about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAlexander <devkral@web.de>2018-03-19 20:08:56 +0100
committerEugen Rochko <eugen@zeonfederated.com>2018-03-19 20:08:56 +0100
commit0306e3e9bebe0b0d9ad7e5fe328dd3677717b7e5 (patch)
treec766026ff276936a39c1149f7c2c8ac3c12ea1d8
parent357f9298bdb595f67b1f89292be9fa4268e1bffd (diff)
bugfixes and gem update (#6831)
* update to new version of devise_pam_authenticatable2

* fix behaviour if suffix is nil, fix environment loading, fix user email creation

* code cleanup/fix linter warning
-rw-r--r--Gemfile4
-rw-r--r--Gemfile.lock4
-rw-r--r--app/models/user.rb32
-rw-r--r--config/application.rb2
4 files changed, 24 insertions, 18 deletions
diff --git a/Gemfile b/Gemfile
index 3fce2ddc7..fe5bf572c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -32,7 +32,9 @@ gem 'cld3', '~> 3.2.0'
 gem 'devise', '~> 4.4'
 gem 'devise-two-factor', '~> 3.0'
 
-gem 'devise_pam_authenticatable2', '~> 8.0', install_if: -> { ENV['PAM_ENABLED'] == 'true' }
+group :pam_authentication, optional: true do
+  gem 'devise_pam_authenticatable2', '~> 9.0'
+end
 gem 'net-ldap', '~> 0.10'
 gem 'omniauth-cas', '~> 1.1'
 gem 'omniauth-saml', '~> 1.10'
diff --git a/Gemfile.lock b/Gemfile.lock
index 0640b140b..ca6365c74 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -141,7 +141,7 @@ GEM
       devise (~> 4.0)
       railties (< 5.2)
       rotp (~> 2.0)
-    devise_pam_authenticatable2 (8.0.1)
+    devise_pam_authenticatable2 (9.0.0)
       devise (>= 4.0.0)
       rpam2 (~> 3.0)
     diff-lcs (1.3)
@@ -631,7 +631,7 @@ DEPENDENCIES
   climate_control (~> 0.2)
   devise (~> 4.4)
   devise-two-factor (~> 3.0)
-  devise_pam_authenticatable2 (~> 8.0)
+  devise_pam_authenticatable2 (~> 9.0)
   doorkeeper (~> 4.2)
   dotenv-rails (~> 2.2)
   fabrication (~> 2.18)
diff --git a/app/models/user.rb b/app/models/user.rb
index b716c13fd..2d5f145fa 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -52,6 +52,8 @@ class User < ApplicationRecord
   devise :registerable, :recoverable, :rememberable, :trackable, :validatable,
          :confirmable
 
+  devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true'
+
   devise :omniauthable
 
   belongs_to :account, inverse_of: :user
@@ -96,7 +98,7 @@ class User < ApplicationRecord
 
   def pam_conflict?
     return false unless Devise.pam_authentication
-    encrypted_password.present? && is_pam_account?
+    encrypted_password.present? && pam_managed_user?
   end
 
   def pam_get_name
@@ -267,22 +269,22 @@ class User < ApplicationRecord
   end
 
   def self.pam_get_user(attributes = {})
-    if attributes[:email]
-      resource =
-        if Devise.check_at_sign && !attributes[:email].index('@')
-          joins(:account).find_by(accounts: { username: attributes[:email] })
-        else
-          find_by(email: attributes[:email])
-        end
-
-      if resource.blank?
-        resource = new(email: attributes[:email])
-        if Devise.check_at_sign && !resource[:email].index('@')
-          resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}"
-        end
+    return nil unless attributes[:email]
+    resource =
+      if Devise.check_at_sign && !attributes[:email].index('@')
+        joins(:account).find_by(accounts: { username: attributes[:email] })
+      else
+        find_by(email: attributes[:email])
+      end
+
+    if resource.blank?
+      resource = new(email: attributes[:email])
+      if Devise.check_at_sign && !resource[:email].index('@')
+        resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
+        resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]
       end
-      resource
     end
+    resource
   end
 
   def self.ldap_get_user(attributes = {})
diff --git a/config/application.rb b/config/application.rb
index 097cbf567..326a0ec8c 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -16,6 +16,8 @@ require_relative '../lib/devise/ldap_authenticatable'
 
 Dotenv::Railtie.load
 
+Bundler.require(:pam_authentication) if ENV['PAM_ENABLED'] == 'true'
+
 require_relative '../lib/mastodon/redis_config'
 
 module Mastodon