module Devise::Models::PamAuthenticatable

Public Instance Methods

find_pam_service() click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 7
def find_pam_service
  return self.class.pam_service if self.class.instance_variable_defined?('@pam_service')
  ::Devise.pam_default_service
end
find_pam_suffix() click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 12
def find_pam_suffix
  return self.class.pam_suffix if self.class.instance_variable_defined?('@pam_suffix')
  ::Devise.pam_default_suffix
end
pam_authentication(pw, request = nil) click to toggle source

Checks if a resource is valid upon authentication.

# File lib/devise_pam_authenticatable/model.rb, line 56
def pam_authentication(pw, request = nil)
  return nil unless pam_get_name
  rhost = request.remote_ip if request rescue nil
  Rpam2.auth(find_pam_service, pam_get_name, pw, nil, rhost)
end
pam_conflict(_attributes) click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 41
def pam_conflict(_attributes)
  # solve conflict between other and pam related user accounts
  # to disable login with pam return nil elsewise return a (different?) user object
  # as default assume the conflict ok and return user object unchanged
  self
end
pam_conflict?() click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 35
def pam_conflict?
  # detect a conflict
  # use blank password as discriminator between traditional login and pam login
  respond_to?('encrypted_password') && encrypted_password.present? && pam_managed_user?
end
pam_get_name() click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 17
def pam_get_name
  return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield]
  return nil unless ::Devise.emailfield && (suffix = find_pam_suffix)
  # Regex is vulnerable to DOS attacks, use newline instead
  email = "#{self[::Devise.emailfield]}\n"
  pos = email.index("@#{suffix}\n")
  # deceptive emailaddresses use newlines, so check this here
  # and return nil in case another newline is found.
  # warning: don't try to optimize with '' \n. Escapes doesn't work in ''
  return nil if !pos || email.count("\n") > 1
  email.slice(0, pos)
end
pam_managed_user?() click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 30
def pam_managed_user?
  return false unless pam_get_name
  Rpam2.account(find_pam_service, pam_get_name)
end
pam_setup(attributes) click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 48
def pam_setup(attributes)
  return unless ::Devise.emailfield && ::Devise.usernamefield
  self[::Devise.emailfield] = Rpam2.getenv(find_pam_service, pam_get_name, attributes[:password], 'email', false)
  self[::Devise.emailfield] = attributes[::Devise.emailfield] if self[::Devise.emailfield].nil?
  self[::Devise.emailfield] = "#{self[::Devise.usernamefield]}@#{find_pam_suffix}" if self[::Devise.emailfield].nil? && find_pam_suffix
end