vicvans20/0RailsLdapLoginWithEmailOrUsername.md

## 0RailsLdapLoginWithEmailOrUsername.md

      
    Raw
  

              0RailsLdapLoginWithEmailOrUsername.md
            
          
    Rails with ActiveDirectory/Devise login with email or username (using devise_ldap_authenticatable gem)

  
## application_controller.rb
def configure_permitted_parameters
  devise_parameter_sanitizer.permit(:sign_up) do |user_params|
    user_params.permit(:ad_username, :first_name, :last_name, :email, :password, :password_confirmation)
  end
  devise_parameter_sanitizer.permit(:sign_in) do |user_params|
    user_params.permit(:loginer, :first_name, :last_name, :email, :password, :password_confirmation)
  end
  devise_parameter_sanitizer.permit(:account_update) do |user_params|
    user_params.permit(:ad_username, :first_name, :last_name, :email, :password, :password_confirmation, :current_password, :job)
  end
end

## devise.rb
Devise.setup do |config|
  # ...
  config.authentication_keys = [ :loginer ]
  # ...
end

## new.html.erb
<!-- views/devise/sessions/new.html.erb -->
<!-- ... -->
<div class="field">
  <div class="ui left icon input">
    <i class="user icon"></i>
    <%= f.input :loginer, required: false, placeholder: 'email@dnp.com.ni', autofocus: true, label: false, wrapper: false, class: '' %>
  </div>
</div>
<div class="field">
  <div class="ui left icon input">
    <i class="lock icon"></i>
    <%= f.input :password, required: false, label: false, wrapper: false %>
  </div>
</div>
<!-- ... -->

## user.rb
class User < ApplicationRecord
  attr_accessor :loginer # Virtual attribute for email or username login

  validates :ad_username, uniqueness: { case_sensitive: false }
  validates_format_of :ad_username, with: /^[a-zA-Z0-9_\.]*$/, :multiline => true

  # Override ldap method
  def self.find_for_ldap_authentication(attributes)
    # Attributes should contain loginer and password values
    auth_key = :loginer # always
    return nil unless attributes[auth_key].present?
    Rails.logger.debug "Loginer is present"

    loginer = attributes[auth_key] # value for username or email

    resource = where("lower(ad_username) = :value OR lower(email) = :value", value: loginer.downcase).first # find by email or username

    # If BLANK create new user object to log in with AD
    if resource.blank?
      Rails.logger.debug "No resource"
      resource = new
      resource[:ad_username] = loginer
      resource.password = attributes[:password]
    end

    # If new record run callback ldap_before_save and save object.
    if ::Devise.ldap_create_user && resource.new_record? && resource.valid_ldap_authentication?(attributes[:password])
       Rails.logger.debug "NEW resource"
      resource.ldap_before_save if resource.respond_to?(:ldap_before_save)
      resource.save!
    end

    # Return object of user
    resource
  end

  # Override LDAP method. Set ldap devise login attribute to :ad_username.
  # If signing in with email, the resource found should have a ad_username as well
  def login_with
    @login_with ||= :ad_username
    self[@login_with]
  end
end
	def configure_permitted_parameters
	devise_parameter_sanitizer.permit(:sign_up) do \|user_params\|
	user_params.permit(:ad_username, :first_name, :last_name, :email, :password, :password_confirmation)
	end
	devise_parameter_sanitizer.permit(:sign_in) do \|user_params\|
	user_params.permit(:loginer, :first_name, :last_name, :email, :password, :password_confirmation)
	end
	devise_parameter_sanitizer.permit(:account_update) do \|user_params\|
	user_params.permit(:ad_username, :first_name, :last_name, :email, :password, :password_confirmation, :current_password, :job)
	end
	end
	Devise.setup do \|config\|
	# ...
	config.authentication_keys = [ :loginer ]
	# ...
	end
	<!-- views/devise/sessions/new.html.erb -->
	<!-- ... -->
	<div class="field">
	<div class="ui left icon input">
	<i class="user icon"></i>
	<%= f.input :loginer, required: false, placeholder: 'email@dnp.com.ni', autofocus: true, label: false, wrapper: false, class: '' %>
	</div>
	</div>
	<div class="field">
	<div class="ui left icon input">
	<i class="lock icon"></i>
	<%= f.input :password, required: false, label: false, wrapper: false %>
	</div>
	</div>
	<!-- ... -->
	class User < ApplicationRecord
	attr_accessor :loginer # Virtual attribute for email or username login

	validates :ad_username, uniqueness: { case_sensitive: false }
	validates_format_of :ad_username, with: /^[a-zA-Z0-9_\.]*$/, :multiline => true

	# Override ldap method
	def self.find_for_ldap_authentication(attributes)
	# Attributes should contain loginer and password values
	auth_key = :loginer # always
	return nil unless attributes[auth_key].present?
	Rails.logger.debug "Loginer is present"

	loginer = attributes[auth_key] # value for username or email

	resource = where("lower(ad_username) = :value OR lower(email) = :value", value: loginer.downcase).first # find by email or username

	# If BLANK create new user object to log in with AD
	if resource.blank?
	Rails.logger.debug "No resource"
	resource = new
	resource[:ad_username] = loginer
	resource.password = attributes[:password]
	end

	# If new record run callback ldap_before_save and save object.
	if ::Devise.ldap_create_user && resource.new_record? && resource.valid_ldap_authentication?(attributes[:password])
	Rails.logger.debug "NEW resource"
	resource.ldap_before_save if resource.respond_to?(:ldap_before_save)
	resource.save!
	end

	# Return object of user
	resource
	end

	# Override LDAP method. Set ldap devise login attribute to :ad_username.
	# If signing in with email, the resource found should have a ad_username as well
	def login_with
	@login_with \|\|= :ad_username
	self[@login_with]
	end
	end