From 61dcb686a8f0a3272e2948c9a072aa58593a7409 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Wed, 21 Mar 2018 00:36:20 +0900 Subject: Fix i18n fallback configuration conflicts with environment configurations (#6843) --- config/application.rb | 4 +--- config/environments/production.rb | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) (limited to 'config') diff --git a/config/application.rb b/config/application.rb index 326a0ec8c..385bd4704 100644 --- a/config/application.rb +++ b/config/application.rb @@ -76,9 +76,7 @@ module Mastodon ] config.i18n.default_locale = ENV['DEFAULT_LOCALE']&.to_sym - if config.i18n.available_locales.include?(config.i18n.default_locale) - config.i18n.fallbacks = [:en] - else + unless config.i18n.available_locales.include?(config.i18n.default_locale) config.i18n.default_locale = :en end diff --git a/config/environments/production.rb b/config/environments/production.rb index 3136a40fc..f372cd363 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -55,8 +55,8 @@ Rails.application.configure do # config.action_mailer.raise_delivery_errors = false # Enable locale fallbacks for I18n (makes lookups for any locale fall back to - # the I18n.default_locale when a translation cannot be found). - config.i18n.fallbacks = true + # English when a translation cannot be found). + config.i18n.fallbacks = [:en] # Send deprecation notices to registered listeners. config.active_support.deprecation = :notify -- cgit From ac49c7932d848fbb946c37a69f42b7dbc774c56c Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 20 Mar 2018 19:41:51 +0100 Subject: Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845) Fix #6816, fix #6790 --- config/initializers/devise.rb | 3 ++ lib/devise/ldap_authenticatable.rb | 76 ++++++++++++++++++++------------------ 2 files changed, 43 insertions(+), 36 deletions(-) (limited to 'config') diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 97757d0fb..e0d263f16 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -55,6 +55,8 @@ module Devise @@ldap_bind_dn = nil mattr_accessor :ldap_password @@ldap_password = nil + mattr_accessor :ldap_tls_no_verify + @@ldap_tls_no_verify = false class Strategies::PamAuthenticatable def valid? @@ -357,5 +359,6 @@ Devise.setup do |config| config.ldap_bind_dn = ENV.fetch('LDAP_BIND_DN') config.ldap_password = ENV.fetch('LDAP_PASSWORD') config.ldap_uid = ENV.fetch('LDAP_UID', 'cn') + config.ldap_tls_no_verify = ENV['LDAP_TLS_NO_VERIFY'] == 'true' end end diff --git a/lib/devise/ldap_authenticatable.rb b/lib/devise/ldap_authenticatable.rb index 531abdbbe..ef786fbb7 100644 --- a/lib/devise/ldap_authenticatable.rb +++ b/lib/devise/ldap_authenticatable.rb @@ -1,49 +1,53 @@ # frozen_string_literal: true -if ENV['LDAP_ENABLED'] == 'true' - require 'net/ldap' - require 'devise/strategies/authenticatable' +require 'net/ldap' +require 'devise/strategies/authenticatable' - module Devise - module Strategies - class LdapAuthenticatable < Authenticatable - def authenticate! - if params[:user] - ldap = Net::LDAP.new( - host: Devise.ldap_host, - port: Devise.ldap_port, - base: Devise.ldap_base, - encryption: { - method: Devise.ldap_method, - tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, - }, - auth: { - method: :simple, - username: Devise.ldap_bind_dn, - password: Devise.ldap_password, - }, - connect_timeout: 10 - ) +module Devise + module Strategies + class LdapAuthenticatable < Authenticatable + def authenticate! + if params[:user] + ldap = Net::LDAP.new( + host: Devise.ldap_host, + port: Devise.ldap_port, + base: Devise.ldap_base, + encryption: { + method: Devise.ldap_method, + tls_options: tls_options, + }, + auth: { + method: :simple, + username: Devise.ldap_bind_dn, + password: Devise.ldap_password, + }, + connect_timeout: 10 + ) - if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password)) - user = User.ldap_get_user(user_info.first) - success!(user) - else - return fail(:invalid_login) - end + if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password)) + user = User.ldap_get_user(user_info.first) + success!(user) + else + return fail(:invalid_login) end end + end - def email - params[:user][:email] - end + def email + params[:user][:email] + end - def password - params[:user][:password] + def password + params[:user][:password] + end + + def tls_options + OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |options| + options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify end end end end - - Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable) end + +Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable) -- cgit