From 04fef7b8886bb78f3473e143894a521ca578f1db Mon Sep 17 00:00:00 2001 From: Alexander Date: Fri, 2 Feb 2018 10:18:55 +0100 Subject: pam authentication (#5303) * add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style --- app/validators/unreserved_username_validator.rb | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'app/validators/unreserved_username_validator.rb') diff --git a/app/validators/unreserved_username_validator.rb b/app/validators/unreserved_username_validator.rb index 44ea4359b..c2311a89a 100644 --- a/app/validators/unreserved_username_validator.rb +++ b/app/validators/unreserved_username_validator.rb @@ -8,7 +8,13 @@ class UnreservedUsernameValidator < ActiveModel::Validator private + def pam_controlled?(value) + return false unless Devise.pam_authentication && Devise.pam_controlled_service + Rpam2.account(Devise.pam_controlled_service, value).present? + end + def reserved_username?(value) + return true if pam_controlled?(value) return false unless Setting.reserved_usernames Setting.reserved_usernames.include?(value.downcase) end -- cgit