devise_openid_authenticatable 1.0.0.alpha7 → 1.0.0.beta2

data/CHANGELOG.rdoc

@@ -1,3 +1,12 @@
+== 1.0.0.beta1
+* Implement support for build_from_identity_url.  create_from_identity_url is now deprecated.
+  * build_from_identity_url should return a new, unsaved model instance rather than a persisted one.
+  * This has multiple benefits: validation should become easier, and we can avoid doing multiple modification queries during the initial registration.
+  * Switching over should be straightforward but is not a simple matter of changing the method's name.  Its behavior needs to be altered to return an unsaved instance.
+  * This affects all users of devise_openid_authenticatable.
+* Attempt to pass a more correct trust_root to the OpenID provider.
+* Fill out Dimitrij's test suite a bit more.
+
 == 1.0.0.alpha7
 
 * GH-3: Add support for rememberable.

data/Gemfile

@@ -2,8 +2,8 @@ source "http://rubygems.org"
 
 gem 'rails', '3.0.0'
 gem "devise", ">= 1.1.2"
-gem "rspec", ">= 2.0.0.beta.17"
-gem "rspec-rails", ">= 2.0.0.beta.17"
+gem "rspec", "~> 2.3"
+gem "rspec-rails", "~> 2.3"
 gem "rack-openid", ">= 1.2.0"
 gem "mocha"
 gem "sqlite3-ruby"

data/README.md

@@ -77,14 +77,14 @@ Automatically creating users
 ----------------------------
 
 If you want to have users automatically created when a new OpenID identity URL is
-successfully used to sign in, you can implement a method called "create_from_identity_url"
+successfully used to sign in, you can implement a method called "build_from_identity_url"
 to your user model class:
 
     class User < ActiveRecord::Base
       devise :openid_authenticatable
       
-      def self.create_from_identity_url(identity_url)
-        User.create(:identity_url => identity_url)
+      def self.build_from_identity_url(identity_url)
+        User.new(:identity_url => identity_url)
       end
     end
     
@@ -155,6 +155,4 @@ See also
 TODO
 ----
 
-* Add sreg attributes support
-* Write test suite
 * Test on non-ActiveRecord ORMs

data/VERSION

@@ -1 +1 @@
-1.0.0.alpha7
+1.0.0.beta2

data/devise_openid_authenticatable.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{devise_openid_authenticatable}
-  s.version = "1.0.0.alpha7"
+  s.version = "1.0.0.beta2"
 
   s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
   s.authors = ["Nat Budin"]
-  s.date = %q{2010-09-08}
+  s.date = %q{2010-12-21}
   s.description = %q{OpenID authentication module for Devise using Rack::OpenID}
   s.email = %q{natbudin@gmail.com}
   s.extra_rdoc_files = [
@@ -33,6 +33,8 @@ Gem::Specification.new do |s|
      "spec/scenario/app/controllers/application_controller.rb",
      "spec/scenario/app/controllers/home_controller.rb",
      "spec/scenario/app/controllers/sessions_controller.rb",
+     "spec/scenario/app/models/database_user.rb",
+     "spec/scenario/app/models/legacy_user.rb",
      "spec/scenario/app/models/user.rb",
      "spec/scenario/app/views/layouts/application.html.erb",
      "spec/scenario/app/views/sessions/new.html.erb",
@@ -63,6 +65,8 @@ Gem::Specification.new do |s|
      "spec/scenario/app/controllers/application_controller.rb",
      "spec/scenario/app/controllers/home_controller.rb",
      "spec/scenario/app/controllers/sessions_controller.rb",
+     "spec/scenario/app/models/database_user.rb",
+     "spec/scenario/app/models/legacy_user.rb",
      "spec/scenario/app/models/user.rb",
      "spec/scenario/config/application.rb",
      "spec/scenario/config/boot.rb",

data/lib/devise_openid_authenticatable/strategy.rb

@@ -19,7 +19,7 @@ class Devise::Strategies::OpenidAuthenticatable < base_class
     if provider_response
       handle_response!
     else # Delegate authentication to Rack::OpenID by throwing a 401
-      opts = { :identifier => params[scope]["identity_url"], :return_to => return_url, :method => 'post' }
+      opts = { :identifier => params[scope]["identity_url"], :return_to => return_url, :trust_root => trust_root, :method => 'post' }
       opts[:optional] = mapping.to.openid_optional_fields if mapping.to.respond_to?(:openid_optional_fields)
       opts[:required] = mapping.to.openid_required_fields if mapping.to.respond_to?(:openid_required_fields)
       custom! [401, { Rack::OpenID::AUTHENTICATE_HEADER => Rack::OpenID.build_header(opts) }, "Sign in with OpenID"]
@@ -34,14 +34,16 @@ class Devise::Strategies::OpenidAuthenticatable < base_class
 
       case provider_response.status
       when :success
-        resource = mapping.to.find_by_identity_url(provider_response.identity_url)
-        if resource.nil? && mapping.to.respond_to?(:create_from_identity_url)
-          resource = mapping.to.create_from_identity_url(provider_response.identity_url)
-        end
-
+        resource = find_resource || build_resource || create_resource
+        
         if resource
-          update_resource!(resource)
-          success!(resource)
+          begin
+            update_resource!(resource)
+          rescue
+            fail! $!
+          else
+            success!(resource)
+          end
         else
           fail! "This OpenID URL is not associated with any registered user"
         end
@@ -70,26 +72,47 @@ class Devise::Strategies::OpenidAuthenticatable < base_class
     def identity_param?
       params[scope].try(:[], 'identity_url').present?
     end
+    
+    def find_resource
+      mapping.to.find_by_identity_url(provider_response.identity_url)
+    end
+    
+    def build_resource
+      if mapping.to.respond_to?(:build_from_identity_url)
+        mapping.to.build_from_identity_url(provider_response.identity_url)
+      end
+    end
+    
+    def create_resource
+      if mapping.to.respond_to?(:create_from_identity_url)
+        logger.warn "DEPRECATION WARNING: create_from_identity_url is deprecated.  Please implement build_from_identity_url instead.  For more information, please see the devise_openid_authenticatable CHANGELOG for version 1.0.0.beta1."
+        mapping.to.create_from_identity_url(provider_response.identity_url)
+      end
+    end
 
     def update_resource!(resource)
-      return unless resource.respond_to?(:openid_fields=)
-
-      fields = nil
+      if fields && resource.respond_to?(:openid_fields=)
+        resource.openid_fields = fields
+      end
+      
+      resource.save!
+    end
+    
+    def fields
+      return @fields unless @fields.nil?
+      
       if axr = OpenID::AX::FetchResponse.from_success_response(provider_response)
-        fields = axr.data
+        @fields = axr.data
       else
         provider_response.message.namespaces.each do |uri, ns_alias|
           if ns_alias.to_s == "sreg"
-            fields = provider_response.extension_response(uri, true)
+            @fields = provider_response.extension_response(uri, true)
             break
           end
         end
       end
-
-      if fields
-        resource.openid_fields = fields
-        resource.save
-      end
+      
+      return @fields
     end
 
     def logger
@@ -107,6 +130,12 @@ class Devise::Strategies::OpenidAuthenticatable < base_class
       return_to.to_s
     end
 
+    def trust_root
+      trust_root = URI.parse(request.url)
+      trust_root.path = ""
+      trust_root.query = nil
+      trust_root.to_s
+    end
 end
 
 Warden::Strategies.add :openid_authenticatable, Devise::Strategies::OpenidAuthenticatable

data/spec/scenario/app/models/database_user.rb

@@ -0,0 +1,15 @@
+class DatabaseUser < ActiveRecord::Base
+  devise :database_authenticatable, :openid_authenticatable, :validatable
+  
+  def self.build_from_identity_url(identity_url)
+    new(:identity_url => identity_url)
+  end
+
+  def self.openid_required_fields
+    ["http://axschema.org/contact/email"]
+  end
+
+  def openid_fields=(fields)
+    self.email = fields["http://axschema.org/contact/email"].first
+  end
+end

data/spec/scenario/app/models/legacy_user.rb

@@ -0,0 +1,18 @@
+class LegacyUser < ActiveRecord::Base
+  devise :openid_authenticatable, :rememberable
+
+  def self.create_from_identity_url(identity_url)
+    create do |user|
+      user.identity_url = identity_url
+    end
+  end
+
+  def self.openid_required_fields
+    ["http://axschema.org/contact/email"]
+  end
+
+  def openid_fields=(fields)
+    self.email = fields["http://axschema.org/contact/email"].first
+  end
+
+end

data/spec/scenario/app/models/user.rb

@@ -1,8 +1,8 @@
 class User < ActiveRecord::Base
   devise :openid_authenticatable, :rememberable
 
-  def self.create_from_identity_url(identity_url)
-    create do |user|
+  def self.build_from_identity_url(identity_url)
+    new do |user|
       user.identity_url = identity_url
     end
   end

data/spec/scenario/config/routes.rb

@@ -1,4 +1,6 @@
 Rails.application.routes.draw do
   devise_for :users, :controllers => { :sessions => 'sessions' }
+  devise_for :database_users, :controllers => { :sessions => 'sessions' }
+  devise_for :legacy_users, :controllers => { :sessions => 'sessions' }
   root :to => "home#index"
 end

data/spec/scenario/db/migrate/20100401102949_create_tables.rb

@@ -6,9 +6,24 @@ class CreateTables < ActiveRecord::Migration
       t.string :email
       t.timestamps
     end
+    
+    create_table :database_users do |t|
+      t.openid_authenticatable
+      t.database_authenticatable
+      t.timestamps
+    end
+    
+    create_table :legacy_users do |t|
+      t.openid_authenticatable
+      t.rememberable
+      t.string :email
+      t.timestamps
+    end
   end
 
   def self.down
     drop_table :users
+    drop_table :database_users
+    drop_table :legacy_users
   end
 end

data/spec/strategy_spec.rb

@@ -39,10 +39,22 @@ describe Devise::Strategies::OpenidAuthenticatable do
     User.create! do |u|
       u.identity_url = "http://openid.example.org/myid"
     end
+    
+    LegacyUser.create! do |u|
+      u.identity_url = "http://openid.example.org/myid"
+    end
+    
+    DatabaseUser.create! do |u|
+      u.email = "dbuser@example.com"
+      u.password = "password"
+      u.identity_url = "http://openid.example.org/myid"
+    end
   end
 
   after do
     User.delete_all
+    LegacyUser.delete_all
+    DatabaseUser.delete_all
   end
 
   describe "GET /protected/resource" do
@@ -198,5 +210,123 @@ describe Devise::Strategies::OpenidAuthenticatable do
       User.order(:id).last.email.should == 'dimitrij@example.com'
     end
   end
+  
+  describe "POST /legacy_users/sign_in (from OpenID provider, success, new user)" do
+
+    before do
+      @previous_logger = Rails.logger
+      @log_output = StringIO.new
+      Rails.logger = Logger.new(@log_output)
+      
+      @identity = 'http://openid.example.org/newid'
+      stub_completion
+      post '/legacy_users/sign_in', openid_params.merge("_method"=>"post")
+    end
+    
+    after do
+      Rails.logger = @previous_logger
+    end
 
+    it 'should accept authentication with success' do
+      response.should be_redirect
+      response.should redirect_to('http://www.example.com/')
+      flash[:notice].should match(/success/i)
+    end
+
+    it 'should auto-create user-records (if supported)' do
+      LegacyUser.should have(2).records
+    end
+
+    it 'should update new user-records with retrieved information' do
+      LegacyUser.order(:id).last.email.should == 'dimitrij@example.com'
+    end
+    
+    it 'should issue a deprecation warning' do
+      @log_output.string.should =~ /DEPRECATION WARNING: create_from_identity_url/
+    end
+  end
+
+  describe "POST /database_users/sign_in (using database authentication)" do
+    
+    before do
+      post '/database_users/sign_in', :database_user => { :email => "dbuser@example.com", :password => "password" }
+    end
+    
+    it 'should accept authentication with success' do
+      response.should be_redirect
+      response.should redirect_to('http://www.example.com/')
+      flash[:notice].should match(/success/i)
+    end
+    
+  end
+  
+  describe "POST /database_users/sign_in (using OpenID, begin_authentication)" do
+    before do
+      Rack::OpenID.any_instance.stubs(:begin_authentication).returns([302, {'location' => 'http://openid.example.org/server'}, ''])
+      post '/database_users/sign_in', 'database_user' => { 'identity_url' => 'http://openid.example.org/myid' }
+    end
+
+    it 'should forward request to provider' do
+      response.should be_redirect
+      response.should redirect_to('http://openid.example.org/server')
+    end
+  end
+  
+  describe "POST /database_users/sign_in (using OpenID, from provider, existing user)" do
+    before do
+      stub_completion
+      post '/database_users/sign_in', openid_params.merge("_method"=>"post")
+    end
+
+    it 'should accept authentication with success' do
+      response.should be_redirect
+      response.should redirect_to('http://www.example.com/')
+      flash[:notice].should match(/success/i)
+    end
+
+    it 'should update user-records with retrieved information' do
+      DatabaseUser.should have(1).record
+      DatabaseUser.first.email.should == 'dimitrij@example.com'
+    end
+  end
+  
+  describe "POST /database_users/sign_in (using OpenID, from provider, existing email)" do
+    before do
+      DatabaseUser.delete_all
+      DatabaseUser.create! do |u|
+        u.email = "dimitrij@example.com"
+        u.password = "password"
+      end
+      
+      stub_completion
+      post '/database_users/sign_in', openid_params.merge("_method"=>"post")
+    end
+
+    it 'should fail to authenticate with existing email error' do
+      response.should be_success
+      response.should render_template("sessions/new")
+      flash[:alert].should match(/email/i)
+      DatabaseUser.should have(1).record
+    end
+  end
+  
+  describe "POST /database_users/sign_in (using OpenID, from provider, forgery attempt)" do
+    before do
+      DatabaseUser.delete_all
+      DatabaseUser.create! do |u|
+        u.email = "dimitrij@example.com"
+        u.password = "password"
+        u.identity_url = "http://openid.example.org/different_id"
+      end
+      
+      stub_completion
+      post '/database_users/sign_in', openid_params.merge("_method"=>"post")
+    end
+
+    it 'should fail authentication with existing email error' do
+      response.should be_success
+      response.should render_template("sessions/new")
+      flash[:alert].should match(/email/i)
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification 
 name: devise_openid_authenticatable
 version: !ruby/object:Gem::Version 
-  hash: -1710980387
+  hash: -1848230054
   prerelease: true
   segments: 
   - 1
   - 0
   - 0
-  - alpha7
-  version: 1.0.0.alpha7
+  - beta2
+  version: 1.0.0.beta2
 platform: ruby
 authors: 
 - Nat Budin
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-08 00:00:00 -04:00
+date: 2010-12-21 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -77,6 +77,8 @@ files:
 - spec/scenario/app/controllers/application_controller.rb
 - spec/scenario/app/controllers/home_controller.rb
 - spec/scenario/app/controllers/sessions_controller.rb
+- spec/scenario/app/models/database_user.rb
+- spec/scenario/app/models/legacy_user.rb
 - spec/scenario/app/models/user.rb
 - spec/scenario/app/views/layouts/application.html.erb
 - spec/scenario/app/views/sessions/new.html.erb
@@ -137,6 +139,8 @@ test_files:
 - spec/scenario/app/controllers/application_controller.rb
 - spec/scenario/app/controllers/home_controller.rb
 - spec/scenario/app/controllers/sessions_controller.rb
+- spec/scenario/app/models/database_user.rb
+- spec/scenario/app/models/legacy_user.rb
 - spec/scenario/app/models/user.rb
 - spec/scenario/config/application.rb
 - spec/scenario/config/boot.rb