akkounts/app/models/user.rb

class User < ApplicationRecord
  include EmailValidatable

  # Relations
  has_many :invitations, dependent: :destroy
  has_one  :invitation, inverse_of: :invitee, foreign_key: 'invited_user_id'
  has_one  :inviter, through: :invitation, source: :user
  has_many :invitees, through: :invitations

  has_many :donations, dependent: :nullify

  has_one  :lndhub_user, class_name: "LndhubUser", inverse_of: "user",
                         primary_key: "ln_account", foreign_key: "login"

  has_many :accounts, through: :lndhub_user

  validates_uniqueness_of :cn
  validates_length_of :cn, :minimum => 3
  validates_format_of :cn, with: /\A([a-z0-9\-])*\z/,
                           if: Proc.new{ |u| u.cn.present? },
                           message: "is invalid. Please use only letters, numbers and -"
  validates_format_of :cn, without: /\A-/,
                           if: Proc.new{ |u| u.cn.present? },
                           message: "is invalid. Usernames need to start with a letter."
  validates_format_of :cn, without: /\A(#{Setting.reserved_usernames.join('|')})\z/i,
                           message: "has already been taken"

  validates_uniqueness_of :email
  validates :email, email: true

  scope :confirmed, -> { where.not(confirmed_at: nil) }
  scope :pending,   -> { where(confirmed_at: nil) }

  has_encrypted :ln_login, :ln_password

  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :ldap_authenticatable,
         :confirmable,
         :recoverable,
         :validatable

  def ldap_before_save
    self.email = Devise::LDAP::Adapter.get_ldap_param(self.cn, "mail").first
    self.ou    = dn.split(',')
                   .select{|e| e[0..1] == "ou"}.first
                   .delete_prefix("ou=")

    if self.confirmed_at.blank? && self.confirmation_token.blank?
      # User had an account with a trusted email address before akkounts was a thing
      self.confirmed_at = DateTime.now
    end
  end

  def devise_after_confirmation
    enable_service %w[ discourse ejabberd gitea mediawiki ]

    #TODO enable in development when we have easy setup of ejabberd etc.
    return if Rails.env.development?

    if inviter.present?
      exchange_xmpp_contact_with_inviter if Setting.ejabberd_enabled?
    end
  end

  def reset_password(new_password, new_password_confirmation)
    self.password = new_password
    self.password_confirmation = new_password_confirmation
    return false unless valid?

    Devise::LDAP::Adapter.update_password(login_with, new_password)
    clear_reset_password_token
    save
  end

  def is_admin?
    admin ||= if admin = Devise::LDAP::Adapter.get_ldap_param(self.cn, :admin)
                !!admin.first
              else
                false
              end
  end

  def address
    "#{self.cn}@#{self.ou}"
  end

  def valid_attribute?(attribute_name)
    self.valid?
    self.errors[attribute_name].blank?
  end

  def ln_create_invoice(payload)
    lndhub = Lndhub.new
    lndhub.authenticate self
    lndhub.addinvoice payload
  end

  def dn
    return @dn if defined?(@dn)
    @dn = Devise::LDAP::Adapter.get_dn(self.cn)
  end

  def ldap_entry
    ldap.fetch_users(uid: self.cn, ou: self.ou).first
  end

  def services_enabled
    ldap_entry[:service] || []
  end

  def enable_service(service)
    current_services = services_enabled
    new_services = Array(service).map(&:to_s)
    services = (current_services + new_services).uniq
    ldap.replace_attribute(dn, :service, services)
  end

  def disable_service(service)
    current_services = services_enabled
    disabled_services = Array(service).map(&:to_s)
    services = (current_services - disabled_services).uniq
    ldap.replace_attribute(dn, :service, services)
  end

  def disable_all_services
    ldap.delete_attribute(dn,:service)
  end

  def exchange_xmpp_contact_with_inviter
    return unless inviter.services_enabled.include?("ejabberd") &&
                  services_enabled.include?("ejabberd")
    XmppExchangeContactsJob.perform_later(inviter, self.cn, self.ou)
  end

  private

    def ldap
      return @ldap_service if defined?(@ldap_service)
      @ldap_service = LdapService.new
    end
end