main
1# frozen_string_literal: true
2
3class User < ApplicationRecord
4 VALID_TIMEZONES = ActiveSupport::TimeZone::MAPPING.values
5 VALID_LOCALES = I18n.available_locales.map(&:to_s)
6 audited except: [:password_digest, :mfa_secret]
7 has_secure_password
8 has_many :sessions,
9 foreign_key: "user_id",
10 class_name: 'UserSession',
11 inverse_of: :user,
12 dependent: :delete_all
13
14 validates :email, presence: true, email: true, uniqueness: {
15 case_sensitive: false
16 }
17 validates :timezone, inclusion: VALID_TIMEZONES
18 validates :locale, inclusion: VALID_LOCALES
19
20 scope :scim_search, ->(filter) { Scim::Search.new(User).for(filter) }
21
22 def name_id_for(name_id_format)
23 Saml::Kit::Namespaces::PERSISTENT == name_id_format ? id : email
24 end
25
26 def assertion_attributes_for(request)
27 request.trusted? ? trusted_attributes_for(request) : {}
28 end
29
30 def issue_tokens_to(client, token_types: [:access, :refresh])
31 transaction do
32 token_types.map do |x|
33 Token.create!(subject: self, audience: client, token_type: x)
34 end
35 end
36 end
37
38 def mfa
39 Mfa.new(self)
40 end
41
42 class << self
43 def scim_mapper
44 SCIM::User::ATTRIBUTES
45 end
46
47 def login(email, password)
48 return if email.blank? || password.blank?
49
50 user = User.find_by!(email: email)
51 user.authenticate(password) ? user : nil
52 rescue ActiveRecord::RecordNotFound
53 nil
54 end
55 end
56
57 private
58
59 def trusted_attributes_for(_request)
60 { id: id, email: email, created_at: created_at }
61 end
62end