Module: Devise::Models::PamAuthenticatable
- Defined in:
- lib/devise_pam_authenticatable/model.rb
Defined Under Namespace
Modules: ClassMethods
Instance Method Summary collapse
- #find_pam_service ⇒ Object
- #find_pam_suffix ⇒ Object
-
#pam_authentication(pw, request = nil) ⇒ Object
Checks if a resource is valid upon authentication.
- #pam_conflict(_attributes) ⇒ Object
- #pam_conflict? ⇒ Boolean
- #pam_get_name ⇒ Object
- #pam_managed_user? ⇒ Boolean
- #pam_setup(attributes) ⇒ Object
Instance Method Details
#find_pam_service ⇒ Object
7 8 9 10 |
# File 'lib/devise_pam_authenticatable/model.rb', line 7 def find_pam_service return self.class.pam_service if self.class.instance_variable_defined?('@pam_service') ::Devise.pam_default_service end |
#find_pam_suffix ⇒ Object
12 13 14 15 |
# File 'lib/devise_pam_authenticatable/model.rb', line 12 def find_pam_suffix return self.class.pam_suffix if self.class.instance_variable_defined?('@pam_suffix') ::Devise.pam_default_suffix end |
#pam_authentication(pw, request = nil) ⇒ Object
Checks if a resource is valid upon authentication.
56 57 58 59 60 |
# File 'lib/devise_pam_authenticatable/model.rb', line 56 def pam_authentication(pw, request = nil) return nil unless pam_get_name rhost = request.remote_ip if request rescue nil Rpam2.auth(find_pam_service, pam_get_name, pw, nil, rhost) end |
#pam_conflict(_attributes) ⇒ Object
41 42 43 44 45 46 |
# File 'lib/devise_pam_authenticatable/model.rb', line 41 def pam_conflict(_attributes) # solve conflict between other and pam related user accounts # to disable login with pam return nil elsewise return a (different?) user object # as default assume the conflict ok and return user object unchanged self end |
#pam_conflict? ⇒ Boolean
35 36 37 38 39 |
# File 'lib/devise_pam_authenticatable/model.rb', line 35 def pam_conflict? # detect a conflict # use blank password as discriminator between traditional login and pam login respond_to?('encrypted_password') && encrypted_password.present? && pam_managed_user? end |
#pam_get_name ⇒ Object
17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'lib/devise_pam_authenticatable/model.rb', line 17 def pam_get_name return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield] return nil unless ::Devise.emailfield && (suffix = find_pam_suffix) # Regex is vulnerable to DOS attacks, use newline instead email = "#{self[::Devise.emailfield]}\n" pos = email.index("@#{suffix}\n") # deceptive emailaddresses use newlines, so check this here # and return nil in case another newline is found. # warning: don't try to optimize with '' \n. Escapes doesn't work in '' return nil if !pos || email.count("\n") > 1 email.slice(0, pos) end |
#pam_managed_user? ⇒ Boolean
30 31 32 33 |
# File 'lib/devise_pam_authenticatable/model.rb', line 30 def pam_managed_user? return false unless pam_get_name Rpam2.account(find_pam_service, pam_get_name) end |
#pam_setup(attributes) ⇒ Object
48 49 50 51 52 53 |
# File 'lib/devise_pam_authenticatable/model.rb', line 48 def pam_setup(attributes) return unless ::Devise.emailfield && ::Devise.usernamefield self[::Devise.emailfield] = Rpam2.getenv(find_pam_service, pam_get_name, attributes[:password], 'email', false) self[::Devise.emailfield] = attributes[::Devise.emailfield] if self[::Devise.emailfield].nil? self[::Devise.emailfield] = "#{self[::Devise.usernamefield]}@#{find_pam_suffix}" if self[::Devise.emailfield].nil? && find_pam_suffix end |