app/models/concerns/ldap_authenticable.rb

   1 # frozen_string_literal: true
   2
   3 module LdapAuthenticable
   4   extend ActiveSupport::Concern
   5
   6   class_methods do
   7     def authenticate_with_ldap(params = {})
   8       ldap   = Net::LDAP.new(ldap_options)
   9       filter = format(Devise.ldap_search_filter, uid: Devise.ldap_uid, email: params[:email])
  10
  11       if (user_info = ldap.bind_as(base: Devise.ldap_base, filter: filter, password: params[:password]))
  12         ldap_get_user(user_info.first)
  13       end
  14     end
  15
  16     def ldap_get_user(attributes = {})
  17       resource = joins(:account).find_by(accounts: { username: attributes[Devise.ldap_uid.to_sym].first })
  18
  19       if resource.blank?
  20         resource = new(email: attributes[:mail].first, agreement: true, account_attributes: { username: attributes[Devise.ldap_uid.to_sym].first }, admin: false, external: true, confirmed_at: Time.now.utc)
  21         resource.save!
  22       end
  23
  24       resource
  25     end
  26
  27     def ldap_options
  28       opts = {
  29         host: Devise.ldap_host,
  30         port: Devise.ldap_port,
  31         base: Devise.ldap_base,
  32
  33         auth: {
  34           method: :simple,
  35           username: Devise.ldap_bind_dn,
  36           password: Devise.ldap_password,
  37         },
  38
  39         connect_timeout: 10,
  40       }
  41
  42       if [:simple_tls, :start_tls].include?(Devise.ldap_method)
  43         opts[:encryption] = {
  44           method: Devise.ldap_method,
  45           tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap { |options| options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify },
  46         }
  47       end
  48
  49       opts
  50     end
  51   end
  52 end