suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3b299cfec7
travis-api/lib/travis/api/app/extensions/scoping.rb
Piotr Sarnacki 3b299cfec7 Allow to pass required_params to token 
required_params will be matched with actual params to check if the token
may be used for authorization. For example if { job_id: 44 } is passed
as a required param, the token will be rejected for GET /jobs/33
2013-05-08 14:11:03 +02:00

67 lines
1.7 KiB
Ruby
Raw Blame History

require 'travis/api/app'
class Travis::Api::App
module Extensions
module Scoping
module Helpers
def scope
env['travis.scope'].to_sym
end
def public?
scope == :public
end
def required_params_match?
return true unless token = env['travis.access_token']
if token.extra && (required_params = token.extra['required_params'])
required_params.all? { |name, value| params[name] == value }
else
true
end
end
end
def self.registered(app)
app.set default_scope: :public, anonymous_scopes: [:public]
app.helpers(Helpers)
end
def scope(*names)
condition do
names = [settings.default_scope] if names == [:default]
scopes = env['travis.access_token'].try(:scopes) || settings.anonymous_scopes
result = names.any? do |name|
if scopes.include?(name) && required_params_match?
headers['X-OAuth-Scopes'] = scopes.map(&:to_s).join(',')
headers['X-Accepted-OAuth-Scopes'] = name.to_s
env['travis.scope'] = name
headers['Vary'] = 'Accept'
headers['Vary'] << ', Authorization' unless public?
true
end
end
if !result
if env['travis.access_token']
pass { halt 403, "insufficient access" }
else
pass { halt 401, "no access token supplied" }
end
end
result
end
end
def route(verb, path, options = {}, &block)
options[:scope] ||= :default
super(verb, path, options, &block)
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink