about summary refs log tree commit diff
path: root/lib
diff options
context:
space:
mode:
authorbeatrix <beatrix.bitrot@gmail.com>2018-03-03 13:40:00 -0500
committerGitHub <noreply@github.com>2018-03-03 13:40:00 -0500
commit43a9a781a443a6b9296431fbcc4285b3ca6a1a57 (patch)
treed4bf067aeedcebbdc3d160eca6aa1a7c7d1bfa00 /lib
parentee00da01d2e4cc455b92f1f4a7c9142c73048433 (diff)
parent65e2a4645e086110072efed5b3d4d1434c933e04 (diff)
Merge pull request #377 from glitch-soc/merge-upstream
hhhhhhhhhnnnnnnnnnnnghh!!!!!
Diffstat (limited to 'lib')
-rw-r--r--lib/devise/ldap_authenticatable.rb49
-rw-r--r--lib/mastodon/version.rb4
-rw-r--r--lib/tasks/mastodon.rake18
3 files changed, 63 insertions, 8 deletions
diff --git a/lib/devise/ldap_authenticatable.rb b/lib/devise/ldap_authenticatable.rb
new file mode 100644
index 000000000..531abdbbe
--- /dev/null
+++ b/lib/devise/ldap_authenticatable.rb
@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+if ENV['LDAP_ENABLED'] == 'true'
+  require 'net/ldap'
+  require 'devise/strategies/authenticatable'
+
+  module Devise
+    module Strategies
+      class LdapAuthenticatable < Authenticatable
+        def authenticate!
+          if params[:user]
+            ldap = Net::LDAP.new(
+              host: Devise.ldap_host,
+              port: Devise.ldap_port,
+              base: Devise.ldap_base,
+              encryption: {
+                method: Devise.ldap_method,
+                tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS,
+              },
+              auth: {
+                method: :simple,
+                username: Devise.ldap_bind_dn,
+                password: Devise.ldap_password,
+              },
+              connect_timeout: 10
+            )
+
+            if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password))
+              user = User.ldap_get_user(user_info.first)
+              success!(user)
+            else
+              return fail(:invalid_login)
+            end
+          end
+        end
+
+        def email
+          params[:user][:email]
+        end
+
+        def password
+          params[:user][:password]
+        end
+      end
+    end
+  end
+
+  Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)
+end
diff --git a/lib/mastodon/version.rb b/lib/mastodon/version.rb
index 3a67bfb23..4150b39b6 100644
--- a/lib/mastodon/version.rb
+++ b/lib/mastodon/version.rb
@@ -9,7 +9,7 @@ module Mastodon
     end
 
     def minor
-      2
+      3
     end
 
     def patch
@@ -21,7 +21,7 @@ module Mastodon
     end
 
     def flags
-      ''
+      'rc1'
     end
 
     def to_a
diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake
index d2e4f38a9..9202b4839 100644
--- a/lib/tasks/mastodon.rake
+++ b/lib/tasks/mastodon.rake
@@ -23,7 +23,7 @@ namespace :mastodon do
       prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
       env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
 
-      %w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key|
+      %w(SECRET_KEY_BASE OTP_SECRET).each do |key|
         env[key] = SecureRandom.hex(64)
       end
 
@@ -476,8 +476,10 @@ namespace :mastodon do
       time_ago = ENV.fetch('NUM_DAYS') { 7 }.to_i.days.ago
 
       MediaAttachment.where.not(remote_url: '').where.not(file_file_name: nil).where('created_at < ?', time_ago).find_each do |media|
-        media.file.destroy
-        media.save
+        if media.file.exists?
+          media.file.destroy
+          media.save
+        end
       end
     end
 
@@ -494,9 +496,13 @@ namespace :mastodon do
       accounts = accounts.where(domain: ENV['DOMAIN']) if ENV['DOMAIN'].present?
 
       accounts.find_each do |account|
-        account.reset_avatar!
-        account.reset_header!
-        account.save
+        begin
+          account.reset_avatar!
+          account.reset_header!
+          account.save
+        rescue Paperclip::Error
+          puts "Error resetting avatar and header for account #{username}@#{domain}"
+        end
       end
     end
   end