From 858e8c25030b887c988e6f374604ae9d2f7d0070 Mon Sep 17 00:00:00 2001
From: theworldbright <kent@kentshikama.com>
Date: Fri, 7 Aug 2015 22:58:03 +0900
Subject: [PATCH] Prevent duplicate scopes in authorization

---
 app/models/api/openid_connect/o_auth_application.rb             | 2 +-
 .../authorization_point/endpoint_confirmation_point.rb          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/models/api/openid_connect/o_auth_application.rb b/app/models/api/openid_connect/o_auth_application.rb
index 58a03b3ca..a136fc123 100644
--- a/app/models/api/openid_connect/o_auth_application.rb
+++ b/app/models/api/openid_connect/o_auth_application.rb
@@ -1,7 +1,7 @@
 module Api
   module OpenidConnect
     class OAuthApplication < ActiveRecord::Base
-      has_many :authorizations
+      has_many :authorizations, dependent: :destroy
       has_many :user, through: :authorizations
 
       validates :client_id, presence: true, uniqueness: true
diff --git a/lib/api/openid_connect/authorization_point/endpoint_confirmation_point.rb b/lib/api/openid_connect/authorization_point/endpoint_confirmation_point.rb
index 62fa207a5..104b0a0fb 100644
--- a/lib/api/openid_connect/authorization_point/endpoint_confirmation_point.rb
+++ b/lib/api/openid_connect/authorization_point/endpoint_confirmation_point.rb
@@ -24,7 +24,7 @@ module Api
           auth = OpenidConnect::Authorization.find_or_create_by(
             o_auth_application: @o_auth_application, user: @user, redirect_uri: @redirect_uri)
           auth.nonce = req.nonce
-          auth.scopes << @scopes
+          auth.scopes << @scopes unless auth.scopes == @scopes
           handle_approved_response_type(auth, req, res)
           res.approve!
         end