Baffle-WAF/baffle-hub
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Drop omniauth for openid_connect gem

Browse Source
This commit is contained in:
Dan Milne
2025-11-09 20:53:20 +11:00
parent c9e2992fe0
commit ab5f83ab97
10 changed files with 168 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
app/models/user.rb
View File

@@ -15,26 +15,9 @@ class User < ApplicationRecord
before_validation :set_first_user_as_admin, on: :create
def self.from_oidc(auth_hash)
# Extract user info from OIDC auth hash
email = auth_hash.dig('info', 'email')
return nil unless email
user = find_or_initialize_by(email_address: email)
# Map OIDC groups to role for new users or update existing user's role
if auth_hash.dig('extra', 'raw_info', 'groups')
user.role = map_oidc_groups_to_role(auth_hash.dig('extra', 'raw_info', 'groups'))
end
# For OIDC users, set a random password if they don't have one
if user.new_record? && !user.password_digest?
user.password = SecureRandom.hex(32) # OIDC users won't use this
end
# Save the user (skip password validation for OIDC users)
user.save!(validate: false) if user.changed?
user
def update_role_from_oidc_groups(groups)
new_role = self.class.map_oidc_groups_to_role(groups)
update(role: new_role) if role != new_role
end
def admin?