lib/devise/overrides.rb
# This file is part of Mconf-Web, a web application that provides access
# to the Mconf webconferencing system. Copyright (C) 2010-2015 Mconf.
#
# This file is licensed under the Affero General Public License version
# 3 or later. See the LICENSE file.
require 'devise/strategies/database_authenticatable'
Devise::Strategies::DatabaseAuthenticatable.class_eval do
# must use the 'unless' to prevent this from being called twice and resulting in
# a recursion (happens a lot in development)
alias_method :super_authenticate!, :authenticate! unless method_defined?(:super_authenticate!)
# We override #authenticate! to block the authentication in case the local
# authentication is disabled in the current site.
# It does the minimum if could do before calling the parent's #authenticate! method
# that actually does the authentication.
# Not overriding #valid? for two reasons: #valid? is called way more than #authenticate!,
# and #authenticate! can return a custom error message.
def authenticate!
resource = mapping.to.find_for_database_authentication(authentication_hash)
return fail(:not_found_in_database) unless resource
# only superusers are allowed to sign in if the local authentication is disabled
local_auth = Site.current.local_auth_enabled? || resource.superuser
return fail(:local_auth_disabled) unless local_auth
# account created via shibboleth are also excluded from local auth
return fail(:disabled_by_shib_auth) if resource.created_by_shib?
# account created via certificate are also excluded from local auth
return fail(:disabled_by_certificate_auth) if resource.created_by_certificate?
# same as above but for ldap (the error message is the same as a login failure)
return fail(:not_found_in_database) if resource.created_by_ldap?
super_authenticate!
end
end
# TODO: #1336 alternative to fix the bug found in
# https://github.com/plataformatec/devise/issues/2976
Devise::Models::Confirmable.class_eval do
# trying to fix the bug of regenerating a new confirmation_token each time an user is updated
def postpone_email_change_until_confirmation_and_regenerate_confirmation_token
@reconfirmation_required = true
self.unconfirmed_email = self.email
self.email = self.email_was
generate_confirmation_token unless confirmation_token
end
end