forked from fedi/mastodon
f3a93987b6
When authenticating via OAuth, the resource owner password grant strategy is allowed by Mastodon, but (without this PR), it does not attempt to authenticate against LDAP or PAM. As a result, LDAP or PAM authenticated users cannot sign in to Mastodon with their email/password credentials via OAuth (for instance, for native/mobile app users). This PR fleshes out the authentication strategy supplied to doorkeeper in its initializer by looking up the user with LDAP and/or PAM when devise is configured to use LDAP/PAM backends. It attempts to follow the same logic as the Auth::SessionsController for handling email/password credentials. Note #1: Since this pull request affects an initializer, it's unclear how to add test automation. Note #2: The PAM authentication path has not been manually tested. It was added for completeness sake, and it is hoped that it can be manually tested before merging. |
||
---|---|---|
.. | ||
environments | ||
initializers | ||
locales | ||
webpack | ||
application.rb | ||
boot.rb | ||
brakeman.ignore | ||
database.yml | ||
deploy.rb | ||
environment.rb | ||
i18n-tasks.yml | ||
navigation.rb | ||
pghero.yml | ||
puma.rb | ||
routes.rb | ||
secrets.yml | ||
settings.yml | ||
sidekiq.yml | ||
themes.yml | ||
webpacker.yml |