devfu-rack-openid-proxy 0.1.0

data/README.markdown

@@ -0,0 +1,21 @@
+= OpenID::Proxy
+
+This is an OpenID Proxy application.
+
+Sometimes applications run in an environment where it would be impossible 
+or very difficult to use an OpenID consumer.
+
+This proxy is basically a very, very simple web service for making OpenID requests, 
+without having to have a full-blown local OpenID consumer.
+
+This can be used as a Rack application or as a Rack middleware (to add a proxy  to your local application).
+
+This uses Rack::OpenID (which used ruby-openid) to do the heavy lifting.
+
+== Installation
+
+... coming soon ...
+
+== Usage
+
+... coming soon ...

data/Rakefile

@@ -0,0 +1,68 @@
+require 'rake'
+require 'rubygems'
+require 'rake/rdoctask'
+require 'spec/rake/spectask'
+
+puts "\nGem: rack-openid-proxy\n\n"
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |s|
+    s.name        = 'rack-openid-proxy'
+    s.summary     = 'A Rack app/middleware to act as a proxy for OpenID authentication'
+    s.email       = 'remi@remitaylor.com'
+    s.homepage    = 'http://github.com/devfu/rack-openid-proxy'
+    s.description = 'A Rack app/middleware to act as a proxy for OpenID authentication'
+    s.authors     = %w( remi )
+    s.files       = FileList['[A-Z]*', '{lib,spec,bin,examples}/**/*'] 
+    # s.add_dependency 'person-gemname'
+    # s.executables << 'script'
+    # s.rubyforge_project = 'gemname'
+    # s.extra_rdoc_files = %w( README.rdoc )
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end
+
+Spec::Rake::SpecTask.new do |t|
+  t.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+desc "Run all examples with RCov"
+Spec::Rake::SpecTask.new('rcov') do |t|
+  t.spec_files = FileList['spec/**/*_spec.rb']
+  t.rcov = true
+end
+
+# require 'hanna'
+# require 'darkfish-rdoc'
+
+Rake::RDocTask.new do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'rack-openid-proxy'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  # rdoc.options += ["--template=#{`allison --path`}"]  # sudo gem install allison
+  # rdoc.options += %w( -f darkfish )                   # sudo gem install darkfish-rdoc
+  # rdoc.options += %w( -T hanna )                      # sudo gem install mislav-hanna
+  rdoc.options += %w( -m README.rdoc ) # the initial page displayed
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+desc 'Confirm that gemspec is $SAFE'
+task :safe do
+  require 'yaml'
+  require 'rubygems/specification'
+  data = File.read('rack-openid-proxy.gemspec')
+  spec = nil
+  if data !~ %r{!ruby/object:Gem::Specification}
+    Thread.new { spec = eval("$SAFE = 3\n#{data}") }.join
+  else
+    spec = YAML.load(data)
+  end
+  spec.validate
+  puts spec
+  puts "OK"
+end
+
+task :default => :spec

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/lib/rack-openid-proxy.rb

@@ -0,0 +1,153 @@
+%w( rubygems rack rack/openid digest/sha2 uri ).each {|lib| require lib }
+
+class Object
+  def to_hash
+    YAML.load to_yaml.gsub(/ !ruby\/object.*/, '')
+  end
+end
+
+module Rack #:nodoc:
+
+  class OpenID #:nodoc:
+
+    # A simple OpenID Proxy Rack application / middleware
+    #
+    # == Notes
+    #
+    # * This *requires* that a Rack::Session middleware be enabled
+    # * This *requires* that the Rack::OpenID middleware be enabled (for now)
+    #
+    class Proxy
+
+      # this is stored in the Rack env (it gets set by Rack::OpenID)
+      OPENID_RESPONSE = 'rack.openid.response'
+
+      # this is stored in the session
+      RETURN_PATH     = 'rack-openid-proxy.return_path'
+
+      class << self
+        attr_accessor :formatters
+      end
+
+      @formatters = {
+        :yml  => lambda {|o| o.to_yaml },
+        :json => lambda {|o| require 'json';  o.to_hash.to_json   },
+        :xml  => lambda {|o| require 'yaxml'; YAXML::Yaxml.new(o.to_hash.to_yaml, :root_name => 'openid').to_yaxml }
+      }
+    
+      DEFAULT_OPTIONS = {
+        :path                    => '/openid',
+        :token_store             => {},
+        :force_ssl               => false,
+        :delete_token_on_request => true
+      }
+
+      # The path that, when requested, does OpenID authentication
+      #
+      # * When used as a middleware, any other paths will call the inner Rack app
+      # * When used as a standalone all, any other paths will return a 404
+      #
+      attr_accessor :path
+
+      # If set to true, any OpenID-related requests that come in to 
+      # this app as http:// will be redirected to https://
+      attr_accessor :force_ssl
+
+      # If set to true, tokens and their responses will be deleted after the 
+      # first time they are requested
+      attr_accessor :delete_token_on_request
+
+      attr_accessor :token_store
+
+      def initialize *args
+        @app    = args.shift if args.first.respond_to? :call
+        options = args.first || {}
+
+        DEFAULT_OPTIONS.each {|name, value| send "#{name}=", value }
+        options.each         {|name, value| send "#{name}=", value } if options
+
+        raise_validation_exception unless valid?
+      end
+
+      def call env
+        request = Rack::Request.new env
+
+        if request.path_info =~ /^#{ path }\.?(.*)/
+          format = $1
+
+          if response = env[OPENID_RESPONSE]
+            token = "#{ Time.now.to_i }-#{ Digest::SHA2.hexdigest(response.to_yaml) }"
+            set token, response
+            uri = URI.parse env['rack.session'][RETURN_PATH]
+            uri.query = (uri.query.nil?) ? "token=#{token}" : "#{uri.query}&token=#{URI.escape(token)}"
+            [ 302, {'Location' => uri.to_s }, [] ]
+
+          elsif token = request.params['token']
+            return [ 302, {'Location' => request.url.to_s.sub('http','https')}, [] 
+                   ] if force_ssl && request.scheme != 'https' && env['HTTP_X_FORWARDED_PROTO'] != 'https'
+            response = get token
+            if response
+              render response, format
+            else
+              [ 200, {'Content-Type' => 'text/html'}, ["Token not found"] ]
+            end
+
+          elsif request.params['url']
+            env['rack.session'][RETURN_PATH] = request.referer
+            return [ 302, {'Location' => request.url.to_s.sub('http','https')}, [] 
+                   ] if force_ssl && request.scheme != 'https' && env['HTTP_X_FORWARDED_PROTO'] != 'https'
+            [ 401, {'WWW-Authenticate' => "OpenID identifier=\"#{ request.params['url'] }\""}, ["Redirecting to OpenID login ..."] ]
+
+          else
+            return [ 302, {'Location' => request.url.to_s.sub('http','https')}, [] 
+                   ] if force_ssl && request.scheme != 'https' && env['HTTP_X_FORWARDED_PROTO'] != 'https'
+            [ 200, {'Content-Type' => 'text/html'}, ["Unknown action.  Did you forget to set ?url= or ?token= ?"] ]
+          end
+
+        elsif @app
+          @app.call env
+
+        else
+          [ 404, {'Content-Type' => 'text/html'}, ["Page not found"] ]
+        end
+      end
+
+      def get token
+        response = token_store[token]
+        token_store.delete token if delete_token_on_request
+        response
+      end
+
+      def set token, response
+        token_store[token] = response
+      end
+
+      protected
+
+      def formatters= hash_of_formatters
+        self.class.formatters.merge! hash_of_formatters
+      end
+
+      def render response, format = :json
+        format = :json if format.to_s.strip.empty?
+        raise "Invalid format: #{ format.inspect }" unless self.class.formatters.keys.include? format.to_sym
+        [ 200, {'Content-Type' => 'text/plain'}, [ self.class.formatters[format.to_sym].call(response) ] ] # all text/plain for now
+      end
+
+      # VALIDATIONS
+
+      def valid?
+        @errors = []
+        # @errors << ":foo option is required" unless path
+        @errors.empty?
+      end
+
+      def raise_validation_exception
+        raise @errors.join(', ')
+      end
+
+    end
+
+  end
+
+end

data/lib/rack/openid/proxy.rb

@@ -0,0 +1 @@
+require 'rack-openid-proxy'

data/spec/rack-openid-proxy_spec.rb

@@ -0,0 +1,162 @@
+require File.dirname(__FILE__) + '/../lib/rack-openid-proxy'
+require 'spec'
+require 'rackbox'
+require 'rack/contrib'
+
+# NOTE these actually hit OpenID servers!  (yikes!)
+
+# Rack::OpenID::Proxy has 3 different states that it can be in in ... these let us reproduce those
+
+def openid_request options = {}
+  referer = options.delete(:referer) || 'http://www.google.com'
+
+  Rack::Session::Cookie.new(Rack::Config.new(Rack::OpenID.new( Rack::OpenID::Proxy.new(options) )){ |env|
+    env['rack.session'][Rack::OpenID::Proxy::RETURN_PATH] = referer
+  })
+end
+
+def openid_response options = {}
+  referer  = options.delete(:referer) || 'http://www.google.com'
+  response = options.delete(:response) || { :OpenID => %w( response object ) }
+  
+  Rack::Session::Cookie.new(Rack::Config.new(Rack::OpenID.new( Rack::OpenID::Proxy.new(options) )){ |env|
+    env[Rack::OpenID::Proxy::OPENID_RESPONSE] = response
+    env['rack.session'][Rack::OpenID::Proxy::RETURN_PATH] = referer
+  })
+end
+
+def token_request options = {}
+  token    = options.delete(:token)    || '1234567890-qwertyuiop'
+  response = options.delete(:response) || { :OpenID => %w( response object ) }
+
+  app = Rack::OpenID::Proxy.new({ :delete_token_on_request => false }.merge(options))
+  app.set token, response
+  
+  # Rack::Session::Cookie.new(Rack::Config.new(Rack::OpenID.new( app )){ |env|  })
+  Rack::Session::Cookie.new(Rack::OpenID.new( app ))
+end
+
+def get_token url_or_response
+  if url_or_response.respond_to? :headers
+    get_token url_or_response.headers['Location']
+  else
+    url_or_response.match(/token=(\d{10}-\w{64})/)[1]
+  end
+end
+
+Spec::Matchers.define :start_with do |string_should_start_with|
+  match do |actual_string|
+    actual_string.start_with? string_should_start_with
+  end
+end
+
+describe Rack::OpenID::Proxy do
+
+  it 'should work as a standalone Rack app' do
+    response = RackBox.request openid_request, '/openid?url=remitaylor.wordpress.com'
+    response.status.should == 303
+    response.headers['Location'].should start_with('http://remitaylor.wordpress.com/?openidserver')
+  end
+
+  it 'should 404 if path other than /openid is hit (standalone app)' do
+    response = RackBox.request openid_request, '/'
+    response.status.should == 404
+  end
+
+  it 'should work as a Rack middleware'
+
+  it 'should persist referer across session'
+
+  it 'should redirect back to the original referer (with token) after OpenID auth is complete' do
+    response = RackBox.request openid_response(:referer => 'http://remi.org'), '/openid'
+    response.status.should == 302
+    response.headers['Location'].should start_with('http://remi.org?token=')
+  end
+
+  it 'should be able to override where we get redirected to via ?redirect_to= (override referer)'
+
+  it 'should be able to customize where/how data (tokens) is persisted [data store]'
+
+  it 'should be able to customize where/how data (tokens) is persisted [get/set]'
+
+  it 'should return response when token provided' do
+    response = RackBox.request token_request(:token => 'abc', :response => 'Hello'), '/openid?token=abc'
+    response.status.should == 200
+    response.body.should == '"Hello"' # should default to JSON
+  end
+
+  it 'should be able to return response in various formats' do
+    app = token_request(:token => 'abc', :response => { :hello => %w( there people ) })
+
+    response = RackBox.request app, '/openid.json?token=abc'
+    response.status.should == 200
+    response.body.should == '{"hello":["there","people"]}'
+
+    response = RackBox.request app, '/openid.yml?token=abc'
+    response.status.should == 200
+    response.body.should == ({ :hello => %w( there people ) }).to_yaml
+
+    response = RackBox.request app, '/openid.xml?token=abc'
+    response.status.should == 200
+    response.body.should == "<openid xmlns:yaml='http://yaml.org/xml'><hello><_>there</_><_>people</_></hello></openid>" # gross but works
+  end
+
+  it 'should return useful code and message if token is not found' do
+    response = RackBox.request token_request(:token => 'abc', :response => 'Hello'), '/openid?token=no-exist'
+    response.status.should == 200
+    response.body.downcase.should include('not found')
+  end
+
+  it 'should allow you to manage formatters' do
+    app = token_request(:token => 'abc', :response => { :hello => %w( there people ) }, 
+                        :formatters => { :json => lambda {|o| require 'json'; o.to_json.upcase } })
+
+    response = RackBox.request app, '/openid.json?token=abc'
+    response.status.should == 200
+    response.body.should == '{"HELLO":["THERE","PEOPLE"]}'
+
+    app = token_request(:token => 'abc', :response => { :hello => %w( there people ) }, 
+                        :formatters => { :test => lambda {|o| 'hello from custom formatter' } })
+    response = RackBox.request app, '/openid.test?token=abc'
+    response.status.should == 200
+    response.body.should == 'hello from custom formatter'
+  end
+
+  it 'should allow you to customize the path (which does the OpenID request)' do
+    app = openid_response(:referer => 'http://remi.org', :path => '/do-openid')
+
+    response = RackBox.request app, '/openid'
+    response.status.should == 404
+
+    response = RackBox.request app, '/do-openid'
+    response.status.should == 302
+    response.headers['Location'].should start_with('http://remi.org?token=')
+  end
+
+  it 'should allow you to white|black list referers'
+
+  it 'should allow you to expire tokens (based on time since creation)'
+
+  it 'should allow you to expire tokens (based on number of times accessed)' do
+    app = token_request(:token => 'xyz', :response => "hi", :delete_token_on_request => true)
+    RackBox.request(app, '/openid?token=xyz').body.downcase.should == '"hi"'
+    RackBox.request(app, '/openid?token=xyz').body.downcase.should include("not found")
+  end
+
+  it 'should allow you to specify that all requests must be via SSL' do
+    response = RackBox.request openid_request(:referer => 'http://remi.org', :force_ssl => true), '/openid'
+    response.status.should == 302
+    response.headers['Location'].should start_with("https://")
+  end
+
+  it 'should return a useful error message if no url' do
+    response = RackBox.request openid_request(:referer => 'http://remi.org'), '/openid'
+    response.status.should == 200
+    response.body.downcase.should include('url')
+  end
+
+  it 'should return a useful error message if no session'
+
+  it 'should return a useful error message if no Rack::OpenID'
+
+end

metadata

@@ -0,0 +1,58 @@
+--- !ruby/object:Gem::Specification 
+name: devfu-rack-openid-proxy
+version: !ruby/object:Gem::Version 
+  version: 0.1.0
+platform: ruby
+authors: 
+- remi
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-06-30 00:00:00 -07:00
+default_executable: 
+dependencies: []
+
+description: A Rack app/middleware to act as a proxy for OpenID authentication
+email: remi@remitaylor.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.markdown
+files: 
+- README.markdown
+- Rakefile
+- VERSION
+- lib/rack-openid-proxy.rb
+- lib/rack/openid/proxy.rb
+- spec/rack-openid-proxy_spec.rb
+has_rdoc: false
+homepage: http://github.com/devfu/rack-openid-proxy
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 3
+summary: A Rack app/middleware to act as a proxy for OpenID authentication
+test_files: 
+- spec/rack-openid-proxy_spec.rb