Module: Devise::Models::PamAuthenticatable

Defined in:

lib/devise_pam_authenticatable/model.rb

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary

• #get_pam_name ⇒ Object
• #get_service ⇒ Object
• #get_suffix ⇒ Object
• #is_pam_account? ⇒ Boolean
• #pam_conflict(_attributes) ⇒ Object
• #pam_conflict? ⇒ Boolean
• #pam_setup(attributes) ⇒ Object
• #password_required? ⇒ Boolean
• #valid_pam_authentication?(pw) ⇒ Boolean

  Checks if a resource is valid upon authentication.

Instance Method Details

#get_pam_name ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 46

def get_pam_name
  return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield]
  suffix = get_suffix
  return nil unless suffix && ::Devise.emailfield
  email = "#{self[::Devise.emailfield]}\n"
  pos = email.index("@#{suffix}\n")
  return nil unless pos
  email.slice(0, pos)
end

#get_service ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 7

def get_service
  return self.class.pam_service if self.class.instance_variable_defined?('@pam_service')
  ::Devise.pam_default_service
end

#get_suffix ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 12

def get_suffix
  return self.class.pam_suffix if self.class.instance_variable_defined?('@pam_suffix')
  ::Devise.pam_default_suffix
end

#is_pam_account? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_pam_authenticatable/model.rb', line 30

def is_pam_account?
  return false unless get_pam_name
  Rpam2.account(get_service, get_pam_name)
end

#pam_conflict(_attributes) ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 17

def pam_conflict(_attributes)
  # solve conflict between other and pam related user accounts
  # to disable login with pam return nil elsewise return a (different?) user object
  # as default assume there is never a conflict and return user object unchanged
  self
end

#pam_conflict? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_pam_authenticatable/model.rb', line 24

def pam_conflict?
  # detect a conflict
  # use blank password as discriminator between traditional login and pam login
  resource.respond_to?('password') && resource.password.present? && is_pam_account?
end

#pam_setup(attributes) ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 35

def pam_setup(attributes)
  return unless ::Devise.emailfield && ::Devise.usernamefield
  self[::Devise.emailfield] = Rpam2.getenv(get_service, get_pam_name, attributes[:password], 'email', false)
  self[::Devise.emailfield] = attributes[::Devise.emailfield] if self[::Devise.emailfield].nil?
  self[::Devise.emailfield] = "#{self[::Devise.usernamefield]}@#{get_suffix}" if self[::Devise.emailfield].nil? && get_suffix
end

#password_required? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_pam_authenticatable/model.rb', line 42

def password_required?
  false
end

#valid_pam_authentication?(pw) ⇒ Boolean

Checks if a resource is valid upon authentication.

Returns:

• (Boolean)

# File 'lib/devise_pam_authenticatable/model.rb', line 57

def valid_pam_authentication?(pw)
  return nil unless get_pam_name
  Rpam2.auth(get_service, get_pam_name, pw)
end