Merge remote-tracking branch 'tootsuite/master' into merge-upstream

Conflicts: app/javascript/styles/mastodon/components.scss
2018-02-02 08:39:52 -06:00
parent ad3a2dfb66 33f56811e3
commit 4c1fd9a19c
30 changed files with 244 additions and 95 deletions
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -30,6 +30,19 @@ Warden::Manager.before_logout do |_, warden|
  warden.cookies.delete('_session_id')
 end

+module Devise
+  mattr_accessor :pam_authentication
+  @@pam_authentication = false
+  mattr_accessor :pam_controlled_service
+  @@pam_controlled_service = nil
+
+  class Strategies::PamAuthenticatable
+    def valid?
+      super && ::Devise.pam_authentication
+    end
+  end
+end
+
 Devise.setup do |config|
  config.warden do |manager|
    manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
@ -96,7 +109,7 @@ Devise.setup do |config|
  # given strategies, for example, `config.http_authenticatable = [:database]` will
  # enable it only for database authentication. The supported strategies are:
  # :database      = Support basic authentication with authentication key + password
-  config.http_authenticatable = [:database]
+  config.http_authenticatable = [:pam, :database]

  # If 401 status code should be returned for AJAX requests. True by default.
  # config.http_authenticatable_on_xhr = true
@ -301,4 +314,23 @@ Devise.setup do |config|
  # When using OmniAuth, Devise cannot automatically set OmniAuth path,
  # so you need to do it manually. For the users scope, it would be:
  # config.omniauth_path_prefix = '/my_engine/users/auth'
+
+  # PAM: only look for email field
+  config.usernamefield = nil
+  config.emailfield = "email"
+
+  # authentication with pam possible
+  # if not enabled, all pam settings are ignored
+  #config.pam_authentication = true
+  # check if email is actually a username
+  config.check_at_sign = true
+  # suffix for email address generation (warning: without pam must provide email in the pam environment)
+  config.pam_default_suffix = "pam"
+  # name of the pam service
+  # pam "auth" section is evaluated
+  config.pam_default_service = "rpam"
+  # name of the pam service used for checking if an user can register
+  # pam "account" section is evaluated
+  # nil for allowing registration of pam names (not recommended)
+  config.pam_controlled_service = "rpam"
 end