Skip to content

Commit

Permalink
Merge pull request #2 from tsov/mass_assignment_problem
Browse files Browse the repository at this point in the history
Mass Assignment errors
  • Loading branch information
tsov committed Jun 26, 2013
2 parents 6865c34 + b7cbe6c commit ec9d59e
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 38 deletions.
15 changes: 8 additions & 7 deletions lib/doorkeeper/oauth/authorization/token.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,14 @@ def initialize(pre_auth, resource_owner)
end

def issue_token
@token ||= AccessToken.create!({
:application_id => pre_auth.client.id,
:resource_owner_id => resource_owner.id,
:scopes => pre_auth.scopes.to_s,
:expires_in => configuration.access_token_expires_in,
:use_refresh_token => false
})
@token = Doorkeeper::AccessToken.new
@token.application_id = pre_auth.client.id
@token.resource_owner_id = resource_owner.id
@token.scopes = pre_auth.scopes.to_s
@token.expires_in = configuration.access_token_expires_in
@token.use_refresh_token = false
@token.save!
@token
end

def configuration
Expand Down
14 changes: 7 additions & 7 deletions lib/doorkeeper/oauth/authorization_code_request.rb
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,13 @@ def revoke_and_create_access_token
end

def create_access_token
@access_token = Doorkeeper::AccessToken.create!({
:application_id => grant.application_id,
:resource_owner_id => grant.resource_owner_id,
:scopes => grant.scopes_string,
:expires_in => server.access_token_expires_in,
:use_refresh_token => server.refresh_token_enabled?
})
@access_token = Doorkeeper::AccessToken.new
@access_token.application_id = grant.application_id
@access_token.resource_owner_id = grant.resource_owner_id
@access_token.scopes = grant.scopes_string
@access_token.expires_in = server.access_token_expires_in
@access_token.use_refresh_token = server.refresh_token_enabled?
@access_token.save!
end

def validate_attributes
Expand Down
11 changes: 7 additions & 4 deletions lib/doorkeeper/oauth/client_credentials/creator.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,13 @@ def existing_token_for(client, scopes)
end

def create(client, scopes, attributes = {})
Doorkeeper::AccessToken.create(attributes.merge({
:application_id => client.id,
:scopes => scopes.to_s
}))
token = Doorkeeper::AccessToken.new
token.application_id = client.id
token.scopes = scopes.to_s
token.use_refresh_token = attributes[:use_refresh_token] if attributes[:use_refresh_token]
token.expires_in = attributes[:expires_in] if attributes[:expires_in]
token.save!
token
end
end
end
Expand Down
14 changes: 7 additions & 7 deletions lib/doorkeeper/oauth/password_access_token_request.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,13 @@ def revoke_and_create_access_token
end

def create_access_token
@access_token = Doorkeeper::AccessToken.create!({
:application_id => client.id,
:resource_owner_id => resource_owner.id,
:scopes => scopes.to_s,
:expires_in => server.access_token_expires_in,
:use_refresh_token => server.refresh_token_enabled?
})
@access_token = Doorkeeper::AccessToken.new
@access_token.application_id = client.id
@access_token.resource_owner_id = resource_owner.id
@access_token.scopes = scopes.to_s
@access_token.expires_in = server.access_token_expires_in
@access_token.use_refresh_token = server.refresh_token_enabled?
@access_token.save!
end

def validate_client
Expand Down
14 changes: 7 additions & 7 deletions lib/doorkeeper/oauth/refresh_token_request.rb
Original file line number Diff line number Diff line change
Expand Up @@ -37,13 +37,13 @@ def revoke_and_create_access_token
end

def create_access_token
@access_token = Doorkeeper::AccessToken.create!({
:application_id => refresh_token.application_id,
:resource_owner_id => refresh_token.resource_owner_id,
:scopes => refresh_token.scopes_string,
:expires_in => server.access_token_expires_in,
:use_refresh_token => true
})
@access_token = Doorkeeper::AccessToken.new
@access_token.application_id = refresh_token.application_id
@access_token.resource_owner_id = refresh_token.resource_owner_id
@access_token.scopes = refresh_token.scopes_string
@access_token.expires_in = server.access_token_expires_in
@access_token.use_refresh_token = true
@access_token.save!
end

def validate_token
Expand Down
6 changes: 0 additions & 6 deletions spec/lib/oauth/client_credentials/creator_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,6 @@ class Doorkeeper::OAuth::ClientCredentialsRequest
end.to change { Doorkeeper::AccessToken.count }.by(1)
end

it 'returns false if creation fails' do
Doorkeeper::AccessToken.should_receive(:create).and_return(false)
created = subject.call(client, scopes)
created.should be_false
end

it 'does not create a new token if there is an accessible one' do
subject.call(client, scopes, :expires_in => 10.years)
expect do
Expand Down

0 comments on commit ec9d59e

Please sign in to comment.