diff options
| author | Starfall <root@starfall.blue> | 2019-12-09 19:07:33 -0600 |
|---|---|---|
| committer | Starfall <root@starfall.blue> | 2019-12-09 19:09:31 -0600 |
| commit | 6b34fcfef7566105e8d80ab5fee0a539c06cddbf (patch) | |
| tree | 8fad2d47bf8be255d3c671c40cbfd04c2f55ed03 /app/controllers/auth/sessions_controller.rb | |
| parent | 9fbb4af7611aa7836e65ef9f544d341423c15685 (diff) | |
| parent | 246addd5b33a172600342af3fb6fb5e4c80ad95e (diff) | |
Merge branch 'glitch'`
Diffstat (limited to 'app/controllers/auth/sessions_controller.rb')
| -rw-r--r-- | app/controllers/auth/sessions_controller.rb | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/app/controllers/auth/sessions_controller.rb b/app/controllers/auth/sessions_controller.rb index 332f4d7a7..eac9dde6f 100644 --- a/app/controllers/auth/sessions_controller.rb +++ b/app/controllers/auth/sessions_controller.rb @@ -6,9 +6,11 @@ class Auth::SessionsController < Devise::SessionsController layout 'auth' skip_before_action :require_no_authentication, only: [:create] - skip_before_action :check_user_permissions, only: [:destroy] - prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] + skip_before_action :require_functional! + prepend_before_action :set_pack + prepend_before_action :authenticate_with_two_factor, if: :two_factor_enabled?, only: [:create] + before_action :set_instance_presenter, only: [:new] before_action :set_body_classes @@ -30,6 +32,7 @@ class Auth::SessionsController < Devise::SessionsController def destroy tmp_stored_location = stored_location_for(:user) super + session.delete(:challenge_passed_at) flash.delete(:notice) store_location_for(:user, tmp_stored_location) if continue_after? end @@ -39,12 +42,10 @@ class Auth::SessionsController < Devise::SessionsController def find_user if session[:otp_user_id] User.find(session[:otp_user_id]) - elsif user_params[:email] - if use_seamless_external_login? && Devise.check_at_sign && user_params[:email].index('@').nil? - User.joins(:account).find_by(accounts: { username: user_params[:email] }) - else - User.find_for_authentication(email: user_params[:email]) - end + else + user = User.authenticate_with_ldap(user_params) if Devise.ldap_authentication + user ||= User.authenticate_with_pam(user_params) if Devise.pam_authentication + user ||= User.find_for_authentication(email: user_params[:email]) end end @@ -71,13 +72,13 @@ class Auth::SessionsController < Devise::SessionsController end def two_factor_enabled? - find_user.try(:otp_required_for_login?) + find_user&.otp_required_for_login? end def valid_otp_attempt?(user) user.validate_and_consume_otp!(user_params[:otp_attempt]) || user.invalidate_otp_backup_code!(user_params[:otp_attempt]) - rescue OpenSSL::Cipher::CipherError => _error + rescue OpenSSL::Cipher::CipherError false end @@ -86,7 +87,10 @@ class Auth::SessionsController < Devise::SessionsController if user_params[:otp_attempt].present? && session[:otp_user_id] authenticate_with_two_factor_via_otp(user) - elsif user&.valid_password?(user_params[:password]) + elsif user.present? && (user.encrypted_password.blank? || user.valid_password?(user_params[:password])) + # If encrypted_password is blank, we got the user from LDAP or PAM, + # so credentials are already valid + prompt_for_two_factor(user) end end @@ -104,6 +108,8 @@ class Auth::SessionsController < Devise::SessionsController def prompt_for_two_factor(user) session[:otp_user_id] = user.id + use_pack 'auth' + @body_classes = 'lighter' render :two_factor end |