browserid-provider 0.4.3 → 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -24,7 +24,7 @@ Or install it yourself as:
24
24
  In you Rails app config/application.rb, add:
25
25
 
26
26
  ```ruby
27
- config.middleware.use BrowserID::Provider({:authentication_path => "/login" })
27
+ config.middleware.use BrowserID::Provider, :server_name => "example.org", :delegates => ["example.com"]
28
28
  ```
29
29
 
30
30
  The default setup relies on Warden to see which user is logged in. This
@@ -32,34 +32,44 @@ can easily be customized to fit any middleware function.
32
32
 
33
33
  The available configuration options are the following:
34
34
 
35
- ```ruby
36
- #
37
- # authentication_path Where to redirect users for login
38
- # defaults to: "/users/sign_in" (Devise default)
39
- #
40
- # provision_path What HTTP path to deliver provisioning from
41
- # defaults to: "/browserid/provision"
42
- # certify_path What HTTP path to deliver certifying from
43
- # defaults to: "/browserid/certify"
44
- # whoami_path What HTTP path to serve user credentials at
45
- # defaults to: "/browserid/whoami"
46
- #
47
- # whoami What function to call for the current user object (must respond to :email method)
48
- # defaults to: "@env['warden'].user"
49
- #
50
- # private_key_path Where is the BrowserID OpenSSL private key located
51
- # defaults to: "config/browserid_provider.pem"
52
- #
53
- # The "/.well-known/browserid" path is required from the BrowserID spec and used here.
54
- #
55
- # browserid_url Which BrowserID server to use, ca be one of the following:
56
- # * dev.diresworb.org for development (default)
57
- # * diresworb.org for beta
58
- # * browserid.org for production
59
- #
60
- # server_name The domain name we are providing BrowserID for (default to example.org)
61
- #
62
- ```
35
+ > authentication_path
36
+ > > Where to redirect users for login
37
+ > > defaults to: "/users/sign_in" (Devise default)
38
+ >
39
+ > provision_path
40
+ > > What HTTP path to deliver provisioning from
41
+ > > defaults to: "/browserid/provision"
42
+ > certify_path
43
+ > > What HTTP path to deliver certifying from
44
+ > > defaults to: "/browserid/certify"
45
+ > whoami_path
46
+ > > What HTTP path to serve user credentials at
47
+ > > defaults to: "/browserid/whoami"
48
+ >
49
+ > whoami
50
+ > > Name of the middleware to get the current user object from (:user must respond to :email method)
51
+ > > This middleware will be called as follows: env['warden'].user.email
52
+ > > defaults to: "warden"
53
+ >
54
+ > private_key_path
55
+ > > Where is the BrowserID OpenSSL private key located
56
+ > > defaults to: "config/browserid_provider.pem"
57
+ >
58
+ > The "/.well-known/browserid" path is required from the BrowserID spec and used here.
59
+ >
60
+ > browserid_url
61
+ > > Which BrowserID server to use, ca be one of the following:
62
+ > > * dev.diresworb.org for development (default)
63
+ > > * diresworb.org for beta
64
+ > > * browserid.org for production
65
+ >
66
+ > server_name
67
+ > > The domain name we are providing BrowserID for (default to example.org)
68
+ >
69
+ > delegates
70
+ > > An array of strings representing [authority delegates] [1]
71
+
72
+ [1]: https://wiki.mozilla.org/Identity/BrowserID#BrowserID_Delegated_Support_Document "Mozilla Identity Wiki"
63
73
 
64
74
  The client side is JavaScript enabled. For Rails use:
65
75
 
@@ -2,7 +2,7 @@
2
2
  <html>
3
3
  <head>
4
4
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
5
- <script type="text/javascript" src="https://<%= @env[:browserid_url] %>/provisioning_api.js"></script>
5
+ <script type="text/javascript" src="https://<%= @vars[:browserid_url] %>/provisioning_api.js"></script>
6
6
  <script type="text/javascript" src="http://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
7
7
  <script type="text/javascript">
8
8
  // an alias
@@ -13,9 +13,9 @@
13
13
  navigator.id.beginProvisioning(function(email, cert_duration) {
14
14
  // now we have the email address that wishes to be provisioned!
15
15
  // is he authenticated to underpin.no?
16
- $.get('<%= @env[:whoami_path] %>')
16
+ $.get('<%= @vars[:whoami_path] %>')
17
17
  .success(function(r) {
18
- email = email.replace('@<%= @env[:server_name] %>', '').toLowerCase();
18
+ email = email.replace('@<%= @vars[:domain_name] %>', '').toLowerCase();
19
19
  if (email != r.user) {
20
20
  return fail('user is not authenticated as target user');
21
21
  }
@@ -26,7 +26,7 @@
26
26
  // finally, once we have a public key from the browser, we'll certify it, and
27
27
  // go pass it back
28
28
  $.ajax({
29
- url: '<%= @env[:certify_path] %>',
29
+ url: '<%= @vars[:certify_path] %>',
30
30
  data: JSON.stringify({
31
31
  pubkey: pubkey,
32
32
  duration: cert_duration
@@ -8,7 +8,7 @@ Gem::Specification.new do |s|
8
8
  s.authors = ["ringe"]
9
9
  s.email = ["runar@rin.no"]
10
10
  s.homepage = "https://github.com/ringe/browserid-provider"
11
- s.summary = %q{Rack-based Mozilla BrowserID Provider}
11
+ s.summary = %q{Rails-enabled, Rack-based Mozilla BrowserID Primary Identity Provider}
12
12
  s.description = %q{With the BrowserID provider you enable your users to authenticate themselves across the web using a single authority.}
13
13
 
14
14
  s.files = `git ls-files`.split("\n")
@@ -10,8 +10,9 @@ module BrowserID
10
10
  # whoami_path What HTTP path to serve user credentials at
11
11
  # defaults to: "/browserid/whoami"
12
12
  #
13
- # whoami What function to call for the current user object (must respond to :email method)
14
- # defaults to: "@env['warden'].user"
13
+ # whoami Name of the middleware to get the current user object from (:user must respond to :email method)
14
+ # This middleware will be called as follows: env['warden'].user.email
15
+ # defaults to: "warden"
15
16
  #
16
17
  # private_key_path Where is the BrowserID OpenSSL private key located
17
18
  # defaults to: "config/browserid_provider.pem"
@@ -25,6 +26,9 @@ module BrowserID
25
26
  #
26
27
  # server_name The domain name we are providing BrowserID for (default to example.org)
27
28
  #
29
+ # delegates Delegated domain names (see https://wiki.mozilla.org/Identity/BrowserID#BrowserID_Delegated_Support_Document)
30
+ # defaults to: []
31
+ #
28
32
  class Config < Hash
29
33
  # Creates an accessor that simply sets and reads a key in the hash:
30
34
  #
@@ -54,7 +58,7 @@ module BrowserID
54
58
  end
55
59
  end
56
60
 
57
- hash_accessor :login_path, :provision_path, :whoami, :whoami_path, :certify_path, :private_key_path, :browserid_url, :server_name
61
+ hash_accessor :login_path, :provision_path, :whoami, :whoami_path, :certify_path, :private_key_path, :browserid_url, :server_name, :delegates
58
62
 
59
63
  def initialize(other={})
60
64
  merge!(other)
@@ -62,10 +66,16 @@ module BrowserID
62
66
  self[:provision_path] ||= "/browserid/provision"
63
67
  self[:certify_path] ||= "/browserid/certify"
64
68
  self[:whoami_path] ||= "/browserid/whoami"
65
- self[:whoami] ||= "@env['warden'].user"
69
+ self[:whoami] ||= "warden"
66
70
  self[:private_key_path] ||= "config/browserid_provider.pem"
67
71
  self[:browserid_url] ||= "dev.diresworb.org"
68
72
  self[:server_name] ||= "example.org"
73
+ self[:delegates] ||= []
74
+ end
75
+
76
+ def get_issuer(dom)
77
+ return dom if ( [ self[:server_name] ] + self[:delegates] ).include?(dom)
78
+ return self[:server_name]
69
79
  end
70
80
 
71
81
  def urls
@@ -72,7 +72,7 @@ module BrowserID
72
72
  return err "Missing a required parameter (duration, pubkey)" if params.keys.sort != ["duration", "pubkey"]
73
73
 
74
74
  expiration = (Time.now.strftime("%s").to_i + params["duration"].to_i) * 1000
75
- issue = { "iss" => @config.server_name,
75
+ issue = { "iss" => issuer(email),
76
76
  "exp" => expiration,
77
77
  "public-key" => params["pubkey"],
78
78
  "principal" => { "email"=> email }
@@ -90,21 +90,28 @@ module BrowserID
90
90
 
91
91
  # Return the provision iframe content.
92
92
  def provision
93
- [200, {"Content-Type" => "text/html"}, BrowserID::Template.render("provision", @config)]
93
+ email = current_user_email
94
+ template_vars = @config.merge( { :domain_name => issuer(email) } )
95
+ [200, {"Content-Type" => "text/html"}, BrowserID::Template.render("provision", template_vars)]
94
96
  end
95
97
 
96
98
  # This middleware doesn't find what you are looking for.
97
99
  def not_found
98
- [404, {"Content-Type" => "text/html"}, BrowserID::Template.render("404", @env)]
100
+ [404, {"Content-Type" => "text/html"}, BrowserID::Template.render("404", nil)]
101
+ end
102
+
103
+ # Return the issuing domain name
104
+ def issuer(email)
105
+ @config.get_issuer(email ? email.sub(/.*@/,'') : nil)
99
106
  end
100
107
 
101
108
  # Return the email of the user logged in currently, or nil
102
109
  def current_user_email
103
110
  begin
104
- current_user = eval config.whoami
111
+ current_user = @env[config.whoami].user
105
112
  current_user ? current_user.email : nil
106
113
  rescue NoMethodError
107
- raise NoMethodError, "The function provided in BrowserID::Config.whoami doesn't exist."
114
+ raise NoMethodError, "The middleware provided in BrowserID::Config.whoami doesn't have a :user method, or the :user doesn't have the :email method."
108
115
  end
109
116
  end
110
117
  end
@@ -1,19 +1,20 @@
1
1
  require 'erb'
2
2
  module BrowserID
3
+ # Simple class to render ERB templates.
3
4
  class Template
4
5
  PATH = File.expand_path(File.join(File.dirname(__FILE__), "../..", "app", "assets", "browserid"))
5
6
 
6
- def initialize(env)
7
- @env = env
7
+ def initialize(template_vars)
8
+ @vars = template_vars
8
9
  end
9
10
 
10
11
  def get_binding
11
12
  binding
12
13
  end
13
14
 
14
- def self.render(template, env)
15
+ def self.render(template, template_vars)
15
16
  rhtml = ERB.new File.read(PATH + "/" + template + ".html.erb")
16
- view = BrowserID::Template.new(env)
17
+ view = BrowserID::Template.new(template_vars)
17
18
  [rhtml.result(view.get_binding)]
18
19
  end
19
20
 
@@ -1,3 +1,3 @@
1
1
  module BrowserID
2
- VERSION = "0.4.3"
2
+ VERSION = "0.5.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: browserid-provider
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.3
4
+ version: 0.5.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-04-20 00:00:00.000000000 Z
12
+ date: 2012-04-21 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: json-jwt
@@ -125,5 +125,5 @@ rubyforge_project:
125
125
  rubygems_version: 1.8.22
126
126
  signing_key:
127
127
  specification_version: 3
128
- summary: Rack-based Mozilla BrowserID Provider
128
+ summary: Rails-enabled, Rack-based Mozilla BrowserID Primary Identity Provider
129
129
  test_files: []