Add LDAP logins and password resets, config, etc.

app/controllers/application_controller.rb

@@ -1,2 +1,5 @@
 class ApplicationController < ActionController::Base
+  rescue_from DeviseLdapAuthenticatable::LdapException do |exception|
+    render :text => exception, :status => 500
+  end
 end

app/controllers/devise/passwords_controller.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+class Devise::PasswordsController < DeviseController
+  prepend_before_action :require_no_authentication
+  # Render the #edit only if coming from a reset password email link
+  append_before_action :assert_reset_token_passed, only: :edit
+
+  # GET /resource/password/new
+  def new
+    self.resource = resource_class.new
+  end
+
+  # POST /resource/password
+  def create
+    self.resource = resource_class.send_reset_password_instructions(resource_params)
+    yield resource if block_given?
+
+    if successfully_sent?(resource)
+      respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
+    else
+      respond_with(resource)
+    end
+  end
+
+  # GET /resource/password/edit?reset_password_token=abcdef
+  def edit
+    self.resource = resource_class.new
+    set_minimum_password_length
+    resource.reset_password_token = params[:reset_password_token]
+  end
+
+  # PUT /resource/password
+  def update
+    self.resource = resource_class.reset_password_by_token(resource_params)
+    yield resource if block_given?
+
+    if resource.errors.empty?
+      resource.unlock_access! if unlockable?(resource)
+      if Devise.sign_in_after_reset_password
+        flash_message = resource.active_for_authentication? ? :updated : :updated_not_active
+        set_flash_message!(:notice, flash_message)
+        resource.after_ldap_authentication
+        sign_in(resource_name, resource)
+      else
+        set_flash_message!(:notice, :updated_not_active)
+      end
+      respond_with resource, location: after_resetting_password_path_for(resource)
+    else
+      set_minimum_password_length
+      respond_with resource
+    end
+  end
+
+  protected
+    def after_resetting_password_path_for(resource)
+      Devise.sign_in_after_reset_password ? after_sign_in_path_for(resource) : new_session_path(resource_name)
+    end
+
+    # The path used after sending reset password instructions
+    def after_sending_reset_password_instructions_path_for(resource_name)
+      new_session_path(resource_name) if is_navigational_format?
+    end
+
+    # Check if a reset_password_token is provided in the request
+    def assert_reset_token_passed
+      if params[:reset_password_token].blank?
+        set_flash_message(:alert, :no_token)
+        redirect_to new_session_path(resource_name)
+      end
+    end
+
+    # Check if proper Lockable module methods are present & unlock strategy
+    # allows to unlock resource on password reset
+    def unlockable?(resource)
+      resource.respond_to?(:unlock_access!) &&
+        resource.respond_to?(:unlock_strategy_enabled?) &&
+        resource.unlock_strategy_enabled?(:email)
+    end
+
+    def translation_scope
+      'devise.passwords'
+    end
+end

app/controllers/ldap_users_controller.rb

@@ -16,6 +16,7 @@ class LdapUsersController < ApplicationController
         uid: e.uid.first,
         mail: e.try(:mail) ? e.mail.first : nil,
         admin: e.try(:admin) ? 'admin' : nil
+        # password: e.userpassword.first
       }
     end
     # ldap_client.get_operation_result
@@ -25,12 +26,16 @@ class LdapUsersController < ApplicationController
 
   def ldap_client
     ldap_client ||= Net::LDAP.new host: ENV['LDAP_HOST'],
-      port: ENV['LDAP_PORT'],
-      encryption: ENV['LDAP_USE_TLS'] ? :simple_tls : nil,
+      port: ldap_config['port'],
+      encryption: ldap_config['ssl'],
       auth: {
         method: :simple,
-        username: Rails.application.credentials.ldap[:username],
-        password: Rails.application.credentials.ldap[:password]
+        username: ldap_config['admin_user'],
+        password: ldap_config['admin_password']
       }
   end
+
+  def ldap_config
+    ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
+  end
 end

app/controllers/settings_controller.rb

@@ -0,0 +1,4 @@
+class SettingsController < ApplicationController
+  def index
+  end
+end

app/controllers/welcome_controller.rb

@@ -1,4 +1,7 @@
 class WelcomeController < ApplicationController
   def index
+    if user_signed_in?
+      redirect_to settings_path and return
+    end
   end
 end