browserid-provider 0.4.3 → 0.5.1

data/README.md

@@ -24,7 +24,7 @@ Or install it yourself as:
 In you Rails app config/application.rb, add:
 
 ```ruby
-  config.middleware.use BrowserID::Provider({:authentication_path => "/login" })
+  config.middleware.use BrowserID::Provider, :server_name => "example.org", :delegates => ["example.com"]
 ```
 
 The default setup relies on Warden to see which user is logged in. This
@@ -32,34 +32,44 @@ can easily be customized to fit any middleware function.
 
 The available configuration options are the following:
 
-```ruby
-  #
-  # authentication_path       Where to redirect users for login
-  #                           defaults to: "/users/sign_in" (Devise default)
-  #
-  # provision_path            What HTTP path to deliver provisioning from
-  #                           defaults to: "/browserid/provision"
-  # certify_path              What HTTP path to deliver certifying from
-  #                           defaults to: "/browserid/certify"
-  # whoami_path               What HTTP path to serve user credentials at
-  #                           defaults to: "/browserid/whoami"
-  #
-  # whoami                    What function to call for the current user object (must respond to :email method)
-  #                           defaults to: "@env['warden'].user"
-  #
-  # private_key_path          Where is the BrowserID OpenSSL private key located
-  #                           defaults to: "config/browserid_provider.pem"
-  #
-  # The "/.well-known/browserid" path is required from the BrowserID spec and used here.
-  #
-  # browserid_url             Which BrowserID server to use, ca be one of the following:
-  #                           * dev.diresworb.org for development (default)
-  #                           * diresworb.org     for beta
-  #                           * browserid.org     for production
-  #
-  # server_name               The domain name we are providing BrowserID for (default to example.org)
-  #
-```
+> authentication_path 
+> > Where to redirect users for login
+> > defaults to: "/users/sign_in" (Devise default)
+> 
+> provision_path
+> > What HTTP path to deliver provisioning from
+> > defaults to: "/browserid/provision"
+> certify_path
+> > What HTTP path to deliver certifying from
+> > defaults to: "/browserid/certify"
+> whoami_path
+> > What HTTP path to serve user credentials at
+> > defaults to: "/browserid/whoami"
+>
+> whoami
+> > Name of the middleware to get the current user object from (:user must respond to :email method)
+> > This middleware will be called as follows: env['warden'].user.email
+> > defaults to: "warden"
+> 
+> private_key_path
+> > Where is the BrowserID OpenSSL private key located
+> > defaults to: "config/browserid_provider.pem"
+> 
+> The "/.well-known/browserid" path is required from the BrowserID spec and used here.
+> 
+> browserid_url
+> > Which BrowserID server to use, ca be one of the following:
+> > * dev.diresworb.org for development (default)
+> > * diresworb.org     for beta
+> > * browserid.org     for production
+> 
+> server_name
+> > The domain name we are providing BrowserID for (default to example.org)
+> 
+> delegates
+> > An array of strings representing [authority delegates] [1]
+
+[1]: https://wiki.mozilla.org/Identity/BrowserID#BrowserID_Delegated_Support_Document "Mozilla Identity Wiki"
 
 The client side is JavaScript enabled. For Rails use:
 

data/app/assets/browserid/provision.html.erb

@@ -2,7 +2,7 @@
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
-<script type="text/javascript" src="https://<%= @env[:browserid_url] %>/provisioning_api.js"></script>
+<script type="text/javascript" src="https://<%= @vars[:browserid_url] %>/provisioning_api.js"></script>
 <script type="text/javascript" src="http://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
 <script type="text/javascript">
   // an alias
@@ -13,9 +13,9 @@
   navigator.id.beginProvisioning(function(email, cert_duration) {
     // now we have the email address that wishes to be provisioned!
     // is he authenticated to underpin.no?
-    $.get('<%= @env[:whoami_path] %>')
+    $.get('<%= @vars[:whoami_path] %>')
       .success(function(r) {
-        email = email.replace('@<%= @env[:server_name] %>', '').toLowerCase();
+        email = email.replace('@<%= @vars[:domain_name] %>', '').toLowerCase();
         if (email != r.user) {
           return fail('user is not authenticated as target user');
         }
@@ -26,7 +26,7 @@
           // finally, once we have a public key from the browser, we'll certify it, and
           // go pass it back
           $.ajax({
-            url: '<%= @env[:certify_path] %>',
+            url: '<%= @vars[:certify_path] %>',
             data: JSON.stringify({
               pubkey: pubkey,
               duration: cert_duration

data/browserid-provider.gemspec

@@ -8,7 +8,7 @@ Gem::Specification.new do |s|
   s.authors     = ["ringe"]
   s.email       = ["runar@rin.no"]
   s.homepage    = "https://github.com/ringe/browserid-provider"
-  s.summary     = %q{Rack-based Mozilla BrowserID Provider}
+  s.summary     = %q{Rails-enabled, Rack-based Mozilla BrowserID Primary Identity Provider}
   s.description = %q{With the BrowserID provider you enable your users to authenticate themselves across the web using a single authority.}
 
   s.files         = `git ls-files`.split("\n")

data/lib/browserid-provider/config.rb

@@ -10,8 +10,9 @@ module BrowserID
   # whoami_path               What HTTP path to serve user credentials at
   #                           defaults to: "/browserid/whoami"
   #
-  # whoami                    What function to call for the current user object (must respond to :email method)
-  #                           defaults to: "@env['warden'].user"
+  # whoami                    Name of the middleware to get the current user object from (:user must respond to :email method)
+  #                           This middleware will be called as follows: env['warden'].user.email
+  #                           defaults to: "warden"
   #
   # private_key_path          Where is the BrowserID OpenSSL private key located
   #                           defaults to: "config/browserid_provider.pem"
@@ -25,6 +26,9 @@ module BrowserID
   #
   # server_name               The domain name we are providing BrowserID for (default to example.org)
   #
+  # delegates                 Delegated domain names (see https://wiki.mozilla.org/Identity/BrowserID#BrowserID_Delegated_Support_Document)
+  #                           defaults to: []
+  #
   class Config < Hash
     # Creates an accessor that simply sets and reads a key in the hash:
     #
@@ -54,7 +58,7 @@ module BrowserID
       end
     end
 
-    hash_accessor :login_path, :provision_path, :whoami, :whoami_path, :certify_path, :private_key_path, :browserid_url, :server_name
+    hash_accessor :login_path, :provision_path, :whoami, :whoami_path, :certify_path, :private_key_path, :browserid_url, :server_name, :delegates
 
     def initialize(other={})
       merge!(other)
@@ -62,10 +66,16 @@ module BrowserID
       self[:provision_path]   ||= "/browserid/provision"
       self[:certify_path]     ||= "/browserid/certify"
       self[:whoami_path]      ||= "/browserid/whoami"
-      self[:whoami]           ||= "@env['warden'].user"
+      self[:whoami]           ||= "warden"
       self[:private_key_path] ||= "config/browserid_provider.pem"
       self[:browserid_url]    ||= "dev.diresworb.org"
       self[:server_name]      ||= "example.org"
+      self[:delegates]        ||= []
+    end
+
+    def get_issuer(dom)
+      return dom if ( [ self[:server_name] ] + self[:delegates] ).include?(dom)
+      return self[:server_name]
     end
 
     def urls

data/lib/browserid-provider/provider.rb

@@ -72,7 +72,7 @@ module BrowserID
       return err "Missing a required parameter (duration, pubkey)" if params.keys.sort != ["duration", "pubkey"]
 
       expiration = (Time.now.strftime("%s").to_i + params["duration"].to_i) * 1000
-      issue = { "iss" => @config.server_name,
+      issue = { "iss" => issuer(email),
         "exp" => expiration,
         "public-key" => params["pubkey"],
         "principal" => { "email"=> email }
@@ -90,21 +90,28 @@ module BrowserID
 
     # Return the provision iframe content.
     def provision
-      [200, {"Content-Type" => "text/html"}, BrowserID::Template.render("provision", @config)]
+      email = current_user_email
+      template_vars = @config.merge( { :domain_name => issuer(email) } )
+      [200, {"Content-Type" => "text/html"}, BrowserID::Template.render("provision", template_vars)]
     end
 
     # This middleware doesn't find what you are looking for.
     def not_found
-      [404, {"Content-Type" => "text/html"}, BrowserID::Template.render("404", @env)]
+      [404, {"Content-Type" => "text/html"}, BrowserID::Template.render("404", nil)]
+    end
+
+    # Return the issuing domain name
+    def issuer(email)
+      @config.get_issuer(email ? email.sub(/.*@/,'') : nil)
     end
 
     # Return the email of the user logged in currently, or nil
     def current_user_email
       begin
-        current_user = eval config.whoami
+        current_user = @env[config.whoami].user
         current_user ? current_user.email : nil
       rescue NoMethodError
-        raise NoMethodError, "The function provided in BrowserID::Config.whoami doesn't exist."
+        raise NoMethodError, "The middleware provided in BrowserID::Config.whoami doesn't have a :user method, or the :user doesn't have the :email method."
       end
     end
   end

data/lib/browserid-provider/template.rb

@@ -1,19 +1,20 @@
 require 'erb'
 module BrowserID
+  # Simple class to render ERB templates.
   class Template
     PATH = File.expand_path(File.join(File.dirname(__FILE__), "../..", "app", "assets", "browserid"))
 
-    def initialize(env)
-      @env = env
+    def initialize(template_vars)
+      @vars = template_vars
     end
 
     def get_binding
       binding
     end
 
-    def self.render(template, env)
+    def self.render(template, template_vars)
       rhtml = ERB.new File.read(PATH + "/" + template + ".html.erb")
-      view = BrowserID::Template.new(env)
+      view = BrowserID::Template.new(template_vars)
       [rhtml.result(view.get_binding)]
     end
 

data/lib/browserid-provider/version.rb

@@ -1,3 +1,3 @@
 module BrowserID
-  VERSION = "0.4.3"
+  VERSION = "0.5.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: browserid-provider
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 0.5.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-20 00:00:00.000000000 Z
+date: 2012-04-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json-jwt
@@ -125,5 +125,5 @@ rubyforge_project:
 rubygems_version: 1.8.22
 signing_key: 
 specification_version: 3
-summary: Rack-based Mozilla BrowserID Provider
+summary: Rails-enabled, Rack-based Mozilla BrowserID Primary Identity Provider
 test_files: []