search

antek-drzewiecki / wine_bouncer

A Ruby gem that allows Oauth2 protection with Doorkeeper for Grape Api's
MIT License
112 stars 58 forks source link

Optional oauth on one point #58

Open alexandru-calinoiu opened 8 years ago

alexandru-calinoiu commented 8 years ago

I have an enpoint that can work both authorized and not authorized, when I don't decorate it with oauth2 I can't seem to be able to get the resource_owner even when I pass the bearer token.

antek-drzewiecki commented 8 years ago

That is true. Resource owner only gets set when an endpoint is authorized. The scenario where an endpoint can be in both states was not taken account for.

thedarkside commented 7 years ago

i've monkeypatched wine_bouncer 0.3.1 some time ago this way:

module WineBouncer
  class OAuth2 < Grape::Middleware::Base

    #monkeypatch protection behavior. This method shares the given token with the endpoints even if they aren't protected.
    def before
      set_auth_strategy(WineBouncer.configuration.auth_strategy)
      auth_strategy.api_context = context
      #extend the context with auth methods.
      context.extend(WineBouncer::AuthMethods)
      context.protected_endpoint = endpoint_protected?
      self.doorkeeper_request= env # set request for later use.
      doorkeeper_authorize! *auth_scopes if context.protected_endpoint?
      context.doorkeeper_access_token = doorkeeper_token
    end
  end
end

it basically does what you want. i didn't have time to contribute this as a pull request yet.

dja commented 5 years ago

This monkey patch works, but would love to see this properly considered within the gem. Have you rethought this @antek-drzewiecki?