pam authentication (#5303)
* add pam support, without extra column * bugfixes for pam login * document options * fix code style * fix codestyle * fix tests * don't call remember_me without password * fix codestyle * improve checks for pam usage (should fix tests) * fix remember_me part 1 * add remember_token column because :rememberable requires either a password or this column. * migrate db for remember_token * move pam_authentication to the right place, fix logic bug in edit.html.haml * fix tests * fix pam authentication, improve username lookup, add comment * valid? is sometimes not honored, return nil instead trying to authenticate with pam * update devise_pam_authenticatable2 and adjust code. Fixes sideeffects observed in tests * update devise_pam_authenticatable gem, fixes for codeconventions, fix finding user * codeconvention fixes * code convention fixes * fix idention * update dependency, explicit conflict check * fix disabled password updates if in pam mode * fix check password if password is present, fix templates * block registration if account is maintained by pam * Revert "block registration if account is maintained by pam" This reverts commit 8e7a083d650240b6fac414926744b4b90b435f20. * fix identation error introduced by rebase * block usernames maintained by pam * document pam settings better * fix code style
This commit is contained in:
Alexander
Eugen Rochko
parent
1afc70c990
commit
04fef7b888
15 changed files with 164 additions and 17 deletions
|
|
@ -30,6 +30,19 @@ Warden::Manager.before_logout do |_, warden|
|
|||
warden.cookies.delete('_session_id')
|
||||
end
|
||||
|
||||
module Devise
|
||||
mattr_accessor :pam_authentication
|
||||
@@pam_authentication = false
|
||||
mattr_accessor :pam_controlled_service
|
||||
@@pam_controlled_service = nil
|
||||
|
||||
class Strategies::PamAuthenticatable
|
||||
def valid?
|
||||
super && ::Devise.pam_authentication
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Devise.setup do |config|
|
||||
config.warden do |manager|
|
||||
manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
|
||||
|
|
@ -96,7 +109,7 @@ Devise.setup do |config|
|
|||
# given strategies, for example, `config.http_authenticatable = [:database]` will
|
||||
# enable it only for database authentication. The supported strategies are:
|
||||
# :database = Support basic authentication with authentication key + password
|
||||
config.http_authenticatable = [:database]
|
||||
config.http_authenticatable = [:pam, :database]
|
||||
|
||||
# If 401 status code should be returned for AJAX requests. True by default.
|
||||
# config.http_authenticatable_on_xhr = true
|
||||
|
|
@ -301,4 +314,23 @@ Devise.setup do |config|
|
|||
# When using OmniAuth, Devise cannot automatically set OmniAuth path,
|
||||
# so you need to do it manually. For the users scope, it would be:
|
||||
# config.omniauth_path_prefix = '/my_engine/users/auth'
|
||||
|
||||
# PAM: only look for email field
|
||||
config.usernamefield = nil
|
||||
config.emailfield = "email"
|
||||
|
||||
# authentication with pam possible
|
||||
# if not enabled, all pam settings are ignored
|
||||
#config.pam_authentication = true
|
||||
# check if email is actually a username
|
||||
config.check_at_sign = true
|
||||
# suffix for email address generation (warning: without pam must provide email in the pam environment)
|
||||
config.pam_default_suffix = "pam"
|
||||
# name of the pam service
|
||||
# pam "auth" section is evaluated
|
||||
config.pam_default_service = "rpam"
|
||||
# name of the pam service used for checking if an user can register
|
||||
# pam "account" section is evaluated
|
||||
# nil for allowing registration of pam names (not recommended)
|
||||
config.pam_controlled_service = "rpam"
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue