Claire b31af34c97
Merge pull request from GHSA-vm39-j3vx-pch3
* Prevent different identities from a same SSO provider from accessing a same account

* Lock auth provider changes behind `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH=true`

* Rename methods to avoid confusion between OAuth and OmniAuth
2024-02-14 15:16:07 +01:00

24 lines
623 B
Ruby

# frozen_string_literal: true
# == Schema Information
#
# Table name: identities
#
# provider :string default(""), not null
# uid :string default(""), not null
# created_at :datetime not null
# updated_at :datetime not null
# id :bigint(8) not null, primary key
# user_id :bigint(8)
#
class Identity < ApplicationRecord
belongs_to :user
validates :uid, presence: true, uniqueness: { scope: :provider }
validates :provider, presence: true
def self.find_for_omniauth(auth)
find_or_create_by(uid: auth.uid, provider: auth.provider)
end
end