Add default OAuths (#259)

2025-12-16 11:47:56 +01:00 · 2024-01-22 14:45:48 +01:00
parent 0828c9c879
commit 653e139a9e
32 changed files with 512 additions and 213 deletions
--- a/app/models/o_auth.rb
+++ b/app/models/o_auth.rb
@@ -3,6 +3,8 @@ class OAuth < ApplicationRecord
  include ApplicationHelper
  include Rails.application.routes.url_helpers

+  scope :include_defaults, -> { unscope(where: :tenant_id).where(tenant_id: Current.tenant).or(unscope(where: :tenant_id).where(tenant_id: nil, is_enabled: true)) }
+
  attr_accessor :state

  validates :name, presence: true, uniqueness: { scope: :tenant_id }
@@ -15,8 +17,20 @@ class OAuth < ApplicationRecord
  validates :scope, presence: true
  validates :json_user_email_path, presence: true

+  def is_default?
+    tenant_id == nil
+  end
+
  def callback_url
-    add_subdomain_to(method(:o_auth_callback_url), id)
+    # Default OAuths are available to all tenants
+    # but must have a single callback url:
+    # for this reason, we don't preprend tenant subdomain
+    # but rather use the "login" subdomain
+    if self.is_default?
+      o_auth_callback_url(id, host: Rails.application.base_url, subdomain: "login")
+    else
+      add_subdomain_to(method(:o_auth_callback_url), id)
+    end
  end

  def authorize_url_with_query_params
--- a/app/models/tenant.rb
+++ b/app/models/tenant.rb
@@ -9,6 +9,7 @@ class Tenant < ApplicationRecord
  enum status: [:active, :pending, :blocked]

  after_initialize :set_default_status, if: :new_record?
+  before_save :downcase_subdomain

  validates :site_name, presence: true
  validates :subdomain, presence: true, uniqueness: true
@@ -18,4 +19,8 @@ class Tenant < ApplicationRecord
  def set_default_status
    self.status ||= :pending
  end
+
+  def downcase_subdomain
+    self.subdomain = self.subdomain.downcase
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -16,8 +16,6 @@ class User < ApplicationRecord
  after_initialize :set_default_role, if: :new_record?
  after_initialize :set_default_status, if: :new_record?

-  before_save :skip_confirmation
-
  validates :full_name, presence: true, length: { in: 2..32 }
  validates :email,
    presence: true,
@@ -54,7 +52,6 @@ class User < ApplicationRecord
  end

  def skip_confirmation
-    return if Rails.application.email_confirmation?
    skip_confirmation!
    skip_confirmation_notification!
    skip_reconfirmation!
@@ -84,4 +81,15 @@ class User < ApplicationRecord
  def blocked?
    status == 'blocked'
  end
+
+  def generate_oauth_token
+    self.oauth_token = SecureRandom.urlsafe_base64
+    self.save!
+    oauth_token
+  end
+
+  def invalidate_oauth_token
+    self.oauth_token = nil
+    self.save!
+  end
 end