|
|
@ -41,7 +41,7 @@ |
|
|
|
|
|
|
|
class User < ApplicationRecord |
|
|
|
include Settings::Extend |
|
|
|
include Omniauthable |
|
|
|
include UserRoles |
|
|
|
|
|
|
|
# The home and list feeds will be stored in Redis for this amount |
|
|
|
# of time, and status fan-out to followers will include only people |
|
|
@ -61,9 +61,9 @@ class User < ApplicationRecord |
|
|
|
devise :registerable, :recoverable, :rememberable, :trackable, :validatable, |
|
|
|
:confirmable |
|
|
|
|
|
|
|
devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true' |
|
|
|
|
|
|
|
devise :omniauthable |
|
|
|
include Omniauthable |
|
|
|
include PamAuthenticable |
|
|
|
include LdapAuthenticable |
|
|
|
|
|
|
|
belongs_to :account, inverse_of: :user |
|
|
|
belongs_to :invite, counter_cache: :uses, optional: true |
|
|
@ -79,9 +79,6 @@ class User < ApplicationRecord |
|
|
|
validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create |
|
|
|
|
|
|
|
scope :recent, -> { order(id: :desc) } |
|
|
|
scope :admins, -> { where(admin: true) } |
|
|
|
scope :moderators, -> { where(moderator: true) } |
|
|
|
scope :staff, -> { admins.or(moderators) } |
|
|
|
scope :confirmed, -> { where.not(confirmed_at: nil) } |
|
|
|
scope :enabled, -> { where(disabled: false) } |
|
|
|
scope :inactive, -> { where(arel_table[:current_sign_in_at].lt(ACTIVE_DURATION.ago)) } |
|
|
@ -104,39 +101,6 @@ class User < ApplicationRecord |
|
|
|
|
|
|
|
attr_reader :invite_code |
|
|
|
|
|
|
|
def pam_conflict(_) |
|
|
|
# block pam login tries on traditional account |
|
|
|
nil |
|
|
|
end |
|
|
|
|
|
|
|
def pam_conflict? |
|
|
|
return false unless Devise.pam_authentication |
|
|
|
encrypted_password.present? && pam_managed_user? |
|
|
|
end |
|
|
|
|
|
|
|
def pam_get_name |
|
|
|
return account.username if account.present? |
|
|
|
super |
|
|
|
end |
|
|
|
|
|
|
|
def pam_setup(_attributes) |
|
|
|
acc = Account.new(username: pam_get_name) |
|
|
|
acc.save!(validate: false) |
|
|
|
|
|
|
|
self.email = "#{acc.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix |
|
|
|
self.confirmed_at = Time.now.utc |
|
|
|
self.admin = false |
|
|
|
self.account = acc |
|
|
|
|
|
|
|
acc.destroy! unless save |
|
|
|
end |
|
|
|
|
|
|
|
def ldap_setup(_attributes) |
|
|
|
self.confirmed_at = Time.now.utc |
|
|
|
self.admin = false |
|
|
|
save! |
|
|
|
end |
|
|
|
|
|
|
|
def confirmed? |
|
|
|
confirmed_at.present? |
|
|
|
end |
|
|
@ -145,33 +109,6 @@ class User < ApplicationRecord |
|
|
|
invite_id.present? |
|
|
|
end |
|
|
|
|
|
|
|
def staff? |
|
|
|
admin? || moderator? |
|
|
|
end |
|
|
|
|
|
|
|
def role |
|
|
|
if admin? |
|
|
|
'admin' |
|
|
|
elsif moderator? |
|
|
|
'moderator' |
|
|
|
else |
|
|
|
'user' |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
def role?(role) |
|
|
|
case role |
|
|
|
when 'user' |
|
|
|
true |
|
|
|
when 'moderator' |
|
|
|
staff? |
|
|
|
when 'admin' |
|
|
|
admin? |
|
|
|
else |
|
|
|
false |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
def disable! |
|
|
|
update!(disabled: true, |
|
|
|
last_sign_in_at: current_sign_in_at, |
|
|
@ -186,6 +123,7 @@ class User < ApplicationRecord |
|
|
|
new_user = !confirmed? |
|
|
|
|
|
|
|
super |
|
|
|
|
|
|
|
prepare_new_user! if new_user |
|
|
|
end |
|
|
|
|
|
|
@ -194,6 +132,7 @@ class User < ApplicationRecord |
|
|
|
|
|
|
|
skip_confirmation! |
|
|
|
save! |
|
|
|
|
|
|
|
prepare_new_user! if new_user |
|
|
|
end |
|
|
|
|
|
|
@ -202,22 +141,6 @@ class User < ApplicationRecord |
|
|
|
prepare_returning_user! |
|
|
|
end |
|
|
|
|
|
|
|
def promote! |
|
|
|
if moderator? |
|
|
|
update!(moderator: false, admin: true) |
|
|
|
elsif !admin? |
|
|
|
update!(moderator: true) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
def demote! |
|
|
|
if admin? |
|
|
|
update!(admin: false, moderator: true) |
|
|
|
elsif moderator? |
|
|
|
update!(moderator: false) |
|
|
|
end |
|
|
|
end |
|
|
|
|
|
|
|
def disable_two_factor! |
|
|
|
self.otp_required_for_login = false |
|
|
|
otp_backup_codes&.clear |
|
|
@ -297,43 +220,6 @@ class User < ApplicationRecord |
|
|
|
super |
|
|
|
end |
|
|
|
|
|
|
|
def self.pam_get_user(attributes = {}) |
|
|
|
return nil unless attributes[:email] |
|
|
|
|
|
|
|
resource = |
|
|
|
if Devise.check_at_sign && !attributes[:email].index('@') |
|
|
|
joins(:account).find_by(accounts: { username: attributes[:email] }) |
|
|
|
else |
|
|
|
find_by(email: attributes[:email]) |
|
|
|
end |
|
|
|
|
|
|
|
if resource.blank? |
|
|
|
resource = new(email: attributes[:email], agreement: true) |
|
|
|
|
|
|
|
if Devise.check_at_sign && !resource[:email].index('@') |
|
|
|
resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false) |
|
|
|
resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email] |
|
|
|
end |
|
|
|
end |
|
|
|
resource |
|
|
|
end |
|
|
|
|
|
|
|
def self.ldap_get_user(attributes = {}) |
|
|
|
resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first }) |
|
|
|
|
|
|
|
if resource.blank? |
|
|
|
resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first }) |
|
|
|
resource.ldap_setup(attributes) |
|
|
|
end |
|
|
|
|
|
|
|
resource |
|
|
|
end |
|
|
|
|
|
|
|
def self.authenticate_with_pam(attributes = {}) |
|
|
|
return nil unless Devise.pam_authentication |
|
|
|
super |
|
|
|
end |
|
|
|
|
|
|
|
def show_all_media? |
|
|
|
setting_display_media == 'show_all' |
|
|
|
end |
|
|
|