diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2019-03-14 02:13:42 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-14 02:13:42 +0100 |
| commit | 9e33174604952490136a6f8cce2c9bd3ca03a26c (patch) | |
| tree | 251eb7e328924f4bedcbca7d60e834647500eb18 /app/models/concerns/pam_authenticable.rb | |
| parent | dfb9efae81d029d26a9ef09acd891254529a0f53 (diff) | |
Refactor User model, extract PamAuthenticable, LdapAuthenticable (#10217)
Diffstat (limited to 'app/models/concerns/pam_authenticable.rb')
| -rw-r--r-- | app/models/concerns/pam_authenticable.rb | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/app/models/concerns/pam_authenticable.rb b/app/models/concerns/pam_authenticable.rb new file mode 100644 index 000000000..2f651c1a3 --- /dev/null +++ b/app/models/concerns/pam_authenticable.rb @@ -0,0 +1,68 @@ +# frozen_string_literal: true + +module PamAuthenticable + extend ActiveSupport::Concern + + included do + devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true' + + def pam_conflict(_attributes) + # Block pam login tries on traditional account + end + + def pam_conflict? + if Devise.pam_authentication + encrypted_password.present? && pam_managed_user? + else + false + end + end + + def pam_get_name + if account.present? + account.username + else + super + end + end + + def pam_setup(_attributes) + account = Account.new(username: pam_get_name) + account.save!(validate: false) + + self.email = "#{account.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix + self.confirmed_at = Time.now.utc + self.admin = false + self.account = account + + account.destroy! unless save + end + + def self.pam_get_user(attributes = {}) + return nil unless attributes[:email] + + resource = begin + if Devise.check_at_sign && !attributes[:email].index('@') + joins(:account).find_by(accounts: { username: attributes[:email] }) + else + find_by(email: attributes[:email]) + end + end + + if resource.nil? + resource = new(email: attributes[:email], agreement: true) + + if Devise.check_at_sign && !resource[:email].index('@') + resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false) + resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email] + end + end + + resource + end + + def self.authenticate_with_pam(attributes = {}) + super if Devise.pam_authentication + end + end +end |