Permit LDAP users to register without capturing their password hash

We don't need it, and local auth fallback has been removed.
This commit is contained in:
Mark Felder 2020-08-05 10:07:31 -05:00
parent d5e4d8a6f3
commit 2192d1e492
2 changed files with 22 additions and 4 deletions

View file

@ -638,6 +638,25 @@ def force_password_reset_async(user) do
@spec force_password_reset(User.t()) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
def force_password_reset(user), do: update_password_reset_pending(user, true)
# Used to auto-register LDAP accounts which don't have a password hash
def register_changeset(struct, params = %{password: password})
when is_nil(password) do
params = Map.put_new(params, :accepts_chat_messages, true)
struct
|> cast(params, [
:name,
:nickname,
:accepts_chat_messages
])
|> unique_constraint(:nickname)
|> validate_exclusion(:nickname, Config.get([User, :restricted_nicknames]))
|> validate_format(:nickname, local_nickname_regex())
|> put_ap_id()
|> unique_constraint(:ap_id)
|> put_following_and_follower_address()
end
def register_changeset(struct, params \\ %{}, opts \\ []) do
bio_limit = Config.get([:instance, :user_bio_length], 5000)
name_limit = Config.get([:instance, :user_name_length], 100)

View file

@ -88,7 +88,7 @@ defp bind_user(connection, ldap, name, password) do
user
_ ->
register_user(connection, base, uid, name, password)
register_user(connection, base, uid, name)
end
error ->
@ -96,7 +96,7 @@ defp bind_user(connection, ldap, name, password) do
end
end
defp register_user(connection, base, uid, name, password) do
defp register_user(connection, base, uid, name) do
case :eldap.search(connection, [
{:base, to_charlist(base)},
{:filter, :eldap.equalityMatch(to_charlist(uid), to_charlist(name))},
@ -107,8 +107,7 @@ defp register_user(connection, base, uid, name, password) do
params = %{
name: name,
nickname: name,
password: password,
password_confirmation: password
password: nil
}
changeset = User.register_changeset(%User{}, params)