by!(code: params[:code])
+ @access_token, @refresh_token = authorization.issue_tokens_to(current_client)
elsif params[:grant_type] == 'refresh_token'
refresh_token = params[:refresh_token]
jti = Token.claims_for(refresh_token, token_type: :refresh)[:jti]
- @access_token, @refresh_token = Token.find_by!(uuid: jti).exchange
+ @access_token, @refresh_token = Token.find_by!(uuid: jti).issue_tokens_to(current_client)
elsif params[:grant_type] == 'client_credentials'
- @access_token = current_client.exchange
+ @access_token = current_client.access_token
elsif params[:grant_type] == 'password'
user = User.login(params[:username], params[:password])
return render "bad_request", formats: :json, status: :bad_request unless user
app/models/client.rb
@@ -13,7 +13,7 @@ class Client < ApplicationRecord
return self if self.secret == provided_secret
end
- def exchange
+ def access_token
transaction do
Token.active.where(subject: self, audience: self).update_all(revoked_at: Time.now)
Token.create!(subject: self, audience: self, token_type: :access)
app/models/token.rb
@@ -42,12 +42,12 @@ class Token < ApplicationRecord
@to_jwt ||= BearerToken.new.encode(claims(custom_claims))
end
- def exchange
+ def issue_tokens_to(client)
transaction do
revoke!
[
- Token.create!(subject: subject, audience: audience, token_type: :access),
- Token.create!(subject: subject, audience: audience, token_type: :refresh),
+ Token.create!(subject: subject, audience: client, token_type: :access),
+ Token.create!(subject: subject, audience: client, token_type: :refresh),
]
end
end
spec/requests/oauth_spec.rb
@@ -59,7 +59,7 @@ RSpec.describe '/oauth' do
context "when using the authorization_code grant" do
context "when the code is still valid" do
- let(:authorization) { create(:authorization) }
+ let(:authorization) { create(:authorization, client: client) }
before { post '/oauth/token', params: { grant_type: 'authorization_code', code: authorization.code }, headers: headers }
@@ -77,7 +77,7 @@ RSpec.describe '/oauth' do
end
context "when the code is expired" do
- let(:authorization) { create(:authorization, expired_at: 1.second.ago) }
+ let(:authorization) { create(:authorization, client: client, expired_at: 1.second.ago) }
before { post '/oauth/token', params: { grant_type: 'authorization_code', code: authorization.code }, headers: headers }
@@ -179,7 +179,7 @@ RSpec.describe '/oauth' do
context "when the assertion contains a valid email address" do
let(:user) { create(:user) }
let(:saml_request) { double(id: Xml::Kit::Id.generate, issuer: Saml::Kit.configuration.entity_id, trusted?: true) }
- let(:saml) { Saml::Kit::Assertion.build_xml(user, saml_request, true) }
+ let(:saml) { Saml::Kit::Assertion.build_xml(user, saml_request) }
let(:metadata) { Saml::Kit::Metadata.build(&:build_identity_provider) }
before :each do
@@ -205,7 +205,7 @@ RSpec.describe '/oauth' do
context "when the assertion contains a valid uuid" do
let(:user) { create(:user) }
let(:saml_request) { double(id: Xml::Kit::Id.generate, issuer: Saml::Kit.configuration.entity_id, trusted?: true, name_id_format: Saml::Kit::Namespaces::PERSISTENT) }
- let(:saml) { Saml::Kit::Assertion.build_xml(user, saml_request, true) }
+ let(:saml) { Saml::Kit::Assertion.build_xml(user, saml_request) }
let(:metadata) { Saml::Kit::Metadata.build(&:build_identity_provider) }
before :each do
@@ -256,7 +256,7 @@ RSpec.describe '/oauth' do
let(:user) { create(:user) }
let(:saml_request) { double(id: Xml::Kit::Id.generate, issuer: Saml::Kit.configuration.entity_id, trusted?: false) }
let(:key_pair) { Xml::Kit::KeyPair.generate(use: :signing) }
- let(:saml) { Saml::Kit::Assertion.build_xml(user, saml_request, true, signing_key_pair: key_pair) }
+ let(:saml) { Saml::Kit::Assertion.build_xml(user, saml_request) { |x| x.sign_with(key_pair) } }
let(:metadata) { Saml::Kit::Metadata.build(&:build_identity_provider) }
before :each do
spec/system/direct_login_spec.rb
@@ -1,7 +1,7 @@
require 'rails_helper'
describe "when logging in directly in to the application", js: true do
- describe "when mfa is disabled", js: true do
+ describe "when MFA is disabled", js: true do
let(:user) { create(:user) }
it 'redirects the user to the dashboard' do
@@ -14,7 +14,7 @@ describe "when logging in directly in to the application", js: true do
end
end
- describe "when mFA is enabled", js: true do
+ describe "when MFA is enabled", js: true do
let(:user) { create(:user, :mfa_configured) }
it 'prompts for a TOTP code then redirect to the dashboard' do
Gemfile.lock
@@ -220,7 +220,7 @@ GEM
ruby_dep (1.5.0)
rubyzip (1.2.2)
safe_yaml (1.0.4)
- saml-kit (1.0.23)
+ saml-kit (1.0.24)
activemodel (>= 4.2.0)
net-hippie (~> 0.1.8)
xml-kit (>= 0.1.13, <= 1.0.0)