class Doorkeeper::OAuth::PreAuthorization

Attributes

authorization_response_flow[R]
client[R]
client_id[R]
code_challenge[R]
code_challenge_method[R]
custom_access_token_attributes[R]
missing_param[R]
redirect_uri[R]
resource_owner[R]
response_mode[R]
response_type[R]
server[R]
state[R]

Public Class Methods

new(server, parameters = {}, resource_owner = nil) click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 24
def initialize(server, parameters = {}, resource_owner = nil)
  @server = server
  @client_id = parameters[:client_id]
  @response_type = parameters[:response_type]
  @response_mode = parameters[:response_mode]
  @redirect_uri = parameters[:redirect_uri]
  @scope = parameters[:scope]
  @state = parameters[:state]
  @code_challenge = parameters[:code_challenge]
  @code_challenge_method = parameters[:code_challenge_method]
  @resource_owner = resource_owner
  @custom_access_token_attributes = parameters.slice(*Doorkeeper.config.custom_access_token_attributes).to_h
end

Public Instance Methods

as_json(_options = nil) click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 61
def as_json(_options = nil)
  pre_auth_hash
end
authorizable?() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 38
def authorizable?
  valid?
end
error_response() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 50
def error_response
  if error == Errors::InvalidRequest
    OAuth::InvalidRequestResponse.from_request(
      self,
      response_on_fragment: response_on_fragment?,
    )
  else
    OAuth::ErrorResponse.from_request(self, response_on_fragment: response_on_fragment?)
  end
end
form_post_response?() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 65
def form_post_response?
  response_mode == "form_post"
end
scope() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 46
def scope
  @scope.presence || (server.default_scopes.presence && build_scopes)
end
scopes() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 42
def scopes
  Scopes.from_string(scope)
end

Private Instance Methods

build_scopes() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 73
def build_scopes
  client_scopes = client.scopes
  if client_scopes.blank?
    server.default_scopes.to_s
  else
    (server.default_scopes & client_scopes).to_s
  end
end
grant_type() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 166
def grant_type
  response_type == "code" ? AUTHORIZATION_CODE : IMPLICIT
end
pre_auth_hash() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 170
def pre_auth_hash
  {
    client_id: client.uid,
    redirect_uri: redirect_uri,
    state: state,
    response_type: response_type,
    scope: scope,
    client_name: client.name,
    status: I18n.t("doorkeeper.pre_authorization.status"),
  }
end
response_on_fragment?() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 160
def response_on_fragment?
  return response_type == "token" if response_mode.nil?

  response_mode == "fragment"
end
validate_client() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 87
def validate_client
  @client = OAuth::Client.find(client_id)
  @client.present?
end
validate_client_id() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 82
def validate_client_id
  @missing_param = :client_id if client_id.blank?
  @missing_param.nil?
end
validate_client_supports_grant_flow() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 92
def validate_client_supports_grant_flow
  Doorkeeper.config.allow_grant_flow_for_client?(grant_type, client.application)
end
validate_code_challenge() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 147
def validate_code_challenge
  return true unless Doorkeeper.config.force_pkce?
  return true if client.confidential
  code_challenge.present?
end
validate_code_challenge_method() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 153
def validate_code_challenge_method
  return true unless Doorkeeper.config.access_grant_model.pkce_supported?

  code_challenge.blank? ||
    (code_challenge_method.present? && Doorkeeper.config.pkce_code_challenge_methods_supported.include?(code_challenge_method))
end
validate_params() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 110
def validate_params
  @missing_param = if response_type.blank?
                     :response_type
                   elsif @scope.blank? && server.default_scopes.blank?
                     :scope
                   end

  @missing_param.nil?
end
validate_redirect_uri() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 101
def validate_redirect_uri
  return false if redirect_uri.blank?

  Helpers::URIChecker.valid_for_authorization?(
    redirect_uri,
    client.redirect_uri,
  )
end
validate_resource_owner_authorize_for_client() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 96
def validate_resource_owner_authorize_for_client
  # The `authorize_resource_owner_for_client` config option is used for this validation
  client.application.authorized_for_resource_owner?(@resource_owner)
end
validate_response_mode() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 129
def validate_response_mode
  if response_mode.blank?
    @response_mode = authorization_response_flow.default_response_mode
    return true
  end

  authorization_response_flow.matches_response_mode?(response_mode)
end
validate_response_type() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 120
def validate_response_type
  server.authorization_response_flows.any? do |flow|
    if flow.matches_response_type?(response_type)
      @authorization_response_flow = flow
      true
    end
  end
end
validate_scopes() click to toggle source
# File lib/doorkeeper/oauth/pre_authorization.rb, line 138
def validate_scopes
  Helpers::ScopeChecker.valid?(
    scope_str: scope,
    server_scopes: server.scopes,
    app_scopes: client.scopes,
    grant_type: grant_type,
  )
end