module Devise::Models::PamAuthenticatable
Public Instance Methods
find_pam_service()
click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 7 def find_pam_service return self.class.pam_service if self.class.instance_variable_defined?('@pam_service') ::Devise.pam_default_service end
find_pam_suffix()
click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 12 def find_pam_suffix return self.class.pam_suffix if self.class.instance_variable_defined?('@pam_suffix') ::Devise.pam_default_suffix end
pam_authentication(pw, request = nil)
click to toggle source
Checks if a resource is valid upon authentication.
# File lib/devise_pam_authenticatable/model.rb, line 56 def pam_authentication(pw, request = nil) return nil unless pam_get_name rhost = request.remote_ip if request rescue nil Rpam2.auth(find_pam_service, pam_get_name, pw, nil, rhost) end
pam_conflict(_attributes)
click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 41 def pam_conflict(_attributes) # solve conflict between other and pam related user accounts # to disable login with pam return nil elsewise return a (different?) user object # as default assume the conflict ok and return user object unchanged self end
pam_conflict?()
click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 35 def pam_conflict? # detect a conflict # use blank password as discriminator between traditional login and pam login respond_to?('encrypted_password') && encrypted_password.present? && pam_managed_user? end
pam_get_name()
click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 17 def pam_get_name return self[::Devise.usernamefield] if ::Devise.usernamefield && self[::Devise.usernamefield] return nil unless ::Devise.emailfield && (suffix = find_pam_suffix) # Regex is vulnerable to DOS attacks, use newline instead email = "#{self[::Devise.emailfield]}\n" pos = email.index("@#{suffix}\n") # deceptive emailaddresses use newlines, so check this here # and return nil in case another newline is found. # warning: don't try to optimize with '' \n. Escapes doesn't work in '' return nil if !pos || email.count("\n") > 1 email.slice(0, pos) end
pam_managed_user?()
click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 30 def pam_managed_user? return false unless pam_get_name Rpam2.account(find_pam_service, pam_get_name) end
pam_setup(attributes)
click to toggle source
# File lib/devise_pam_authenticatable/model.rb, line 48 def pam_setup(attributes) return unless ::Devise.emailfield && ::Devise.usernamefield self[::Devise.emailfield] = Rpam2.getenv(find_pam_service, pam_get_name, attributes[:password], 'email', false) self[::Devise.emailfield] = attributes[::Devise.emailfield] if self[::Devise.emailfield].nil? self[::Devise.emailfield] = "#{self[::Devise.usernamefield]}@#{find_pam_suffix}" if self[::Devise.emailfield].nil? && find_pam_suffix end