From 2192d1e4920e2c6deffe9a205cc2ade27d4dc0b1 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@FreeBSD.org>
Date: Wed, 5 Aug 2020 10:07:31 -0500
Subject: [PATCH] Permit LDAP users to register without capturing their
 password hash We don't need it, and local auth fallback has been removed.

---
 lib/pleroma/user.ex                        | 19 +++++++++++++++++++
 lib/pleroma/web/auth/ldap_authenticator.ex |  7 +++----
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index 09e606b37..df9f34baa 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -638,6 +638,25 @@ defmodule Pleroma.User do
   @spec force_password_reset(User.t()) :: {:ok, User.t()} | {:error, Ecto.Changeset.t()}
   def force_password_reset(user), do: update_password_reset_pending(user, true)
 
+  # Used to auto-register LDAP accounts which don't have a password hash
+  def register_changeset(struct, params = %{password: password})
+      when is_nil(password) do
+    params = Map.put_new(params, :accepts_chat_messages, true)
+
+    struct
+    |> cast(params, [
+      :name,
+      :nickname,
+      :accepts_chat_messages
+    ])
+    |> unique_constraint(:nickname)
+    |> validate_exclusion(:nickname, Config.get([User, :restricted_nicknames]))
+    |> validate_format(:nickname, local_nickname_regex())
+    |> put_ap_id()
+    |> unique_constraint(:ap_id)
+    |> put_following_and_follower_address()
+  end
+
   def register_changeset(struct, params \\ %{}, opts \\ []) do
     bio_limit = Config.get([:instance, :user_bio_length], 5000)
     name_limit = Config.get([:instance, :user_name_length], 100)
diff --git a/lib/pleroma/web/auth/ldap_authenticator.ex b/lib/pleroma/web/auth/ldap_authenticator.ex
index ec47f6f91..f667da68b 100644
--- a/lib/pleroma/web/auth/ldap_authenticator.ex
+++ b/lib/pleroma/web/auth/ldap_authenticator.ex
@@ -88,7 +88,7 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
             user
 
           _ ->
-            register_user(connection, base, uid, name, password)
+            register_user(connection, base, uid, name)
         end
 
       error ->
@@ -96,7 +96,7 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
     end
   end
 
-  defp register_user(connection, base, uid, name, password) do
+  defp register_user(connection, base, uid, name) do
     case :eldap.search(connection, [
            {:base, to_charlist(base)},
            {:filter, :eldap.equalityMatch(to_charlist(uid), to_charlist(name))},
@@ -107,8 +107,7 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
         params = %{
           name: name,
           nickname: name,
-          password: password,
-          password_confirmation: password
+          password: nil
         }
 
         changeset = User.register_changeset(%User{}, params)