Class: Admin::DeviceAuthorization

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• Admin::DeviceAuthorization

Defined in:

app/models/admin/device_authorization.rb

Defined Under Namespace

Classes: TokenError

Constant Summary

EXPIRES_IN =

10.minutes

Class Method Summary

• .digest(device_code) ⇒ Object
• .generate_user_code ⇒ Object
• .issue!(requested_ip:, user_agent:) ⇒ Object
• .issue_access_token!(device_code:, token_expires_in: 12.hours) ⇒ Object

Instance Method Summary

• #actionable? ⇒ Boolean
• #approve!(admin_user:) ⇒ Object
• #consume!(token_expires_in:) ⇒ Object
• #deny!(admin_user:) ⇒ Object
• #expired? ⇒ Boolean
• #issuable? ⇒ Boolean
• #token_error ⇒ Object

Class Method Details

.digest(device_code) ⇒ Object

# File 'app/models/admin/device_authorization.rb', line 41

def self.digest(device_code)
  Digest::SHA256.hexdigest(device_code)
end

.generate_user_code ⇒ Object

# File 'app/models/admin/device_authorization.rb', line 45

def self.generate_user_code
  "#{SecureRandom.alphanumeric(4).upcase}-#{SecureRandom.alphanumeric(4).upcase}"
end

.issue!(requested_ip:, user_agent:) ⇒ Object

# File 'app/models/admin/device_authorization.rb', line 27

def self.issue!(requested_ip:, user_agent:)
  device_code = SecureRandom.urlsafe_base64(32)

  device_authorization = create!(
    device_code_digest: digest(device_code),
    user_code:          generate_user_code,
    request_expires_at: EXPIRES_IN.from_now,
    requested_ip:,
    user_agent:,
  )

  [device_authorization, device_code]
end

.issue_access_token!(device_code:, token_expires_in: 12.hours) ⇒ Object

Raises:

• (TokenError)

# File 'app/models/admin/device_authorization.rb', line 49

def self.issue_access_token!(device_code:, token_expires_in: 12.hours)
  device_authorization = find_by(device_code_digest: digest(device_code.to_s))
  raise TokenError.new("invalid_grant") unless device_authorization

  device_authorization.with_lock do
    device_authorization.reload

    if (error = device_authorization.token_error)
      raise TokenError.new(error)
    end

    access_token = device_authorization.admin_user.generate_token_for(:api_access)
    device_authorization.consume!(token_expires_in:)

    {
      access_token:,
      token_type:   "Bearer",
      expires_in:   token_expires_in.to_i,
    }
  end
end

Instance Method Details

#actionable? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/admin/device_authorization.rb', line 109

def actionable?
  pending? && !expired?
end

#approve!(admin_user:) ⇒ Object

# File 'app/models/admin/device_authorization.rb', line 94

def approve!(admin_user:)
  update!(
    status:      "approved",
    approved_at: Time.current,
    admin_user:,
  )
end

#consume!(token_expires_in:) ⇒ Object

# File 'app/models/admin/device_authorization.rb', line 86

def consume!(token_expires_in:)
  update!(
    status:           "consumed",
    consumed_at:      Time.current,
    token_expires_at: token_expires_in.from_now,
  )
end

#deny!(admin_user:) ⇒ Object

# File 'app/models/admin/device_authorization.rb', line 102

def deny!(admin_user:)
  update!(
    status:     "denied",
    admin_user:,
  )
end

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/admin/device_authorization.rb', line 71

def expired?
  request_expires_at <= Time.current
end

#issuable? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/admin/device_authorization.rb', line 75

def issuable?
  approved? && !expired?
end

#token_error ⇒ Object

# File 'app/models/admin/device_authorization.rb', line 79

def token_error
  return "authorization_pending" if pending?
  return "access_denied" if denied?

  "invalid_grant" if consumed? || expired?
end