Merge pull request #1387 from outstand/refactor-refresh-token-request

Add AccessToken#create_for and use in RefreshTokenRequest
doorkeeper-gem · Apr 1, 2020 · 50efdb0 · 50efdb0
2 parents 140b24c + 606ef36
commit 50efdb0
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 42 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -32,6 +32,7 @@ User-visible changes worth mentioning.
 - [#1373] Make Doorkeeper routes mapper reusable in extensions.
 - [#1374] Revoke and issue client credentials token in a transaction with a row lock.
 - [#1384] Add context object with auth/pre_auth for authorization hooks.
+- [#1387] Add `AccessToken#create_for` and use in `RefreshTokenRequest`.
 
 ## 5.3.1
 

diff --git a/lib/doorkeeper/models/access_token_mixin.rb b/lib/doorkeeper/models/access_token_mixin.rb
@@ -170,34 +170,59 @@ def scopes_match?(token_scopes, param_scopes, app_scopes)
       #   Resource Owner model instance or it's ID
       # @param scopes [#to_s]
       #   set of scopes (any object that responds to `#to_s`)
-      # @param expires_in [Integer]
+      # @param token_attributes [Hash]
+      #   Additional attributes to use when creating a token
+      # @option token_attributes [Integer] :expires_in
       #   token lifetime in seconds
-      # @param use_refresh_token [Boolean]
+      # @option token_attributes [Boolean] :use_refresh_token
       #   whether to use the refresh token
       #
       # @return [Doorkeeper::AccessToken] existing record or a new one
       #
-      def find_or_create_for(application, resource_owner, scopes, expires_in, use_refresh_token)
+      def find_or_create_for(application:, resource_owner:, scopes:, **token_attributes)
         if Doorkeeper.config.reuse_access_token
           access_token = matching_token_for(application, resource_owner, scopes)
 
           return access_token if access_token&.reusable?
         end
 
-        attributes = {
-          application_id: application&.id,
-          scopes: scopes.to_s,
-          expires_in: expires_in,
-          use_refresh_token: use_refresh_token,
-        }
+        create_for(
+          application: application,
+          resource_owner: resource_owner,
+          scopes: scopes,
+          **token_attributes,
+        )
+      end
+
+      # Creates a not expired AccessToken record with a matching set of
+      # scopes that belongs to specific Application and Resource Owner.
+      #
+      # @param application [Doorkeeper::Application]
+      #   Application instance
+      # @param resource_owner [ActiveRecord::Base, Integer]
+      #   Resource Owner model instance or it's ID
+      # @param scopes [#to_s]
+      #   set of scopes (any object that responds to `#to_s`)
+      # @param token_attributes [Hash]
+      #   Additional attributes to use when creating a token
+      # @option token_attributes [Integer] :expires_in
+      #   token lifetime in seconds
+      # @option token_attributes [Boolean] :use_refresh_token
+      #   whether to use the refresh token
+      #
+      # @return [Doorkeeper::AccessToken] new access token
+      #
+      def create_for(application:, resource_owner:, scopes:, **token_attributes)
+        token_attributes[:application_id] = application&.id
+        token_attributes[:scopes] = scopes.to_s
 
         if Doorkeeper.config.polymorphic_resource_owner?
-          attributes[:resource_owner] = resource_owner
+          token_attributes[:resource_owner] = resource_owner
         else
-          attributes[:resource_owner_id] = resource_owner_id_for(resource_owner)
+          token_attributes[:resource_owner_id] = resource_owner_id_for(resource_owner)
         end
 
-        create!(attributes)
+        create!(token_attributes)
       end
 
       # Looking for not revoked Access Token records that belongs to specific

diff --git a/lib/doorkeeper/oauth/authorization/token.rb b/lib/doorkeeper/oauth/authorization/token.rb
@@ -58,11 +58,11 @@ def issue_token
           )
 
           @token = Doorkeeper.config.access_token_model.find_or_create_for(
-            pre_auth.client,
-            resource_owner,
-            pre_auth.scopes,
-            self.class.access_token_expires_in(Doorkeeper.config, context),
-            false,
+            application: pre_auth.client,
+            resource_owner: resource_owner,
+            scopes: pre_auth.scopes,
+            expires_in: self.class.access_token_expires_in(Doorkeeper.config, context),
+            use_refresh_token: false,
           )
         end
 

diff --git a/lib/doorkeeper/oauth/base_request.rb b/lib/doorkeeper/oauth/base_request.rb
@@ -35,11 +35,11 @@ def valid?
       def find_or_create_access_token(client, resource_owner, scopes, server)
         context = Authorization::Token.build_context(client, grant_type, scopes)
         @access_token = server_config.access_token_model.find_or_create_for(
-          client,
-          resource_owner,
-          scopes,
-          Authorization::Token.access_token_expires_in(server, context),
-          Authorization::Token.refresh_token_enabled?(server, context),
+          application: client,
+          resource_owner: resource_owner,
+          scopes: scopes,
+          expires_in: Authorization::Token.access_token_expires_in(server, context),
+          use_refresh_token: Authorization::Token.refresh_token_enabled?(server, context),
         )
       end
 

diff --git a/lib/doorkeeper/oauth/client_credentials/creator.rb b/lib/doorkeeper/oauth/client_credentials/creator.rb
@@ -14,8 +14,10 @@ def call(client, scopes, attributes = {})
 
           with_revocation(existing_token: existing_token) do
             server_config.access_token_model.find_or_create_for(
-              client, nil, scopes, attributes[:expires_in],
-              attributes[:use_refresh_token],
+              application: client,
+              resource_owner: nil,
+              scopes: scopes,
+              **attributes,
             )
           end
         end

diff --git a/lib/doorkeeper/oauth/refresh_token_request.rb b/lib/doorkeeper/oauth/refresh_token_request.rb
@@ -49,28 +49,27 @@ def default_scopes
       end
 
       def create_access_token
-        @access_token = server_config.access_token_model.create!(access_token_attributes)
-      end
+        attributes = {}
 
-      def access_token_attributes
-        attrs = {
-          application_id: refresh_token.application_id,
-          scopes: scopes.to_s,
-          expires_in: refresh_token.expires_in,
-          use_refresh_token: true,
-        }
+        resource_owner =
+          if Doorkeeper.config.polymorphic_resource_owner?
+            refresh_token.resource_owner
+          else
+            refresh_token.resource_owner_id
+          end
 
-        if Doorkeeper.config.polymorphic_resource_owner?
-          attrs[:resource_owner] = refresh_token.resource_owner
-        else
-          attrs[:resource_owner_id] = refresh_token.resource_owner_id
+        if refresh_token_revoked_on_use?
+          attributes[:previous_refresh_token] = refresh_token.refresh_token
         end
 
-        attrs.tap do |attributes|
-          if refresh_token_revoked_on_use?
-            attributes[:previous_refresh_token] = refresh_token.refresh_token
-          end
-        end
+        @access_token = server_config.access_token_model.create_for(
+          application: refresh_token.application,
+          resource_owner: resource_owner,
+          scopes: scopes,
+          expires_in: refresh_token.expires_in,
+          use_refresh_token: true,
+          **attributes,
+        )
       end
 
       def validate_token_presence