From a1f04c1e3497e9dff5970038461d9f454f2650df Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 24 Sep 2019 04:35:36 +0200
Subject: Fix authentication before 2FA challenge (#11943)

Regression from #11831
---
 lib/devise/two_factor_pam_authenticatable.rb | 31 ++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 lib/devise/two_factor_pam_authenticatable.rb

(limited to 'lib/devise/two_factor_pam_authenticatable.rb')

diff --git a/lib/devise/two_factor_pam_authenticatable.rb b/lib/devise/two_factor_pam_authenticatable.rb
new file mode 100644
index 000000000..5ce723b33
--- /dev/null
+++ b/lib/devise/two_factor_pam_authenticatable.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    class TwoFactorPamAuthenticatable < Base
+      def valid?
+        valid_params? && mapping.to.respond_to?(:authenticate_with_pam)
+      end
+
+      def authenticate!
+        resource = mapping.to.authenticate_with_pam(params[scope])
+
+        if resource && !resource.otp_required_for_login?
+          success!(resource)
+        else
+          fail(:invalid)
+        end
+      end
+
+      protected
+
+      def valid_params?
+        params[scope] && params[scope][:password].present?
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:two_factor_pam_authenticatable, Devise::Strategies::TwoFactorPamAuthenticatable)
-- 
cgit