diff options
author | Valery Sizov <vsv2711@gmail.com> | 2014-12-19 16:15:29 +0200 |
---|---|---|
committer | Valery Sizov <vsv2711@gmail.com> | 2014-12-24 15:38:07 +0200 |
commit | e41dadcb33fda44ee274daa673bd933e13aa90eb (patch) | |
tree | ef0dc6ecea0020fe1ce8598342bcbf7e620984fe /app/services/oauth2 | |
parent | 5cf2bd4c997d84e9a02d722d6ba870c24b06cc0f (diff) | |
download | gitlab-ce-e41dadcb33fda44ee274daa673bd933e13aa90eb.tar.gz |
Doorkeeper integration
Diffstat (limited to 'app/services/oauth2')
-rw-r--r-- | app/services/oauth2/access_token_validation_service.rb | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/app/services/oauth2/access_token_validation_service.rb b/app/services/oauth2/access_token_validation_service.rb new file mode 100644 index 00000000000..95283489753 --- /dev/null +++ b/app/services/oauth2/access_token_validation_service.rb @@ -0,0 +1,41 @@ +module Oauth2::AccessTokenValidationService + # Results: + VALID = :valid + EXPIRED = :expired + REVOKED = :revoked + INSUFFICIENT_SCOPE = :insufficient_scope + + class << self + def validate(token, scopes: []) + if token.expired? + return EXPIRED + + elsif token.revoked? + return REVOKED + + elsif !self.sufficent_scope?(token, scopes) + return INSUFFICIENT_SCOPE + + else + return VALID + end + end + + protected + # True if the token's scope is a superset of required scopes, + # or the required scopes is empty. + def sufficent_scope?(token, scopes) + if scopes.blank? + # if no any scopes required, the scopes of token is sufficient. + return true + else + # If there are scopes required, then check whether + # the set of authorized scopes is a superset of the set of required scopes + required_scopes = Set.new(scopes) + authorized_scopes = Set.new(token.scopes) + + return authorized_scopes >= required_scopes + end + end + end +end
\ No newline at end of file |