devise_pam_authenticatable2 3.0.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/VERSION +1 -1
- data/devise_pam_authenticatable2.gemspec +3 -3
- data/lib/devise_pam_authenticatable.rb +6 -4
- data/lib/devise_pam_authenticatable/model.rb +38 -51
- data/lib/devise_pam_authenticatable/strategy.rb +5 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4f9628d3cf2664bae5f639899ba105b4c7bbcfb2
|
|
4
|
+
data.tar.gz: b7be5e5d0e46c978b11952d5b760a13779c53493
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2c3ba8094e16ece90da12a97d38ff4ea0b867fceb42a81293accdfe0c0fe20a1a1773ad4892e44ae75c445e068d5cdb9519f5b742a9ebe1536c4d0b784a91e36
|
|
7
|
+
data.tar.gz: 53bfd564175eb464ebadfc3e89baeabcf0e3a56eb4e38504df28faa73d82fbd2326f45c6ab7e149d742e4d600d0b13aee1a95cf5e196e6b20dcf45ed8bf628bc
|
data/README.md
CHANGED
|
@@ -51,6 +51,7 @@ Options:
|
|
|
51
51
|
* config.pam_default_suffix = "pam" # username@pam = username
|
|
52
52
|
* config.emailfield = "email" # set emailfield, set to nil if not available
|
|
53
53
|
* config.usernamefield = "username" # set to nil to disable username (only email extraction)
|
|
54
|
+
* config.check_at_sign = false # detect if email field contains username by @ sign (make sure names cannot contain @ signs)
|
|
54
55
|
|
|
55
56
|
References
|
|
56
57
|
----------
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
4.0.0
|
|
@@ -2,16 +2,16 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: devise_pam_authenticatable2
|
|
5
|
+
# stub: devise_pam_authenticatable2 4.0.0 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
8
|
s.name = "devise_pam_authenticatable2".freeze
|
|
9
|
-
s.version = "
|
|
9
|
+
s.version = "4.0.0"
|
|
10
10
|
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
|
12
12
|
s.require_paths = ["lib".freeze]
|
|
13
13
|
s.authors = ["James Wilson".freeze, "Alexander Kaftan".freeze]
|
|
14
|
-
s.date = "
|
|
14
|
+
s.date = "2018-01-16"
|
|
15
15
|
s.description = "For authenticating against PAM (Pluggable Authentication Modules)".freeze
|
|
16
16
|
s.email = "devkral@web.de".freeze
|
|
17
17
|
s.extra_rdoc_files = [
|
|
@@ -5,16 +5,18 @@ require 'devise_pam_authenticatable/model'
|
|
|
5
5
|
require 'devise_pam_authenticatable/strategy'
|
|
6
6
|
module Devise
|
|
7
7
|
mattr_accessor :pam_default_service
|
|
8
|
-
@@pam_default_service =
|
|
8
|
+
@@pam_default_service = 'rpam'
|
|
9
9
|
mattr_accessor :pam_default_suffix
|
|
10
10
|
@@pam_default_suffix = nil
|
|
11
11
|
mattr_accessor :emailfield
|
|
12
|
-
@@emailfield =
|
|
12
|
+
@@emailfield = 'email'
|
|
13
13
|
mattr_accessor :usernamefield
|
|
14
|
-
@@usernamefield =
|
|
14
|
+
@@usernamefield = 'username'
|
|
15
|
+
mattr_accessor :check_at_sign
|
|
16
|
+
@@check_at_sign = false
|
|
15
17
|
end
|
|
16
18
|
Devise.add_module(:pam_authenticatable,
|
|
17
19
|
:route => :session,
|
|
18
20
|
:strategy => true,
|
|
19
21
|
:controller => :sessions,
|
|
20
|
-
:model =>
|
|
22
|
+
:model => 'devise_pam_authenticatable/model')
|
|
@@ -3,33 +3,18 @@ require 'devise_pam_authenticatable/strategy'
|
|
|
3
3
|
module Devise
|
|
4
4
|
module Models
|
|
5
5
|
module PamAuthenticatable
|
|
6
|
-
def self.included(base)
|
|
7
|
-
base.class_eval do
|
|
8
|
-
extend ClassMethods
|
|
9
|
-
attr_accessor :password
|
|
10
|
-
end
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def self.required_fields(klass)
|
|
14
|
-
[]
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
# Set password to nil
|
|
18
|
-
def clean_up_passwords
|
|
19
|
-
self.password = nil
|
|
20
|
-
end
|
|
21
6
|
|
|
22
7
|
def get_service
|
|
23
|
-
return self.class.pam_service if self.class.instance_variable_defined?(
|
|
24
|
-
::Devise
|
|
8
|
+
return self.class.pam_service if self.class.instance_variable_defined?('@pam_service')
|
|
9
|
+
::Devise.pam_default_service
|
|
25
10
|
end
|
|
26
11
|
|
|
27
12
|
def get_suffix
|
|
28
|
-
return self.class.pam_suffix if self.class.instance_variable_defined?(
|
|
29
|
-
::Devise
|
|
13
|
+
return self.class.pam_suffix if self.class.instance_variable_defined?('@pam_suffix')
|
|
14
|
+
::Devise.pam_default_suffix
|
|
30
15
|
end
|
|
31
16
|
|
|
32
|
-
def pam_on_filled_pw(
|
|
17
|
+
def pam_on_filled_pw(_attributes)
|
|
33
18
|
# use blank password as discriminator between traditional login and pam login?
|
|
34
19
|
# to disable login with pam return nil elsewise return a (different?) user object
|
|
35
20
|
# as default assume there is no conflict and return user object
|
|
@@ -37,68 +22,70 @@ module Devise
|
|
|
37
22
|
end
|
|
38
23
|
|
|
39
24
|
def pam_setup(attributes)
|
|
40
|
-
return unless ::Devise
|
|
41
|
-
self[::Devise
|
|
42
|
-
self[::Devise
|
|
43
|
-
self[::Devise
|
|
25
|
+
return unless ::Devise.emailfield && ::Devise.usernamefield
|
|
26
|
+
self[::Devise.emailfield] = Rpam2.getenv(get_service, get_pam_name, attributes[:password], 'email', false)
|
|
27
|
+
self[::Devise.emailfield] = attributes[::Devise.emailfield] if self[::Devise.emailfield].nil?
|
|
28
|
+
self[::Devise.emailfield] = "#{self[::Devise.usernamefield]}@#{get_suffix}" if self[::Devise.emailfield].nil? && get_suffix
|
|
44
29
|
end
|
|
45
30
|
|
|
46
31
|
def password_required?
|
|
47
|
-
|
|
32
|
+
false
|
|
48
33
|
end
|
|
49
34
|
|
|
50
35
|
def get_pam_name
|
|
51
|
-
return self[::Devise
|
|
52
|
-
suffix = get_suffix
|
|
53
|
-
return nil unless suffix && ::Devise
|
|
54
|
-
email = "#{self[::Devise
|
|
36
|
+
return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield]
|
|
37
|
+
suffix = get_suffix
|
|
38
|
+
return nil unless suffix && ::Devise.emailfield
|
|
39
|
+
email = "#{self[::Devise.emailfield]}\n"
|
|
55
40
|
pos = email.index("@#{suffix}\n")
|
|
56
41
|
return nil unless pos
|
|
57
42
|
email.slice(0, pos)
|
|
58
43
|
end
|
|
59
44
|
|
|
60
45
|
# Checks if a resource is valid upon authentication.
|
|
61
|
-
def valid_pam_authentication?(
|
|
62
|
-
|
|
46
|
+
def valid_pam_authentication?(pw)
|
|
47
|
+
return nil unless get_pam_name
|
|
48
|
+
Rpam2.auth(get_service, get_pam_name, pw)
|
|
63
49
|
end
|
|
64
50
|
|
|
65
51
|
module ClassMethods
|
|
66
52
|
Devise::Models.config(self, :pam_service, :pam_suffix)
|
|
67
53
|
|
|
68
|
-
def authenticate_with_pam(attributes={})
|
|
69
|
-
|
|
70
|
-
|
|
54
|
+
def authenticate_with_pam(attributes = {})
|
|
55
|
+
return nil unless attributes[:password]
|
|
56
|
+
if ::Devise.usernamefield && attributes[:username]
|
|
57
|
+
resource = find_by(::Devise.usernamefield => attributes[:username])
|
|
71
58
|
|
|
72
59
|
if resource.blank?
|
|
73
60
|
resource = new
|
|
74
|
-
resource[::Devise
|
|
61
|
+
resource[::Devise.usernamefield] = attributes[:username]
|
|
75
62
|
end
|
|
76
|
-
elsif ::Devise
|
|
77
|
-
return nil unless attributes[
|
|
78
|
-
resource =
|
|
63
|
+
elsif ::Devise.emailfield
|
|
64
|
+
return nil unless attributes[:email]
|
|
65
|
+
resource = find_by(::Devise.emailfield => attributes[:email])
|
|
79
66
|
|
|
80
|
-
if resource.blank?
|
|
67
|
+
if resource.blank?
|
|
81
68
|
resource = new
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
69
|
+
if ::Devise.check_at_sign && ::Devise.usernamefield && attributes[:email].index('@').nil?
|
|
70
|
+
# use email as username
|
|
71
|
+
resource[::Devise.usernamefield] = attributes[:email]
|
|
72
|
+
else
|
|
73
|
+
resource[::Devise.emailfield] = attributes[:email]
|
|
74
|
+
end
|
|
85
75
|
end
|
|
86
76
|
else
|
|
87
77
|
return nil
|
|
88
78
|
end
|
|
89
79
|
|
|
90
80
|
# potential conflict detected
|
|
91
|
-
resource = resource.pam_on_filled_pw(attributes)
|
|
81
|
+
resource = resource.pam_on_filled_pw(attributes) if resource.respond_to?('password') && resource.password.present?
|
|
92
82
|
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
end
|
|
98
|
-
return resource
|
|
99
|
-
else
|
|
100
|
-
return nil
|
|
83
|
+
return nil unless resource && resource.try(:valid_pam_authentication?, attributes[:password])
|
|
84
|
+
if resource.new_record?
|
|
85
|
+
resource.pam_setup(attributes)
|
|
86
|
+
resource.save!
|
|
101
87
|
end
|
|
88
|
+
resource
|
|
102
89
|
end
|
|
103
90
|
end
|
|
104
91
|
end
|
|
@@ -1,15 +1,18 @@
|
|
|
1
1
|
require 'devise/strategies/base'
|
|
2
2
|
|
|
3
|
+
|
|
3
4
|
class Devise::Strategies::PamAuthenticatable < Devise::Strategies::Authenticatable
|
|
5
|
+
def valid?
|
|
6
|
+
super && (::Devise.emailfield || ::Devise.usernamefield)
|
|
7
|
+
end
|
|
4
8
|
|
|
5
9
|
def authenticate!
|
|
6
|
-
if resource = mapping.to.authenticate_with_pam(params[scope])
|
|
10
|
+
if (resource = mapping.to.authenticate_with_pam(params[scope].clone))
|
|
7
11
|
success!(resource)
|
|
8
12
|
else
|
|
9
13
|
fail(:invalid)
|
|
10
14
|
end
|
|
11
15
|
end
|
|
12
|
-
|
|
13
16
|
end
|
|
14
17
|
|
|
15
18
|
Warden::Strategies.add(:pam_authenticatable, Devise::Strategies::PamAuthenticatable)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_pam_authenticatable2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James Wilson
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2018-01-16 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: devise
|