You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

68 lines
1.7 KiB

  1. # frozen_string_literal: true
  2. module PamAuthenticable
  3. extend ActiveSupport::Concern
  4. included do
  5. devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true'
  6. def pam_conflict(_attributes)
  7. # Block pam login tries on traditional account
  8. end
  9. def pam_conflict?
  10. if Devise.pam_authentication
  11. encrypted_password.present? && pam_managed_user?
  12. else
  13. false
  14. end
  15. end
  16. def pam_get_name
  17. if account.present?
  18. account.username
  19. else
  20. super
  21. end
  22. end
  23. def pam_setup(_attributes)
  24. account = Account.new(username: pam_get_name)
  25. account.save!(validate: false)
  26. self.email = "#{account.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix
  27. self.confirmed_at = Time.now.utc
  28. self.admin = false
  29. self.account = account
  30. account.destroy! unless save
  31. end
  32. def self.pam_get_user(attributes = {})
  33. return nil unless attributes[:email]
  34. resource = begin
  35. if Devise.check_at_sign && !attributes[:email].index('@')
  36. joins(:account).find_by(accounts: { username: attributes[:email] })
  37. else
  38. find_by(email: attributes[:email])
  39. end
  40. end
  41. if resource.nil?
  42. resource = new(email: attributes[:email], agreement: true)
  43. if Devise.check_at_sign && !resource[:email].index('@')
  44. resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
  45. resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]
  46. end
  47. end
  48. resource
  49. end
  50. def self.authenticate_with_pam(attributes = {})
  51. super if Devise.pam_authentication
  52. end
  53. end
  54. end