Implement expiring access tokens
This commit is contained in:
Piotr Sarnacki
parent
b26349176f
commit
01356df26f
|
|
@ -4,7 +4,7 @@ require 'securerandom'
|
|||
class Travis::Api::App
|
||||
class AccessToken
|
||||
DEFAULT_SCOPES = [:public, :private]
|
||||
attr_reader :token, :scopes, :user_id, :app_id
|
||||
attr_reader :token, :scopes, :user_id, :app_id, :expires_in
|
||||
|
||||
def self.create(options = {})
|
||||
new(options).tap(&:save)
|
||||
|
|
@ -25,6 +25,12 @@ class Travis::Api::App
|
|||
raise ArgumentError, 'must supply either user_id or user' unless options.key?(:user) ^ options.key?(:user_id)
|
||||
raise ArgumentError, 'must supply app_id' unless options.key?(:app_id)
|
||||
|
||||
begin
|
||||
@expires_in = Integer(options[:expires_in]) if options[:expires_in]
|
||||
rescue ArgumentError
|
||||
raise ArgumentError, 'expires_in must be of integer type'
|
||||
end
|
||||
|
||||
@app_id = Integer(options[:app_id])
|
||||
@scopes = Array(options[:scopes] || options[:scope] || DEFAULT_SCOPES).map(&:to_sym)
|
||||
@user = options[:user]
|
||||
|
|
@ -37,6 +43,11 @@ class Travis::Api::App
|
|||
redis.del(key)
|
||||
redis.rpush(key, [user_id, app_id, *scopes].map(&:to_s))
|
||||
redis.set(reuse_key, token)
|
||||
|
||||
if expires_in
|
||||
redis.expire(reuse_key, expires_in)
|
||||
redis.expire(key, expires_in)
|
||||
end
|
||||
end
|
||||
|
||||
def user
|
||||
|
|
@ -68,7 +79,7 @@ class Travis::Api::App
|
|||
private
|
||||
|
||||
def reuse_token
|
||||
redis.get(reuse_key)
|
||||
redis.get(reuse_key) unless expires_in
|
||||
end
|
||||
|
||||
def reuse_key
|
||||
|
|
|
|||
32
spec/unit/access_token_spec.rb
Normal file
32
spec/unit/access_token_spec.rb
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe Travis::Api::App::AccessToken do
|
||||
it 'errors out on wrong type of :expires_in argument' do
|
||||
expect {
|
||||
described_class.new(app_id: 1, user_id: 2, expires_in: 'foo')
|
||||
}.to raise_error(ArgumentError, 'expires_in must be of integer type')
|
||||
end
|
||||
|
||||
it 'allows to skip expires_in' do
|
||||
expect {
|
||||
described_class.new(app_id: 1, user_id: 2, expires_in: nil)
|
||||
}.to_not raise_error(ArgumentError)
|
||||
end
|
||||
|
||||
it 'does not reuse token if expires_in is set' do
|
||||
token = described_class.new(app_id: 1, user_id: 2).tap(&:save)
|
||||
new_token = described_class.new(app_id: 1, user_id: 2, expires_in: 10)
|
||||
|
||||
token.token.should_not == new_token.token
|
||||
end
|
||||
|
||||
it 'expires the token after given period of time' do
|
||||
token = described_class.new(app_id: 1, user_id: 2, expires_in: 1).tap(&:save)
|
||||
|
||||
described_class.find_by_token(token.token).should_not be_nil
|
||||
|
||||
sleep 1.5
|
||||
|
||||
described_class.find_by_token(token.token).should be_nil
|
||||
end
|
||||
end
|
||||
Loading…
Reference in New Issue
Block a user