3 files changed, 6 insertions, 12 deletions

diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 7784bec62..e03380cec 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -8,20 +8,15 @@ Doorkeeper.configure do
   end
 
   resource_owner_from_credentials do |_routes|
-    if Devise.ldap_authentication
-      user = User.authenticate_with_ldap({ :email => request.params[:username], :password => request.params[:password] })
-    end
-
-    if Devise.pam_authentication
-      user ||= User.authenticate_with_ldap({ :email => request.params[:username], :password => request.params[:password] })
-    end
+    user   = User.authenticate_with_ldap(email: request.params[:username], password: request.params[:password]) if Devise.ldap_authentication
+    user ||= User.authenticate_with_pam(email: request.params[:username], password: request.params[:password]) if Devise.pam_authentication
 
     if user.nil?
       user = User.find_by(email: request.params[:username])
-      user = nil unless user.valid_password?(request.params[:password])
+      user = nil unless user&.valid_password?(request.params[:password])
     end
 
-    user if !user&.otp_required_for_login?
+    user unless user&.otp_required_for_login?
   end
 
   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
diff --git a/config/initializers/paperclip.rb b/config/initializers/paperclip.rb
index 5109baff7..8909678d6 100644
--- a/config/initializers/paperclip.rb
+++ b/config/initializers/paperclip.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+Paperclip::DataUriAdapter.register
+
 Paperclip.interpolates :filename do |attachment, style|
   if style == :original
     attachment.original_filename
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index 273cac9ca..3cd7ea3a6 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -46,10 +46,7 @@ class Rack::Attack
 
   PROTECTED_PATHS_REGEX = Regexp.union(PROTECTED_PATHS.map { |path| /\A#{Regexp.escape(path)}/ })
 
-  # Always allow requests from localhost
-  # (blocklist & throttles are skipped)
   Rack::Attack.safelist('allow from localhost') do |req|
-    # Requests are allowed if the return value is truthy
     req.remote_ip == '127.0.0.1' || req.remote_ip == '::1'
   end