anideo-authlogic-connect 0.0.6

data/lib/authlogic_connect/callback_filter.rb

@@ -0,0 +1,19 @@
+class AuthlogicConnect::CallbackFilter
+  def initialize(app)
+    @app = app
+  end
+  
+  # this intercepts how the browser interprets the url.
+  # so we override it and say,
+  # "if we've stored a variable in the session called :auth_callback_method,
+  # then convert that into a POST call so we re-call the original method"
+  def call(env)
+    if env["rack.session"].nil?
+      raise "Make sure you are setting the session in Rack too!  Place this in config/application.rb"
+    end
+    unless env["rack.session"][:auth_callback_method].blank?
+      env["REQUEST_METHOD"] = env["rack.session"].delete(:auth_callback_method).to_s.upcase
+    end
+    @app.call(env)
+  end
+end

data/lib/authlogic_connect/common.rb

@@ -0,0 +1,10 @@
+module AuthlogicConnect::Common
+end
+
+require File.dirname(__FILE__) + "/common/state"
+require File.dirname(__FILE__) + "/common/variables"
+require File.dirname(__FILE__) + "/common/user"
+require File.dirname(__FILE__) + "/common/session"
+
+ActiveRecord::Base.send(:include, AuthlogicConnect::Common::User)
+Authlogic::Session::Base.send(:include, AuthlogicConnect::Common::Session)

data/lib/authlogic_connect/common/session.rb

@@ -0,0 +1,30 @@
+module AuthlogicConnect::Common
+  module Session
+    
+    def self.included(base)    
+      base.class_eval do
+        include Variables
+        include InstanceMethods
+      end
+    end
+    
+    module InstanceMethods
+      
+      # core save method coordinating how to save the session.
+      # want to destroy the block if we redirect to a remote service, that's it.
+      # otherwise the block contains the render methods we wan to use
+      def save(&block)
+        self.errors.clear
+        # log_state
+        authenticate_via_protocol(block_given?) do |redirecting|
+          block = nil if redirecting
+          result = super(&block)
+          cleanup_authentication_session unless block.nil?
+          result
+        end
+      end
+      
+    end
+    
+  end
+end

data/lib/authlogic_connect/common/state.rb

@@ -0,0 +1,45 @@
+# This class holds query/state variables common to oauth and openid
+module AuthlogicConnect::Common::State
+  
+  def auth_controller?
+    !auth_controller.blank?
+  end
+
+  def auth_params?
+    auth_controller? && !auth_params.blank?
+  end
+  
+  def auth_session?
+    !auth_session.blank?
+  end
+  
+  def is_auth_session?
+    self.is_a?(Authlogic::Session::Base)
+  end
+  
+  def start_authentication?
+    start_oauth? || start_openid?
+  end
+  
+  def validate_password_with_oauth?
+    !using_openid? && super
+  end
+  
+  def validate_password_with_openid?
+    !using_oauth? && super
+  end
+  
+  # because user and session are so closely tied together, I am still
+  # uncertain as to how they are saved.  So this makes sure if we are
+  # logging in, it must be saving the session, otherwise the user.
+  def correct_request_class?
+    return false unless auth_params?
+    
+    if is_auth_session?
+      auth_type.to_s == "session"
+    else
+      auth_type.to_s == "user"
+    end
+  end
+  
+end

data/lib/authlogic_connect/common/user.rb

@@ -0,0 +1,77 @@
+# This class is the main api for the user.
+# It is also required to properly sequence the save methods
+# for the different authentication types (oauth and openid)
+module AuthlogicConnect::Common::User
+    
+  def self.included(base)
+    base.class_eval do
+      add_acts_as_authentic_module(InstanceMethods, :append)
+      add_acts_as_authentic_module(AuthlogicConnect::Common::Variables, :prepend)
+    end
+  end
+  
+  module InstanceMethods
+    
+    def self.included(base)
+      base.class_eval do
+        has_many :access_tokens, :class_name => "AccessToken", :dependent => :destroy
+        belongs_to :active_token, :class_name => "AccessToken", :dependent => :destroy
+        accepts_nested_attributes_for :access_tokens, :active_token
+      end
+    end
+    
+    def authenticated_with
+      @authenticated_with ||= self.access_tokens.collect{|t| t.service_name.to_s}
+    end
+    
+    def authenticated_with?(service)
+      self.access_tokens.detect{|t| t.service_name.to_s == service.to_s}
+    end
+    
+    def update_attributes(attributes, &block)
+      self.attributes = attributes
+      save(:validate => true, &block)
+    end
+    
+    def has_token?(service_name)
+      !get_token(service_name).nil?
+    end
+    
+    def get_token(service_name)
+      self.access_tokens.detect {|i| i.service_name.to_s == service_name.to_s}
+    end
+    
+    # core save method coordinating how to save the user.
+    # we dont' want to ru validations based on the 
+    # authentication mission we are trying to accomplish.
+    # instead, we just return save as false.
+    # the next time around, when we recieve the callback,
+    # we will run the validations.
+    # when you call 'current_user_session' in ApplicationController,
+    # it leads to calling 'save' on this User object via "session.record.save",
+    # from the 'persisting?' method.  So we don't want any of this to occur
+    # when that save is called, and the only way to check currently is
+    # to check if there is a block_given?
+    def save(options = {}, &block)
+      self.errors.clear
+      # log_state
+      options = {} if options == false
+      options[:validate] = true unless options.has_key?(:validate)
+      save_options = ActiveRecord::VERSION::MAJOR < 3 ? options[:validate] : options
+      
+      # kill the block if we're starting authentication
+      authenticate_via_protocol(block_given?, options) do |start_authentication|
+        block = nil if start_authentication # redirecting
+        # forces you to validate, only if a block is given
+        result = super(save_options) # validate!
+        unless block.nil?
+          cleanup_authentication_session(options)
+          yield(result)
+        end
+        result
+      end
+    end
+    
+  end
+  
+end

data/lib/authlogic_connect/common/variables.rb

@@ -0,0 +1,124 @@
+module AuthlogicConnect::Common::Variables
+  include AuthlogicConnect::Common::State
+
+  attr_reader :processing_authentication
+  
+  def auth_class
+    is_auth_session? ? self.class : session_class
+  end
+  
+  def auth_controller
+    is_auth_session? ? controller : session_class.controller
+  end
+  
+  def auth_params
+    return nil unless auth_controller?
+    auth_controller.params.symbolize_keys!
+    auth_controller.params.keys.each do |key|
+      auth_controller.params[key.to_s] = auth_controller.params.delete(key) if key.to_s =~ /^OpenID/
+    end
+    auth_controller.params
+  end
+  
+  def auth_session
+    return nil unless auth_controller?
+    auth_controller.session.symbolize_keys!
+    auth_controller.session.keys.each do |key|
+      auth_controller.session[key.to_s] = auth_controller.session.delete(key) if key.to_s =~ /^OpenID/
+    end
+    auth_controller.session
+  end
+  
+  def auth_callback_url(options = {})
+    auth_controller.url_for({:controller => auth_controller.controller_name, :action => auth_controller.action_name}.merge(options))
+  end
+  
+  # if we've said it's a "user" (registration), or a "session" (login)
+  def auth_type
+    from_session_or_params(:authentication_type)
+  end
+  
+  # auth_params and auth_session attributes are all String!
+  def from_session_or_params(attribute)
+    return nil unless auth_controller?
+    key = attribute.is_a?(Symbol) ? attribute : attribute.to_sym
+    result = auth_params[key] if (auth_params && auth_params[key])
+    result = auth_session[key] if (result.nil? || result.blank?)
+    result
+  end
+  
+  def add_session_key(key, value)
+    
+  end
+  
+  def remove_session_key(key)
+    keys = key.is_a?(Symbol) ? [key, key.to_s] : [key, key.to_sym]
+    keys.each {|k| auth_session.delete(k)}
+  end
+    
+  # wraps the call to "save" (in yield).
+  # reason being, we need to somehow not allow oauth/openid validations to run
+  # when we don't have a block.  We can't know that using class methods, so we create
+  # this property "processing_authentication", which is used in the validation method.
+  # it's value is set to "block_given", which is the value of block_given?
+  def authenticate_via_protocol(block_given = false, options = {}, &block)
+    @processing_authentication = auth_controller? && block_given
+    saved = yield start_authentication?
+    @processing_authentication = false
+    saved
+  end
+  
+  # returns boolean
+  def authentication_protocol(with, phase)
+    returning(send("#{phase.to_s}_#{with.to_s}?")) do |ready|
+      send("#{phase.to_s}_#{with.to_s}") if ready
+    end if send("using_#{with.to_s}?")
+  end
+  
+  # it only reaches this point once it has returned, or you
+  # have manually skipped the redirect and save was called directly.
+  def cleanup_authentication_session(options = {}, &block)
+    unless (options.has_key?(:keep_session) && options[:keep_session])
+      %w(oauth openid).each do |type|
+        send("cleanup_#{type.to_s}_session")
+      end
+    end
+  end
+  
+  def log(*methods)
+    methods.each do |method|
+      puts "#{method.to_s}: #{send(method).inspect}"
+    end
+  end
+    
+  def log_state
+    log(:correct_request_class?)
+    log(:using_oauth?, :start_oauth?, :complete_oauth?)
+    log(:oauth_request?, :oauth_response?, :stored_oauth_token_and_secret?)
+    log(:using_openid?, :start_openid?, :complete_openid?, :openid_request?, :openid_response?)
+    log(:authenticating_with_openid?)
+    log(:stored_oauth_token_and_secret)
+  end
+  
+  # because we may need to store 6+ session variables, all with pretty lengthy names,
+  # might as well just tinify them.
+  # just an idea
+  def optimized_session_key(key)
+    @optimized_session_keys ||= {
+      :auth_request_class         => :authcl,
+      :authentication_method      => :authme,
+      :authentication_type        => :authty,
+      :oauth_provider             => :authpr,
+      :auth_callback_method       => :authcb,
+      :oauth_request_token        => :authtk,
+      :oauth_request_token_secret => :authsc,
+      :auth_attributes            => :authat
+    }
+    @optimized_session_keys[key]
+  end
+  
+  def auto_register?
+    true
+  end
+  
+end

data/lib/authlogic_connect/engine.rb

@@ -0,0 +1,14 @@
+module AuthlogicConnect
+  class Engine < Rails::Engine
+    
+    initializer "authlogic_connect.authentication_hook" do |app|
+      app.middleware.use AuthlogicConnect::CallbackFilter
+      app.middleware.use OpenIdAuthentication
+    end
+    
+    initializer "authlogic_connect.finalize", :after => "authlogic_connect.authentication_hook" do |app|
+      OpenID::Util.logger = Rails.logger
+      ActionController::Base.send :include, OpenIdAuthentication
+    end
+  end
+end

data/lib/authlogic_connect/ext.rb

@@ -0,0 +1,56 @@
+# these are extensions I've found useful for this project
+class String
+  # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
+  def normalize_identifier
+    # clean up whitespace
+    identifier = self.dup.strip
+
+    # if an XRI has a prefix, strip it.
+    identifier.gsub!(/xri:\/\//i, '')
+
+    # dodge XRIs -- TODO: validate, don't just skip.
+    unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
+      # does it begin with http?  if not, add it.
+      identifier = "http://#{identifier}" unless identifier =~ /^http/i
+
+      # strip any fragments
+      identifier.gsub!(/\#(.*)$/, '')
+
+      begin
+        uri = URI.parse(identifier)
+        uri.scheme = uri.scheme.downcase  # URI should do this
+        identifier = uri.normalize.to_s
+      rescue URI::InvalidURIError
+        raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
+      end
+    end
+
+    return identifier
+  end
+end
+
+class Hash
+  def recursively_symbolize_keys!
+    self.symbolize_keys!
+    self.values.each do |v|
+      if v.is_a? Hash
+        v.recursively_symbolize_keys!
+      elsif v.is_a? Array
+        v.recursively_symbolize_keys!
+      end
+    end
+    self
+  end
+end
+
+class Array
+  def recursively_symbolize_keys!
+    self.each do |item|
+      if item.is_a? Hash
+        item.recursively_symbolize_keys!
+      elsif item.is_a? Array
+        item.recursively_symbolize_keys!
+      end
+    end
+  end
+end

data/lib/authlogic_connect/oauth.rb

@@ -0,0 +1,14 @@
+module AuthlogicConnect::Oauth
+end
+
+require File.dirname(__FILE__) + "/oauth/state"
+require File.dirname(__FILE__) + "/oauth/variables"
+require File.dirname(__FILE__) + "/oauth/process"
+require File.dirname(__FILE__) + "/oauth/user"
+require File.dirname(__FILE__) + "/oauth/session"
+require File.dirname(__FILE__) + "/oauth/helper"
+
+ActiveRecord::Base.send(:include, AuthlogicConnect::Oauth::User)
+Authlogic::Session::Base.send(:include, AuthlogicConnect::Oauth::Session)
+ActionController::Base.helper AuthlogicConnect::Oauth::Helper
+ActionView::Helpers::FormBuilder.send(:include, AuthlogicConnect::Oauth::FormHelper)

data/lib/authlogic_connect/oauth/helper.rb

@@ -0,0 +1,20 @@
+module AuthlogicConnect::Oauth::Helper
+  
+  # options include "name"
+  def oauth_register_hidden_input
+    oauth_input(:type => "user")
+  end
+  
+  def oauth_login_hidden_input
+    oauth_input(:type => "session")
+  end
+  
+  def oauth_input(options = {})
+    tag(:input, {:type => "hidden", :name => "authentication_type", :value => options[:type]})
+  end
+  
+end
+
+module AuthlogicConnect::Oauth::FormHelper
+  
+end

data/lib/authlogic_connect/oauth/process.rb

@@ -0,0 +1,75 @@
+module AuthlogicConnect::Oauth::Process
+
+  include AuthlogicConnect::Oauth::Variables
+
+  # Step 2: after save is called, it runs this method for validation
+  def validate_by_oauth
+    if processing_authentication
+      authentication_protocol(:oauth, :start) || authentication_protocol(:oauth, :complete)
+    end
+  end
+  
+  # Step 3: if new_oauth_request?, redirect to oauth provider
+  def start_oauth
+    save_oauth_session
+    authorize_url = token_class.authorize_url(auth_callback_url) do |request_token|
+      save_auth_session_token(request_token) # only for oauth version 1
+    end
+    auth_controller.redirect_to authorize_url
+  end
+  
+  # Step 4: on callback, run this method
+  def complete_oauth
+    # implemented in User and Session Oauth modules
+    unless new_oauth_request? # shouldn't be validating if it's redirecting...
+      restore_attributes
+      complete_oauth_transaction
+      return true
+    end
+    return false
+  end
+  
+  # Step 3a: save our passed-parameters into the session,
+  # so we can retrieve them after the redirect calls back
+  def save_oauth_session
+    # Store the class which is redirecting, so we can ensure other classes
+    # don't get confused and attempt to use the response
+    auth_session[:auth_request_class]         = self.class.name
+  
+    auth_session[:authentication_type]        = auth_params[:authentication_type]
+    auth_session[:oauth_provider]             = auth_params[:oauth_provider]
+    auth_session[:auth_method]                = "oauth"
+    
+    # Tell our rack callback filter what method the current request is using
+    auth_session[:auth_callback_method]       = auth_controller.request.method
+  end
+  
+  # Step 3b (if version 1.0 of oauth)
+  def save_auth_session_token(request)
+    # store token and secret
+    auth_session[:oauth_request_token]        = request.token
+    auth_session[:oauth_request_token_secret] = request.secret
+  end
+  
+  def restore_attributes
+  end
+  
+  # Step last, after the response
+  # having lots of trouble testing logging and out multiple times,
+  # so there needs to be a solid way to know when a user has messed up loggin in.
+  def cleanup_oauth_session
+    [:auth_request_class,
+      :authentication_type,
+      :auth_method,
+      :auth_attributes,
+      :oauth_provider,
+      :auth_callback_method,
+      :oauth_request_token,
+      :oauth_request_token_secret,
+      :_key,
+      :_token,
+      :_secret,
+    ].each {|key| remove_session_key(key)}
+  end
+  
+end