class User < ApplicationRecord include EmailValidatable # Relations has_many :invitations, dependent: :destroy has_one :invitation, inverse_of: :invitee, foreign_key: 'invited_user_id' has_one :inviter, through: :invitation, source: :user has_many :invitees, through: :invitations has_many :donations, dependent: :nullify has_one :lndhub_user, class_name: "LndhubUser", inverse_of: "user", primary_key: "ln_account", foreign_key: "login" has_many :accounts, through: :lndhub_user has_many :remote_storage_authorizations validates_uniqueness_of :cn validates_length_of :cn, :minimum => 3 validates_format_of :cn, with: /\A([a-z0-9\-])*\z/, if: Proc.new{ |u| u.cn.present? }, message: "is invalid. Please use only letters, numbers and -" validates_format_of :cn, without: /\A-/, if: Proc.new{ |u| u.cn.present? }, message: "is invalid. Usernames need to start with a letter." validates_format_of :cn, without: /\A(#{Setting.reserved_usernames.join('|')})\z/i, message: "has already been taken" validates_uniqueness_of :email validates :email, email: true scope :confirmed, -> { where.not(confirmed_at: nil) } scope :pending, -> { where(confirmed_at: nil) } has_encrypted :ln_login, :ln_password # Include default devise modules. Others available are: # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable devise :ldap_authenticatable, :confirmable, :recoverable, :validatable def ldap_before_save self.email = Devise::LDAP::Adapter.get_ldap_param(self.cn, "mail").first self.ou = dn.split(',') .select{|e| e[0..1] == "ou"}.first .delete_prefix("ou=") if self.confirmed_at.blank? && self.confirmation_token.blank? # User had an account with a trusted email address before akkounts was a thing self.confirmed_at = DateTime.now end end def devise_after_confirmation enable_service %w[ discourse ejabberd gitea mediawiki ] #TODO enable in development when we have easy setup of ejabberd etc. return if Rails.env.development? if inviter.present? exchange_xmpp_contact_with_inviter if Setting.ejabberd_enabled? end end def reset_password(new_password, new_password_confirmation) self.password = new_password self.password_confirmation = new_password_confirmation return false unless valid? Devise::LDAP::Adapter.update_password(login_with, new_password) clear_reset_password_token save end def is_admin? admin ||= if admin = Devise::LDAP::Adapter.get_ldap_param(self.cn, :admin) !!admin.first else false end end def address "#{self.cn}@#{self.ou}" end def valid_attribute?(attribute_name) self.valid? self.errors[attribute_name].blank? end def ln_create_invoice(payload) lndhub = Lndhub.new lndhub.authenticate self lndhub.addinvoice payload end def dn return @dn if defined?(@dn) @dn = Devise::LDAP::Adapter.get_dn(self.cn) end def ldap_entry ldap.fetch_users(uid: self.cn, ou: self.ou).first end def services_enabled ldap_entry[:service] || [] end def enable_service(service) current_services = services_enabled new_services = Array(service).map(&:to_s) services = (current_services + new_services).uniq ldap.replace_attribute(dn, :service, services) end def disable_service(service) current_services = services_enabled disabled_services = Array(service).map(&:to_s) services = (current_services - disabled_services).uniq ldap.replace_attribute(dn, :service, services) end def disable_all_services ldap.delete_attribute(dn,:service) end def exchange_xmpp_contact_with_inviter return unless inviter.services_enabled.include?("ejabberd") && services_enabled.include?("ejabberd") XmppExchangeContactsJob.perform_later(inviter, self.cn, self.ou) end private def ldap return @ldap_service if defined?(@ldap_service) @ldap_service = LdapService.new end end