diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2018-02-28 19:04:53 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-28 19:04:53 +0100 |
commit | 47bdb9b33b021c92bdfc6698914776eda13f6f77 (patch) | |
tree | 3827da1ebcf051b42f3b78df000955a93cd3498e /app/models/user.rb | |
parent | e85287284611f7de431d9c51353125c265ebfe3f (diff) |
Fix #942: Seamless LDAP login (#6556)
Diffstat (limited to 'app/models/user.rb')
-rw-r--r-- | app/models/user.rb | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index b053292da..2995d6d54 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -52,7 +52,6 @@ class User < ApplicationRecord devise :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable - devise :pam_authenticatable if Devise.pam_authentication devise :omniauthable belongs_to :account, inverse_of: :user @@ -117,6 +116,12 @@ class User < ApplicationRecord acc.destroy! unless save end + def ldap_setup(_attributes) + self.confirmed_at = Time.now.utc + self.admin = false + save! + end + def confirmed? confirmed_at.present? end @@ -247,17 +252,17 @@ class User < ApplicationRecord end def password_required? - return false if Devise.pam_authentication + return false if Devise.pam_authentication || Devise.ldap_authentication super end def send_reset_password_instructions - return false if encrypted_password.blank? && Devise.pam_authentication + return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication) super end def reset_password!(new_password, new_password_confirmation) - return false if encrypted_password.blank? && Devise.pam_authentication + return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication) super end @@ -280,6 +285,17 @@ class User < ApplicationRecord end end + def self.ldap_get_user(attributes = {}) + resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first }) + + if resource.blank? + resource = new(email: attributes[:mail].first, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first }) + resource.ldap_setup(attributes) + end + + resource + end + def self.authenticate_with_pam(attributes = {}) return nil unless Devise.pam_authentication super |