45 lines
1.5 KiB
Ruby
45 lines
1.5 KiB
Ruby
|
module Carto
|
||
|
module OauthProvider
|
||
|
module GrantStrategies
|
||
|
module AuthorizationCodeStrategy
|
||
|
def self.authorize!(oauth_app, params)
|
||
|
authorization_code = OauthAuthorizationCode.find_by_code!(params[:code])
|
||
|
raise OauthProvider::Errors::InvalidGrant.new unless authorization_code.oauth_app == oauth_app
|
||
|
|
||
|
redirect_uri = params[:redirect_uri]
|
||
|
if (redirect_uri || authorization_code.redirect_uri) && redirect_uri != authorization_code.redirect_uri
|
||
|
raise OauthProvider::Errors::InvalidRequest.new('The redirect_uri must match the authorization request')
|
||
|
end
|
||
|
|
||
|
authorization_code.exchange!
|
||
|
rescue ActiveRecord::RecordNotFound
|
||
|
raise OauthProvider::Errors::InvalidGrant.new
|
||
|
end
|
||
|
|
||
|
def self.required_params
|
||
|
['code']
|
||
|
end
|
||
|
end
|
||
|
|
||
|
module RefreshTokenStrategy
|
||
|
def self.authorize!(oauth_app, params)
|
||
|
refresh_token = OauthRefreshToken.find_by_token!(params[:refresh_token])
|
||
|
raise OauthProvider::Errors::InvalidGrant.new unless refresh_token.oauth_app == oauth_app
|
||
|
|
||
|
if params[:scope]
|
||
|
refresh_token.exchange!(requested_scopes: params[:scope].split(' '))
|
||
|
else
|
||
|
refresh_token.exchange!
|
||
|
end
|
||
|
rescue ActiveRecord::RecordNotFound
|
||
|
raise OauthProvider::Errors::InvalidGrant.new
|
||
|
end
|
||
|
|
||
|
def self.required_params
|
||
|
['refresh_token']
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|