1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/mastodon_ynh.git synced 2024-09-03 19:46:02 +02:00

Patch mastodon for SSO

This commit is contained in:
Tagada 2022-01-11 19:27:16 +01:00
parent 536f2d51f2
commit 0f3c09c862
3 changed files with 60 additions and 4 deletions

View file

@ -36,3 +36,5 @@ $ screen -r
#### Multi-users support #### Multi-users support
LDAP authentication is activated. All YunoHost users can authenticate. LDAP authentication is activated. All YunoHost users can authenticate.
Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501

View file

@ -36,12 +36,10 @@ L'utilisateur admin est créé automatiquement comme : user@domain.tld
`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` `$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)`
## Documentation
* Documentation officielle : https://docs.joinmastodon.org/
## Caractéristiques spécifiques YunoHost ## Caractéristiques spécifiques YunoHost
#### Support multi-utilisateur #### Support multi-utilisateur
L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier. L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier.
Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501

View file

@ -0,0 +1,56 @@
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7c36bc6b8..3f691d102 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -69,7 +69,7 @@ class ApplicationController < ActionController::Base
end
def after_sign_out_path_for(_resource_or_scope)
- new_user_session_path
+ "https://#{File.read('/etc/yunohost/current_host')}/yunohost/sso/?action=logout"
end
protected
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 5232e6cfd..160348674 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -180,7 +180,7 @@ Devise.setup do |config|
# given strategies, for example, `config.http_authenticatable = [:database]` will
# enable it only for database authentication. The supported strategies are:
# :database = Support basic authentication with authentication key + password
- config.http_authenticatable = [:pam, :database]
+ config.http_authenticatable = [:two_factor_ldap, :pam, :database]
# If 401 status code should be returned for AJAX requests. True by default.
# config.http_authenticatable_on_xhr = true
diff --git a/lib/devise/two_factor_ldap_authenticatable.rb b/lib/devise/two_factor_ldap_authenticatable.rb
index 065aa2de8..0eb4be10c 100644
--- a/lib/devise/two_factor_ldap_authenticatable.rb
+++ b/lib/devise/two_factor_ldap_authenticatable.rb
@@ -5,13 +5,13 @@ require 'devise/strategies/base'
module Devise
module Strategies
- class TwoFactorLdapAuthenticatable < Base
+ class TwoFactorLdapAuthenticatable < Authenticatable
def valid?
- valid_params? && mapping.to.respond_to?(:authenticate_with_ldap)
+ (valid_for_params_auth? || valid_for_http_auth?) && mapping.to.respond_to?(:authenticate_with_ldap)
end
def authenticate!
- resource = mapping.to.authenticate_with_ldap(params[scope])
+ resource = mapping.to.authenticate_with_ldap(authentication_hash.merge(:password => password))
if resource && !resource.otp_required_for_login?
success!(resource)
@@ -23,7 +23,7 @@ module Devise
protected
def valid_params?
- params[scope] && params[scope][:password].present?
+ super && params[scope][:password].present?
end
end
end