cat aescling's git repositories - mastodon.git/commit

LDAP & PAM added to OAuth password grant strategy (#7999) (#12390)

When authenticating via OAuth, the resource owner password grant
strategy is allowed by Mastodon, but (without this PR), it does not
attempt to authenticate against LDAP or PAM. As a result, LDAP or PAM
authenticated users cannot sign in to Mastodon with their
email/password credentials via OAuth (for instance, for native/mobile
app users).

This PR fleshes out the authentication strategy supplied to doorkeeper
in its initializer by looking up the user with LDAP and/or PAM when
devise is configured to use LDAP/PAM backends. It attempts to follow the
same logic as the Auth::SessionsController for handling email/password
credentials.

Note #1: Since this pull request affects an initializer, it's unclear
how to add test automation.

Note #2: The PAM authentication path has not been manually tested. It
was added for completeness sake, and it is hoped that it can be manually
tested before merging.

author	ntl-purism <57806346+ntl-purism@users.noreply.github.com>
	Sat, 30 Nov 2019 18:44:59 +0000 (12:44 -0600)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Sat, 30 Nov 2019 18:44:59 +0000 (19:44 +0100)
commit	f3a93987b6c3af92aee11fdb4424b8791a67e448
tree	60e5f4d2914a876dac4de7100ad8dfd12f1479f1	tree \| snapshot
parent	35b142a7ad19821483f900e81e915a7925fd4eaf	commit \| diff