Skip to content

Commit

Permalink
Refactor Doorkeeper::Rails::Helpers
Browse files Browse the repository at this point in the history
Makes explicit what the public API is to inject doorkeeper behavior into
application endpoints.

This should be the only interface between Rails and doorkeeper. Other
frameworks can define their own interface and use doorkeeper too. This
is a step into decoupling doorkeeper from Rails, so that integration
is easier.

Related with #567.
  • Loading branch information
tute committed Feb 20, 2015
1 parent e333439 commit f1671b8
Showing 1 changed file with 62 additions and 34 deletions.
96 changes: 62 additions & 34 deletions lib/doorkeeper/rails/helpers.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,53 +3,36 @@ module Rails
module Helpers
extend ActiveSupport::Concern

module ClassMethods
def doorkeeper_for(*args, &block)
fail Errors::DoorkeeperError, "`doorkeeper_for` no longer available", <<-eos
\nStarting in version 2.0.0 of doorkeeper gem, `doorkeeper_for` is no longer
available. Please change `doorkeeper_for` calls in your application with:
before_action :doorkeeper_authorize!
def doorkeeper_authorize!(*scopes)
@_doorkeeper_scopes = scopes || Doorkeeper.configuration.default_scopes

For more information check the README:
https://github.com/doorkeeper-gem/doorkeeper#protecting-resources-with-oauth-aka-your-api-endpoint\n
eos
if doorkeeper_token_is_invalid?
doorkeeper_render_error
end
end

def doorkeeper_token
@_doorkeeper_token ||= OAuth::Token.authenticate request, *Doorkeeper.configuration.access_token_methods
def doorkeeper_unauthorized_render_options
nil
end

def valid_doorkeeper_token?(*scopes)
doorkeeper_token && doorkeeper_token.acceptable?(scopes)
def doorkeeper_forbidden_render_options
nil
end

def doorkeeper_authorize!(*scopes)
scopes ||= Doorkeeper.configuration.default_scopes

unless valid_doorkeeper_token?(*scopes)
if !doorkeeper_token || !doorkeeper_token.accessible?
error = OAuth::InvalidTokenResponse.from_access_token(doorkeeper_token)
options = doorkeeper_unauthorized_render_options
else
error = OAuth::ForbiddenTokenResponse.from_scopes(scopes)
options = doorkeeper_forbidden_render_options
end
headers.merge!(error.headers.reject { |k| ['Content-Type'].include? k })
doorkeeper_error_renderer(error, options)
end
end
private

def doorkeeper_unauthorized_render_options
nil
def doorkeeper_token_is_invalid?
!doorkeeper_token || !doorkeeper_token.acceptable?(@_doorkeeper_scopes)
end

def doorkeeper_forbidden_render_options
nil
def doorkeeper_render_error
error = doorkeeper_error
headers.merge! error.headers.reject { |k| "Content-Type" == k }
doorkeeper_render_error_with(error)
end

def doorkeeper_error_renderer(error, options = {})
def doorkeeper_render_error_with(error)
options = doorkeeper_render_options
if options.blank?
head error.status
else
Expand All @@ -58,6 +41,51 @@ def doorkeeper_error_renderer(error, options = {})
render options
end
end

def doorkeeper_error
if doorkeeper_invalid_token_response?
OAuth::InvalidTokenResponse.from_access_token(doorkeeper_token)
else
OAuth::ForbiddenTokenResponse.from_scopes(@_doorkeeper_scopes)
end
end

def doorkeeper_render_options
if doorkeeper_invalid_token_response?
doorkeeper_unauthorized_render_options
else
doorkeeper_forbidden_render_options
end
end

def doorkeeper_invalid_token_response?
!doorkeeper_token || !doorkeeper_token.accessible?
end

def doorkeeper_token
@_doorkeeper_token ||= OAuth::Token.authenticate(
request,
*Doorkeeper.configuration.access_token_methods
)
end

module ClassMethods
def doorkeeper_for(*_args)
fail(
Errors::DoorkeeperError,
"`doorkeeper_for` no longer available",
<<-eos
\nStarting in version 2.0.0 of doorkeeper gem, `doorkeeper_for` is no longer
available. Please change `doorkeeper_for` calls in your application with:
before_action :doorkeeper_authorize!
For more information check the README:
https://github.com/doorkeeper-gem/doorkeeper#protecting-resources-with-oauth-aka-your-api-endpoint\n
eos
)
end
end
end
end
end

0 comments on commit f1671b8

Please sign in to comment.