pam_authenticable.rb 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. # frozen_string_literal: true
  2. module PamAuthenticable
  3. extend ActiveSupport::Concern
  4. included do
  5. devise :pam_authenticatable if ENV['PAM_ENABLED'] == 'true'
  6. def pam_conflict(_attributes)
  7. # Block pam login tries on traditional account
  8. end
  9. def pam_conflict?
  10. if Devise.pam_authentication
  11. encrypted_password.present? && pam_managed_user?
  12. else
  13. false
  14. end
  15. end
  16. def pam_get_name
  17. if account.present?
  18. account.username
  19. else
  20. super
  21. end
  22. end
  23. def pam_setup(_attributes)
  24. account = Account.new(username: pam_get_name)
  25. account.save!(validate: false)
  26. self.email = "#{account.username}@#{find_pam_suffix}" if email.nil? && find_pam_suffix
  27. self.confirmed_at = Time.now.utc
  28. self.admin = false
  29. self.account = account
  30. self.external = true
  31. account.destroy! unless save
  32. end
  33. def self.pam_get_user(attributes = {})
  34. return nil unless attributes[:email]
  35. resource = begin
  36. if Devise.check_at_sign && !attributes[:email].index('@')
  37. joins(:account).find_by(accounts: { username: attributes[:email] })
  38. else
  39. find_by(email: attributes[:email])
  40. end
  41. end
  42. if resource.nil?
  43. resource = new(email: attributes[:email], agreement: true)
  44. if Devise.check_at_sign && !resource[:email].index('@')
  45. resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
  46. resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]
  47. end
  48. end
  49. resource
  50. end
  51. def self.authenticate_with_pam(attributes = {})
  52. super if Devise.pam_authentication
  53. end
  54. end
  55. end