parent
1f2ab953ba
commit
3773115066
@ -1,55 +0,0 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require 'net/ldap'
|
||||
require 'devise/strategies/authenticatable'
|
||||
|
||||
module Devise
|
||||
module Strategies
|
||||
class LdapAuthenticatable < Authenticatable
|
||||
def authenticate!
|
||||
if params[:user]
|
||||
ldap = Net::LDAP.new(
|
||||
host: Devise.ldap_host,
|
||||
port: Devise.ldap_port,
|
||||
base: Devise.ldap_base,
|
||||
encryption: {
|
||||
method: Devise.ldap_method,
|
||||
tls_options: tls_options,
|
||||
},
|
||||
auth: {
|
||||
method: :simple,
|
||||
username: Devise.ldap_bind_dn,
|
||||
password: Devise.ldap_password,
|
||||
},
|
||||
connect_timeout: 10
|
||||
)
|
||||
|
||||
filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: email)
|
||||
|
||||
if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: password))
|
||||
user = User.ldap_get_user(user_info.first)
|
||||
success!(user)
|
||||
else
|
||||
return fail(:invalid)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def email
|
||||
params[:user][:email]
|
||||
end
|
||||
|
||||
def password
|
||||
params[:user][:password]
|
||||
end
|
||||
|
||||
def tls_options
|
||||
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |options|
|
||||
options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)
|
@ -0,0 +1,32 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require 'net/ldap'
|
||||
require 'devise/strategies/base'
|
||||
|
||||
module Devise
|
||||
module Strategies
|
||||
class TwoFactorLdapAuthenticatable < Base
|
||||
def valid?
|
||||
valid_params? && mapping.to.respond_to?(:authenticate_with_ldap)
|
||||
end
|
||||
|
||||
def authenticate!
|
||||
resource = mapping.to.authenticate_with_ldap(params[scope])
|
||||
|
||||
if resource && !resource.otp_required_for_login?
|
||||
success!(resource)
|
||||
else
|
||||
fail(:invalid)
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def valid_params?
|
||||
params[scope] && params[scope][:password].present?
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Warden::Strategies.add(:two_factor_ldap_authenticatable, Devise::Strategies::TwoFactorLdapAuthenticatable)
|
@ -0,0 +1,31 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require 'devise/strategies/base'
|
||||
|
||||
module Devise
|
||||
module Strategies
|
||||
class TwoFactorPamAuthenticatable < Base
|
||||
def valid?
|
||||
valid_params? && mapping.to.respond_to?(:authenticate_with_pam)
|
||||
end
|
||||
|
||||
def authenticate!
|
||||
resource = mapping.to.authenticate_with_pam(params[scope])
|
||||
|
||||
if resource && !resource.otp_required_for_login?
|
||||
success!(resource)
|
||||
else
|
||||
fail(:invalid)
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def valid_params?
|
||||
params[scope] && params[scope][:password].present?
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Warden::Strategies.add(:two_factor_pam_authenticatable, Devise::Strategies::TwoFactorPamAuthenticatable)
|
Loading…
Reference in new issue