closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7896 Commits
4 Branches
567 MiB
Tree: 67bef15e53
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '67bef15e53'
${ noResults }
mastodon/lib/devise/ldap_authenticatable.rb

55 lines
1.4 KiB
Raw Normal View History

Fix #942: Seamless LDAP login (#6556)
6 years ago
Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845) Fix #6816, fix #6790
6 years ago
Fix #942: Seamless LDAP login (#6556)
6 years ago
Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845) Fix #6816, fix #6790
6 years ago
Fix #942: Seamless LDAP login (#6556)
6 years ago
Add ldap search filter (#8151)
5 years ago
Fix wrong string being used on login failure when using LDAP (#8534) Fix #8527
5 years ago
Add ldap search filter (#8151)
5 years ago
Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845) Fix #6816, fix #6790
6 years ago
Fix wrong string being used on login failure when using LDAP (#8534) Fix #8527
5 years ago
Fix #942: Seamless LDAP login (#6556)
6 years ago
Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845) Fix #6816, fix #6790
6 years ago
Fix #942: Seamless LDAP login (#6556)
6 years ago
Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845) Fix #6816, fix #6790
6 years ago
Fix #942: Seamless LDAP login (#6556)
6 years ago
Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845) Fix #6816, fix #6790
6 years ago
Fix #942: Seamless LDAP login (#6556)
6 years ago
Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845) Fix #6816, fix #6790
6 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'net/ldap'
  4. require 'devise/strategies/authenticatable'
  5. 

  6. module Devise
  7.   module Strategies
  8.     class LdapAuthenticatable < Authenticatable
  9.       def authenticate!
  10.         if params[:user]
  11.           ldap = Net::LDAP.new(
  12.             host: Devise.ldap_host,
  13.             port: Devise.ldap_port,
  14.             base: Devise.ldap_base,
  15.             encryption: {
  16.               method: Devise.ldap_method,
  17.               tls_options: tls_options,
  18.             },
  19.             auth: {
  20.               method: :simple,
  21.               username: Devise.ldap_bind_dn,
  22.               password: Devise.ldap_password,
  23.             },
  24.             connect_timeout: 10

  25.           )
  26. 

  27.           filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: email)
  28. 

  29.           if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: password))
  30.             user = User.ldap_get_user(user_info.first)
  31.             success!(user)
  32.           else
  33.             return fail(:invalid)
  34.           end
  35.         end
  36.       end
  37. 

  38.       def email
  39.         params[:user][:email]
  40.       end
  41. 

  42.       def password
  43.         params[:user][:password]
  44.       end
  45. 

  46.       def tls_options
  47.         OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |options|
  48.           options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify
  49.         end
  50.       end
  51.     end
  52.   end
  53. end
  54. 

  55. Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)