From e1066cd4319a220d5be16e51ffaf5236a2f6e866 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Wed, 18 Sep 2019 16:37:27 +0200
Subject: Add password challenge to 2FA settings, e-mail notifications (#11878)

Fix #3961
---
 app/models/form/challenge.rb | 8 ++++++++
 app/models/user.rb           | 9 ++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100644 app/models/form/challenge.rb

(limited to 'app/models')

diff --git a/app/models/form/challenge.rb b/app/models/form/challenge.rb
new file mode 100644
index 000000000..40c99649c
--- /dev/null
+++ b/app/models/form/challenge.rb
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class Form::Challenge
+  include ActiveModel::Model
+
+  attr_accessor :current_password, :current_username,
+                :return_to
+end
diff --git a/app/models/user.rb b/app/models/user.rb
index 78b82a68f..b48455802 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -264,17 +264,20 @@ class User < ApplicationRecord
   end
 
   def password_required?
-    return false if Devise.pam_authentication || Devise.ldap_authentication
+    return false if external?
+
     super
   end
 
   def send_reset_password_instructions
-    return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication)
+    return false if encrypted_password.blank?
+
     super
   end
 
   def reset_password!(new_password, new_password_confirmation)
-    return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication)
+    return false if encrypted_password.blank?
+
     super
   end
 
-- 
cgit