Commit 2bb2dee057327c81978ed0aa99904bd7ff5e6105
1 parent
9a24ccde
Exists in
master
and in
4 other branches
Use the omniauth-ldap info object instead of the raw ldap info in extra.
This helps with compatibility with more LDAP providers as the implementation doesn't depend on the exact names of the LDAP fields. The LDAP strategy helps maps the attributes to the fields in the info object and we use the info object to get the email and name. This makes the LDAP auth compatible with most OpenLDAP servers as well.
Showing
2 changed files
with
6 additions
and
6 deletions
Show diff stats
app/controllers/omniauth_callbacks_controller.rb
| ... | ... | @@ -2,8 +2,8 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController |
| 2 | 2 | |
| 3 | 3 | def ldap |
| 4 | 4 | # We only find ourselves here if the authentication to LDAP was successful. |
| 5 | - omniauth = request.env["omniauth.auth"]["extra"]["raw_info"] | |
| 6 | - @user = User.find_for_ldap_auth(omniauth) | |
| 5 | + info = request.env["omniauth.auth"]["info"] | |
| 6 | + @user = User.find_for_ldap_auth(info) | |
| 7 | 7 | if @user.persisted? |
| 8 | 8 | @user.remember_me = true |
| 9 | 9 | end | ... | ... |
app/models/user.rb
| ... | ... | @@ -67,15 +67,15 @@ class User < ActiveRecord::Base |
| 67 | 67 | (0...8).map{ ('a'..'z').to_a[rand(26)] }.join |
| 68 | 68 | end |
| 69 | 69 | |
| 70 | - def self.find_for_ldap_auth(omniauth) | |
| 71 | - username = omniauth.sAMAccountName[0] | |
| 72 | - email = omniauth.userprincipalname[0] | |
| 70 | + def self.find_for_ldap_auth(omniauth_info) | |
| 71 | + name = omniauth_info.name | |
| 72 | + email = omniauth_info.email | |
| 73 | 73 | |
| 74 | 74 | if @user = User.find_by_email(email) |
| 75 | 75 | @user |
| 76 | 76 | else |
| 77 | 77 | password = generate_random_password |
| 78 | - @user = User.create(:name => username, | |
| 78 | + @user = User.create(:name => name, | |
| 79 | 79 | :email => email, |
| 80 | 80 | :password => password, |
| 81 | 81 | :password_confirmation => password | ... | ... |