about summary refs log tree commit diff
path: root/lib/devise
diff options
context:
space:
mode:
authorDavid Yip <yipdw@member.fsf.org>2018-03-02 21:46:44 -0600
committerDavid Yip <yipdw@member.fsf.org>2018-03-02 21:46:44 -0600
commit1b8fcd4df52c8d715f89180faea8205310f197ae (patch)
tree705b8b59bafdd26cb96983e2da0104e8b7308ea7 /lib/devise
parentee00da01d2e4cc455b92f1f4a7c9142c73048433 (diff)
parentecf06d7e821a4b8f4585f1b6f0e39c595ed047ce (diff)
Merge remote-tracking branch 'origin/master' into merge-upstream
  Conflicts:
 	README.md
 	app/controllers/follower_accounts_controller.rb
 	app/controllers/following_accounts_controller.rb
 	app/serializers/rest/instance_serializer.rb
 	app/views/stream_entries/_simple_status.html.haml
 	config/locales/simple_form.ja.yml
Diffstat (limited to 'lib/devise')
-rw-r--r--lib/devise/ldap_authenticatable.rb49
1 files changed, 49 insertions, 0 deletions
diff --git a/lib/devise/ldap_authenticatable.rb b/lib/devise/ldap_authenticatable.rb
new file mode 100644
index 000000000..531abdbbe
--- /dev/null
+++ b/lib/devise/ldap_authenticatable.rb
@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+if ENV['LDAP_ENABLED'] == 'true'
+  require 'net/ldap'
+  require 'devise/strategies/authenticatable'
+
+  module Devise
+    module Strategies
+      class LdapAuthenticatable < Authenticatable
+        def authenticate!
+          if params[:user]
+            ldap = Net::LDAP.new(
+              host: Devise.ldap_host,
+              port: Devise.ldap_port,
+              base: Devise.ldap_base,
+              encryption: {
+                method: Devise.ldap_method,
+                tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS,
+              },
+              auth: {
+                method: :simple,
+                username: Devise.ldap_bind_dn,
+                password: Devise.ldap_password,
+              },
+              connect_timeout: 10
+            )
+
+            if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password))
+              user = User.ldap_get_user(user_info.first)
+              success!(user)
+            else
+              return fail(:invalid_login)
+            end
+          end
+        end
+
+        def email
+          params[:user][:email]
+        end
+
+        def password
+          params[:user][:password]
+        end
+      end
+    end
+  end
+
+  Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)
+end