From 8471311b7b8ce46b4bbb2a83a8c56179e89594e6 Mon Sep 17 00:00:00 2001
From: Sylvain <sylvain@sleede.com>
Date: Tue, 29 Mar 2022 12:18:16 +0200
Subject: [PATCH] (authentication) configure devise/omniauth to use the
 OpenIdConnect configuration

---
 app/models/open_id_connect_provider.rb | 24 ++++++++++++++++++++++++
 config/initializers/devise.rb          |  2 ++
 2 files changed, 26 insertions(+)

diff --git a/app/models/open_id_connect_provider.rb b/app/models/open_id_connect_provider.rb
index a631a26a7..793e5974f 100644
--- a/app/models/open_id_connect_provider.rb
+++ b/app/models/open_id_connect_provider.rb
@@ -4,4 +4,28 @@
 # the OpenID Connect protocol.
 class OpenIdConnectProvider < ApplicationRecord
   has_one :auth_provider, as: :providable
+
+  validates :issuer, presence: true
+  validates :client_identifier, presence: true
+  validates :client_secret, presence: true
+  validates :client_host, presence: true
+
+  validates :client_scheme, inclusion: { in: %w[http https] }
+  validates :client_port, numericality: { only_integer: true, greater_than: 0, less_than: 65_535 }
+  validates :response_type, inclusion: { in: %w[code id_token], allow_nil: true }
+  validates :response_mode, inclusion: { in: %w[query fragment form_post web_message], allow_nil: true }
+  validates :display, inclusion: { in: %w[page popup touch wap], allow_nil: true }
+  validates :prompt, inclusion: { in: %w[none login consent select_account], allow_nil: true }
+
+  def config
+    OpenIdConnectProvider.columns.map(&:name).filter { |n| !n.start_with?('client_') }.map do |n|
+      [n, send(n)]
+    end.push(['client_options', client_config]).to_h
+  end
+
+  def client_config
+    OpenIdConnectProvider.columns.map(&:name).filter { |n| n.start_with?('client_') }.map do |n|
+      [n.sub('client_', ''), send(n)]
+    end.to_h
+  end
 end
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 32aa13e4a..dfe81d119 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -234,6 +234,8 @@ Devise.setup do |config|
     config.omniauth OmniAuth::Strategies::SsoOauth2Provider.name.to_sym,
                     active_provider.providable.client_id,
                     active_provider.providable.client_secret
+  elsif active_provider.providable_type == OpenIdConnectProvider.name
+    config.omniauth :openid_connect, active_provider.config
   end
 
   # ==> Warden configuration