From 26f21fd5a03b1c6407cd81c58481288d06958ad3 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 4 Feb 2018 05:42:13 +0100 Subject: CAS + SAML authentication feature (#6425) * Cas authentication feature * Config * Remove class_eval + Omniauth initializer * Codeclimate review * Codeclimate review 2 * Codeclimate review 3 * Remove uid/email reconciliation * SAML authentication * Clean up code * Improve login form * Fix code style issues * Add locales --- app/controllers/auth/confirmations_controller.rb | 24 +++++++ .../auth/omniauth_callbacks_controller.rb | 33 +++++++++ app/javascript/styles/mastodon/forms.scss | 18 +++++ app/models/concerns/omniauthable.rb | 81 ++++++++++++++++++++++ app/models/identity.rb | 22 ++++++ app/models/user.rb | 2 + .../auth/confirmations/finish_signup.html.haml | 14 ++++ app/views/auth/sessions/new.html.haml | 9 +++ 8 files changed, 203 insertions(+) create mode 100644 app/controllers/auth/omniauth_callbacks_controller.rb create mode 100644 app/models/concerns/omniauthable.rb create mode 100644 app/models/identity.rb create mode 100644 app/views/auth/confirmations/finish_signup.html.haml (limited to 'app') diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb index 2fdb281f4..a240425cd 100644 --- a/app/controllers/auth/confirmations_controller.rb +++ b/app/controllers/auth/confirmations_controller.rb @@ -2,4 +2,28 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController layout 'auth' + + before_action :set_user, only: [:finish_signup] + + # GET/PATCH /users/:id/finish_signup + def finish_signup + return unless request.patch? && params[:user] + if @user.update(user_params) + @user.skip_reconfirmation! + sign_in(@user, bypass: true) + redirect_to root_path, notice: I18n.t('devise.confirmations.send_instructions') + else + @show_errors = true + end + end + + private + + def set_user + @user = current_user + end + + def user_params + params.require(:user).permit(:email) + end end diff --git a/app/controllers/auth/omniauth_callbacks_controller.rb b/app/controllers/auth/omniauth_callbacks_controller.rb new file mode 100644 index 000000000..bbf63bed3 --- /dev/null +++ b/app/controllers/auth/omniauth_callbacks_controller.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController + skip_before_action :verify_authenticity_token + + def self.provides_callback_for(provider) + provider_id = provider.to_s.chomp '_oauth2' + + define_method provider do + @user = User.find_for_oauth(request.env['omniauth.auth'], current_user) + + if @user.persisted? + sign_in_and_redirect @user, event: :authentication + set_flash_message(:notice, :success, kind: provider_id.capitalize) if is_navigational_format? + else + session["devise.#{provider}_data"] = request.env['omniauth.auth'] + redirect_to new_user_registration_url + end + end + end + + Devise.omniauth_configs.each_key do |provider| + provides_callback_for provider + end + + def after_sign_in_path_for(resource) + if resource.email_verified? + root_path + else + finish_signup_path + end + end +end diff --git a/app/javascript/styles/mastodon/forms.scss b/app/javascript/styles/mastodon/forms.scss index 2bef53cff..dec7d2284 100644 --- a/app/javascript/styles/mastodon/forms.scss +++ b/app/javascript/styles/mastodon/forms.scss @@ -568,3 +568,21 @@ code { margin-bottom: 4px; } } + +.alternative-login { + margin-top: 20px; + margin-bottom: 20px; + + h4 { + font-size: 16px; + color: $ui-base-lighter-color; + text-align: center; + margin-bottom: 20px; + border: 0; + padding: 0; + } + + .button { + display: block; + } +} diff --git a/app/models/concerns/omniauthable.rb b/app/models/concerns/omniauthable.rb new file mode 100644 index 000000000..a3d55108d --- /dev/null +++ b/app/models/concerns/omniauthable.rb @@ -0,0 +1,81 @@ +# frozen_string_literal: true + +module Omniauthable + extend ActiveSupport::Concern + + TEMP_EMAIL_PREFIX = 'change@me' + TEMP_EMAIL_REGEX = /\Achange@me/ + + included do + def omniauth_providers + Devise.omniauth_configs.keys + end + + def email_verified? + email && email !~ TEMP_EMAIL_REGEX + end + end + + class_methods do + def find_for_oauth(auth, signed_in_resource = nil) + # EOLE-SSO Patch + auth.uid = (auth.uid[0][:uid] || auth.uid[0][:user]) if auth.uid.is_a? Hashie::Array + identity = Identity.find_for_oauth(auth) + + # If a signed_in_resource is provided it always overrides the existing user + # to prevent the identity being locked with accidentally created accounts. + # Note that this may leave zombie accounts (with no associated identity) which + # can be cleaned up at a later date. + user = signed_in_resource ? signed_in_resource : identity.user + user = create_for_oauth(auth) if user.nil? + + if identity.user.nil? + identity.user = user + identity.save! + end + + user + end + + def create_for_oauth(auth) + # Check if the user exists with provided email if the provider gives us a + # verified email. If no verified email was provided or the user already + # exists, we assign a temporary email and ask the user to verify it on + # the next step via Auth::ConfirmationsController.finish_signup + + user = User.new(user_params_from_auth(auth)) + user.account.avatar_remote_url = auth.info.image if auth.info.image =~ /\A#{URI.regexp(%w(http https))}\z/ + user.skip_confirmation! + user.save! + user + end + + private + + def user_params_from_auth(auth) + email_is_verified = auth.info.email && (auth.info.verified || auth.info.verified_email) + email = auth.info.email if email_is_verified && !User.exists?(email: auth.info.email) + + { + email: email ? email : "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com", + password: Devise.friendly_token[0, 20], + account_attributes: { + username: ensure_unique_username(auth.uid), + display_name: [auth.info.first_name, auth.info.last_name].join(' '), + }, + } + end + + def ensure_unique_username(starting_username) + username = starting_username + i = 0 + + while Account.exists?(username: username) + i += 1 + username = "#{starting_username}_#{i}" + end + + username + end + end +end diff --git a/app/models/identity.rb b/app/models/identity.rb new file mode 100644 index 000000000..a5e0c09ec --- /dev/null +++ b/app/models/identity.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true +# == Schema Information +# +# Table name: identities +# +# id :integer not null, primary key +# user_id :integer +# provider :string default(""), not null +# uid :string default(""), not null +# created_at :datetime not null +# updated_at :datetime not null +# + +class Identity < ApplicationRecord + belongs_to :user, dependent: :destroy + validates :uid, presence: true, uniqueness: { scope: :provider } + validates :provider, presence: true + + def self.find_for_oauth(auth) + find_or_create_by(uid: auth.uid, provider: auth.provider) + end +end diff --git a/app/models/user.rb b/app/models/user.rb index fa4ebfc71..fba478453 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -39,6 +39,7 @@ class User < ApplicationRecord include Settings::Extend + include Omniauthable ACTIVE_DURATION = 14.days @@ -52,6 +53,7 @@ class User < ApplicationRecord :confirmable devise :pam_authenticatable + devise :omniauthable belongs_to :account, inverse_of: :user belongs_to :invite, counter_cache: :uses, optional: true diff --git a/app/views/auth/confirmations/finish_signup.html.haml b/app/views/auth/confirmations/finish_signup.html.haml new file mode 100644 index 000000000..4b5161d6b --- /dev/null +++ b/app/views/auth/confirmations/finish_signup.html.haml @@ -0,0 +1,14 @@ +- content_for :page_title do + = t('auth.confirm_email') + += simple_form_for(current_user, as: 'user', url: finish_signup_path, html: { role: 'form'}) do |f| + - if @show_errors && current_user.errors.any? + #error_explanation + - current_user.errors.full_messages.each do |msg| + = msg + %br + + = f.input :email + + .actions + = f.submit t('auth.confirm_email'), class: 'button' diff --git a/app/views/auth/sessions/new.html.haml b/app/views/auth/sessions/new.html.haml index 3edb0d2d4..1c3a0b6b4 100644 --- a/app/views/auth/sessions/new.html.haml +++ b/app/views/auth/sessions/new.html.haml @@ -14,4 +14,13 @@ .actions = f.button :button, t('auth.login'), type: :submit +- if devise_mapping.omniauthable? and resource_class.omniauth_providers.any? + .simple_form.alternative-login + %h4= t('auth.or_log_in_with') + + .actions + - resource_class.omniauth_providers.each do |provider| + = link_to omniauth_authorize_path(resource_name, provider), class: "button button-#{provider}" do + = t("auth.providers.#{provider}", default: provider.to_s.chomp("_oauth2").capitalize) + .form-footer= render 'auth/shared/links' -- cgit From 4e4f1b0dcb386464d653fcce765ca775e566a03c Mon Sep 17 00:00:00 2001 From: "Renato \"Lond\" Cerqueira" Date: Sun, 4 Feb 2018 06:00:10 +0100 Subject: Add option to show only local toots in timeline preview (#6292) * Add option to show only local toots in timeline preview Right know, toots from all the known fediverse are shown in the main page of an instance. That however doesn't reflect the instance itself. With this option the admin may choose to display only local toots so that users checking the instance get a better idea of internal conversations. * Fix issues pointed by codeclimate and eslint * Add default message for community timeline * Update pl.yml --- app/controllers/about_controller.rb | 2 +- app/controllers/admin/settings_controller.rb | 2 + .../mastodon/containers/timeline_container.js | 12 +++- .../standalone/community_timeline/index.js | 74 ++++++++++++++++++++++ .../mastodon/locales/defaultMessages.json | 9 +++ app/models/form/admin_settings.rb | 2 + app/views/admin/settings/edit.html.haml | 3 + config/locales/en.yml | 3 + config/locales/pl.yml | 3 + config/locales/pt-BR.yml | 3 + config/settings.yml | 1 + 11 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 app/javascript/mastodon/features/standalone/community_timeline/index.js (limited to 'app') diff --git a/app/controllers/about_controller.rb b/app/controllers/about_controller.rb index 47690e81e..4ffdfb685 100644 --- a/app/controllers/about_controller.rb +++ b/app/controllers/about_controller.rb @@ -31,7 +31,7 @@ class AboutController < ApplicationController def initial_state_params { - settings: {}, + settings: { known_fediverse: Setting.show_known_fediverse_at_about_page }, token: current_session&.token, } end diff --git a/app/controllers/admin/settings_controller.rb b/app/controllers/admin/settings_controller.rb index 487282dc3..a6214dc3f 100644 --- a/app/controllers/admin/settings_controller.rb +++ b/app/controllers/admin/settings_controller.rb @@ -19,6 +19,7 @@ module Admin min_invite_role activity_api_enabled peers_api_enabled + show_known_fediverse_at_about_page ).freeze BOOLEAN_SETTINGS = %w( @@ -28,6 +29,7 @@ module Admin show_staff_badge activity_api_enabled peers_api_enabled + show_known_fediverse_at_about_page ).freeze UPLOAD_SETTINGS = %w( diff --git a/app/javascript/mastodon/containers/timeline_container.js b/app/javascript/mastodon/containers/timeline_container.js index e84c921ee..8719bb5c9 100644 --- a/app/javascript/mastodon/containers/timeline_container.js +++ b/app/javascript/mastodon/containers/timeline_container.js @@ -6,6 +6,7 @@ import { hydrateStore } from '../actions/store'; import { IntlProvider, addLocaleData } from 'react-intl'; import { getLocale } from '../locales'; import PublicTimeline from '../features/standalone/public_timeline'; +import CommunityTimeline from '../features/standalone/community_timeline'; import HashtagTimeline from '../features/standalone/hashtag_timeline'; import initialState from '../initial_state'; @@ -23,17 +24,24 @@ export default class TimelineContainer extends React.PureComponent { static propTypes = { locale: PropTypes.string.isRequired, hashtag: PropTypes.string, + showPublicTimeline: PropTypes.bool.isRequired, + }; + + static defaultProps = { + showPublicTimeline: initialState.settings.known_fediverse, }; render () { - const { locale, hashtag } = this.props; + const { locale, hashtag, showPublicTimeline } = this.props; let timeline; if (hashtag) { timeline = ; - } else { + } else if (showPublicTimeline) { timeline = ; + } else { + timeline = ; } return ( diff --git a/app/javascript/mastodon/features/standalone/community_timeline/index.js b/app/javascript/mastodon/features/standalone/community_timeline/index.js new file mode 100644 index 000000000..51e50e1f5 --- /dev/null +++ b/app/javascript/mastodon/features/standalone/community_timeline/index.js @@ -0,0 +1,74 @@ +import React from 'react'; +import { connect } from 'react-redux'; +import PropTypes from 'prop-types'; +import StatusListContainer from '../../ui/containers/status_list_container'; +import { + refreshCommunityTimeline, + expandCommunityTimeline, +} from '../../../actions/timelines'; +import Column from '../../../components/column'; +import ColumnHeader from '../../../components/column_header'; +import { defineMessages, injectIntl } from 'react-intl'; +import { connectCommunityStream } from '../../../actions/streaming'; + +const messages = defineMessages({ + title: { id: 'standalone.public_title', defaultMessage: 'A look inside...' }, +}); + +@connect() +@injectIntl +export default class CommunityTimeline extends React.PureComponent { + + static propTypes = { + dispatch: PropTypes.func.isRequired, + intl: PropTypes.object.isRequired, + }; + + handleHeaderClick = () => { + this.column.scrollTop(); + } + + setRef = c => { + this.column = c; + } + + componentDidMount () { + const { dispatch } = this.props; + + dispatch(refreshCommunityTimeline()); + this.disconnect = dispatch(connectCommunityStream()); + } + + componentWillUnmount () { + if (this.disconnect) { + this.disconnect(); + this.disconnect = null; + } + } + + handleLoadMore = () => { + this.props.dispatch(expandCommunityTimeline()); + } + + render () { + const { intl } = this.props; + + return ( + + + + + + ); + } + +} diff --git a/app/javascript/mastodon/locales/defaultMessages.json b/app/javascript/mastodon/locales/defaultMessages.json index 9a46927c1..2788a7a14 100644 --- a/app/javascript/mastodon/locales/defaultMessages.json +++ b/app/javascript/mastodon/locales/defaultMessages.json @@ -1230,6 +1230,15 @@ ], "path": "app/javascript/mastodon/features/public_timeline/index.json" }, + { + "descriptors": [ + { + "defaultMessage": "A look inside...", + "id": "standalone.public_title" + } + ], + "path": "app/javascript/mastodon/features/standalone/community_timeline/index.json" + }, { "descriptors": [ { diff --git a/app/models/form/admin_settings.rb b/app/models/form/admin_settings.rb index dd629279c..32922e7f1 100644 --- a/app/models/form/admin_settings.rb +++ b/app/models/form/admin_settings.rb @@ -34,6 +34,8 @@ class Form::AdminSettings :activity_api_enabled=, :peers_api_enabled, :peers_api_enabled=, + :show_known_fediverse_at_about_page, + :show_known_fediverse_at_about_page=, to: Setting ) end diff --git a/app/views/admin/settings/edit.html.haml b/app/views/admin/settings/edit.html.haml index 4f9115ed2..73fd5642e 100644 --- a/app/views/admin/settings/edit.html.haml +++ b/app/views/admin/settings/edit.html.haml @@ -18,6 +18,9 @@ .fields-group = f.input :timeline_preview, as: :boolean, wrapper: :with_label, label: t('admin.settings.timeline_preview.title'), hint: t('admin.settings.timeline_preview.desc_html') + .fields-group + = f.input :show_known_fediverse_at_about_page, as: :boolean, wrapper: :with_label, label: t('admin.settings.show_known_fediverse_at_about_page.title'), hint: t('admin.settings.show_known_fediverse_at_about_page.desc_html') + .fields-group = f.input :show_staff_badge, as: :boolean, wrapper: :with_label, label: t('admin.settings.show_staff_badge.title'), hint: t('admin.settings.show_staff_badge.desc_html') diff --git a/config/locales/en.yml b/config/locales/en.yml index 6805a6e87..5cd3b08cf 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -290,6 +290,9 @@ en: open: desc_html: Allow anyone to create an account title: Open registration + show_known_fediverse_at_about_page: + desc_html: When toggled, it will show toots from all the known fediverse on preview. Otherwise it will only show local toots. + title: Show known fediverse on timeline preview show_staff_badge: desc_html: Show a staff badge on a user page title: Show staff badge diff --git a/config/locales/pl.yml b/config/locales/pl.yml index a66710800..633850b28 100644 --- a/config/locales/pl.yml +++ b/config/locales/pl.yml @@ -291,6 +291,9 @@ pl: open: desc_html: Pozwól każdemu na założenie konta title: Otwarta rejestracja + show_known_fediverse_at_about_page: + desc_html: Jeśli włączone, podgląd instancji będzie wyświetlał wpisy z całego Fediwersum. W innym przypadku, będą wyświetlane tylko lokalne wpisy. + title: Pokazuj wszystkie znane wpisy na podglądzie instancji show_staff_badge: desc_html: Pokazuj odznakę uprawnień na stronie profilu użytkownika title: Pokazuj odznakę administracji diff --git a/config/locales/pt-BR.yml b/config/locales/pt-BR.yml index 82c96c92b..31481ced4 100644 --- a/config/locales/pt-BR.yml +++ b/config/locales/pt-BR.yml @@ -290,6 +290,9 @@ pt-BR: open: desc_html: Permitir que qualquer um crie uma conta title: Cadastro aberto + show_known_fediverse_at_about_page: + desc_html: Quando ligado, vai mostrar toots de todo o fediverso conhecido na prévia da timeline. Senão, mostra somente toots locais. + title: Mostrar fediverso conhecido na prévia da timeline show_staff_badge: desc_html: Mostrar uma insígnia de Equipe na página de usuário title: Mostrar insígnia de equipe diff --git a/config/settings.yml b/config/settings.yml index 4a2519464..32d0687ce 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -49,6 +49,7 @@ defaults: &defaults bootstrap_timeline_accounts: '' activity_api_enabled: true peers_api_enabled: true + show_known_fediverse_at_about_page: true development: <<: *defaults -- cgit From c156a83e7d4458355e7ab60ee118ca8c09b80ece Mon Sep 17 00:00:00 2001 From: abcang Date: Sun, 4 Feb 2018 20:31:46 +0900 Subject: Make sure status is not nil (#6428) --- app/mailers/notification_mailer.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'app') diff --git a/app/mailers/notification_mailer.rb b/app/mailers/notification_mailer.rb index 9fed4a636..b45844296 100644 --- a/app/mailers/notification_mailer.rb +++ b/app/mailers/notification_mailer.rb @@ -9,7 +9,7 @@ class NotificationMailer < ApplicationMailer @me = recipient @status = notification.target_status - return if @me.user.disabled? + return if @me.user.disabled? || @status.nil? locale_for_account(@me) do thread_by_conversation(@status.conversation) @@ -33,7 +33,7 @@ class NotificationMailer < ApplicationMailer @account = notification.from_account @status = notification.target_status - return if @me.user.disabled? + return if @me.user.disabled? || @status.nil? locale_for_account(@me) do thread_by_conversation(@status.conversation) @@ -46,7 +46,7 @@ class NotificationMailer < ApplicationMailer @account = notification.from_account @status = notification.target_status - return if @me.user.disabled? + return if @me.user.disabled? || @status.nil? locale_for_account(@me) do thread_by_conversation(@status.conversation) -- cgit From 3f35d4322266ee6f1bfab73a1161af2b0848573a Mon Sep 17 00:00:00 2001 From: abcang Date: Sun, 4 Feb 2018 20:32:10 +0900 Subject: Exclude nil from relationships array (#6427) --- app/controllers/api/v1/accounts/relationships_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app') diff --git a/app/controllers/api/v1/accounts/relationships_controller.rb b/app/controllers/api/v1/accounts/relationships_controller.rb index 91a942d75..6cc3da498 100644 --- a/app/controllers/api/v1/accounts/relationships_controller.rb +++ b/app/controllers/api/v1/accounts/relationships_controller.rb @@ -10,7 +10,7 @@ class Api::V1::Accounts::RelationshipsController < Api::BaseController accounts = Account.where(id: account_ids).select('id') # .where doesn't guarantee that our results are in the same order # we requested them, so return the "right" order to the requestor. - @accounts = accounts.index_by(&:id).values_at(*account_ids) + @accounts = accounts.index_by(&:id).values_at(*account_ids).compact render json: @accounts, each_serializer: REST::RelationshipSerializer, relationships: relationships end -- cgit From 9b6223f5e26ed53f285a95921e9c660e831a7f6d Mon Sep 17 00:00:00 2001 From: abcang Date: Sun, 4 Feb 2018 20:32:41 +0900 Subject: Validation of count works even when text of status is nil (#6429) --- app/validators/status_length_validator.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app') diff --git a/app/validators/status_length_validator.rb b/app/validators/status_length_validator.rb index 77be3f1f5..ed5563f64 100644 --- a/app/validators/status_length_validator.rb +++ b/app/validators/status_length_validator.rb @@ -23,6 +23,8 @@ class StatusLengthValidator < ActiveModel::Validator end def countable_text(status) + return '' if status.text.nil? + status.text.dup.tap do |new_text| new_text.gsub!(FetchLinkCardService::URL_PATTERN, 'x' * 23) new_text.gsub!(Account::MENTION_RE, '@\2') -- cgit From 38e0133e1b01c21a710111097102a6eb205b9b9b Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Sun, 4 Feb 2018 15:05:53 +0100 Subject: Make PAM gem optional, allow configuration over environment (#6415) --- .env.production.sample | 9 +++++++++ Gemfile | 2 +- app/models/user.rb | 2 +- config/initializers/devise.rb | 27 +++++++++------------------ 4 files changed, 20 insertions(+), 20 deletions(-) (limited to 'app') diff --git a/.env.production.sample b/.env.production.sample index 777336de1..a4b689a31 100644 --- a/.env.production.sample +++ b/.env.production.sample @@ -136,6 +136,15 @@ STREAMING_CLUSTER_NUM=1 # UID=1000 # GID=1000 +# PAM authentication (optional) +# PAM_ENABLED=true +# Suffix for email address generation (nil by default) +# PAM_DEFAULT_SUFFIX=pam +# Name of the pam service (pam "auth" section is evaluated) +# PAM_DEFAULT_SERVICE=rpam +# Name of the pam service used for checking if an user can register (pam "account" section is evaluated) +# PAM_CONTROLLED_SERVICE=rpam + # Optional CAS authentication (cf. omniauth-cas) : # CAS_ENABLED=true # CAS_URL=https://sso.myserver.com/ diff --git a/Gemfile b/Gemfile index 5b6ae707d..3b39f3946 100644 --- a/Gemfile +++ b/Gemfile @@ -31,7 +31,7 @@ gem 'cld3', '~> 3.2.0' gem 'devise', '~> 4.4' gem 'devise-two-factor', '~> 3.0' -gem 'devise_pam_authenticatable2', '~> 8.0' +gem 'devise_pam_authenticatable2', '~> 8.0', install_if: -> { ENV['PAM_ENABLED'] == 'true' } gem 'omniauth-cas', '~> 1.1', install_if: -> { ENV['CAS_ENABLED'] == 'true' } gem 'omniauth-saml', '~> 1.8', install_if: -> { ENV['SAML_ENABLED'] == 'true' } gem 'omniauth', '~> 1.2' diff --git a/app/models/user.rb b/app/models/user.rb index fba478453..feaf8b26c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -52,7 +52,7 @@ class User < ApplicationRecord devise :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable - devise :pam_authenticatable + devise :pam_authenticatable if Devise.pam_authentication devise :omniauthable belongs_to :account, inverse_of: :user diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index f2f7f1ba3..ba7ad9e6c 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -315,22 +315,13 @@ Devise.setup do |config| # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' - # PAM: only look for email field - config.usernamefield = nil - config.emailfield = "email" - - # authentication with pam possible - # if not enabled, all pam settings are ignored - #config.pam_authentication = true - # check if email is actually a username - config.check_at_sign = true - # suffix for email address generation (warning: without pam must provide email in the pam environment) - config.pam_default_suffix = "pam" - # name of the pam service - # pam "auth" section is evaluated - config.pam_default_service = "rpam" - # name of the pam service used for checking if an user can register - # pam "account" section is evaluated - # nil for allowing registration of pam names (not recommended) - config.pam_controlled_service = "rpam" + if ENV['PAM_ENABLED'] == 'true' + config.pam_authentication = true + config.usernamefield = nil + config.emailfield = 'email' + config.check_at_sign = true + config.pam_default_suffix = ENV.fetch('PAM_DEFAULT_SUFFIX') { nil } + config.pam_default_service = ENV.fetch('PAM_DEFAULT_SERVICE') { 'rpam' } + config.pam_controlled_service = ENV.fetch('PAM_CONTROLLED_SERVICE') { 'rpam' } + end end -- cgit