easy-rack-open-id 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest +6 -0
- data/README +27 -0
- data/Rakefile +16 -0
- data/config.ru +18 -0
- data/easy-rack-open-id.gemspec +33 -0
- data/lib/easy_rack_open_id.rb +123 -0
- data/lib/generic_openid_form.html.erb +7 -0
- metadata +77 -0
data/Manifest
ADDED
data/README
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
EasyRackOpenID. Simplifies OpenID login for Rack apps.
|
2
|
+
|
3
|
+
Get Rack::OpenID of http://github.com/josh/rack-openid
|
4
|
+
gem install rack-openid
|
5
|
+
|
6
|
+
|
7
|
+
You:
|
8
|
+
require 'rack/openid'
|
9
|
+
use Rack::Session::Cookie
|
10
|
+
use Rack::OpenID
|
11
|
+
use EasyRackOpenID, :allowed_identifiers => ['http://example.com/']
|
12
|
+
run lambda {|env| [ 200, { 'Content-Type' => 'text/plain' }, [ 'Authenticated!' ] ] }
|
13
|
+
|
14
|
+
|
15
|
+
Basically, slap EasyRackOpenID in front of the App you want to protect. Rack::OpenID needs to be above it.
|
16
|
+
Rack:OpenID with noo arguments uses an in memory OpenID store. This is ok for trying out with rackup, but won't work in a variety of scenarios including using shotgun. You can pass it a different store like so:
|
17
|
+
use Rack::OpenID, OpenID::Store::Memcache.new
|
18
|
+
|
19
|
+
:allowed_identifiers is required for EasyRackOpenID to work. Give it an array of all the OpenIDs that you don't mind proceeding.
|
20
|
+
|
21
|
+
:default_return_to (optional) is a path just in case the automatic return_to mysteriously vanishes. Unlikely.
|
22
|
+
|
23
|
+
:login_path (optional) is where to send a user if login fails. Perhaps a login form?
|
24
|
+
|
25
|
+
:logout_path (optional, defaults to /logout) path that, when visited will clear the login session
|
26
|
+
|
27
|
+
:after_logout_path (optional) After a user logs out, send them here. (don't want the user sitting on the logout path)
|
data/Rakefile
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
# Rakefile
|
2
|
+
require 'rubygems'
|
3
|
+
require 'rake'
|
4
|
+
require 'echoe'
|
5
|
+
|
6
|
+
Echoe.new('easy-rack-open-id', '0.0.1') do |p|
|
7
|
+
p.summary = "Super easy OpenID protection for Rack."
|
8
|
+
p.description = "You supply OpenIDs, this keeps anyone but people with access to those ids from getting through."
|
9
|
+
p.url = "http://samsm.com/"
|
10
|
+
p.author = "Sam Schenkman-Moore"
|
11
|
+
p.email = "samsm@samsm.com"
|
12
|
+
p.ignore_pattern = ["tmp/*", "script/*"]
|
13
|
+
p.runtime_dependencies = ['rack-openid']
|
14
|
+
end
|
15
|
+
|
16
|
+
Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }
|
data/config.ru
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rack'
|
3
|
+
require 'rack/openid'
|
4
|
+
require 'lib/easy_rack_open_id'
|
5
|
+
|
6
|
+
use Rack::ShowExceptions
|
7
|
+
|
8
|
+
class HelloWorld
|
9
|
+
def call(env)
|
10
|
+
[200, {"Content-Type" => "text/plain"}, ["Made it through!"]]
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
use Rack::Session::Cookie
|
16
|
+
use Rack::OpenID
|
17
|
+
use EasyRackOpenID, :allowed_identifiers => ['http://example.com/'], :after_logout_path => '/login'
|
18
|
+
run HelloWorld.new
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = %q{easy-rack-open-id}
|
5
|
+
s.version = "0.0.1"
|
6
|
+
|
7
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
|
+
s.authors = ["Sam Schenkman-Moore"]
|
9
|
+
s.date = %q{2009-11-16}
|
10
|
+
s.description = %q{You supply OpenIDs, this keeps anyone but people with access to those ids from getting through.}
|
11
|
+
s.email = %q{samsm@samsm.com}
|
12
|
+
s.extra_rdoc_files = ["README", "lib/easy_rack_open_id.rb", "lib/generic_openid_form.html.erb"]
|
13
|
+
s.files = ["Manifest", "README", "Rakefile", "config.ru", "lib/easy_rack_open_id.rb", "lib/generic_openid_form.html.erb", "easy-rack-open-id.gemspec"]
|
14
|
+
s.homepage = %q{http://samsm.com/}
|
15
|
+
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Easy-rack-open-id", "--main", "README"]
|
16
|
+
s.require_paths = ["lib"]
|
17
|
+
s.rubyforge_project = %q{easy-rack-open-id}
|
18
|
+
s.rubygems_version = %q{1.3.5}
|
19
|
+
s.summary = %q{Super easy OpenID protection for Rack.}
|
20
|
+
|
21
|
+
if s.respond_to? :specification_version then
|
22
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
23
|
+
s.specification_version = 3
|
24
|
+
|
25
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
26
|
+
s.add_runtime_dependency(%q<rack-openid>, [">= 0"])
|
27
|
+
else
|
28
|
+
s.add_dependency(%q<rack-openid>, [">= 0"])
|
29
|
+
end
|
30
|
+
else
|
31
|
+
s.add_dependency(%q<rack-openid>, [">= 0"])
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,123 @@
|
|
1
|
+
class EasyRackOpenID
|
2
|
+
|
3
|
+
attr_accessor :env, :options
|
4
|
+
|
5
|
+
def initialize(app, options ={})
|
6
|
+
@app = app
|
7
|
+
@options = options
|
8
|
+
end
|
9
|
+
|
10
|
+
def call(env)
|
11
|
+
@env = env
|
12
|
+
if logout_path == path
|
13
|
+
logout_result = logout
|
14
|
+
return logout_result if logout_result
|
15
|
+
end
|
16
|
+
if allowed?
|
17
|
+
# pass through
|
18
|
+
@app.call(env)
|
19
|
+
else
|
20
|
+
# break chain, start open_id_login
|
21
|
+
open_id_login
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
def open_id_login
|
26
|
+
if resp = env["rack.openid.response"]
|
27
|
+
case resp.status
|
28
|
+
when :success
|
29
|
+
#... save id and forward to ...
|
30
|
+
self.verified_identity = resp.identity_url
|
31
|
+
forward_to(protected_path)
|
32
|
+
when :failure
|
33
|
+
present_login_options
|
34
|
+
end
|
35
|
+
else
|
36
|
+
if identitifier_to_verify
|
37
|
+
self.protected_path = path
|
38
|
+
[401, {"WWW-Authenticate" => "OpenID identifier=\"#{identitifier_to_verify}\""}, []]
|
39
|
+
else
|
40
|
+
present_login_options
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
end
|
45
|
+
|
46
|
+
def path
|
47
|
+
env['REQUEST_PATH']
|
48
|
+
end
|
49
|
+
|
50
|
+
def present_login_options
|
51
|
+
if login_path
|
52
|
+
forward_to(login_path)
|
53
|
+
else
|
54
|
+
dir = File.dirname(__FILE__)
|
55
|
+
form = IO.read(dir + '/generic_openid_form.html.erb')
|
56
|
+
ok(form)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def forward_to(url)
|
61
|
+
[302, {'Location' => url}, ["Forwarding to #{url}"]]
|
62
|
+
end
|
63
|
+
|
64
|
+
def allowed?
|
65
|
+
allowed_identifiers.include? verified_identity
|
66
|
+
end
|
67
|
+
|
68
|
+
def allowed_identifiers
|
69
|
+
options[:allowed_identifiers]
|
70
|
+
end
|
71
|
+
|
72
|
+
def logout_path
|
73
|
+
options[:logout_path] || '/logout'
|
74
|
+
end
|
75
|
+
|
76
|
+
def logout
|
77
|
+
self.verified_identity = nil
|
78
|
+
if after_logout_path
|
79
|
+
forward_to(after_logout_path)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
def after_logout_path
|
84
|
+
options[:after_logout_path]
|
85
|
+
end
|
86
|
+
|
87
|
+
def login_path
|
88
|
+
options[:login_path]
|
89
|
+
end
|
90
|
+
|
91
|
+
def identitifier_to_verify
|
92
|
+
env["rack.request.query_hash"]["openid_identifier"]
|
93
|
+
end
|
94
|
+
|
95
|
+
def verified_identity=(url)
|
96
|
+
session['verified_identity'] = url
|
97
|
+
end
|
98
|
+
|
99
|
+
def verified_identity
|
100
|
+
session['verified_identity']
|
101
|
+
end
|
102
|
+
|
103
|
+
def session
|
104
|
+
env['rack.session']
|
105
|
+
end
|
106
|
+
|
107
|
+
def protected_path=(path)
|
108
|
+
session['return_to'] = path
|
109
|
+
end
|
110
|
+
|
111
|
+
def protected_path
|
112
|
+
session['return_to'] || default_return_to
|
113
|
+
end
|
114
|
+
|
115
|
+
def default_return_to
|
116
|
+
options[:default_return_to] || '/'
|
117
|
+
end
|
118
|
+
|
119
|
+
def ok(text)
|
120
|
+
[200,{"Content-Type" => 'text/html', 'Content-Length'=> text.length},text]
|
121
|
+
end
|
122
|
+
|
123
|
+
end
|
metadata
ADDED
@@ -0,0 +1,77 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: easy-rack-open-id
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Sam Schenkman-Moore
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2009-11-16 00:00:00 -05:00
|
13
|
+
default_executable:
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: rack-openid
|
17
|
+
type: :runtime
|
18
|
+
version_requirement:
|
19
|
+
version_requirements: !ruby/object:Gem::Requirement
|
20
|
+
requirements:
|
21
|
+
- - ">="
|
22
|
+
- !ruby/object:Gem::Version
|
23
|
+
version: "0"
|
24
|
+
version:
|
25
|
+
description: You supply OpenIDs, this keeps anyone but people with access to those ids from getting through.
|
26
|
+
email: samsm@samsm.com
|
27
|
+
executables: []
|
28
|
+
|
29
|
+
extensions: []
|
30
|
+
|
31
|
+
extra_rdoc_files:
|
32
|
+
- README
|
33
|
+
- lib/easy_rack_open_id.rb
|
34
|
+
- lib/generic_openid_form.html.erb
|
35
|
+
files:
|
36
|
+
- Manifest
|
37
|
+
- README
|
38
|
+
- Rakefile
|
39
|
+
- config.ru
|
40
|
+
- lib/easy_rack_open_id.rb
|
41
|
+
- lib/generic_openid_form.html.erb
|
42
|
+
- easy-rack-open-id.gemspec
|
43
|
+
has_rdoc: true
|
44
|
+
homepage: http://samsm.com/
|
45
|
+
licenses: []
|
46
|
+
|
47
|
+
post_install_message:
|
48
|
+
rdoc_options:
|
49
|
+
- --line-numbers
|
50
|
+
- --inline-source
|
51
|
+
- --title
|
52
|
+
- Easy-rack-open-id
|
53
|
+
- --main
|
54
|
+
- README
|
55
|
+
require_paths:
|
56
|
+
- lib
|
57
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: "0"
|
62
|
+
version:
|
63
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - ">="
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: "1.2"
|
68
|
+
version:
|
69
|
+
requirements: []
|
70
|
+
|
71
|
+
rubyforge_project: easy-rack-open-id
|
72
|
+
rubygems_version: 1.3.5
|
73
|
+
signing_key:
|
74
|
+
specification_version: 3
|
75
|
+
summary: Super easy OpenID protection for Rack.
|
76
|
+
test_files: []
|
77
|
+
|