devise_pam_authenticatable2 8.0.1 → 8.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 482d5ad23ad00bffb983c333e6af0d99572fc0841ac1316e613f276ae1e7f0e8
4
- data.tar.gz: 910ef5518bca33db2f0e718f7b42a7fa6f9abc44ef1cd5ad4d0ce3ab4a9bf9ef
3
+ metadata.gz: 98ebc063b9743d5b9be6b83c3efac4b12261ef60b9078709eb4f745d7c58621f
4
+ data.tar.gz: d1cefe9b39f534108b0e52af758522949baf22017c4f8a0e5c355d639d284874
5
5
  SHA512:
6
- metadata.gz: 3d07fad015738e2649b9967d5a61dfce29b98542c650361804365d6a03d94b1c0570e4f9a8ec108c2b86e12acb75daa1c6c5925a5f84ab58d5e05a5955b404ec
7
- data.tar.gz: 671923dc009bd24848a05ec6e8d1818b3b938e8c1a47e662d2c2e319a641cc9c739b60f21c823ec071378b1063c83df84f247bff1f4d3088e5a208a59466ef04
6
+ metadata.gz: a4cf642742de989f23211c18694f8e4319814162740acf38efbbcaef19a0609cb6f528032a2484609970e46bdfc2d60045d89c16aea1b3d1c5c5073047f3797a
7
+ data.tar.gz: 37ebe7f9a08eb7ef6e0ed87c266fbc5d6efced4c5036769f7c2f7bd2fc4dfe186d5b4df8212e2384b192ac885650c9c5d541eb864bc8cda9417ce0ce39f27334
data/README.md CHANGED
@@ -3,11 +3,13 @@ Devise - PAM Authentication
3
3
 
4
4
  devise\_pam\_authenticatable is a Devise (http://github.com/plataformatec/devise)
5
5
  extension for authenticating using PAM (Pluggable Authentication Modulues)
6
- via the rpam gem.
6
+ via the rpam2 gem.
7
7
 
8
8
  This allows you to authenticate against the local hosts authentication
9
9
  system including local account usernames and passwords.
10
10
 
11
+ Or use LDAP and other PAM modules for LDAP authentication.
12
+
11
13
  There are obvious security risks with using PAM authentication via a
12
14
  web-based application. Make sure you at least use SSL to keep usernames and
13
15
  passwords encrypted via HTTPS.
@@ -29,7 +31,7 @@ Important changes
29
31
  Versions before 4.0.0 are limitted compatible with database_authenticatable.
30
32
  Some removed code may can clash in earlier versions.
31
33
 
32
- Version 7.0.0 (and 5, 6) change method names. Check if everything is correct.
34
+ Version 5-8 change method names. Check if everything is correct. Sorry for the quick release cycle.
33
35
 
34
36
  Setup
35
37
  -----
@@ -41,16 +43,23 @@ In your Devise model, ensure the following is present:
41
43
 
42
44
  class User < ActiveRecord::Base
43
45
 
44
- devise :pam_authenticatable, pam_service: "system-auth", pam_suffix: "foo"
46
+ devise :pam_authenticatable, pam_service: 'system-auth', pam_suffix: 'pamlogin'
47
+
48
+ # in case there is no password set by other devise modules:
49
+ attr_accessor :password
50
+ @password = nil
45
51
 
46
- # Setup accessible (or protected) attributes for your model
47
- attr_accessible :password, :<username or email field>
52
+ # in case other devise modules complain about missing password
53
+ # and the password is not mirrored
54
+ def password_required?
55
+ false
56
+ end
48
57
 
49
58
  end
50
59
 
51
- pam_service: "system-auth" is optional. By default the pam service specified in config.pam_default_service is used.
60
+ pam_service: 'system-auth' is optional. By default the pam service specified in config.pam_default_service is used.
52
61
 
53
- pam_suffix: "foo" is optional. By default the pam email extraction suffix specified in config.pam_default_suffix is used.
62
+ pam_suffix: 'pamlogin' is optional. By default the pam email extraction suffix specified in config.pam_default_suffix is used.
54
63
 
55
64
  Options:
56
65
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 8.0.1
1
+ 8.0.2
@@ -2,16 +2,16 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: devise_pam_authenticatable2 8.0.1 ruby lib
5
+ # stub: devise_pam_authenticatable2 8.0.2 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "devise_pam_authenticatable2".freeze
9
- s.version = "8.0.1"
9
+ s.version = "8.0.2"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib".freeze]
13
13
  s.authors = ["James Wilson".freeze, "Alexander Kaftan".freeze]
14
- s.date = "2018-01-18"
14
+ s.date = "2018-01-23"
15
15
  s.description = "For authenticating against PAM (Pluggable Authentication Modules)".freeze
16
16
  s.email = "devkral@web.de".freeze
17
17
  s.extra_rdoc_files = [
@@ -17,9 +17,12 @@ module Devise
17
17
  def pam_get_name
18
18
  return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield]
19
19
  return nil unless ::Devise.emailfield && (suffix = find_pam_suffix)
20
+ # Regex is vulnerable to DOS attacks, use newline instead
20
21
  email = "#{self[::Devise.emailfield]}\n"
21
22
  pos = email.index("@#{suffix}\n")
22
- return nil unless pos
23
+ # deceptive emailaddresses use newlines, so check this here
24
+ # and return nil in case another newline is found.
25
+ return nil if !pos || email.count('\n') > 1
23
26
  email.slice(0, pos)
24
27
  end
25
28
 
@@ -31,7 +34,7 @@ module Devise
31
34
  def pam_conflict?
32
35
  # detect a conflict
33
36
  # use blank password as discriminator between traditional login and pam login
34
- respond_to?('password') && password.present? && is_pam_account?
37
+ respond_to?('encrypted_password') && encrypted_password.present? && is_pam_account?
35
38
  end
36
39
 
37
40
  def pam_conflict(_attributes)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_pam_authenticatable2
3
3
  version: !ruby/object:Gem::Version
4
- version: 8.0.1
4
+ version: 8.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Wilson
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2018-01-18 00:00:00.000000000 Z
12
+ date: 2018-01-23 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: devise