63 lines
1.4 KiB
Ruby
63 lines
1.4 KiB
Ruby
class OidcUserConsent < ApplicationRecord
|
|
belongs_to :user
|
|
belongs_to :application
|
|
|
|
validates :user, :application, :scopes_granted, :granted_at, presence: true
|
|
validates :user_id, uniqueness: { scope: :application_id }
|
|
|
|
before_validation :set_granted_at, on: :create
|
|
before_validation :set_sid, on: :create
|
|
|
|
# Parse scopes_granted into an array
|
|
def scopes
|
|
scopes_granted.split(' ')
|
|
end
|
|
|
|
# Set scopes from an array
|
|
def scopes=(scope_array)
|
|
self.scopes_granted = Array(scope_array).uniq.join(' ')
|
|
end
|
|
|
|
# Check if this consent covers the requested scopes
|
|
def covers_scopes?(requested_scopes)
|
|
requested = Array(requested_scopes).map(&:to_s)
|
|
granted = scopes
|
|
|
|
# All requested scopes must be included in granted scopes
|
|
(requested - granted).empty?
|
|
end
|
|
|
|
# Get a human-readable list of scopes
|
|
def formatted_scopes
|
|
scopes.map do |scope|
|
|
case scope
|
|
when 'openid'
|
|
'Basic authentication'
|
|
when 'profile'
|
|
'Profile information'
|
|
when 'email'
|
|
'Email address'
|
|
when 'groups'
|
|
'Group membership'
|
|
else
|
|
scope.humanize
|
|
end
|
|
end.join(', ')
|
|
end
|
|
|
|
# Find consent by SID
|
|
def self.find_by_sid(sid)
|
|
find_by(sid: sid)
|
|
end
|
|
|
|
private
|
|
|
|
def set_granted_at
|
|
self.granted_at ||= Time.current
|
|
end
|
|
|
|
def set_sid
|
|
self.sid ||= SecureRandom.uuid
|
|
end
|
|
end
|