Fix authentication before 2FA challenge (#11943)

Regression from #11831
2019-09-24 04:35:36 +02:00 · 2019-09-24 04:35:36 +02:00 · a1f04c1e34
commit a1f04c1e34
parent 67bef15e53
7 changed files with 140 additions and 99 deletions
--- a/lib/devise/two_factor_ldap_authenticatable.rb
+++ b/lib/devise/two_factor_ldap_authenticatable.rb
@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'net/ldap'
+require 'devise/strategies/base'
+
+module Devise
+  module Strategies
+    class TwoFactorLdapAuthenticatable < Base
+      def valid?
+        valid_params? && mapping.to.respond_to?(:authenticate_with_ldap)
+      end
+
+      def authenticate!
+        resource = mapping.to.authenticate_with_ldap(params[scope])
+
+        if resource && !resource.otp_required_for_login?
+          success!(resource)
+        else
+          fail(:invalid)
+        end
+      end
+
+      protected
+
+      def valid_params?
+        params[scope] && params[scope][:password].present?
+      end
+    end
+  end
+end
+
+Warden::Strategies.add(:two_factor_ldap_authenticatable, Devise::Strategies::TwoFactorLdapAuthenticatable)