|
|
@ -30,6 +30,19 @@ Warden::Manager.before_logout do |_, warden|
|
|
|
|
warden.cookies.delete('_session_id')
|
|
|
|
warden.cookies.delete('_session_id')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
module Devise
|
|
|
|
|
|
|
|
mattr_accessor :pam_authentication
|
|
|
|
|
|
|
|
@@pam_authentication = false
|
|
|
|
|
|
|
|
mattr_accessor :pam_controlled_service
|
|
|
|
|
|
|
|
@@pam_controlled_service = nil
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class Strategies::PamAuthenticatable
|
|
|
|
|
|
|
|
def valid?
|
|
|
|
|
|
|
|
super && ::Devise.pam_authentication
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
Devise.setup do |config|
|
|
|
|
Devise.setup do |config|
|
|
|
|
config.warden do |manager|
|
|
|
|
config.warden do |manager|
|
|
|
|
manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
|
|
|
|
manager.default_strategies(scope: :user).unshift :two_factor_authenticatable
|
|
|
@ -96,7 +109,7 @@ Devise.setup do |config|
|
|
|
|
# given strategies, for example, `config.http_authenticatable = [:database]` will
|
|
|
|
# given strategies, for example, `config.http_authenticatable = [:database]` will
|
|
|
|
# enable it only for database authentication. The supported strategies are:
|
|
|
|
# enable it only for database authentication. The supported strategies are:
|
|
|
|
# :database = Support basic authentication with authentication key + password
|
|
|
|
# :database = Support basic authentication with authentication key + password
|
|
|
|
config.http_authenticatable = [:database]
|
|
|
|
config.http_authenticatable = [:pam, :database]
|
|
|
|
|
|
|
|
|
|
|
|
# If 401 status code should be returned for AJAX requests. True by default.
|
|
|
|
# If 401 status code should be returned for AJAX requests. True by default.
|
|
|
|
# config.http_authenticatable_on_xhr = true
|
|
|
|
# config.http_authenticatable_on_xhr = true
|
|
|
@ -301,4 +314,23 @@ Devise.setup do |config|
|
|
|
|
# When using OmniAuth, Devise cannot automatically set OmniAuth path,
|
|
|
|
# When using OmniAuth, Devise cannot automatically set OmniAuth path,
|
|
|
|
# so you need to do it manually. For the users scope, it would be:
|
|
|
|
# so you need to do it manually. For the users scope, it would be:
|
|
|
|
# config.omniauth_path_prefix = '/my_engine/users/auth'
|
|
|
|
# config.omniauth_path_prefix = '/my_engine/users/auth'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# PAM: only look for email field
|
|
|
|
|
|
|
|
config.usernamefield = nil
|
|
|
|
|
|
|
|
config.emailfield = "email"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# authentication with pam possible
|
|
|
|
|
|
|
|
# if not enabled, all pam settings are ignored
|
|
|
|
|
|
|
|
#config.pam_authentication = true
|
|
|
|
|
|
|
|
# check if email is actually a username
|
|
|
|
|
|
|
|
config.check_at_sign = true
|
|
|
|
|
|
|
|
# suffix for email address generation (warning: without pam must provide email in the pam environment)
|
|
|
|
|
|
|
|
config.pam_default_suffix = "pam"
|
|
|
|
|
|
|
|
# name of the pam service
|
|
|
|
|
|
|
|
# pam "auth" section is evaluated
|
|
|
|
|
|
|
|
config.pam_default_service = "rpam"
|
|
|
|
|
|
|
|
# name of the pam service used for checking if an user can register
|
|
|
|
|
|
|
|
# pam "account" section is evaluated
|
|
|
|
|
|
|
|
# nil for allowing registration of pam names (not recommended)
|
|
|
|
|
|
|
|
config.pam_controlled_service = "rpam"
|
|
|
|
end
|
|
|
|
end
|
|
|
|