diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7c36bc6b8..3f691d102 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -68,7 +68,7 @@ class ApplicationController < ActionController::Base if ENV['OMNIAUTH_ONLY'] == 'true' && ENV['OIDC_ENABLED'] == 'true' '/auth/auth/openid_connect/logout' else - new_user_session_path + "https://#{File.read('/etc/yunohost/current_host')}/yunohost/sso/?action=logout" end end def pack(data, pack_name, skin = 'default') diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 5232e6cfd..160348674 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -180,7 +180,7 @@ Devise.setup do |config| # given strategies, for example, `config.http_authenticatable = [:database]` will # enable it only for database authentication. The supported strategies are: # :database = Support basic authentication with authentication key + password - config.http_authenticatable = [:pam, :database] + config.http_authenticatable = [:two_factor_ldap, :pam, :database] # If 401 status code should be returned for AJAX requests. True by default. # config.http_authenticatable_on_xhr = true diff --git a/lib/devise/two_factor_ldap_authenticatable.rb b/lib/devise/two_factor_ldap_authenticatable.rb index 065aa2de8..0eb4be10c 100644 --- a/lib/devise/two_factor_ldap_authenticatable.rb +++ b/lib/devise/two_factor_ldap_authenticatable.rb @@ -5,13 +5,13 @@ require 'devise/strategies/base' module Devise module Strategies - class TwoFactorLdapAuthenticatable < Base + class TwoFactorLdapAuthenticatable < Authenticatable def valid? - valid_params? && mapping.to.respond_to?(:authenticate_with_ldap) + (valid_for_params_auth? || valid_for_http_auth?) && mapping.to.respond_to?(:authenticate_with_ldap) end def authenticate! - resource = mapping.to.authenticate_with_ldap(params[scope]) + resource = mapping.to.authenticate_with_ldap(authentication_hash.merge(:password => password)) if resource && !resource.otp_required_for_login? success!(resource) @@ -23,7 +23,7 @@ module Devise protected def valid_params? - params[scope] && params[scope][:password].present? + super && params[scope][:password].present? end end end