omniauth-pam 1.3.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ad17e332ef7ec8d88db799e55709bd4a37c0f066c7dbf009ff9fd89aa4f3055
-  data.tar.gz: f2b8dc59720e592fc6e60171bc61b28e4d506475fd26be7269c2730ee49f57ae
+  metadata.gz: 42f231c42e7642db6d111c52d4eafce71b8e68e973da9de38ac34ca1a9334cf5
+  data.tar.gz: ecaef201a88402649d3328dd15cfd9f4cc2415387f540802d9dcd5464eaff1c0
 SHA512:
-  metadata.gz: 5459da25741c89ec011f234cc4e634ccfffcf025ce94ee739eedcd86116a551e14810b7ddaa065ad55ef432c7fef8df9f5a85b31ccdac0c8895311dc9a123aa4
-  data.tar.gz: 911e2c60b64f08c52405b29991fcefc81555f2a0a9965b395ffe8ffa8dedd50d5b7e0ea9df446fe82ea583bb0e1304103939a274eb8c40f1fa4865bdcdc6ee57
+  metadata.gz: cb5789493f26df5653c0b6a60ac707919230ea5b3a430145f07c504e3624d97dc8e4970294f6a2ed678a61f414c4732e443d4a78daa3e4ff60e005dd27ca44f2
+  data.tar.gz: 05d8e2414f63dd6689c759e745a1dcb197964d91c9321c599feb23fda6392f92ea395110e375ae1c5c05642cd862a6058024a4d76d7b10515b189c6779e4495a

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # CHANGELOG
 
+## 2.0.0 (2018-07-13)
+
+* Switch to using `rpam2` ([9][])
+
+[9]: https://github.com/nickcharlton/omniauth-pam/pull/9
+
 ## 1.3.0 (2018-05-19)
 
 * Update the README.

data/lib/omniauth-pam/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module PAM
-    VERSION = "1.3.0".freeze
+    VERSION = "2.0.0".freeze
   end
 end

data/lib/omniauth/pam.rb

@@ -1,6 +1,5 @@
 require "omniauth"
-require "rpam"
-require "etc"
+require "rpam2"
 
 module OmniAuth
   module Strategies

data/lib/omniauth/strategies/pam.rb

@@ -6,16 +6,17 @@ module OmniAuth
       option :name, 'pam'
       option :fields, [:username]
       option :uid_field, :username
-
-      # this map is used to return gecos in info
-      option :gecos_map, [:name, :location, :phone, :home_phone, :description]
-      # option :email_domain - if defined, info.email is build using uid@email_domain if not found from gecos
-      # option :service - pam service name passed to rpam (/etc/pam.d/service_name), if not given rpam uses 'rpam'
+      # if provided, info.email is build using uid@email_domain
+      # this is used if :email is not found in pam environment
+      option :email_domain, nil
+      # pam service name passed to rpam2 (/etc/pam.d/service_name)
+      # if not provided rpam2 uses 'rpam'
+      option :service, nil
 
       def request_phase
         OmniAuth::Form.build(
-          :title => (options[:title] || "Authenticate"), 
-          :url => callback_path
+          title: (options[:title] || "Authenticate"),
+          url: callback_path,
         ) do |field|
           field.text_field 'Username', 'username'
           field.password_field 'Password', 'password'
@@ -23,13 +24,9 @@ module OmniAuth
       end
 
       def callback_phase
-        rpam_opts = Hash.new
-        rpam_opts[:service] = options[:service] unless options[:service].nil?
-
-        unless Rpam.auth(request['username'], request['password'], rpam_opts)
+        unless Rpam2.auth(options[:service], uid, request["password"])
           return fail!(:invalid_credentials)
         end
-
         super
       end
 
@@ -38,21 +35,17 @@ module OmniAuth
       end
 
       info do
-        info = { :nickname => uid, :name => uid }
-        info[:email] = "#{uid}@#{options[:email_domain]}" if options.has_key?(:email_domain)
-        info.merge!(parse_gecos || {})
-      end
-
-      private
-
-      def parse_gecos
-        if options[:gecos_map].kind_of?(Array)
-          begin
-            gecos = Etc.getpwnam(uid).gecos.split(',')
-            Hash[options[:gecos_map].zip(gecos)].delete_if { |k, v| v.nil? || v.empty? }
-          rescue
-          end
+        info = { nickname: uid, name: uid }
+        rpam_env = Rpam2.listenv(options[:service], uid, request["password"])
+        # if authentication fails fall back to empty dictionary
+        info.merge!(rpam_env || {})
+        # info should contain now email if email in pam environment
+        #   and authentication successful
+        # fallback if email is not in listenv
+        if info[:email].nil? && !options[:email_domain].nil?
+          info[:email] = "#{uid}@#{options[:email_domain]}"
         end
+        info
       end
     end
   end

data/omniauth-pam.gemspec

@@ -18,9 +18,8 @@ Gem::Specification.new do |s|
   s.test_files    = s.files.grep(/^(test|spec|features)/)
   s.require_paths = ["lib"]
 
-  s.add_runtime_dependency "omniauth", "~> 1.5"
-  s.add_runtime_dependency 'rpam-ruby19', '~> 1.2.1'
-  s.add_runtime_dependency 'etc'
+  s.add_runtime_dependency 'omniauth', '~> 1.5'
+  s.add_runtime_dependency 'rpam2', '~> 4.0'
 
   s.add_development_dependency "pry"
   s.add_development_dependency "rack-test"

data/spec/omniauth/strategies/pam_spec.rb

@@ -1,6 +1,20 @@
 require "spec_helper"
 
 describe OmniAuth::Strategies::PAM do
+  before(:all) do
+    Rpam2.fake_data =
+      {
+        usernames: Set["authur"],
+        servicenames: Set["rpam", nil],
+        password: "a_password",
+        env:
+          {
+            email: "me@example.com",
+            name: "Authur Dent",
+          },
+      }
+  end
+
   describe "#request_phase" do
     it "displays a form" do
       get "/auth/pam"
@@ -12,21 +26,17 @@ describe OmniAuth::Strategies::PAM do
   describe "#callback_phase" do
     context "with valid credentials" do
       it "populates the auth hash" do
-        mock_rpam(valid_credentials.merge(opts: {})).and_return(true)
-        mock_etc
 
         post "/auth/pam/callback", valid_credentials
 
         expect(auth_hash["provider"]).to eq("pam")
         expect(auth_hash["uid"]).to eq("authur")
         expect(auth_hash["info"]["name"]).to eq("Authur Dent")
-        expect_rpam_to_be_called(valid_credentials.merge(opts: {}))
       end
     end
 
     context "with invalid credentials" do
       it "redirects to /auth/failure" do
-        mock_rpam(invalid_credentials.merge(opts: {}))
 
         post "/auth/pam/callback", invalid_credentials
 
@@ -34,7 +44,6 @@ describe OmniAuth::Strategies::PAM do
         expect(last_response.headers["Location"]).to eq(
           "/auth/failure?message=invalid_credentials&strategy=pam",
         )
-        expect_rpam_to_be_called(invalid_credentials.merge(opts: {}))
       end
     end
   end
@@ -62,18 +71,4 @@ describe OmniAuth::Strategies::PAM do
     { username: "not_a_valid_user", password: "not_a_valid_password" }
   end
 
-  def mock_rpam(username:, password:, opts:)
-    allow(Rpam).to receive(:auth).with(username, password, opts)
-  end
-
-  def expect_rpam_to_be_called(username:, password:, opts: {})
-    expect(Rpam).to have_received(:auth).with(username, password, opts)
-  end
-
-  def mock_etc
-    etc_struct = Etc::Passwd.new
-    etc_struct.gecos = "Authur Dent,,"
-
-    expect(Etc).to receive(:getpwnam).with("authur").and_return(etc_struct)
-  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-pam
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Nick Charlton
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-19 00:00:00.000000000 Z
+date: 2018-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -25,33 +25,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.5'
 - !ruby/object:Gem::Dependency
-  name: rpam-ruby19
+  name: rpam2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.2.1
-- !ruby/object:Gem::Dependency
-  name: etc
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement