Class: Grape::Middleware::Auth::OAuth2

Inherits:
Base
  • Object
show all
Defined in:
lib/grape/middleware/auth/oauth2.rb

Overview

OAuth 2.0 authorization for Grape APIs.

Instance Attribute Summary

Attributes inherited from Base

#app, #env, #options

Instance Method Summary (collapse)

Methods inherited from Base

#after, #call, #call!, #content_type, #content_type_for, #content_types, #initialize, #mime_types, #response

Constructor Details

This class inherits a constructor from Grape::Middleware::Base

Instance Method Details

- (Object) authorization_header



42
43
44
45
46
47
# File 'lib/grape/middleware/auth/oauth2.rb', line 42

def authorization_header
  options[:accepted_headers].each do |head|
    return env[head] if env[head]
  end
  nil
end

- (Object) before



15
16
17
# File 'lib/grape/middleware/auth/oauth2.rb', line 15

def before
  verify_token(token_parameter || token_header)
end

- (Object) default_options



4
5
6
7
8
9
10
11
12
13
# File 'lib/grape/middleware/auth/oauth2.rb', line 4

def default_options
  {
    token_class: 'AccessToken',
    realm: 'OAuth API',
    parameter: %w(bearer_token oauth_token access_token),
    accepted_headers: %w(HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION REDIRECT_X_HTTP_AUTHORIZATION),
    header: [/Bearer (.*)/i, /OAuth (.*)/i],
    required: true
  }
end

- (Object) error_out(status, error)



70
71
72
73
74
75
76
77
# File 'lib/grape/middleware/auth/oauth2.rb', line 70

def error_out(status, error)
  throw :error,
        message: error,
        status: status,
        headers: {
          'WWW-Authenticate' => "OAuth realm='#{options[:realm]}', error='#{error}'"
        }
end

- (Object) params



23
24
25
# File 'lib/grape/middleware/auth/oauth2.rb', line 23

def params
  @params ||= request.params
end

- (Object) request



19
20
21
# File 'lib/grape/middleware/auth/oauth2.rb', line 19

def request
  @request ||= Grape::Request.new(env)
end

- (Object) token_class



49
50
51
# File 'lib/grape/middleware/auth/oauth2.rb', line 49

def token_class
  @klass ||= eval(options[:token_class]) # rubocop:disable Eval
end

- (Object) token_header



34
35
36
37
38
39
40
# File 'lib/grape/middleware/auth/oauth2.rb', line 34

def token_header
  return false unless authorization_header
  Array(options[:header]).each do |regexp|
    return $1 if authorization_header =~ regexp
  end
  nil
end

- (Object) token_parameter



27
28
29
30
31
32
# File 'lib/grape/middleware/auth/oauth2.rb', line 27

def token_parameter
  Array(options[:parameter]).each do |p|
    return params[p] if params[p]
  end
  nil
end

- (Object) verify_token(token)



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# File 'lib/grape/middleware/auth/oauth2.rb', line 53

def verify_token(token)
  token = token_class.verify(token)
  if token
    if token.respond_to?(:expired?) && token.expired?
      error_out(401, 'invalid_grant')
    else
      if !token.respond_to?(:permission_for?) || token.permission_for?(env)
        env['api.token'] = token
      else
        error_out(403, 'insufficient_scope')
      end
    end
  elsif !!options[:required]
    error_out(401, 'invalid_grant')
  end
end