bugfixes and gem update (#6831)

* update to new version of devise_pam_authenticatable2

* fix behaviour if suffix is nil, fix environment loading, fix user email creation

* code cleanup/fix linter warning
pull/6834/merge
Alexander 2018-03-19 20:08:56 +01:00 committed by Eugen Rochko
parent 357f9298bd
commit 0306e3e9be
4 changed files with 24 additions and 18 deletions

View File

@ -32,7 +32,9 @@ gem 'cld3', '~> 3.2.0'
gem 'devise', '~> 4.4' gem 'devise', '~> 4.4'
gem 'devise-two-factor', '~> 3.0' gem 'devise-two-factor', '~> 3.0'
gem 'devise_pam_authenticatable2', '~> 8.0', install_if: -> { ENV['PAM_ENABLED'] == 'true' } group :pam_authentication, optional: true do
gem 'devise_pam_authenticatable2', '~> 9.0'
end
gem 'net-ldap', '~> 0.10' gem 'net-ldap', '~> 0.10'
gem 'omniauth-cas', '~> 1.1' gem 'omniauth-cas', '~> 1.1'
gem 'omniauth-saml', '~> 1.10' gem 'omniauth-saml', '~> 1.10'

View File

@ -141,7 +141,7 @@ GEM
devise (~> 4.0) devise (~> 4.0)
railties (< 5.2) railties (< 5.2)
rotp (~> 2.0) rotp (~> 2.0)
devise_pam_authenticatable2 (8.0.1) devise_pam_authenticatable2 (9.0.0)
devise (>= 4.0.0) devise (>= 4.0.0)
rpam2 (~> 3.0) rpam2 (~> 3.0)
diff-lcs (1.3) diff-lcs (1.3)
@ -631,7 +631,7 @@ DEPENDENCIES
climate_control (~> 0.2) climate_control (~> 0.2)
devise (~> 4.4) devise (~> 4.4)
devise-two-factor (~> 3.0) devise-two-factor (~> 3.0)
devise_pam_authenticatable2 (~> 8.0) devise_pam_authenticatable2 (~> 9.0)
doorkeeper (~> 4.2) doorkeeper (~> 4.2)
dotenv-rails (~> 2.2) dotenv-rails (~> 2.2)
fabrication (~> 2.18) fabrication (~> 2.18)

View File

@ -52,6 +52,8 @@ class User < ApplicationRecord
devise :registerable, :recoverable, :rememberable, :trackable, :validatable, devise :registerable, :recoverable, :rememberable, :trackable, :validatable,
:confirmable :confirmable
devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true'
devise :omniauthable devise :omniauthable
belongs_to :account, inverse_of: :user belongs_to :account, inverse_of: :user
@ -96,7 +98,7 @@ class User < ApplicationRecord
def pam_conflict? def pam_conflict?
return false unless Devise.pam_authentication return false unless Devise.pam_authentication
encrypted_password.present? && is_pam_account? encrypted_password.present? && pam_managed_user?
end end
def pam_get_name def pam_get_name
@ -267,22 +269,22 @@ class User < ApplicationRecord
end end
def self.pam_get_user(attributes = {}) def self.pam_get_user(attributes = {})
if attributes[:email] return nil unless attributes[:email]
resource = resource =
if Devise.check_at_sign && !attributes[:email].index('@') if Devise.check_at_sign && !attributes[:email].index('@')
joins(:account).find_by(accounts: { username: attributes[:email] }) joins(:account).find_by(accounts: { username: attributes[:email] })
else else
find_by(email: attributes[:email]) find_by(email: attributes[:email])
end end
if resource.blank? if resource.blank?
resource = new(email: attributes[:email]) resource = new(email: attributes[:email])
if Devise.check_at_sign && !resource[:email].index('@') if Devise.check_at_sign && !resource[:email].index('@')
resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
end resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]
end end
resource
end end
resource
end end
def self.ldap_get_user(attributes = {}) def self.ldap_get_user(attributes = {})

View File

@ -16,6 +16,8 @@ require_relative '../lib/devise/ldap_authenticatable'
Dotenv::Railtie.load Dotenv::Railtie.load
Bundler.require(:pam_authentication) if ENV['PAM_ENABLED'] == 'true'
require_relative '../lib/mastodon/redis_config' require_relative '../lib/mastodon/redis_config'
module Mastodon module Mastodon