Restructure omni services and add Chatwoot research snapshot

2026-02-21 11:11:27 +07:00
parent edea7a0034
commit b73babbbf6
7732 changed files with 978203 additions and 32 deletions
--- a/research/chatwoot/enterprise/app/models/account_saml_settings.rb
+++ b/research/chatwoot/enterprise/app/models/account_saml_settings.rb
@@ -0,0 +1,79 @@
+# == Schema Information
+#
+# Table name: account_saml_settings
+#
+#  id            :bigint           not null, primary key
+#  certificate   :text
+#  role_mappings :json
+#  sso_url       :string
+#  created_at    :datetime         not null
+#  updated_at    :datetime         not null
+#  account_id    :bigint           not null
+#  idp_entity_id :string
+#  sp_entity_id  :string
+#
+# Indexes
+#
+#  index_account_saml_settings_on_account_id  (account_id)
+#
+class AccountSamlSettings < ApplicationRecord
+  belongs_to :account
+
+  validates :account_id, presence: true
+  validates :sso_url, presence: true
+  validates :certificate, presence: true
+  validates :idp_entity_id, presence: true
+  validate :certificate_must_be_valid_x509
+
+  before_validation :set_sp_entity_id, if: :sp_entity_id_needs_generation?
+
+  after_create_commit :update_account_users_provider
+  after_destroy_commit :reset_account_users_provider
+
+  def saml_enabled?
+    sso_url.present? && certificate.present?
+  end
+
+  def certificate_fingerprint
+    return nil if certificate.blank?
+
+    begin
+      cert = OpenSSL::X509::Certificate.new(certificate)
+      OpenSSL::Digest::SHA1.new(cert.to_der).hexdigest
+                           .upcase.gsub(/(.{2})(?=.)/, '\1:')
+    rescue OpenSSL::X509::CertificateError
+      nil
+    end
+  end
+
+  private
+
+  def set_sp_entity_id
+    base_url = GlobalConfigService.load('FRONTEND_URL', 'http://localhost:3000')
+    self.sp_entity_id = "#{base_url}/saml/sp/#{account_id}"
+  end
+
+  def sp_entity_id_needs_generation?
+    sp_entity_id.blank?
+  end
+
+  def installation_name
+    GlobalConfigService.load('INSTALLATION_NAME', 'Chatwoot')
+  end
+
+  def update_account_users_provider
+    Saml::UpdateAccountUsersProviderJob.perform_later(account_id, 'saml')
+  end
+
+  def reset_account_users_provider
+    Saml::UpdateAccountUsersProviderJob.perform_later(account_id, 'email')
+  end
+
+  def certificate_must_be_valid_x509
+    return if certificate.blank?
+
+    OpenSSL::X509::Certificate.new(certificate)
+  rescue OpenSSL::X509::CertificateError
+    errors.add(:certificate, I18n.t('errors.account_saml_settings.invalid_certificate'))
+  end
+end