Prevent duplicate scopes in authorization

2015-08-07 22:58:03 +09:00 · 2015-08-07 22:58:03 +09:00 · 858e8c2503
commit 858e8c2503
parent 054e421829
2 changed files with 2 additions and 2 deletions
--- a/app/models/api/openid_connect/o_auth_application.rb
+++ b/app/models/api/openid_connect/o_auth_application.rb
@ -1,7 +1,7 @@
 module Api
  module OpenidConnect
    class OAuthApplication < ActiveRecord::Base
-      has_many :authorizations
+      has_many :authorizations, dependent: :destroy
      has_many :user, through: :authorizations

      validates :client_id, presence: true, uniqueness: true
--- a/lib/api/openid_connect/authorization_point/endpoint_confirmation_point.rb
+++ b/lib/api/openid_connect/authorization_point/endpoint_confirmation_point.rb
@ -24,7 +24,7 @@ module Api
          auth = OpenidConnect::Authorization.find_or_create_by(
            o_auth_application: @o_auth_application, user: @user, redirect_uri: @redirect_uri)
          auth.nonce = req.nonce
-          auth.scopes << @scopes
+          auth.scopes << @scopes unless auth.scopes == @scopes
          handle_approved_response_type(auth, req, res)
          res.approve!
        end