devise_pam_authenticatable2 3.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 16387d390e7ee4a8e8c85d26e353126718a25e07
+  data.tar.gz: 0ed2cccb98705bdf0144e8b5a0c08df4d76e58d0
+SHA512:
+  metadata.gz: c8ed07a8892ddbb2ac01d182dfc439f0f062a0384098e88ac1002423f532bc8183a93fdfb60538ca98f6cfb67e88638ca3d1381de4f4da7c76d5bdaf35b70234
+  data.tar.gz: ba2e9ec56067359e235c1d729a8c18f0a5c1ed27d883a80fc0adc59d1f89fdcd0964643de2b38e7efa406ce04c148bd0e31cb0792256f62ab0ea68e0e3bf946e

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 [name of plugin creator]
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,64 @@
+Devise - PAM Authentication
+===========================
+
+devise\_pam\_authenticatable is a Devise (http://github.com/plataformatec/devise)
+extension for authenticating using PAM (Pluggable Authentication Modulues)
+via the rpam gem.
+
+This allows you to authenticate against the local hosts authentication
+system including local account usernames and passwords.
+
+There are obvious security risks with using PAM authentication via a
+web-based application. Make sure you at least use SSL to keep usernames and
+passwords encrypted via HTTPS.
+
+Installation
+------------
+
+In the Gemfile for your application:
+
+    gem "devise_pam_authenticatable2"
+
+Or, to use the latest from github:
+
+    gem "devise_pam_authenticatable2", :git => "git://github.com/devkral/devise_pam_authenticatable2.git"
+
+Setup
+-----
+
+The devise_pam_authenticatable extension can use a username or extract the name from a special email address (suffix can be choosen)
+username field and email field are configurable
+
+In your Devise model, ensure the following is present:
+
+    class User < ActiveRecord::Base
+
+      devise :pam_authenticatable, pam_service: "system-auth", pam_suffix: "foo"
+
+      # Setup accessible (or protected) attributes for your model
+      attr_accessible :password, :<username or email field>
+
+    end
+
+pam_service: "system-auth" is optional. By default the pam service specified in config.pam_default_service is used.
+
+pam_suffix: "foo" is optional. By default the pam email extraction suffix specified in config.pam_default_suffix is used.
+
+Options:
+
+* config.pam_default_service = "rpam"
+* config.pam_default_suffix = nil # extraction disabled by default
+* config.pam_default_suffix = "pam" # username@pam = username
+* config.emailfield = "email" # set emailfield, set to nil if not available
+* config.usernamefield = "username" # set to nil to disable username (only email extraction)
+
+References
+----------
+
+* [Devise](http://github.com/plataformatec/devise)
+* [Warden](http://github.com/hassox/warden)
+
+
+Released under the MIT license
+
+Copyright (c) 2011 James Wilson, LithiumCorp Pty Ltd

data/Rakefile

@@ -0,0 +1,41 @@
+require 'rake'
+require 'rake/testtask'
+require 'rdoc'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the devise_pam_authenticatable plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the devise_pam_authenticatable plugin.'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'DevisePAMAuthenticatable'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "devise_pam_authenticatable2"
+    gemspec.summary = "Devise PAM authentication module using rpam2"
+    gemspec.description = "For authenticating against PAM (Pluggable Authentication Modules)"
+    gemspec.email = "devkral@web.de"
+    gemspec.homepage = "http://github.com/devkral/devise_pam_authenticatable2"
+    gemspec.license = "MIT"
+    gemspec.authors = ["James Wilson", "Alexander Kaftan"]
+    gemspec.add_runtime_dependency "devise", ">= 4.0.0"
+    gemspec.add_runtime_dependency "rpam2", "~> 3.0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end

data/VERSION

@@ -0,0 +1 @@
+3.0.0

data/devise_pam_authenticatable2.gemspec

@@ -0,0 +1,51 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+# stub: devise_pam_authenticatable2 3.0.0 ruby lib
+
+Gem::Specification.new do |s|
+  s.name = "devise_pam_authenticatable2".freeze
+  s.version = "3.0.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib".freeze]
+  s.authors = ["James Wilson".freeze, "Alexander Kaftan".freeze]
+  s.date = "2017-11-28"
+  s.description = "For authenticating against PAM (Pluggable Authentication Modules)".freeze
+  s.email = "devkral@web.de".freeze
+  s.extra_rdoc_files = [
+    "README.md"
+  ]
+  s.files = [
+    "MIT-LICENSE",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "devise_pam_authenticatable2.gemspec",
+    "lib/devise_pam_authenticatable.rb",
+    "lib/devise_pam_authenticatable/model.rb",
+    "lib/devise_pam_authenticatable/strategy.rb",
+    "lib/devise_pam_authenticatable2.rb"
+  ]
+  s.homepage = "http://github.com/devkral/devise_pam_authenticatable2".freeze
+  s.licenses = ["MIT".freeze]
+  s.rubygems_version = "2.6.13".freeze
+  s.summary = "Devise PAM authentication module using rpam2".freeze
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<devise>.freeze, [">= 4.0.0"])
+      s.add_runtime_dependency(%q<rpam2>.freeze, ["~> 3.0"])
+    else
+      s.add_dependency(%q<devise>.freeze, [">= 4.0.0"])
+      s.add_dependency(%q<rpam2>.freeze, ["~> 3.0"])
+    end
+  else
+    s.add_dependency(%q<devise>.freeze, [">= 4.0.0"])
+    s.add_dependency(%q<rpam2>.freeze, ["~> 3.0"])
+  end
+end
+

data/lib/devise_pam_authenticatable.rb

@@ -0,0 +1,20 @@
+require 'devise'
+require 'rpam2'
+
+require 'devise_pam_authenticatable/model'
+require 'devise_pam_authenticatable/strategy'
+module Devise
+  mattr_accessor :pam_default_service
+  @@pam_default_service = "rpam"
+  mattr_accessor :pam_default_suffix
+  @@pam_default_suffix = nil
+  mattr_accessor :emailfield
+  @@emailfield = "email"
+  mattr_accessor :usernamefield
+  @@usernamefield = "username"
+end
+Devise.add_module(:pam_authenticatable,
+                  :route => :session,
+                  :strategy   => true,
+                  :controller => :sessions,
+                  :model => "devise_pam_authenticatable/model")

data/lib/devise_pam_authenticatable/model.rb

@@ -0,0 +1,106 @@
+require 'devise_pam_authenticatable/strategy'
+
+module Devise
+  module Models
+    module PamAuthenticatable
+      def self.included(base)
+        base.class_eval do
+          extend ClassMethods
+          attr_accessor :password
+        end
+      end
+
+      def self.required_fields(klass)
+        []
+      end
+
+      # Set password to nil
+      def clean_up_passwords
+        self.password = nil
+      end
+
+      def get_service
+        return self.class.pam_service if self.class.instance_variable_defined?("@pam_service")
+        ::Devise::pam_default_service
+      end
+
+      def get_suffix
+        return self.class.pam_suffix if self.class.instance_variable_defined?("@pam_suffix")
+        ::Devise::pam_default_suffix
+      end
+
+      def pam_on_filled_pw(attributes)
+        # use blank password as discriminator between traditional login and pam login?
+        # to disable login with pam return nil elsewise return a (different?) user object
+        # as default assume there is no conflict and return user object
+        self
+      end
+
+      def pam_setup(attributes)
+        return unless ::Devise::emailfield && ::Devise::usernamefield
+        self[::Devise::emailfield] = Rpam2.getenv(get_service, get_pam_name, attributes[:password], "email", false)
+        self[::Devise::emailfield] = attributes[::Devise::emailfield] if self[::Devise::emailfield].nil?
+        self[::Devise::emailfield] = "#{self[::Devise::usernamefield]}@#{get_suffix}" if self[::Devise::emailfield].nil? && get_suffix
+      end
+
+      def password_required?
+        return false
+      end
+
+      def get_pam_name
+        return self[::Devise::usernamefield] if ::Devise::usernamefield
+        suffix = get_suffix()
+        return nil unless suffix && ::Devise::emailfield
+        email = "#{self[::Devise::emailfield]}\n"
+        pos = email.index("@#{suffix}\n")
+        return nil unless pos
+        email.slice(0, pos)
+      end
+
+      # Checks if a resource is valid upon authentication.
+      def valid_pam_authentication?(password)
+        Rpam2.auth(get_service, get_pam_name, password)
+      end
+
+      module ClassMethods
+        Devise::Models.config(self, :pam_service, :pam_suffix)
+
+        def authenticate_with_pam(attributes={})
+          if ::Devise::usernamefield && attributes[::Devise::usernamefield]
+            resource = where(::Devise::usernamefield => attributes[::Devise::usernamefield]).first
+
+            if resource.blank?
+              resource = new
+              resource[::Devise::usernamefield] = attributes[::Devise::usernamefield]
+            end
+          elsif ::Devise::emailfield
+            return nil unless attributes[::Devise::emailfield]
+            resource = where(::Devise::emailfield => attributes[::Devise::emailfield]).first
+
+            if resource.blank? && ::Devise::usernamefield.nil?
+              resource = new
+              resource[::Devise::emailfield] = attributes[::Devise::emailfield]
+            elsif resource.blank?
+              return nil
+            end
+          else
+            return nil
+          end
+
+          # potential conflict detected
+          resource = resource.pam_on_filled_pw(attributes) unless resource.password.blank?
+
+          if resource && resource.try(:valid_pam_authentication?, attributes[:password])
+            if resource.new_record?
+              resource.pam_setup(attributes)
+              resource.save!
+            end
+            return resource
+          else
+            return nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/devise_pam_authenticatable/strategy.rb

@@ -0,0 +1,15 @@
+require 'devise/strategies/base'
+
+class Devise::Strategies::PamAuthenticatable < Devise::Strategies::Authenticatable
+
+  def authenticate!
+    if resource = mapping.to.authenticate_with_pam(params[scope])
+      success!(resource)
+    else
+      fail(:invalid)
+    end
+  end
+
+end
+
+Warden::Strategies.add(:pam_authenticatable, Devise::Strategies::PamAuthenticatable)

data/lib/devise_pam_authenticatable2.rb

@@ -0,0 +1 @@
+require 'devise_pam_authenticatable'

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: devise_pam_authenticatable2
+version: !ruby/object:Gem::Version
+  version: 3.0.0
+platform: ruby
+authors:
+- James Wilson
+- Alexander Kaftan
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-11-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: devise
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: rpam2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: For authenticating against PAM (Pluggable Authentication Modules)
+email: devkral@web.de
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.md
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- VERSION
+- devise_pam_authenticatable2.gemspec
+- lib/devise_pam_authenticatable.rb
+- lib/devise_pam_authenticatable/model.rb
+- lib/devise_pam_authenticatable/strategy.rb
+- lib/devise_pam_authenticatable2.rb
+homepage: http://github.com/devkral/devise_pam_authenticatable2
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Devise PAM authentication module using rpam2
+test_files: []