about summary refs log tree commit diff
path: root/config/initializers
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers')
-rw-r--r--config/initializers/devise.rb14
-rw-r--r--config/initializers/doorkeeper.rb16
-rw-r--r--config/initializers/paperclip.rb2
3 files changed, 28 insertions, 4 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index fd9a5a8b9..59e69ad37 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -53,6 +53,8 @@ module Devise
   @@ldap_base = nil
   mattr_accessor :ldap_uid
   @@ldap_uid = nil
+  mattr_accessor :ldap_mail
+  @@ldap_mail = nil
   mattr_accessor :ldap_bind_dn
   @@ldap_bind_dn = nil
   mattr_accessor :ldap_password
@@ -61,6 +63,12 @@ module Devise
   @@ldap_tls_no_verify = false
   mattr_accessor :ldap_search_filter
   @@ldap_search_filter = nil
+  mattr_accessor :ldap_uid_conversion_enabled
+  @@ldap_uid_conversion_enabled = false
+  mattr_accessor :ldap_uid_conversion_search
+  @@ldap_uid_conversion_search = nil
+  mattr_accessor :ldap_uid_conversion_replace
+  @@ldap_uid_conversion_replace = nil
 
   class Strategies::PamAuthenticatable
     def valid?
@@ -363,7 +371,11 @@ Devise.setup do |config|
     config.ldap_bind_dn        = ENV.fetch('LDAP_BIND_DN')
     config.ldap_password       = ENV.fetch('LDAP_PASSWORD')
     config.ldap_uid            = ENV.fetch('LDAP_UID', 'cn')
+    config.ldap_mail           = ENV.fetch('LDAP_MAIL', 'mail')
     config.ldap_tls_no_verify  = ENV['LDAP_TLS_NO_VERIFY'] == 'true'
-    config.ldap_search_filter  = ENV.fetch('LDAP_SEARCH_FILTER', '%{uid}=%{email}')
+    config.ldap_search_filter  = ENV.fetch('LDAP_SEARCH_FILTER', '(|(%{uid}=%{email})(%{mail}=%{email}))')
+    config.ldap_uid_conversion_enabled  = ENV['LDAP_UID_CONVERSION_ENABLED'] == 'true'
+    config.ldap_uid_conversion_search   = ENV.fetch('LDAP_UID_CONVERSION_SEARCH', '.,- ')
+    config.ldap_uid_conversion_replace  = ENV.fetch('LDAP_UID_CONVERSION_REPLACE', '_')
   end
 end
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index a5c9caa4a..7784bec62 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -8,8 +8,20 @@ Doorkeeper.configure do
   end
 
   resource_owner_from_credentials do |_routes|
-    user = User.find_by(email: request.params[:username])
-    user if !user&.otp_required_for_login? && user&.valid_password?(request.params[:password])
+    if Devise.ldap_authentication
+      user = User.authenticate_with_ldap({ :email => request.params[:username], :password => request.params[:password] })
+    end
+
+    if Devise.pam_authentication
+      user ||= User.authenticate_with_ldap({ :email => request.params[:username], :password => request.params[:password] })
+    end
+
+    if user.nil?
+      user = User.find_by(email: request.params[:username])
+      user = nil unless user.valid_password?(request.params[:password])
+    end
+
+    user if !user&.otp_required_for_login?
   end
 
   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
diff --git a/config/initializers/paperclip.rb b/config/initializers/paperclip.rb
index d3602e655..96607b7ce 100644
--- a/config/initializers/paperclip.rb
+++ b/config/initializers/paperclip.rb
@@ -42,7 +42,7 @@ if ENV['S3_ENABLED'] == 'true'
 
     s3_options: {
       signature_version: ENV.fetch('S3_SIGNATURE_VERSION') { 'v4' },
-      http_open_timeout: 5,
+      http_open_timeout: ENV.fetch('S3_OPEN_TIMEOUT'){ '5' }.to_i,
       http_read_timeout: 5,
       http_idle_timeout: 5,
       retry_limit: 0,