devise_openid_authenticatable 1.1.6 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.rdoc +3 -0
- data/README.md +26 -11
- data/lib/devise_openid_authenticatable.rb +1 -0
- data/lib/devise_openid_authenticatable/config.rb +27 -0
- data/lib/devise_openid_authenticatable/strategy.rb +25 -15
- data/lib/devise_openid_authenticatable/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5abb808ef023d477e64b13be7e6ce7ac0cc7da09
|
4
|
+
data.tar.gz: 7d46f7e4990245d8be2e30a3513020067b16a065
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14f7a091be1201f3c949db79f8adba3fed476b86ff1ec51a584ea81867a88a59b87321665b7972da851cccf60583cc1e7acb6c9d7cc9c00d956e09a780ad13c8
|
7
|
+
data.tar.gz: cc453acbb72c4fe67bea6931d3b5710cd575973e1c67ebc1b2d472caf1205cbc198731d5abf2cba4abec452b006ec6d4b22d82a4f000f5356de85e6dcb19b6c5
|
data/CHANGELOG.rdoc
CHANGED
data/README.md
CHANGED
@@ -19,16 +19,16 @@ Installation
|
|
19
19
|
Add the following to your project's Gemfile:
|
20
20
|
|
21
21
|
gem "devise_openid_authenticatable"
|
22
|
-
|
22
|
+
|
23
23
|
Then run `bundle install`.
|
24
|
-
|
24
|
+
|
25
25
|
Setup
|
26
26
|
-----
|
27
27
|
|
28
28
|
Once devise\_openid\_authenticatable is installed, add the following to your user model:
|
29
29
|
|
30
30
|
devise :openid_authenticatable
|
31
|
-
|
31
|
+
|
32
32
|
You can also add other modules such as token_authenticatable, trackable, etc. Database_authenticatable
|
33
33
|
should work fine alongside openid_authenticatable.
|
34
34
|
|
@@ -41,7 +41,21 @@ You'll also need to set up the database schema for this:
|
|
41
41
|
and, optionally, indexes:
|
42
42
|
|
43
43
|
add_index :users, :identity_url, :unique => true
|
44
|
-
|
44
|
+
|
45
|
+
## Option 1: Configure a global identity_url
|
46
|
+
If the identity URL does not vary per user and you do not want to bother users with that you can configure a static identity URL through Devise.
|
47
|
+
|
48
|
+
In `config/initializers/devise.rb`, add:
|
49
|
+
|
50
|
+
```
|
51
|
+
Devise.setup do |config|
|
52
|
+
config.openid_authenticatable do |openid|
|
53
|
+
openid.identity_url = 'http://foobar.com'
|
54
|
+
end
|
55
|
+
end
|
56
|
+
```
|
57
|
+
|
58
|
+
## Option 2: Pass the identity_url along via the login form
|
45
59
|
In addition, you'll need to modify sessions/new.html.erb (or the appropriate scoped view if you're
|
46
60
|
using those). You need to add a field for identity_url, and remove username and password if you
|
47
61
|
aren't using database_authenticatable:
|
@@ -57,6 +71,7 @@ aren't using database_authenticatable:
|
|
57
71
|
<p><%= f.submit "Sign in" %></p>
|
58
72
|
<% end -%>
|
59
73
|
|
74
|
+
## Rails 2
|
60
75
|
Finally, *Rails 2* users, you'll need to wire up Rack::OpenID in your Rails configuration:
|
61
76
|
|
62
77
|
config.middleware.insert_before(Warden::Manager, Rack::OpenID)
|
@@ -74,12 +89,12 @@ to your user model class:
|
|
74
89
|
|
75
90
|
class User < ActiveRecord::Base
|
76
91
|
devise :openid_authenticatable
|
77
|
-
|
92
|
+
|
78
93
|
def self.build_from_identity_url(identity_url)
|
79
94
|
User.new(:identity_url => identity_url)
|
80
95
|
end
|
81
96
|
end
|
82
|
-
|
97
|
+
|
83
98
|
SReg and AX Extensions
|
84
99
|
----------------------
|
85
100
|
|
@@ -91,25 +106,25 @@ To add SReg and AX support to your User model, you'll need to do two things: fir
|
|
91
106
|
fields you'd like to request from OpenID providers. Second, you need to provide a method for processing
|
92
107
|
these fields during authentication.
|
93
108
|
|
94
|
-
To specify which fields to request, you can implement one (or both) of two class methods:
|
109
|
+
To specify which fields to request, you can implement one (or both) of two class methods:
|
95
110
|
openid_required_fields and openid_optional_fields. For example:
|
96
111
|
|
97
112
|
def self.openid_required_fields
|
98
113
|
["fullname", "email", "http://axschema.org/namePerson", "http://axschema.org/contact/email"]
|
99
114
|
end
|
100
|
-
|
115
|
+
|
101
116
|
def self.openid_optional_fields
|
102
117
|
["gender", "http://axschema.org/person/gender"]
|
103
118
|
end
|
104
119
|
|
105
120
|
Required fields should be used for fields without which your app can't operate properly. Optional fields
|
106
121
|
should be used for fields which are nice to have, but not necessary for your app. Note that just because you
|
107
|
-
specify a field as "required" doesn't necessarily mean that the OpenID provider has to give it to you (for
|
122
|
+
specify a field as "required" doesn't necessarily mean that the OpenID provider has to give it to you (for
|
108
123
|
example, a provider might not have that field for its users).
|
109
124
|
|
110
125
|
In the above example, we're specifying both SReg fields (fullname, email, and gender) and the equivalent
|
111
126
|
AX fields (the ones that look like URLs). A list of defined AX fields and their equivalent SReg fields can
|
112
|
-
be found at [http://www.axschema.org/types](http://www.axschema.org/types). It is highly recommended to
|
127
|
+
be found at [http://www.axschema.org/types](http://www.axschema.org/types). It is highly recommended to
|
113
128
|
specify both AX and SReg fields, as both are implemented by different common OpenID providers.
|
114
129
|
|
115
130
|
Once a successful OpenID response comes back, you still need to process the fields that the provider returned
|
@@ -122,7 +137,7 @@ maps each returned field to a string value. For example:
|
|
122
137
|
if value.is_a? Array
|
123
138
|
value = value.first
|
124
139
|
end
|
125
|
-
|
140
|
+
|
126
141
|
case key.to_s
|
127
142
|
when "fullname", "http://axschema.org/namePerson"
|
128
143
|
self.name = value
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module DeviseOpenidAuthenticatable
|
2
|
+
module Config
|
3
|
+
|
4
|
+
mattr_accessor :identity_url
|
5
|
+
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
module DeviseOpenidAuthenticatable
|
10
|
+
module Configurable
|
11
|
+
|
12
|
+
def self.included(base)
|
13
|
+
base.extend ClassMethods
|
14
|
+
end
|
15
|
+
|
16
|
+
module ClassMethods
|
17
|
+
|
18
|
+
def openid_authenticatable
|
19
|
+
yield DeviseOpenidAuthenticatable::Config
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
Devise.send(:include, DeviseOpenidAuthenticatable::Configurable)
|
@@ -2,6 +2,7 @@ require 'devise/strategies/base'
|
|
2
2
|
require 'rack/openid'
|
3
3
|
|
4
4
|
class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authenticatable
|
5
|
+
|
5
6
|
def valid?
|
6
7
|
valid_mapping? && ( provider_response? || identity_param? )
|
7
8
|
end
|
@@ -12,14 +13,15 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
|
|
12
13
|
if provider_response
|
13
14
|
handle_response!
|
14
15
|
else # Delegate authentication to Rack::OpenID by throwing a 401
|
15
|
-
opts = { :identifier =>
|
16
|
-
|
16
|
+
opts = { :identifier => identity_url, :return_to => return_url, :trust_root => trust_root, :method => 'post' }
|
17
|
+
|
18
|
+
opts[:immediate] = true if scoped_params["immediate"]
|
17
19
|
opts[:optional] = mapping.to.openid_optional_fields if mapping.to.respond_to?(:openid_optional_fields)
|
18
20
|
opts[:required] = mapping.to.openid_required_fields if mapping.to.respond_to?(:openid_required_fields)
|
19
21
|
custom! [401, { Rack::OpenID::AUTHENTICATE_HEADER => Rack::OpenID.build_header(opts) }, "Sign in with OpenID"]
|
20
22
|
end
|
21
23
|
end
|
22
|
-
|
24
|
+
|
23
25
|
# CSRF won't be able to be verified on returning from the OpenID server, so we will bypass that check for this strategy
|
24
26
|
def store?
|
25
27
|
true
|
@@ -30,11 +32,10 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
|
|
30
32
|
# Handles incoming provider response
|
31
33
|
def handle_response!
|
32
34
|
logger.debug "Attempting OpenID auth: #{provider_response.inspect}"
|
33
|
-
|
35
|
+
|
34
36
|
case provider_response.status
|
35
37
|
when :success
|
36
38
|
resource = find_resource || build_resource || create_resource
|
37
|
-
|
38
39
|
if resource && validate(resource)
|
39
40
|
begin
|
40
41
|
update_resource!(resource)
|
@@ -69,19 +70,19 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
|
|
69
70
|
end
|
70
71
|
|
71
72
|
def identity_param?
|
72
|
-
|
73
|
+
identity_url.present?
|
73
74
|
end
|
74
|
-
|
75
|
+
|
75
76
|
def find_resource
|
76
77
|
mapping.to.find_by_identity_url(provider_response.identity_url)
|
77
78
|
end
|
78
|
-
|
79
|
+
|
79
80
|
def build_resource
|
80
81
|
if mapping.to.respond_to?(:build_from_identity_url)
|
81
82
|
mapping.to.build_from_identity_url(provider_response.identity_url)
|
82
83
|
end
|
83
84
|
end
|
84
|
-
|
85
|
+
|
85
86
|
def create_resource
|
86
87
|
if mapping.to.respond_to?(:create_from_identity_url)
|
87
88
|
logger.warn "DEPRECATION WARNING: create_from_identity_url is deprecated. Please implement build_from_identity_url instead. For more information, please see the devise_openid_authenticatable CHANGELOG for version 1.0.0.beta1."
|
@@ -93,13 +94,13 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
|
|
93
94
|
if fields && resource.respond_to?(:openid_fields=)
|
94
95
|
resource.openid_fields = fields
|
95
96
|
end
|
96
|
-
|
97
|
+
|
97
98
|
resource.save!
|
98
99
|
end
|
99
|
-
|
100
|
+
|
100
101
|
def fields
|
101
102
|
return @fields unless @fields.nil?
|
102
|
-
|
103
|
+
|
103
104
|
if axr = OpenID::AX::FetchResponse.from_success_response(provider_response)
|
104
105
|
@fields = axr.data
|
105
106
|
else
|
@@ -110,17 +111,17 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
|
|
110
111
|
end
|
111
112
|
end
|
112
113
|
end
|
113
|
-
|
114
|
+
|
114
115
|
return @fields
|
115
116
|
end
|
116
117
|
|
117
118
|
def logger
|
118
119
|
@logger ||= ((Rails && Rails.logger) || RAILS_DEFAULT_LOGGER)
|
119
120
|
end
|
120
|
-
|
121
|
+
|
121
122
|
def return_url
|
122
123
|
return_to = URI.parse(request.url)
|
123
|
-
return_params =
|
124
|
+
return_params = (scoped_params).inject({}) do |request_params, pair|
|
124
125
|
param, value = pair
|
125
126
|
request_params["#{scope}[#{param}]"] = value
|
126
127
|
request_params
|
@@ -135,6 +136,15 @@ class Devise::Strategies::OpenidAuthenticatable < Devise::Strategies::Authentica
|
|
135
136
|
trust_root.query = nil
|
136
137
|
trust_root.to_s
|
137
138
|
end
|
139
|
+
|
140
|
+
def scoped_params
|
141
|
+
params[scope] || {}
|
142
|
+
end
|
143
|
+
|
144
|
+
def identity_url
|
145
|
+
params[scope].try(:[], 'identity_url') || DeviseOpenidAuthenticatable::Config.identity_url
|
146
|
+
end
|
147
|
+
|
138
148
|
end
|
139
149
|
|
140
150
|
Warden::Strategies.add :openid_authenticatable, Devise::Strategies::OpenidAuthenticatable
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_openid_authenticatable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nat Budin
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-04-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack-openid
|
@@ -143,6 +143,7 @@ files:
|
|
143
143
|
- Rakefile
|
144
144
|
- devise_openid_authenticatable.gemspec
|
145
145
|
- lib/devise_openid_authenticatable.rb
|
146
|
+
- lib/devise_openid_authenticatable/config.rb
|
146
147
|
- lib/devise_openid_authenticatable/controller.rb
|
147
148
|
- lib/devise_openid_authenticatable/model.rb
|
148
149
|
- lib/devise_openid_authenticatable/railtie.rb
|
@@ -193,7 +194,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
193
194
|
version: '0'
|
194
195
|
requirements: []
|
195
196
|
rubyforge_project:
|
196
|
-
rubygems_version: 2.
|
197
|
+
rubygems_version: 2.4.5.1
|
197
198
|
signing_key:
|
198
199
|
specification_version: 4
|
199
200
|
summary: OpenID authentication for Devise
|
@@ -222,4 +223,3 @@ test_files:
|
|
222
223
|
- spec/spec_helper.rb
|
223
224
|
- spec/strategy_spec.rb
|
224
225
|
- spec/support/migrations.rb
|
225
|
-
has_rdoc:
|