Permit LDAP users to register without capturing their password hash

We don't need it, and local auth fallback has been removed.
2020-08-05 10:07:31 -05:00 · 2020-08-05 10:07:31 -05:00 · 2192d1e492
commit 2192d1e492
parent d5e4d8a6f3
2 changed files with 22 additions and 4 deletions
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -638,6 +638,25 @@ def force_password_reset_async(user) do
  @spec force_password_reset(User.t()) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
  def force_password_reset(user), do: update_password_reset_pending(user, true)

+  # Used to auto-register LDAP accounts which don't have a password hash
+  def register_changeset(struct, params = %{password: password})
+      when is_nil(password) do
+    params = Map.put_new(params, :accepts_chat_messages, true)
+
+    struct
+    |> cast(params, [
+      :name,
+      :nickname,
+      :accepts_chat_messages
+    ])
+    |> unique_constraint(:nickname)
+    |> validate_exclusion(:nickname, Config.get([User, :restricted_nicknames]))
+    |> validate_format(:nickname, local_nickname_regex())
+    |> put_ap_id()
+    |> unique_constraint(:ap_id)
+    |> put_following_and_follower_address()
+  end
+
  def register_changeset(struct, params \\ %{}, opts \\ []) do
    bio_limit = Config.get([:instance, :user_bio_length], 5000)
    name_limit = Config.get([:instance, :user_name_length], 100)
--- a/lib/pleroma/web/auth/ldap_authenticator.ex
+++ b/lib/pleroma/web/auth/ldap_authenticator.ex
@ -88,7 +88,7 @@ defp bind_user(connection, ldap, name, password) do
            user

          _ ->
-            register_user(connection, base, uid, name, password)
+            register_user(connection, base, uid, name)
        end

      error ->
@ -96,7 +96,7 @@ defp bind_user(connection, ldap, name, password) do
    end
  end

-  defp register_user(connection, base, uid, name, password) do
+  defp register_user(connection, base, uid, name) do
    case :eldap.search(connection, [
           {:base, to_charlist(base)},
           {:filter, :eldap.equalityMatch(to_charlist(uid), to_charlist(name))},
@ -107,8 +107,7 @@ defp register_user(connection, base, uid, name, password) do
        params = %{
          name: name,
          nickname: name,
-          password: password,
-          password_confirmation: password
+          password: nil
        }

        changeset = User.register_changeset(%User{}, params)