diff options
author | David Yip <yipdw@member.fsf.org> | 2018-02-02 08:39:52 -0600 |
---|---|---|
committer | David Yip <yipdw@member.fsf.org> | 2018-02-02 08:39:52 -0600 |
commit | 4c1fd9a19c779fa6e7d74513c61f37ce05a841b3 (patch) | |
tree | 0cf23810e2f7ff0f45c65a3f2f9b35016587c68a /config/initializers/devise.rb | |
parent | ad3a2dfb66abc01a90807f23191b7e28c3c242ed (diff) | |
parent | 33f56811e38bc330de9dcfa6794c29a176a30311 (diff) |
Merge remote-tracking branch 'tootsuite/master' into merge-upstream
Conflicts: app/javascript/styles/mastodon/components.scss
Diffstat (limited to 'config/initializers/devise.rb')
-rw-r--r-- | config/initializers/devise.rb | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 07912c28b..f2f7f1ba3 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -30,6 +30,19 @@ Warden::Manager.before_logout do |_, warden| warden.cookies.delete('_session_id') end +module Devise + mattr_accessor :pam_authentication + @@pam_authentication = false + mattr_accessor :pam_controlled_service + @@pam_controlled_service = nil + + class Strategies::PamAuthenticatable + def valid? + super && ::Devise.pam_authentication + end + end +end + Devise.setup do |config| config.warden do |manager| manager.default_strategies(scope: :user).unshift :two_factor_authenticatable @@ -96,7 +109,7 @@ Devise.setup do |config| # given strategies, for example, `config.http_authenticatable = [:database]` will # enable it only for database authentication. The supported strategies are: # :database = Support basic authentication with authentication key + password - config.http_authenticatable = [:database] + config.http_authenticatable = [:pam, :database] # If 401 status code should be returned for AJAX requests. True by default. # config.http_authenticatable_on_xhr = true @@ -301,4 +314,23 @@ Devise.setup do |config| # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' + + # PAM: only look for email field + config.usernamefield = nil + config.emailfield = "email" + + # authentication with pam possible + # if not enabled, all pam settings are ignored + #config.pam_authentication = true + # check if email is actually a username + config.check_at_sign = true + # suffix for email address generation (warning: without pam must provide email in the pam environment) + config.pam_default_suffix = "pam" + # name of the pam service + # pam "auth" section is evaluated + config.pam_default_service = "rpam" + # name of the pam service used for checking if an user can register + # pam "account" section is evaluated + # nil for allowing registration of pam names (not recommended) + config.pam_controlled_service = "rpam" end |