Commit 357f498

mo <mo.khan@gmail.com>
2018-09-09 16:56:05
revoke the code after it is used.
main
1 parent 4099956
Changed files (5)
app
controllers
oauths_controller.rb
models
authorization.rb
db
migrate
20180905020708_create_authorizations.rb
schema.rb
spec
requests
oauth_spec.rb
app/controllers/oauths_controller.rb
@@ -21,6 +21,7 @@ class OauthsController < ApplicationController
   def token
     response.headers['Cache-Control'] = 'no-store'
     response.headers['Pragma'] = 'no-cache'
+    Authorization.find_by!(code: params[:code]).revoke!
     render json: {
       access_token: SecureRandom.hex(20),
       token_type: 'access',
app/models/authorization.rb
@@ -8,4 +8,12 @@ class Authorization < ApplicationRecord
   after_initialize do
     self.expired_at = 10.minutes.from_now unless expired_at.present?
   end
+
+  def revoke!
+    update!(revoked_at: Time.now)
+  end
+
+  def revoked?
+    revoked_at.present?
+  end
 end
db/migrate/20180905020708_create_authorizations.rb
@@ -7,6 +7,7 @@ class CreateAuthorizations < ActiveRecord::Migration[5.2]
       t.references :client, foreign_key: true
       t.string :code, null: false, index: true
       t.datetime :expired_at, null: false
+      t.datetime :revoked_at
 
       t.timestamps
     end
db/schema.rb
@@ -17,6 +17,7 @@ ActiveRecord::Schema.define(version: 2018_09_05_020708) do
     t.integer "client_id"
     t.string "code", null: false
     t.datetime "expired_at", null: false
+    t.datetime "revoked_at"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.index ["client_id"], name: "index_authorizations_on_client_id"
spec/requests/oauth_spec.rb
@@ -72,6 +72,7 @@ RSpec.describe '/oauth' do
         specify { expect(json[:token_type]).to be_present }
         specify { expect(json[:expires_in]).to be_present }
         specify { expect(json[:refresh_token]).to be_present }
+        specify { expect(authorization.reload).to be_revoked }
       end
     end
   end