parent
67bef15e53
commit
a1f04c1e34
7 changed files with 139 additions and 98 deletions
@ -1,55 +0,0 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
require 'net/ldap' |
||||
require 'devise/strategies/authenticatable' |
||||
|
||||
module Devise |
||||
module Strategies |
||||
class LdapAuthenticatable < Authenticatable |
||||
def authenticate! |
||||
if params[:user] |
||||
ldap = Net::LDAP.new( |
||||
host: Devise.ldap_host, |
||||
port: Devise.ldap_port, |
||||
base: Devise.ldap_base, |
||||
encryption: { |
||||
method: Devise.ldap_method, |
||||
tls_options: tls_options, |
||||
}, |
||||
auth: { |
||||
method: :simple, |
||||
username: Devise.ldap_bind_dn, |
||||
password: Devise.ldap_password, |
||||
}, |
||||
connect_timeout: 10 |
||||
) |
||||
|
||||
filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: email) |
||||
|
||||
if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: password)) |
||||
user = User.ldap_get_user(user_info.first) |
||||
success!(user) |
||||
else |
||||
return fail(:invalid) |
||||
end |
||||
end |
||||
end |
||||
|
||||
def email |
||||
params[:user][:email] |
||||
end |
||||
|
||||
def password |
||||
params[:user][:password] |
||||
end |
||||
|
||||
def tls_options |
||||
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |options| |
||||
options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify |
||||
end |
||||
end |
||||
end |
||||
end |
||||
end |
||||
|
||||
Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable) |
@ -0,0 +1,32 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
require 'net/ldap' |
||||
require 'devise/strategies/base' |
||||
|
||||
module Devise |
||||
module Strategies |
||||
class TwoFactorLdapAuthenticatable < Base |
||||
def valid? |
||||
valid_params? && mapping.to.respond_to?(:authenticate_with_ldap) |
||||
end |
||||
|
||||
def authenticate! |
||||
resource = mapping.to.authenticate_with_ldap(params[scope]) |
||||
|
||||
if resource && !resource.otp_required_for_login? |
||||
success!(resource) |
||||
else |
||||
fail(:invalid) |
||||
end |
||||
end |
||||
|
||||
protected |
||||
|
||||
def valid_params? |
||||
params[scope] && params[scope][:password].present? |
||||
end |
||||
end |
||||
end |
||||
end |
||||
|
||||
Warden::Strategies.add(:two_factor_ldap_authenticatable, Devise::Strategies::TwoFactorLdapAuthenticatable) |
@ -0,0 +1,31 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
require 'devise/strategies/base' |
||||
|
||||
module Devise |
||||
module Strategies |
||||
class TwoFactorPamAuthenticatable < Base |
||||
def valid? |
||||
valid_params? && mapping.to.respond_to?(:authenticate_with_pam) |
||||
end |
||||
|
||||
def authenticate! |
||||
resource = mapping.to.authenticate_with_pam(params[scope]) |
||||
|
||||
if resource && !resource.otp_required_for_login? |
||||
success!(resource) |
||||
else |
||||
fail(:invalid) |
||||
end |
||||
end |
||||
|
||||
protected |
||||
|
||||
def valid_params? |
||||
params[scope] && params[scope][:password].present? |
||||
end |
||||
end |
||||
end |
||||
end |
||||
|
||||
Warden::Strategies.add(:two_factor_pam_authenticatable, Devise::Strategies::TwoFactorPamAuthenticatable) |
Loading…
Reference in new issue