blob: f97f986a41fe08f2b9d9933fa491ea8c3e7c765d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# frozen_string_literal: true
module PamAuthenticable
extend ActiveSupport::Concern
included do
devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true'
def pam_conflict(_attributes)
# Block pam login tries on traditional account
end
def pam_conflict?
if Devise.pam_authentication
encrypted_password.present? && pam_managed_user?
else
false
end
end
def pam_get_name
if account.present?
account.username
else
super
end
end
def pam_setup(_attributes)
account = Account.new(username: pam_get_name)
account.save!(validate: false)
self.email = "#{account.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix
self.confirmed_at = Time.now.utc
self.admin = false
self.account = account
self.external = true
account.destroy! unless save
end
def self.pam_get_user(attributes = {})
return nil unless attributes[:email]
resource = if Devise.check_at_sign && !attributes[:email].index('@')
joins(:account).find_by(accounts: { username: attributes[:email] })
else
find_by(email: attributes[:email])
end
if resource.nil?
resource = new(email: attributes[:email], agreement: true)
if Devise.check_at_sign && !resource[:email].index('@')
resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]
end
end
resource
end
def self.authenticate_with_pam(attributes = {})
super if Devise.pam_authentication
end
end
end
|
