Fix issue assaf#17 - Honour token expires_at value

donedotcom · Aug 7, 2012 · 373203f · 373203f
1 parent dbe2eb1
commit 373203f
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 2 deletions.
diff --git a/lib/rack/oauth2/models/access_token.rb b/lib/rack/oauth2/models/access_token.rb
@@ -21,7 +21,13 @@ def from_token(token)
           def get_token_for(identity, client, scope, expires = nil)
             raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
             scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope
-            unless token = collection.find_one({ :identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil })
+
+            token = collection.find_one({
+              :$or=>[{:expires_at=>nil}, {:expires_at=>{:$gt=>Time.now.to_i}}],
+              :identity=>identity, :scope=>scope,
+              :client_id=>client.id, :revoked=>nil})
+
+            unless token
               return create_token_for(client, scope, identity, expires)
             end
             Server.new_instance self, token

diff --git a/test/oauth/server_methods_test.rb b/test/oauth/server_methods_test.rb
@@ -282,8 +282,16 @@ def setup
     should "return different token for different scope" do
       assert @token != Server.token_for("Batman", client.id, %w{read})
     end
-  end
 
+    should 'expire token after the specified amount of time' do
+      Server::AccessToken.collection.drop
+      token = Server.token_for("Batman", client.id, %w{read write}, 60)
+
+      Timecop.travel 120 do
+        assert token != Server.token_for("Batman", client.id, %w{read write})
+      end
+    end
+  end
 
   context "list access tokens" do
     setup do