lib/devise/ldap_authenticatable.rb

   1 # frozen_string_literal: true
   2
   3 require 'net/ldap'
   4 require 'devise/strategies/authenticatable'
   5
   6 module Devise
   7   module Strategies
   8     class LdapAuthenticatable < Authenticatable
   9       def authenticate!
  10         if params[:user]
  11           ldap = Net::LDAP.new(
  12             host: Devise.ldap_host,
  13             port: Devise.ldap_port,
  14             base: Devise.ldap_base,
  15             encryption: {
  16               method: Devise.ldap_method,
  17               tls_options: tls_options,
  18             },
  19             auth: {
  20               method: :simple,
  21               username: Devise.ldap_bind_dn,
  22               password: Devise.ldap_password,
  23             },
  24             connect_timeout: 10
  25           )
  26
  27           filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: email)
  28
  29           if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: password))
  30             user = User.ldap_get_user(user_info.first)
  31             success!(user)
  32           else
  33             return fail(:invalid)
  34           end
  35         end
  36       end
  37
  38       def email
  39         params[:user][:email]
  40       end
  41
  42       def password
  43         params[:user][:password]
  44       end
  45
  46       def tls_options
  47         OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap do |options|
  48           options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify
  49         end
  50       end
  51     end
  52   end
  53 end
  54
  55 Warden::Strategies.add(:ldap_authenticatable, Devise::Strategies::LdapAuthenticatable)