authlogic-oid 1.0.0

data/CHANGELOG.rdoc

@@ -0,0 +1,3 @@
+== 1.0.0
+
+* Initial release

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Ben Johnson of Binary Logic (binarylogic.com)
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Manifest.txt

@@ -0,0 +1,38 @@
+CHANGELOG.rdoc
+MIT-LICENSE
+Manifest.txt
+README.rdoc
+Rakefile
+init.rb
+lib/authlogic_openid.rb
+lib/authlogic_openid/acts_as_authentic.rb
+lib/authlogic_openid/session.rb
+lib/authlogic_openid/version.rb
+test/acts_as_authentic_test.rb
+test/fixtures/users.yml
+test/libs/open_id_authentication/CHANGELOG
+test/libs/open_id_authentication/README
+test/libs/open_id_authentication/Rakefile
+test/libs/open_id_authentication/generators/open_id_authentication_tables/open_id_authentication_tables_generator.rb
+test/libs/open_id_authentication/generators/open_id_authentication_tables/templates/migration.rb
+test/libs/open_id_authentication/generators/upgrade_open_id_authentication_tables/templates/migration.rb
+test/libs/open_id_authentication/generators/upgrade_open_id_authentication_tables/upgrade_open_id_authentication_tables_generator.rb
+test/libs/open_id_authentication/init.rb
+test/libs/open_id_authentication/lib/open_id_authentication.rb
+test/libs/open_id_authentication/lib/open_id_authentication/association.rb
+test/libs/open_id_authentication/lib/open_id_authentication/db_store.rb
+test/libs/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb
+test/libs/open_id_authentication/lib/open_id_authentication/nonce.rb
+test/libs/open_id_authentication/lib/open_id_authentication/request.rb
+test/libs/open_id_authentication/lib/open_id_authentication/timeout_fixes.rb
+test/libs/open_id_authentication/tasks/open_id_authentication_tasks.rake
+test/libs/open_id_authentication/test/mem_cache_store_test.rb
+test/libs/open_id_authentication/test/normalize_test.rb
+test/libs/open_id_authentication/test/open_id_authentication_test.rb
+test/libs/open_id_authentication/test/status_test.rb
+test/libs/open_id_authentication/test/test_helper.rb
+test/libs/rails_trickery.rb
+test/libs/user.rb
+test/libs/user_session.rb
+test/session_test.rb
+test/test_helper.rb

data/README.rdoc

@@ -0,0 +1,87 @@
+= Authlogic OpenID
+
+Authlogic OpenID is an extension of the Authlogic library to add OpenID support. Authlogic v2.0 introduced an enhanced API that makes "plugging in" alternate authentication methods as easy as installing a gem.
+
+== Install and use
+
+=== 1. Make some simple changes to your database:
+
+  class AddUsersOpenidField < ActiveRecord::Migration
+    def self.up
+      add_column :users, :openid_identifier, :string
+      add_index :users, :openid_identifier
+
+      change_column :users, :login, :string, :default => nil, :null => true
+      change_column :users, :crypted_password, :string, :default => nil, :null => true
+      change_column :users, :password_salt, :string, :default => nil, :null => true
+    end
+
+    def self.down
+      remove_column :users, :openid_identifier
+
+      [:login, :crypted_password, :password_salt].each do |field|
+        User.all(:conditions => "#{field} is NULL").each { |user| user.update_attribute(field, "") if user.send(field).nil? }
+        change_column :users, field, :string, :default => "", :null => false
+      end
+    end
+  end
+
+=== 2. Install the openid_authentication plugin
+
+  $ script/plugin install git://github.com/rails/open_id_authentication.git
+  $ rake open_id_authentication:db:create
+
+For more information on how to configure the plugin, checkout it's README: http://github.com/rails/open_id_authentication/tree/master
+
+=== 3. Install the Authlogic Openid gem
+
+  $ sudo gem install authlogic-oid
+
+Now add the gem dependency in your config:
+
+  config.gem "authlogic-oid", :lib => "authlogic_openid"
+
+Or for older version of rails, install it as a plugin:
+
+  $ script/plugin install git://github.com/binarylogic/authlogic_openid.git
+
+=== 4. Make sure you save your objects properly
+
+You only need to save your objects this way if you want the user to authenticate with their OpenID provider.
+
+That being said, you probably want to do this in your controllers. You should do this for BOTH your User objects and UserSession objects (assuming you are authenticating users). It should look something like this:
+
+  @user_session.save do |result|
+    if result
+      flash[:notice] = "Login successful!"
+      redirect_back_or_default account_url
+    else
+      render :action => :new
+    end
+  end
+
+You should save your @user objects this way as well, because you also want the user to verify that they own the OpenID identifier that they supplied.
+
+Notice we are saving with a block. Why? Because we need to redirect the user to their OpenID provider so that they can authenticate. When we do this, we don't want to execute that block of code, because if we do, we will get a DoubleRender error. This lets us skip that entire block and send the user along their way without any problems.
+
+That's it! The rest is taken care of for you.
+
+== Redirecting from the models?
+
+If you are interested, I explain myself below. Regardless, you don't have to use this library. As you saw in the setup instructions, this library leverages the open_id_authentication rails plugin. You can EASILY use this in your controllers and do your traditional OpenID authentication yourself. After the user has been authenticated just do this:
+
+  UserSession.create(@user)
+
+It's that simple. For more information there is a great OpenID tutorial at: http://railscasts.com/episodes/68-openid-authentication
+
+Now, here are my thoughts on the subject:
+
+You are probably thinking: "Ben, you can't handle controller responsibilities in models". I agree with you on that comment, but my personal opinion is that these are not controller responsibilities. The fact that OpenID authentication requires a redirect should not effect the location of the logic / code. It's all part of the authentication process, which is the entire purpose of this library. The logic that handles this process should be in it's own domain, which is the definition of the "M" in MVC. The "M" doesn't have to just be a data access layer, it's a place for domain logic.
+
+What if you wanted to authenticate with OpenID in multiple controllers in your application? You would probably pull out the common code into a module and include it in the respective controllers. Even better, you might create a class that elegantly handles this process and then place it in your lib directory. That's exactly what this is.
+
+The last thing I will leave you with, to get you thinking, is... where do sweepers lie in the MVC pattern?
+
+Regardless, if I still haven't convinced you, I hope this library is of some benefit to you. At the very least an example of how to extend Authlogic.
+
+Copyright (c) 2009 Ben Johnson of [Binary Logic](http://www.binarylogic.com), released under the MIT license

data/Rakefile

@@ -0,0 +1,20 @@
+ENV['RDOCOPT'] = "-S -f html -T hanna"
+
+require "rubygems"
+require "hoe"
+require File.dirname(__FILE__) << "/lib/authlogic_openid/version"
+
+Hoe.new("Authlogic OpenID", AuthlogicOpenid::Version::STRING) do |p|
+  p.name = "authlogic-oid"
+  p.rubyforge_name = "authlogic-oid"
+  p.author = "Ben Johnson of Binary Logic"
+  p.email  = 'bjohnson@binarylogic.com'
+  p.summary = "Extension of the Authlogic library to add OpenID support."
+  p.description = "Extension of the Authlogic library to add OpenID support."
+  p.url = "http://github.com/binarylogic/authlogic_openid"
+  p.history_file = "CHANGELOG.rdoc"
+  p.readme_file = "README.rdoc"
+  p.extra_rdoc_files = ["CHANGELOG.rdoc", "README.rdoc"]
+  p.test_globs = ["test/*/test_*.rb", "test/*_test.rb", "test/*/*_test.rb"]
+  p.extra_deps = %w(authlogic)
+end

data/init.rb

@@ -0,0 +1 @@
+require "authlogic_openid"

data/lib/authlogic_openid/acts_as_authentic.rb

@@ -0,0 +1,117 @@
+# This module is responsible for adding OpenID functionality to Authlogic. Checkout the README for more info and please
+# see the sub modules for detailed documentation.
+module AuthlogicOpenid
+  # This module is responsible for adding in the OpenID functionality to your models. It hooks itself into the
+  # acts_as_authentic method provided by Authlogic.
+  module ActsAsAuthentic
+    # Adds in the neccesary modules for acts_as_authentic to include and also disabled password validation if
+    # OpenID is being used.
+    def self.included(klass)
+      klass.class_eval do
+        add_acts_as_authentic_module(Methods)
+        validates_length_of_password_field_options validates_length_of_password_field_options.merge(:if => :validate_password_with_openid?)
+        validates_confirmation_of_password_field_options validates_confirmation_of_password_field_options.merge(:if => :validate_password_with_openid?)
+        validates_length_of_password_confirmation_field_options validates_length_of_password_confirmation_field_options.merge(:if => :validate_password_with_openid?)
+      end
+    end
+    
+    module Methods
+      # Set up some simple validations
+      def self.included(klass)
+        klass.class_eval do
+          validates_uniqueness_of :openid_identifier, :scope => validations_scope, :if => :using_openid?
+          validate :validate_openid
+        end
+      end
+      
+      # Set the openid_identifier field and also resets the persistence_token if this value changes.
+      def openid_identifier=(value)
+        write_attribute(:openid_identifier, value.blank? ? nil : OpenIdAuthentication.normalize_identifier(value))
+        reset_persistence_token if openid_identifier_changed?
+      rescue OpenIdAuthentication::InvalidOpenId => e
+        @openid_error = e.message
+      end
+      
+      # This is where all of the magic happens. This is where we hook in and add all of the OpenID sweetness.
+      #
+      # I had to take this approach because when authenticating with OpenID nonces and what not are stored in database
+      # tables. That being said, the whole save process for ActiveRecord is wrapped in a transaction. Trying to authenticate
+      # with OpenID in a transaction is not good because that transaction be get rolled back, thus reversing all of the OpenID
+      # inserts and making OpenID authentication fail every time. So We need to step outside of the transaction and do our OpenID
+      # madness.
+      #
+      # Another advantage of taking this approach is that we can set fields from their OpenID profile before we save the record,
+      # if their OpenID provider supports it.
+      def save(perform_validation = true, &block)
+        if !perform_validation || !authenticate_with_openid? || (authenticate_with_openid? && authenticate_with_openid)
+          result = super
+          yield(result) if block_given?
+          result
+        else
+          false
+        end
+      end
+      
+      private
+        def authenticate_with_openid
+          @openid_error = nil
+          
+          if !openid_complete?
+            attrs_to_persist = attributes.delete_if do |k, v|
+              [:password, crypted_password_field, password_salt_field, :persistence_token, :perishable_token, :single_access_token, :login_count, 
+                :failed_login_count, :last_request_at, :current_login_at, :last_login_at, :current_login_ip, :last_login_ip, :created_at,
+                :updated_at, :lock_version].include?(k.to_sym)
+            end
+            attrs_to_persist.merge!(:password => password, :password_confirmation => password_confirmation)
+            session_class.controller.session[:openid_attributes] = attrs_to_persist
+          else
+            self.attributes = session_class.controller.session[:openid_attributes]
+            session_class.controller.session[:openid_attributes] = nil
+          end
+          
+          options = {}
+          options[:required_field] = [self.class.login_field, self.class.email_field].compact
+          options[:optional_fields] = [:fullname]
+          options[:return_to] = session_class.controller.url_for(:for_model => "1")
+          
+          session_class.controller.send(:authenticate_with_open_id, openid_identifier, options) do |result, openid_identifier, registration|
+            if result.unsuccessful?
+              @openid_error = result.message
+            else
+              map_openid_registration(registration)
+            end
+            
+            return true
+          end
+          
+          return false
+        end
+        
+        def map_openid_registration(registration)
+          self.name ||= registration[:fullname] if respond_to?(:name) && !registration[:fullname].blank?
+          self.first_name ||= registration[:fullname].split(" ").first if respond_to?(:first_name) && !registration[:fullname].blank?
+          self.first_name ||= registration[:fullname].split(" ").last if respond_to?(:last_name) && !registration[:last_name].blank?
+        end
+        
+        def validate_openid
+          errors.add(:openid_identifier, "had the following error: #{@openid_error}") if @openid_error
+        end
+        
+        def using_openid?
+          !openid_identifier.blank?
+        end
+        
+        def openid_complete?
+          session_class.controller.params[:open_id_complete] && session_class.controller.params[:for_model]
+        end
+        
+        def authenticate_with_openid?
+          session_class.activated? && ((using_openid? && openid_identifier_changed?) || openid_complete?)
+        end
+        
+        def validate_password_with_openid?
+          !using_openid? && require_password?
+        end
+    end
+  end
+end

data/lib/authlogic_openid/session.rb

@@ -0,0 +1,61 @@
+module AuthlogicOpenid
+  # This module is responsible for adding all of the OpenID goodness to the Authlogic::Session::Base class.
+  module Session
+    # Add a simple openid_identifier attribute and some validations for the field.
+    def self.included(klass)
+      klass.class_eval do
+        attr_reader :openid_identifier
+        validate :validate_openid_error
+        validate :validate_by_openid, :if => :authenticating_with_openid?
+      end
+    end
+    
+    # Hooks into credentials so that you can pass an :openid_identifier key.
+    def credentials=(value)
+      super
+      values = value.is_a?(Array) ? value : [value]
+      hash = values.first.is_a?(Hash) ? values.first.with_indifferent_access : nil
+      self.openid_identifier = hash[:openid_identifier] if !hash.nil? && hash.key?(:openid_identifier)
+    end
+    
+    def openid_identifier=(value)
+      @openid_identifier = value.blank? ? nil : OpenIdAuthentication.normalize_identifier(value)
+      @openid_error = nil
+    rescue OpenIdAuthentication::InvalidOpenId => e
+      @openid_identifier = nil
+      @openid_error = e.message
+    end
+  
+    # Cleaers out the block if we are authenticating with OpenID, so that we can redirect without a DoubleRender
+    # error.
+    def save(&block)
+      block = nil if !openid_identifier.blank?
+      super(&block)
+    end
+  
+    private
+      def authenticating_with_openid?
+        !openid_identifier.blank? || (controller.params[:open_id_complete] && controller.params[:for_session])
+      end
+    
+      def validate_by_openid
+        controller.send(:authenticate_with_open_id, openid_identifier, :return_to => controller.url_for(:for_session => "1")) do |result, openid_identifier|
+          if result.unsuccessful?
+            errors.add_to_base(result.message)
+            return
+          end
+
+          self.attempted_record = klass.find_by_openid_identifier(openid_identifier)
+
+          if !attempted_record
+            errors.add(:openid_identifier, "did not match any users in our database, have you set up your account to use OpenID?")
+            return
+          end
+        end
+      end
+      
+      def validate_openid_error
+        errors.add(:openid_identifier, @openid_error) if @openid_error
+      end
+  end
+end

data/lib/authlogic_openid/version.rb

@@ -0,0 +1,51 @@
+module AuthlogicOpenid
+  # A class for describing the current version of a library. The version
+  # consists of three parts: the +major+ number, the +minor+ number, and the
+  # +tiny+ (or +patch+) number.
+  class Version
+    include Comparable
+  
+    # A convenience method for instantiating a new Version instance with the
+    # given +major+, +minor+, and +tiny+ components.
+    def self.[](major, minor, tiny)
+      new(major, minor, tiny)
+    end
+
+    attr_reader :major, :minor, :tiny
+
+    # Create a new Version object with the given components.
+    def initialize(major, minor, tiny)
+      @major, @minor, @tiny = major, minor, tiny
+    end
+
+    # Compare this version to the given +version+ object.
+    def <=>(version)
+      to_i <=> version.to_i
+    end
+
+    # Converts this version object to a string, where each of the three
+    # version components are joined by the '.' character. E.g., 2.0.0.
+    def to_s
+      @to_s ||= [@major, @minor, @tiny].join(".")
+    end
+
+    # Converts this version to a canonical integer that may be compared
+    # against other version objects.
+    def to_i
+      @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
+    end
+    
+    def to_a
+      [@major, @minor, @tiny]
+    end
+
+    MAJOR = 1
+    MINOR = 0
+    TINY  = 0
+
+    # The current version as a Version instance
+    CURRENT = new(MAJOR, MINOR, TINY)
+    # The current version as a String
+    STRING = CURRENT.to_s
+  end
+end

data/lib/authlogic_openid.rb

@@ -0,0 +1,6 @@
+require "authlogic_openid/version"
+require "authlogic_openid/acts_as_authentic"
+require "authlogic_openid/session"
+
+ActiveRecord::Base.send(:include, AuthlogicOpenid::ActsAsAuthentic)
+Authlogic::Session::Base.send(:include, AuthlogicOpenid::Session)

data/test/acts_as_authentic_test.rb

@@ -0,0 +1,90 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class ActsAsAuthenticTest < ActiveSupport::TestCase
+  def test_included
+    assert User.send(:acts_as_authentic_modules).include?(AuthlogicOpenid::ActsAsAuthentic::Methods)
+    assert_equal :validate_password_with_openid?, User.validates_length_of_password_field_options[:if]
+    assert_equal :validate_password_with_openid?, User.validates_confirmation_of_password_field_options[:if]
+    assert_equal :validate_password_with_openid?, User.validates_length_of_password_confirmation_field_options[:if]
+  end
+  
+  def test_password_not_required_on_create
+    user = User.new
+    user.login = "sweet"
+    user.email = "a@a.com"
+    user.openid_identifier = "https://me.yahoo.com/a/9W0FJjRj0o981TMSs0vqVxPdmMUVOQ--"
+    assert !user.save # because we are redirecting, the user was NOT saved
+    assert redirecting_to_yahoo?
+  end
+  
+  def test_password_required_on_create
+    user = User.new
+    user.login = "sweet"
+    user.email = "a@a.com"
+    assert !user.save
+    assert user.errors.on(:password)
+    assert user.errors.on(:password_confirmation)
+  end
+  
+  def test_password_not_required_on_update
+    ben = users(:ben)
+    assert_nil ben.crypted_password
+    assert ben.save
+  end
+  
+  def test_password__required_on_update
+    ben = users(:ben)
+    ben.openid_identifier = nil
+    assert_nil ben.crypted_password
+    assert !ben.save
+    assert ben.errors.on(:password)
+    assert ben.errors.on(:password_confirmation)
+  end
+  
+  def test_validates_uniqueness_of_openid_identifier
+    u = User.new(:openid_identifier => "bens_identifier")
+    assert !u.valid?
+    assert u.errors.on(:openid_identifier)
+  end
+  
+  def test_setting_openid_identifier_changed_persistence_token
+    ben = users(:ben)
+    old_persistence_token = ben.persistence_token
+    ben.openid_identifier = "new"
+    assert_not_equal old_persistence_token, ben.persistence_token
+  end
+  
+  def test_invalid_openid_identifier
+    u = User.new(:openid_identifier => "%")
+    assert !u.valid?
+    assert u.errors.on(:openid_identifier)
+  end
+  
+  def test_blank_openid_identifer_gets_set_to_nil
+    u = User.new(:openid_identifier => "")
+    assert_nil u.openid_identifier
+  end
+  
+  def test_updating_with_openid
+    ben = users(:ben)
+    ben.openid_identifier = "https://me.yahoo.com/a/9W0FJjRj0o981TMSs0vqVxPdmMUVOQ--"
+    assert !ben.save # because we are redirecting
+    assert redirecting_to_yahoo?
+  end
+  
+  def test_updating_without_openid
+    ben = users(:ben)
+    ben.openid_identifier = nil
+    ben.password = "test"
+    ben.password_confirmation = "test"
+    assert ben.save
+    assert !redirecting_to_yahoo?
+  end
+  
+  def test_updating_without_validation
+    ben = users(:ben)
+    ben.openid_identifier = "https://me.yahoo.com/a/9W0FJjRj0o981TMSs0vqVxPdmMUVOQ--"
+    assert ben.save(false)
+    assert !redirecting_to_yahoo?
+  end
+end

data/test/fixtures/users.yml

@@ -0,0 +1,9 @@
+ben:
+  login: bjohnson
+  persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
+  single_access_token: <%= Authlogic::Random.friendly_token %>
+  perishable_token: <%= Authlogic::Random.friendly_token %>
+  openid_identifier: bens_identifier
+  email: bjohnson@binarylogic.com
+  first_name: Ben
+  last_name: Johnson

data/test/libs/open_id_authentication/CHANGELOG

@@ -0,0 +1,35 @@
+* Fake HTTP method from OpenID server since they only support a GET. Eliminates the need to set an extra route to match the server's reply. [Josh Peek]
+
+* OpenID 2.0 recommends that forms should use the field name "openid_identifier" rather than "openid_url" [Josh Peek]
+
+* Return open_id_response.display_identifier to the application instead of .endpoints.claimed_id. [nbibler]
+
+* Add Timeout protection [Rick]
+
+* An invalid identity url passed through authenticate_with_open_id will no longer raise an InvalidOpenId exception. Instead it will return Result[:missing] to the completion block.
+
+* Allow a return_to option to be used instead of the requested url [Josh Peek]
+
+* Updated plugin to use Ruby OpenID 2.x.x [Josh Peek]
+
+* Tied plugin to ruby-openid 1.1.4 gem until we can make it compatible with 2.x [DHH]
+
+* Use URI instead of regexps to normalize the URL and gain free, better matching #8136 [dkubb]
+
+* Allow -'s in #normalize_url [Rick]
+
+* remove instance of mattr_accessor, it was breaking tests since they don't load ActiveSupport.  Fix Timeout test [Rick]
+
+* Throw a InvalidOpenId exception instead of just a RuntimeError when the URL can't be normalized [DHH]
+
+* Just use the path for the return URL, so extra query parameters don't interfere [DHH]
+
+* Added a new default database-backed store after experiencing trouble with the filestore on NFS. The file store is still available as an option [DHH]
+
+* Added normalize_url and applied it to all operations going through the plugin [DHH]
+
+* Removed open_id? as the idea of using the same input box for both OpenID and username has died -- use using_open_id? instead (which checks for the presence of params[:openid_url] by default) [DHH]
+
+* Added OpenIdAuthentication::Result to make it easier to deal with default situations where you don't care to do something particular for each error state [DHH]
+
+* Stop relying on root_url being defined, we can just grab the current url instead [DHH]