devise_pam_authenticatable2 3.0.0 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/VERSION +1 -1
- data/devise_pam_authenticatable2.gemspec +3 -3
- data/lib/devise_pam_authenticatable.rb +6 -4
- data/lib/devise_pam_authenticatable/model.rb +38 -51
- data/lib/devise_pam_authenticatable/strategy.rb +5 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4f9628d3cf2664bae5f639899ba105b4c7bbcfb2
|
|
4
|
+
data.tar.gz: b7be5e5d0e46c978b11952d5b760a13779c53493
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2c3ba8094e16ece90da12a97d38ff4ea0b867fceb42a81293accdfe0c0fe20a1a1773ad4892e44ae75c445e068d5cdb9519f5b742a9ebe1536c4d0b784a91e36
|
|
7
|
+
data.tar.gz: 53bfd564175eb464ebadfc3e89baeabcf0e3a56eb4e38504df28faa73d82fbd2326f45c6ab7e149d742e4d600d0b13aee1a95cf5e196e6b20dcf45ed8bf628bc
|
data/README.md
CHANGED
|
@@ -51,6 +51,7 @@ Options:
|
|
|
51
51
|
* config.pam_default_suffix = "pam" # username@pam = username
|
|
52
52
|
* config.emailfield = "email" # set emailfield, set to nil if not available
|
|
53
53
|
* config.usernamefield = "username" # set to nil to disable username (only email extraction)
|
|
54
|
+
* config.check_at_sign = false # detect if email field contains username by @ sign (make sure names cannot contain @ signs)
|
|
54
55
|
|
|
55
56
|
References
|
|
56
57
|
----------
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
4.0.0
|
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: devise_pam_authenticatable2
|
|
5
|
+
# stub: devise_pam_authenticatable2 4.0.0 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "devise_pam_authenticatable2".freeze
|
|
9
|
-
s.version = "
|
|
9
|
+
s.version = "4.0.0"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib".freeze]
|
|
13
13
|
s.authors = ["James Wilson".freeze, "Alexander Kaftan".freeze]
|
|
14
|
-
s.date = "
|
|
14
|
+
s.date = "2018-01-16"
|
|
15
15
|
s.description = "For authenticating against PAM (Pluggable Authentication Modules)".freeze
|
|
16
16
|
s.email = "devkral@web.de".freeze
|
|
17
17
|
s.extra_rdoc_files = [
|
|
@@ -5,16 +5,18 @@ require 'devise_pam_authenticatable/model'
|
|
|
5
5
|
require 'devise_pam_authenticatable/strategy'
|
|
6
6
|
module Devise
|
|
7
7
|
mattr_accessor :pam_default_service
|
|
8
|
-
@@pam_default_service =
|
|
8
|
+
@@pam_default_service = 'rpam'
|
|
9
9
|
mattr_accessor :pam_default_suffix
|
|
10
10
|
@@pam_default_suffix = nil
|
|
11
11
|
mattr_accessor :emailfield
|
|
12
|
-
@@emailfield =
|
|
12
|
+
@@emailfield = 'email'
|
|
13
13
|
mattr_accessor :usernamefield
|
|
14
|
-
@@usernamefield =
|
|
14
|
+
@@usernamefield = 'username'
|
|
15
|
+
mattr_accessor :check_at_sign
|
|
16
|
+
@@check_at_sign = false
|
|
15
17
|
end
|
|
16
18
|
Devise.add_module(:pam_authenticatable,
|
|
17
19
|
:route => :session,
|
|
18
20
|
:strategy => true,
|
|
19
21
|
:controller => :sessions,
|
|
20
|
-
:model =>
|
|
22
|
+
:model => 'devise_pam_authenticatable/model')
|
|
@@ -3,33 +3,18 @@ require 'devise_pam_authenticatable/strategy'
|
|
|
3
3
|
module Devise
|
|
4
4
|
module Models
|
|
5
5
|
module PamAuthenticatable
|
|
6
|
-
def self.included(base)
|
|
7
|
-
base.class_eval do
|
|
8
|
-
extend ClassMethods
|
|
9
|
-
attr_accessor :password
|
|
10
|
-
end
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def self.required_fields(klass)
|
|
14
|
-
[]
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
# Set password to nil
|
|
18
|
-
def clean_up_passwords
|
|
19
|
-
self.password = nil
|
|
20
|
-
end
|
|
21
6
|
|
|
22
7
|
def get_service
|
|
23
|
-
return self.class.pam_service if self.class.instance_variable_defined?(
|
|
24
|
-
::Devise
|
|
8
|
+
return self.class.pam_service if self.class.instance_variable_defined?('@pam_service')
|
|
9
|
+
::Devise.pam_default_service
|
|
25
10
|
end
|
|
26
11
|
|
|
27
12
|
def get_suffix
|
|
28
|
-
return self.class.pam_suffix if self.class.instance_variable_defined?(
|
|
29
|
-
::Devise
|
|
13
|
+
return self.class.pam_suffix if self.class.instance_variable_defined?('@pam_suffix')
|
|
14
|
+
::Devise.pam_default_suffix
|
|
30
15
|
end
|
|
31
16
|
|
|
32
|
-
def pam_on_filled_pw(
|
|
17
|
+
def pam_on_filled_pw(_attributes)
|
|
33
18
|
# use blank password as discriminator between traditional login and pam login?
|
|
34
19
|
# to disable login with pam return nil elsewise return a (different?) user object
|
|
35
20
|
# as default assume there is no conflict and return user object
|
|
@@ -37,68 +22,70 @@ module Devise
|
|
|
37
22
|
end
|
|
38
23
|
|
|
39
24
|
def pam_setup(attributes)
|
|
40
|
-
return unless ::Devise
|
|
41
|
-
self[::Devise
|
|
42
|
-
self[::Devise
|
|
43
|
-
self[::Devise
|
|
25
|
+
return unless ::Devise.emailfield && ::Devise.usernamefield
|
|
26
|
+
self[::Devise.emailfield] = Rpam2.getenv(get_service, get_pam_name, attributes[:password], 'email', false)
|
|
27
|
+
self[::Devise.emailfield] = attributes[::Devise.emailfield] if self[::Devise.emailfield].nil?
|
|
28
|
+
self[::Devise.emailfield] = "#{self[::Devise.usernamefield]}@#{get_suffix}" if self[::Devise.emailfield].nil? && get_suffix
|
|
44
29
|
end
|
|
45
30
|
|
|
46
31
|
def password_required?
|
|
47
|
-
|
|
32
|
+
false
|
|
48
33
|
end
|
|
49
34
|
|
|
50
35
|
def get_pam_name
|
|
51
|
-
return self[::Devise
|
|
52
|
-
suffix = get_suffix
|
|
53
|
-
return nil unless suffix && ::Devise
|
|
54
|
-
email = "#{self[::Devise
|
|
36
|
+
return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield]
|
|
37
|
+
suffix = get_suffix
|
|
38
|
+
return nil unless suffix && ::Devise.emailfield
|
|
39
|
+
email = "#{self[::Devise.emailfield]}\n"
|
|
55
40
|
pos = email.index("@#{suffix}\n")
|
|
56
41
|
return nil unless pos
|
|
57
42
|
email.slice(0, pos)
|
|
58
43
|
end
|
|
59
44
|
|
|
60
45
|
# Checks if a resource is valid upon authentication.
|
|
61
|
-
def valid_pam_authentication?(
|
|
62
|
-
|
|
46
|
+
def valid_pam_authentication?(pw)
|
|
47
|
+
return nil unless get_pam_name
|
|
48
|
+
Rpam2.auth(get_service, get_pam_name, pw)
|
|
63
49
|
end
|
|
64
50
|
|
|
65
51
|
module ClassMethods
|
|
66
52
|
Devise::Models.config(self, :pam_service, :pam_suffix)
|
|
67
53
|
|
|
68
|
-
def authenticate_with_pam(attributes={})
|
|
69
|
-
|
|
70
|
-
|
|
54
|
+
def authenticate_with_pam(attributes = {})
|
|
55
|
+
return nil unless attributes[:password]
|
|
56
|
+
if ::Devise.usernamefield && attributes[:username]
|
|
57
|
+
resource = find_by(::Devise.usernamefield => attributes[:username])
|
|
71
58
|
|
|
72
59
|
if resource.blank?
|
|
73
60
|
resource = new
|
|
74
|
-
resource[::Devise
|
|
61
|
+
resource[::Devise.usernamefield] = attributes[:username]
|
|
75
62
|
end
|
|
76
|
-
elsif ::Devise
|
|
77
|
-
return nil unless attributes[
|
|
78
|
-
resource =
|
|
63
|
+
elsif ::Devise.emailfield
|
|
64
|
+
return nil unless attributes[:email]
|
|
65
|
+
resource = find_by(::Devise.emailfield => attributes[:email])
|
|
79
66
|
|
|
80
|
-
if resource.blank?
|
|
67
|
+
if resource.blank?
|
|
81
68
|
resource = new
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
69
|
+
if ::Devise.check_at_sign && ::Devise.usernamefield && attributes[:email].index('@').nil?
|
|
70
|
+
# use email as username
|
|
71
|
+
resource[::Devise.usernamefield] = attributes[:email]
|
|
72
|
+
else
|
|
73
|
+
resource[::Devise.emailfield] = attributes[:email]
|
|
74
|
+
end
|
|
85
75
|
end
|
|
86
76
|
else
|
|
87
77
|
return nil
|
|
88
78
|
end
|
|
89
79
|
|
|
90
80
|
# potential conflict detected
|
|
91
|
-
resource = resource.pam_on_filled_pw(attributes)
|
|
81
|
+
resource = resource.pam_on_filled_pw(attributes) if resource.respond_to?('password') && resource.password.present?
|
|
92
82
|
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
end
|
|
98
|
-
return resource
|
|
99
|
-
else
|
|
100
|
-
return nil
|
|
83
|
+
return nil unless resource && resource.try(:valid_pam_authentication?, attributes[:password])
|
|
84
|
+
if resource.new_record?
|
|
85
|
+
resource.pam_setup(attributes)
|
|
86
|
+
resource.save!
|
|
101
87
|
end
|
|
88
|
+
resource
|
|
102
89
|
end
|
|
103
90
|
end
|
|
104
91
|
end
|
|
@@ -1,15 +1,18 @@
|
|
|
1
1
|
require 'devise/strategies/base'
|
|
2
2
|
|
|
3
|
+
|
|
3
4
|
class Devise::Strategies::PamAuthenticatable < Devise::Strategies::Authenticatable
|
|
5
|
+
def valid?
|
|
6
|
+
super && (::Devise.emailfield || ::Devise.usernamefield)
|
|
7
|
+
end
|
|
4
8
|
|
|
5
9
|
def authenticate!
|
|
6
|
-
if resource = mapping.to.authenticate_with_pam(params[scope])
|
|
10
|
+
if (resource = mapping.to.authenticate_with_pam(params[scope].clone))
|
|
7
11
|
success!(resource)
|
|
8
12
|
else
|
|
9
13
|
fail(:invalid)
|
|
10
14
|
end
|
|
11
15
|
end
|
|
12
|
-
|
|
13
16
|
end
|
|
14
17
|
|
|
15
18
|
Warden::Strategies.add(:pam_authenticatable, Devise::Strategies::PamAuthenticatable)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_pam_authenticatable2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Wilson
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2018-01-16 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: devise
|