Commit 9546fddb authored by cmrd Senya's avatar cmrd Senya

[API] don't store ID tokens in DB

fix #6857
parent 3942dca0
......@@ -53,7 +53,6 @@ module Api
def reset_auth(auth)
return unless auth
auth.o_auth_access_tokens.destroy_all
auth.id_tokens.destroy_all
auth.code_used = false
auth.save
end
......
......@@ -12,7 +12,6 @@ module Api
serialize :scopes, JSON
has_many :o_auth_access_tokens, dependent: :destroy
has_many :id_tokens, dependent: :destroy
before_validation :setup, on: :create
......@@ -50,7 +49,7 @@ module Api
end
def create_id_token
id_tokens.create!(nonce: nonce)
IdToken.new(self, nonce)
end
def self.find_by_client_id_user_and_scopes(client_id, user, scopes)
......
require_relative "20150714055110_create_id_tokens"
class RemoveIdTokens < ActiveRecord::Migration
def change
revert CreateIdTokens
end
end
......@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20160810230114) do
ActiveRecord::Schema.define(version: 20160813115514) do
create_table "account_deletions", force: :cascade do |t|
t.string "diaspora_handle", limit: 255
......@@ -160,16 +160,6 @@ ActiveRecord::Schema.define(version: 20160810230114) do
add_index "conversations", ["author_id"], name: "conversations_author_id_fk", using: :btree
add_index "conversations", ["guid"], name: "index_conversations_on_guid", unique: true, length: {"guid"=>191}, using: :btree
create_table "id_tokens", force: :cascade do |t|
t.integer "authorization_id", limit: 4
t.datetime "expires_at"
t.string "nonce", limit: 255
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
end
add_index "id_tokens", ["authorization_id"], name: "index_id_tokens_on_authorization_id", using: :btree
create_table "invitation_codes", force: :cascade do |t|
t.string "token", limit: 255
t.integer "user_id", limit: 4
......@@ -661,7 +651,6 @@ ActiveRecord::Schema.define(version: 20160810230114) do
add_foreign_key "conversation_visibilities", "conversations", name: "conversation_visibilities_conversation_id_fk", on_delete: :cascade
add_foreign_key "conversation_visibilities", "people", name: "conversation_visibilities_person_id_fk", on_delete: :cascade
add_foreign_key "conversations", "people", column: "author_id", name: "conversations_author_id_fk", on_delete: :cascade
add_foreign_key "id_tokens", "authorizations"
add_foreign_key "like_signatures", "likes", name: "like_signatures_like_id_fk", on_delete: :cascade
add_foreign_key "like_signatures", "signature_orders", name: "like_signatures_signature_orders_id_fk"
add_foreign_key "likes", "people", column: "author_id", name: "likes_author_id_fk", on_delete: :cascade
......
......@@ -25,15 +25,12 @@ require "uri"
module Api
module OpenidConnect
class IdToken < ActiveRecord::Base
belongs_to :authorization
before_validation :setup, on: :create
default_scope { where("expires_at >= ?", Time.zone.now.utc) }
def setup
self.expires_at = 30.minutes.from_now
class IdToken
def initialize(authorization, nonce)
@authorization = authorization
@nonce = nonce
@created_at = Time.current
@expires_at = 30.minutes.from_now
end
def to_jwt(options={})
......@@ -42,6 +39,8 @@ module Api
end
end
private
def to_response_object(options={})
OpenIDConnect::ResponseObject::IdToken.new(claims).tap do |id_token|
id_token.code = options[:code] if options[:code]
......@@ -54,17 +53,17 @@ module Api
@claims ||= {
iss: AppConfig.environment.url,
sub: sub,
aud: authorization.o_auth_application.client_id,
exp: expires_at.to_i,
iat: created_at.to_i,
auth_time: authorization.user.current_sign_in_at.to_i,
nonce: nonce,
aud: @authorization.o_auth_application.client_id,
exp: @expires_at.to_i,
iat: @created_at.to_i,
auth_time: @authorization.user.current_sign_in_at.to_i,
nonce: @nonce,
acr: 0
}
end
def build_sub
Api::OpenidConnect::SubjectIdentifierCreator.create(authorization)
Api::OpenidConnect::SubjectIdentifierCreator.create(@authorization)
end
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment