@ -52,6 +52,8 @@ class User < ApplicationRecord
devise :registerable , :recoverable , :rememberable , :trackable , :validatable ,
devise :registerable , :recoverable , :rememberable , :trackable , :validatable ,
:confirmable
:confirmable
devise :pam_authenticatable if ENV [ 'PAM_ENABLED' ] == 'true'
devise :omniauthable
devise :omniauthable
belongs_to :account , inverse_of : :user
belongs_to :account , inverse_of : :user
@ -96,7 +98,7 @@ class User < ApplicationRecord
def pam_conflict?
def pam_conflict?
return false unless Devise . pam_authentication
return false unless Devise . pam_authentication
encrypted_password . present? && is_pam_account ?
encrypted_password . present? && pam_managed_user ?
end
end
def pam_get_name
def pam_get_name
@ -267,22 +269,22 @@ class User < ApplicationRecord
end
end
def self . pam_get_user ( attributes = { } )
def self . pam_get_user ( attributes = { } )
if attributes [ :email ]
return nil unless attributes [ :email ]
resource =
resource =
if Devise . check_at_sign && ! attributes [ :email ] . index ( '@' )
if Devise . check_at_sign && ! attributes [ :email ] . index ( '@' )
joins ( :account ) . find_by ( accounts : { username : attributes [ :email ] } )
joins ( :account ) . find_by ( accounts : { username : attributes [ :email ] } )
else
else
find_by ( email : attributes [ :email ] )
find_by ( email : attributes [ :email ] )
end
end
if resource . blank?
if resource . blank?
resource = new ( email : attributes [ :email ] )
resource = new ( email : attributes [ :email ] )
if Devise . check_at_sign && ! resource [ :email ] . index ( '@' )
if Devise . check_at_sign && ! resource [ :email ] . index ( '@' )
resource [ :email ] = " #{ attributes [ :email ] } @ #{ resource . find_pam_suffix } "
resource [ :email ] = Rpam2 . getenv ( resource . find_pam_service , attributes [ :email ] , attributes [ :password ] , 'email' , false )
end
resource [ :email ] = " #{ attributes [ :email ] } @ #{ resource . find_pam_suffix } " unless resource [ :email ]
end
end
resource
end
end
resource
end
end
def self . ldap_get_user ( attributes = { } )
def self . ldap_get_user ( attributes = { } )