Refactor User model, extract PamAuthenticable, LdapAuthenticable (#10217)
parent
dfb9efae81
commit
9e33174604
@ -0,0 +1,25 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
module LdapAuthenticable |
||||
extend ActiveSupport::Concern |
||||
|
||||
def ldap_setup(_attributes) |
||||
self.confirmed_at = Time.now.utc |
||||
self.admin = false |
||||
|
||||
save! |
||||
end |
||||
|
||||
class_methods do |
||||
def ldap_get_user(attributes = {}) |
||||
resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first }) |
||||
|
||||
if resource.blank? |
||||
resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first }) |
||||
resource.ldap_setup(attributes) |
||||
end |
||||
|
||||
resource |
||||
end |
||||
end |
||||
end |
@ -0,0 +1,68 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
module PamAuthenticable |
||||
extend ActiveSupport::Concern |
||||
|
||||
included do |
||||
devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true' |
||||
|
||||
def pam_conflict(_attributes) |
||||
# Block pam login tries on traditional account |
||||
end |
||||
|
||||
def pam_conflict? |
||||
if Devise.pam_authentication |
||||
encrypted_password.present? && pam_managed_user? |
||||
else |
||||
false |
||||
end |
||||
end |
||||
|
||||
def pam_get_name |
||||
if account.present? |
||||
account.username |
||||
else |
||||
super |
||||
end |
||||
end |
||||
|
||||
def pam_setup(_attributes) |
||||
account = Account.new(username: pam_get_name) |
||||
account.save!(validate: false) |
||||
|
||||
self.email = "#{account.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix |
||||
self.confirmed_at = Time.now.utc |
||||
self.admin = false |
||||
self.account = account |
||||
|
||||
account.destroy! unless save |
||||
end |
||||
|
||||
def self.pam_get_user(attributes = {}) |
||||
return nil unless attributes[:email] |
||||
|
||||
resource = begin |
||||
if Devise.check_at_sign && !attributes[:email].index('@') |
||||
joins(:account).find_by(accounts: { username: attributes[:email] }) |
||||
else |
||||
find_by(email: attributes[:email]) |
||||
end |
||||
end |
||||
|
||||
if resource.nil? |
||||
resource = new(email: attributes[:email], agreement: true) |
||||
|
||||
if Devise.check_at_sign && !resource[:email].index('@') |
||||
resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false) |
||||
resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email] |
||||
end |
||||
end |
||||
|
||||
resource |
||||
end |
||||
|
||||
def self.authenticate_with_pam(attributes = {}) |
||||
super if Devise.pam_authentication |
||||
end |
||||
end |
||||
end |
@ -0,0 +1,54 @@ |
||||
# frozen_string_literal: true |
||||
|
||||
module UserRoles |
||||
extend ActiveSupport::Concern |
||||
|
||||
included do |
||||
scope :admins, -> { where(admin: true) } |
||||
scope :moderators, -> { where(moderator: true) } |
||||
scope :staff, -> { admins.or(moderators) } |
||||
end |
||||
|
||||
def staff? |
||||
admin? || moderator? |
||||
end |
||||
|
||||
def role |
||||
if admin? |
||||
'admin' |
||||
elsif moderator? |
||||
'moderator' |
||||
else |
||||
'user' |
||||
end |
||||
end |
||||
|
||||
def role?(role) |
||||
case role |
||||
when 'user' |
||||
true |
||||
when 'moderator' |
||||
staff? |
||||
when 'admin' |
||||
admin? |
||||
else |
||||
false |
||||
end |
||||
end |
||||
|
||||
def promote! |
||||
if moderator? |
||||
update!(moderator: false, admin: true) |
||||
elsif !admin? |
||||
update!(moderator: true) |
||||
end |
||||
end |
||||
|
||||
def demote! |
||||
if admin? |
||||
update!(admin: false, moderator: true) |
||||
elsif moderator? |
||||
update!(moderator: false) |
||||
end |
||||
end |
||||
end |
Loading…
Reference in new issue