Module: Devise::Models::PamAuthenticatable

Defined in:

lib/devise_pam_authenticatable/model.rb

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary

• #find_pam_service ⇒ Object
• #find_pam_suffix ⇒ Object
• #pam_authentication(pw, request = nil) ⇒ Object

  Checks if a resource is valid upon authentication.

• #pam_conflict(_attributes) ⇒ Object
• #pam_conflict? ⇒ Boolean
• #pam_get_name ⇒ Object
• #pam_managed_user? ⇒ Boolean
• #pam_setup(attributes) ⇒ Object

Instance Method Details

#find_pam_service ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 7

def find_pam_service
  return self.class.pam_service if self.class.instance_variable_defined?('@pam_service')
  ::Devise.pam_default_service
end

#find_pam_suffix ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 12

def find_pam_suffix
  return self.class.pam_suffix if self.class.instance_variable_defined?('@pam_suffix')
  ::Devise.pam_default_suffix
end

#pam_authentication(pw, request = nil) ⇒ Object

Checks if a resource is valid upon authentication.

# File 'lib/devise_pam_authenticatable/model.rb', line 56

def pam_authentication(pw, request = nil)
  return nil unless pam_get_name
  rhost = request.remote_ip if request rescue nil
  Rpam2.auth(find_pam_service, pam_get_name, pw, nil, rhost)
end

#pam_conflict(_attributes) ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 41

def pam_conflict(_attributes)
  # solve conflict between other and pam related user accounts
  # to disable login with pam return nil elsewise return a (different?) user object
  # as default assume the conflict ok and return user object unchanged
  self
end

#pam_conflict? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_pam_authenticatable/model.rb', line 35

def pam_conflict?
  # detect a conflict
  # use blank password as discriminator between traditional login and pam login
  respond_to?('encrypted_password') && encrypted_password.present? && pam_managed_user?
end

#pam_get_name ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 17

def pam_get_name
  return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield]
  return nil unless ::Devise.emailfield && (suffix = find_pam_suffix)
  # Regex is vulnerable to DOS attacks, use newline instead
  email = "#{self[::Devise.emailfield]}\n"
  pos = email.index("@#{suffix}\n")
  # deceptive emailaddresses use newlines, so check this here
  # and return nil in case another newline is found.
  # warning: don't try to optimize with '' \n. Escapes doesn't work in ''
  return nil if !pos || email.count("\n") > 1
  email.slice(0, pos)
end

#pam_managed_user? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/devise_pam_authenticatable/model.rb', line 30

def pam_managed_user?
  return false unless pam_get_name
  Rpam2.account(find_pam_service, pam_get_name)
end

#pam_setup(attributes) ⇒ Object

# File 'lib/devise_pam_authenticatable/model.rb', line 48

def pam_setup(attributes)
  return unless ::Devise.emailfield && ::Devise.usernamefield
  self[::Devise.emailfield] = Rpam2.getenv(find_pam_service, pam_get_name, attributes[:password], 'email', false)
  self[::Devise.emailfield] = attributes[::Devise.emailfield] if self[::Devise.emailfield].nil?
  self[::Devise.emailfield] = "#{self[::Devise.usernamefield]}@#{find_pam_suffix}" if self[::Devise.emailfield].nil? && find_pam_suffix
end