diff options
-rw-r--r-- | Gemfile | 4 | ||||
-rw-r--r-- | Gemfile.lock | 4 | ||||
-rw-r--r-- | app/models/user.rb | 32 | ||||
-rw-r--r-- | config/application.rb | 2 |
4 files changed, 24 insertions, 18 deletions
diff --git a/Gemfile b/Gemfile index 3fce2ddc7..fe5bf572c 100644 --- a/Gemfile +++ b/Gemfile @@ -32,7 +32,9 @@ gem 'cld3', '~> 3.2.0' gem 'devise', '~> 4.4' gem 'devise-two-factor', '~> 3.0' -gem 'devise_pam_authenticatable2', '~> 8.0', install_if: -> { ENV['PAM_ENABLED'] == 'true' } +group :pam_authentication, optional: true do + gem 'devise_pam_authenticatable2', '~> 9.0' +end gem 'net-ldap', '~> 0.10' gem 'omniauth-cas', '~> 1.1' gem 'omniauth-saml', '~> 1.10' diff --git a/Gemfile.lock b/Gemfile.lock index 0640b140b..ca6365c74 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -141,7 +141,7 @@ GEM devise (~> 4.0) railties (< 5.2) rotp (~> 2.0) - devise_pam_authenticatable2 (8.0.1) + devise_pam_authenticatable2 (9.0.0) devise (>= 4.0.0) rpam2 (~> 3.0) diff-lcs (1.3) @@ -631,7 +631,7 @@ DEPENDENCIES climate_control (~> 0.2) devise (~> 4.4) devise-two-factor (~> 3.0) - devise_pam_authenticatable2 (~> 8.0) + devise_pam_authenticatable2 (~> 9.0) doorkeeper (~> 4.2) dotenv-rails (~> 2.2) fabrication (~> 2.18) diff --git a/app/models/user.rb b/app/models/user.rb index b716c13fd..2d5f145fa 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -52,6 +52,8 @@ class User < ApplicationRecord devise :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable + devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true' + devise :omniauthable belongs_to :account, inverse_of: :user @@ -96,7 +98,7 @@ class User < ApplicationRecord def pam_conflict? return false unless Devise.pam_authentication - encrypted_password.present? && is_pam_account? + encrypted_password.present? && pam_managed_user? end def pam_get_name @@ -267,22 +269,22 @@ class User < ApplicationRecord end def self.pam_get_user(attributes = {}) - if attributes[:email] - resource = - if Devise.check_at_sign && !attributes[:email].index('@') - joins(:account).find_by(accounts: { username: attributes[:email] }) - else - find_by(email: attributes[:email]) - end - - if resource.blank? - resource = new(email: attributes[:email]) - if Devise.check_at_sign && !resource[:email].index('@') - resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" - end + return nil unless attributes[:email] + resource = + if Devise.check_at_sign && !attributes[:email].index('@') + joins(:account).find_by(accounts: { username: attributes[:email] }) + else + find_by(email: attributes[:email]) + end + + if resource.blank? + resource = new(email: attributes[:email]) + if Devise.check_at_sign && !resource[:email].index('@') + resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false) + resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email] end - resource end + resource end def self.ldap_get_user(attributes = {}) diff --git a/config/application.rb b/config/application.rb index 097cbf567..326a0ec8c 100644 --- a/config/application.rb +++ b/config/application.rb @@ -16,6 +16,8 @@ require_relative '../lib/devise/ldap_authenticatable' Dotenv::Railtie.load +Bundler.require(:pam_authentication) if ENV['PAM_ENABLED'] == 'true' + require_relative '../lib/mastodon/redis_config' module Mastodon |