diff options
| author | Thibaut Girka <thib@sitedethib.com> | 2019-12-01 12:12:42 +0100 |
|---|---|---|
| committer | Thibaut Girka <thib@sitedethib.com> | 2019-12-01 12:12:42 +0100 |
| commit | 99f1f48741865fd5cb510930488d36af27a5d24d (patch) | |
| tree | 1abd8eed33721830f7757a5d5ba85ffbd3b1012a /config/initializers | |
| parent | 7f6315841c98a1eee6cb57171a91a88f5c5343df (diff) | |
| parent | d70268f0991ba69568112d4da5768e821d5983dd (diff) | |
Merge branch 'master' into glitch-soc/merge-upstream
Diffstat (limited to 'config/initializers')
| -rw-r--r-- | config/initializers/devise.rb | 9 | ||||
| -rw-r--r-- | config/initializers/doorkeeper.rb | 16 |
2 files changed, 23 insertions, 2 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index fd9a5a8b9..fa9fd8cc4 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -61,6 +61,12 @@ module Devise @@ldap_tls_no_verify = false mattr_accessor :ldap_search_filter @@ldap_search_filter = nil + mattr_accessor :ldap_uid_conversion_enabled + @@ldap_uid_conversion_enabled = false + mattr_accessor :ldap_uid_conversion_search + @@ldap_uid_conversion_search = nil + mattr_accessor :ldap_uid_conversion_replace + @@ldap_uid_conversion_replace = nil class Strategies::PamAuthenticatable def valid? @@ -365,5 +371,8 @@ Devise.setup do |config| config.ldap_uid = ENV.fetch('LDAP_UID', 'cn') config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true' config.ldap_search_filter = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}') + config.ldap_uid_conversion_enabled = ENV['LDAP_UID_CONVERSION_ENABLED'] == 'true' + config.ldap_uid_conversion_search = ENV.fetch('LDAP_UID_CONVERSION_SEARCH', '.,- ') + config.ldap_uid_conversion_replace = ENV.fetch('LDAP_UID_CONVERSION_REPLACE', '_') end end diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index a5c9caa4a..7784bec62 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -8,8 +8,20 @@ Doorkeeper.configure do end resource_owner_from_credentials do |_routes| - user = User.find_by(email: request.params[:username]) - user if !user&.otp_required_for_login? && user&.valid_password?(request.params[:password]) + if Devise.ldap_authentication + user = User.authenticate_with_ldap({ :email => request.params[:username], :password => request.params[:password] }) + end + + if Devise.pam_authentication + user ||= User.authenticate_with_ldap({ :email => request.params[:username], :password => request.params[:password] }) + end + + if user.nil? + user = User.find_by(email: request.params[:username]) + user = nil unless user.valid_password?(request.params[:password]) + end + + user if !user&.otp_required_for_login? end # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below. |