1
0
Fork 1
forked from fedi/mastodon
mastodon/app/validators/unreserved_username_validator.rb
Alexander 04fef7b888 pam authentication (#5303)
* add pam support, without extra column

* bugfixes for pam login

* document options

* fix code style

* fix codestyle

* fix tests

* don't call remember_me without password

* fix codestyle

* improve checks for pam usage (should fix tests)

* fix remember_me part 1

* add remember_token column because :rememberable requires either a password or this column.

* migrate db for remember_token

* move pam_authentication to the right place, fix logic bug in edit.html.haml

* fix tests

* fix pam authentication, improve username lookup, add comment

* valid? is sometimes not honored, return nil instead trying to authenticate with pam

* update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests

* update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user

* codeconvention fixes

* code convention fixes

* fix idention

* update dependency, explicit conflict check

* fix disabled password updates if in pam mode

* fix check password if password is present, fix templates

* block registration if account is maintained by pam

* Revert "block registration if account is maintained by pam"

This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20.

* fix identation error introduced by rebase

* block usernames maintained by pam

* document pam settings better

* fix code style
2018-02-02 10:18:55 +01:00

22 lines
655 B
Ruby

# frozen_string_literal: true
class UnreservedUsernameValidator < ActiveModel::Validator
def validate(account)
return if account.username.nil?
account.errors.add(:username, I18n.t('accounts.reserved_username')) if reserved_username?(account.username)
end
private
def pam_controlled?(value)
return false unless Devise.pam_authentication && Devise.pam_controlled_service
Rpam2.account(Devise.pam_controlled_service, value).present?
end
def reserved_username?(value)
return true if pam_controlled?(value)
return false unless Setting.reserved_usernames
Setting.reserved_usernames.include?(value.downcase)
end
end