Add LDAP_TLS_NO_VERIFY option, don't require LDAP_ENABLED outside .env (#6845)
Fix #6816, fix #6790master
parent
61dcb686a8
commit
ac49c7932d
@ -1,49 +1,53 @@ |
|||||||
# frozen_string_literal: true |
# frozen_string_literal: true |
||||||
|
|
||||||
if ENV['LDAP_ENABLED'] == 'true' |
require 'net/ldap' |
||||||
require 'net/ldap' |
require 'devise/strategies/authenticatable' |
||||||
require 'devise/strategies/authenticatable' |
|
||||||
|
|
||||||
module Devise |
module Devise |
||||||
module Strategies |
module Strategies |
||||||
class LdapAuthenticatable < Authenticatable |
class LdapAuthenticatable < Authenticatable |
||||||
def authenticate! |
def authenticate! |
||||||
if params[:user] |
if params[:user] |
||||||
ldap = Net::LDAP.new( |
ldap = Net::LDAP.new( |
||||||
host: Devise.ldap_host, |
host: Devise.ldap_host, |
||||||
port: Devise.ldap_port, |
port: Devise.ldap_port, |
||||||
base: Devise.ldap_base, |
base: Devise.ldap_base, |
||||||
encryption: { |
encryption: { |
||||||
method: Devise.ldap_method, |
method: Devise.ldap_method, |
||||||
tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, |
tls_options: tls_options, |
||||||
}, |
}, |
||||||
auth: { |
auth: { |
||||||
method: :simple, |
method: :simple, |
||||||
username: Devise.ldap_bind_dn, |
username: Devise.ldap_bind_dn, |
||||||
password: Devise.ldap_password, |
password: Devise.ldap_password, |
||||||
}, |
}, |
||||||
connect_timeout: 10 |
connect_timeout: 10 |
||||||
) |
) |
||||||
|
|
||||||
if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password)) |
if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: "(#{Devise.ldap_uid}=#{email})", password: password)) |
||||||
user = User.ldap_get_user(user_info.first) |
user = User.ldap_get_user(user_info.first) |
||||||
success!(user) |
success!(user) |
||||||
else |
else |
||||||
return fail(:invalid_login) |
return fail(:invalid_login) |
||||||
end |
|
||||||
end |
end |
||||||
end |
end |
||||||
|
end |
||||||
|
|
||||||
def email |
def email |
||||||
params[:user][:email] |
params[:user][:email] |
||||||
end |
end |
||||||
|
|
||||||
def password |
def password |
||||||
params[:user][:password] |
params[:user][:password] |
||||||
|
end |
||||||
|
|
||||||
|
def tls_options |
||||||
|
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |options| |
||||||
|
options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify |
||||||
end |
end |
||||||
end |
end |
||||||
end |
end |
||||||
end |
end |
||||||
|
|
||||||
Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable) |
|
||||||
end |
end |
||||||
|
|
||||||
|
Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable) |
||||||
|
Loading…
Reference in new issue