devise_pam_authenticatable2 8.0.1 → 8.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +16 -7
- data/VERSION +1 -1
- data/devise_pam_authenticatable2.gemspec +3 -3
- data/lib/devise_pam_authenticatable/model.rb +5 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 98ebc063b9743d5b9be6b83c3efac4b12261ef60b9078709eb4f745d7c58621f
|
|
4
|
+
data.tar.gz: d1cefe9b39f534108b0e52af758522949baf22017c4f8a0e5c355d639d284874
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4cf642742de989f23211c18694f8e4319814162740acf38efbbcaef19a0609cb6f528032a2484609970e46bdfc2d60045d89c16aea1b3d1c5c5073047f3797a
|
|
7
|
+
data.tar.gz: 37ebe7f9a08eb7ef6e0ed87c266fbc5d6efced4c5036769f7c2f7bd2fc4dfe186d5b4df8212e2384b192ac885650c9c5d541eb864bc8cda9417ce0ce39f27334
|
data/README.md
CHANGED
|
@@ -3,11 +3,13 @@ Devise - PAM Authentication
|
|
|
3
3
|
|
|
4
4
|
devise\_pam\_authenticatable is a Devise (http://github.com/plataformatec/devise)
|
|
5
5
|
extension for authenticating using PAM (Pluggable Authentication Modulues)
|
|
6
|
-
via the
|
|
6
|
+
via the rpam2 gem.
|
|
7
7
|
|
|
8
8
|
This allows you to authenticate against the local hosts authentication
|
|
9
9
|
system including local account usernames and passwords.
|
|
10
10
|
|
|
11
|
+
Or use LDAP and other PAM modules for LDAP authentication.
|
|
12
|
+
|
|
11
13
|
There are obvious security risks with using PAM authentication via a
|
|
12
14
|
web-based application. Make sure you at least use SSL to keep usernames and
|
|
13
15
|
passwords encrypted via HTTPS.
|
|
@@ -29,7 +31,7 @@ Important changes
|
|
|
29
31
|
Versions before 4.0.0 are limitted compatible with database_authenticatable.
|
|
30
32
|
Some removed code may can clash in earlier versions.
|
|
31
33
|
|
|
32
|
-
Version
|
|
34
|
+
Version 5-8 change method names. Check if everything is correct. Sorry for the quick release cycle.
|
|
33
35
|
|
|
34
36
|
Setup
|
|
35
37
|
-----
|
|
@@ -41,16 +43,23 @@ In your Devise model, ensure the following is present:
|
|
|
41
43
|
|
|
42
44
|
class User < ActiveRecord::Base
|
|
43
45
|
|
|
44
|
-
devise :pam_authenticatable, pam_service:
|
|
46
|
+
devise :pam_authenticatable, pam_service: 'system-auth', pam_suffix: 'pamlogin'
|
|
47
|
+
|
|
48
|
+
# in case there is no password set by other devise modules:
|
|
49
|
+
attr_accessor :password
|
|
50
|
+
@password = nil
|
|
45
51
|
|
|
46
|
-
#
|
|
47
|
-
|
|
52
|
+
# in case other devise modules complain about missing password
|
|
53
|
+
# and the password is not mirrored
|
|
54
|
+
def password_required?
|
|
55
|
+
false
|
|
56
|
+
end
|
|
48
57
|
|
|
49
58
|
end
|
|
50
59
|
|
|
51
|
-
pam_service:
|
|
60
|
+
pam_service: 'system-auth' is optional. By default the pam service specified in config.pam_default_service is used.
|
|
52
61
|
|
|
53
|
-
pam_suffix:
|
|
62
|
+
pam_suffix: 'pamlogin' is optional. By default the pam email extraction suffix specified in config.pam_default_suffix is used.
|
|
54
63
|
|
|
55
64
|
Options:
|
|
56
65
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
8.0.
|
|
1
|
+
8.0.2
|
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: devise_pam_authenticatable2 8.0.
|
|
5
|
+
# stub: devise_pam_authenticatable2 8.0.2 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "devise_pam_authenticatable2".freeze
|
|
9
|
-
s.version = "8.0.
|
|
9
|
+
s.version = "8.0.2"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib".freeze]
|
|
13
13
|
s.authors = ["James Wilson".freeze, "Alexander Kaftan".freeze]
|
|
14
|
-
s.date = "2018-01-
|
|
14
|
+
s.date = "2018-01-23"
|
|
15
15
|
s.description = "For authenticating against PAM (Pluggable Authentication Modules)".freeze
|
|
16
16
|
s.email = "devkral@web.de".freeze
|
|
17
17
|
s.extra_rdoc_files = [
|
|
@@ -17,9 +17,12 @@ module Devise
|
|
|
17
17
|
def pam_get_name
|
|
18
18
|
return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield]
|
|
19
19
|
return nil unless ::Devise.emailfield && (suffix = find_pam_suffix)
|
|
20
|
+
# Regex is vulnerable to DOS attacks, use newline instead
|
|
20
21
|
email = "#{self[::Devise.emailfield]}\n"
|
|
21
22
|
pos = email.index("@#{suffix}\n")
|
|
22
|
-
|
|
23
|
+
# deceptive emailaddresses use newlines, so check this here
|
|
24
|
+
# and return nil in case another newline is found.
|
|
25
|
+
return nil if !pos || email.count('\n') > 1
|
|
23
26
|
email.slice(0, pos)
|
|
24
27
|
end
|
|
25
28
|
|
|
@@ -31,7 +34,7 @@ module Devise
|
|
|
31
34
|
def pam_conflict?
|
|
32
35
|
# detect a conflict
|
|
33
36
|
# use blank password as discriminator between traditional login and pam login
|
|
34
|
-
respond_to?('
|
|
37
|
+
respond_to?('encrypted_password') && encrypted_password.present? && is_pam_account?
|
|
35
38
|
end
|
|
36
39
|
|
|
37
40
|
def pam_conflict(_attributes)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_pam_authenticatable2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.0.
|
|
4
|
+
version: 8.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Wilson
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2018-01-
|
|
12
|
+
date: 2018-01-23 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: devise
|