Module: Devise::Models::PamAuthenticatable
- Defined in:
- lib/devise_pam_authenticatable/model.rb
Defined Under Namespace
Modules: ClassMethods
Instance Method Summary collapse
- #find_pam_service ⇒ Object
- #find_pam_suffix ⇒ Object
-
#pam_authentication(pw) ⇒ Object
Checks if a resource is valid upon authentication.
- #pam_conflict(_attributes) ⇒ Object
- #pam_conflict? ⇒ Boolean
- #pam_get_name ⇒ Object
- #pam_managed_user? ⇒ Boolean
- #pam_setup(attributes) ⇒ Object
Instance Method Details
#find_pam_service ⇒ Object
7 8 9 10 |
# File 'lib/devise_pam_authenticatable/model.rb', line 7 def find_pam_service return self.class.pam_service if self.class.instance_variable_defined?('@pam_service') ::Devise.pam_default_service end |
#find_pam_suffix ⇒ Object
12 13 14 15 |
# File 'lib/devise_pam_authenticatable/model.rb', line 12 def find_pam_suffix return self.class.pam_suffix if self.class.instance_variable_defined?('@pam_suffix') ::Devise.pam_default_suffix end |
#pam_authentication(pw) ⇒ Object
Checks if a resource is valid upon authentication.
55 56 57 58 |
# File 'lib/devise_pam_authenticatable/model.rb', line 55 def pam_authentication(pw) return nil unless pam_get_name Rpam2.auth(find_pam_service, pam_get_name, pw) end |
#pam_conflict(_attributes) ⇒ Object
40 41 42 43 44 45 |
# File 'lib/devise_pam_authenticatable/model.rb', line 40 def pam_conflict(_attributes) # solve conflict between other and pam related user accounts # to disable login with pam return nil elsewise return a (different?) user object # as default assume the conflict ok and return user object unchanged self end |
#pam_conflict? ⇒ Boolean
34 35 36 37 38 |
# File 'lib/devise_pam_authenticatable/model.rb', line 34 def pam_conflict? # detect a conflict # use blank password as discriminator between traditional login and pam login respond_to?('encrypted_password') && encrypted_password.present? && pam_managed_user? end |
#pam_get_name ⇒ Object
17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/devise_pam_authenticatable/model.rb', line 17 def pam_get_name return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield] return nil unless ::Devise.emailfield && (suffix = find_pam_suffix) # Regex is vulnerable to DOS attacks, use newline instead email = "#{self[::Devise.emailfield]}\n" pos = email.index("@#{suffix}\n") # deceptive emailaddresses use newlines, so check this here # and return nil in case another newline is found. return nil if !pos || email.count('\n') > 1 email.slice(0, pos) end |
#pam_managed_user? ⇒ Boolean
29 30 31 32 |
# File 'lib/devise_pam_authenticatable/model.rb', line 29 def pam_managed_user? return false unless pam_get_name Rpam2.account(find_pam_service, pam_get_name) end |
#pam_setup(attributes) ⇒ Object
47 48 49 50 51 52 |
# File 'lib/devise_pam_authenticatable/model.rb', line 47 def pam_setup(attributes) return unless ::Devise.emailfield && ::Devise.usernamefield self[::Devise.emailfield] = Rpam2.getenv(find_pam_service, pam_get_name, attributes[:password], 'email', false) self[::Devise.emailfield] = attributes[::Devise.emailfield] if self[::Devise.emailfield].nil? self[::Devise.emailfield] = "#{self[::Devise.usernamefield]}@#{find_pam_suffix}" if self[::Devise.emailfield].nil? && find_pam_suffix end |