2025-11-14 12:54:35 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
module Omniauthable
|
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
|
|
class_methods do
|
|
|
|
|
def from_omniauth(access_token)
|
|
|
|
|
data = access_token.info
|
|
|
|
|
provider = access_token.provider
|
|
|
|
|
uid = access_token.uid
|
|
|
|
|
|
|
|
|
|
# First, try to find user by provider and uid (for linked accounts)
|
|
|
|
|
user = find_by(provider: provider, uid: uid)
|
|
|
|
|
|
2025-11-14 13:06:16 -05:00
|
|
|
return user if user
|
2025-11-14 12:54:35 -05:00
|
|
|
|
|
|
|
|
# If not found, try to find by email
|
2025-11-23 17:16:37 -05:00
|
|
|
user = find_by(email: data['email']) if data['email'].present?
|
2025-11-14 12:54:35 -05:00
|
|
|
|
|
|
|
|
if user
|
|
|
|
|
# Update provider and uid for existing user (first-time linking)
|
2025-11-22 19:21:37 -05:00
|
|
|
user.update!(provider: provider, uid: uid)
|
2025-11-23 17:16:37 -05:00
|
|
|
|
2025-11-14 12:54:35 -05:00
|
|
|
return user
|
|
|
|
|
end
|
|
|
|
|
|
2025-11-24 13:33:51 -05:00
|
|
|
# Check if auto-registration is allowed for OIDC
|
|
|
|
|
return nil if provider == 'openid_connect' && !oidc_auto_register_enabled?
|
2025-11-23 17:16:37 -05:00
|
|
|
|
2025-11-24 13:33:51 -05:00
|
|
|
# Attempt to create user (will fail validation if email is blank)
|
2025-11-23 17:16:37 -05:00
|
|
|
create(
|
2025-11-14 12:54:35 -05:00
|
|
|
email: data['email'],
|
|
|
|
|
password: Devise.friendly_token[0, 20],
|
|
|
|
|
provider: provider,
|
|
|
|
|
uid: uid
|
|
|
|
|
)
|
|
|
|
|
end
|
2025-11-24 13:33:51 -05:00
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def oidc_auto_register_enabled?
|
|
|
|
|
# Default to true for backward compatibility
|
|
|
|
|
env_value = ENV['OIDC_AUTO_REGISTER']
|
|
|
|
|
return true if env_value.nil?
|
|
|
|
|
|
|
|
|
|
ActiveModel::Type::Boolean.new.cast(env_value)
|
|
|
|
|
end
|
2025-11-14 12:54:35 -05:00
|
|
|
end
|
|
|
|
|
end
|
