Merge remote-tracking branch 'origin/master' into merge-upstream

Conflicts: README.md app/controllers/follower_accounts_controller.rb app/controllers/following_accounts_controller.rb app/serializers/rest/instance_serializer.rb app/views/stream_entries/_simple_status.html.haml config/locales/simple_form.ja.yml
2018-03-02 21:46:44 -06:00
parent ee00da01d2 ecf06d7e82
commit 1b8fcd4df5
158 changed files with 3365 additions and 1411 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -44,7 +44,7 @@ class User < ApplicationRecord
  ACTIVE_DURATION = 14.days

  devise :two_factor_authenticatable,
-         otp_secret_encryption_key: ENV['OTP_SECRET']
+         otp_secret_encryption_key: ENV.fetch('OTP_SECRET')

  devise :two_factor_backupable,
         otp_number_of_backup_codes: 10
@@ -52,7 +52,6 @@ class User < ApplicationRecord
  devise :registerable, :recoverable, :rememberable, :trackable, :validatable,
         :confirmable

-  devise :pam_authenticatable if Devise.pam_authentication
  devise :omniauthable

  belongs_to :account, inverse_of: :user
@@ -117,6 +116,12 @@ class User < ApplicationRecord
    acc.destroy! unless save
  end

+  def ldap_setup(_attributes)
+    self.confirmed_at = Time.now.utc
+    self.admin = false
+    save!
+  end
+
  def confirmed?
    confirmed_at.present?
  end
@@ -247,17 +252,17 @@ class User < ApplicationRecord
  end

  def password_required?
-    return false if Devise.pam_authentication
+    return false if Devise.pam_authentication || Devise.ldap_authentication
    super
  end

  def send_reset_password_instructions
-    return false if encrypted_password.blank? && Devise.pam_authentication
+    return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication)
    super
  end

  def reset_password!(new_password, new_password_confirmation)
-    return false if encrypted_password.blank? && Devise.pam_authentication
+    return false if encrypted_password.blank? && (Devise.pam_authentication || Devise.ldap_authentication)
    super
  end

@@ -280,6 +285,17 @@ class User < ApplicationRecord
    end
  end

+  def self.ldap_get_user(attributes = {})
+    resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first })
+
+    if resource.blank?
+      resource = new(email: attributes[:mail].first, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first })
+      resource.ldap_setup(attributes)
+    end
+
+    resource
+  end
+
  def self.authenticate_with_pam(attributes = {})
    return nil unless Devise.pam_authentication
    super