easy-rack-open-id 0.0.1

data/Manifest

@@ -0,0 +1,6 @@
+Manifest
+README
+Rakefile
+config.ru
+lib/easy_rack_open_id.rb
+lib/generic_openid_form.html.erb

data/README

@@ -0,0 +1,27 @@
+EasyRackOpenID. Simplifies OpenID login for Rack apps.
+
+Get Rack::OpenID of http://github.com/josh/rack-openid
+gem install rack-openid
+
+
+You:
+require 'rack/openid'
+use Rack::Session::Cookie
+use Rack::OpenID
+use EasyRackOpenID, :allowed_identifiers => ['http://example.com/']
+run lambda {|env| [ 200, { 'Content-Type' => 'text/plain' }, [ 'Authenticated!' ] ] }
+
+
+Basically, slap EasyRackOpenID in front of the App you want to protect. Rack::OpenID needs to be above it.
+Rack:OpenID with noo arguments uses an in memory OpenID store. This is ok for trying out with rackup, but won't work in a variety of scenarios including using shotgun. You can pass it a different store like so:
+use Rack::OpenID, OpenID::Store::Memcache.new
+
+:allowed_identifiers is required for EasyRackOpenID to work. Give it an array of all the OpenIDs that you don't mind proceeding.
+
+:default_return_to (optional) is a path just in case the automatic return_to mysteriously vanishes. Unlikely.
+
+:login_path (optional) is where to send a user if login fails. Perhaps a login form?
+
+:logout_path (optional, defaults to /logout) path that, when visited will clear the login session
+
+:after_logout_path (optional) After a user logs out, send them here. (don't want the user sitting on the logout path)

data/Rakefile

@@ -0,0 +1,16 @@
+# Rakefile
+require 'rubygems'
+require 'rake'
+require 'echoe'
+
+Echoe.new('easy-rack-open-id', '0.0.1') do |p|
+  p.summary        = "Super easy OpenID protection for Rack."
+  p.description    = "You supply OpenIDs, this keeps anyone but people with access to those ids from getting through."
+  p.url            = "http://samsm.com/"
+  p.author         = "Sam Schenkman-Moore"
+  p.email          = "samsm@samsm.com"
+  p.ignore_pattern = ["tmp/*", "script/*"]
+  p.runtime_dependencies = ['rack-openid']
+end
+
+Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }

data/config.ru

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'rack'
+require 'rack/openid'
+require 'lib/easy_rack_open_id'
+
+use Rack::ShowExceptions
+
+class HelloWorld
+  def call(env)
+    [200, {"Content-Type" => "text/plain"}, ["Made it through!"]]
+  end
+end
+
+
+use Rack::Session::Cookie
+use Rack::OpenID
+use EasyRackOpenID, :allowed_identifiers => ['http://example.com/'], :after_logout_path => '/login'
+run HelloWorld.new

data/easy-rack-open-id.gemspec

@@ -0,0 +1,33 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{easy-rack-open-id}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Sam Schenkman-Moore"]
+  s.date = %q{2009-11-16}
+  s.description = %q{You supply OpenIDs, this keeps anyone but people with access to those ids from getting through.}
+  s.email = %q{samsm@samsm.com}
+  s.extra_rdoc_files = ["README", "lib/easy_rack_open_id.rb", "lib/generic_openid_form.html.erb"]
+  s.files = ["Manifest", "README", "Rakefile", "config.ru", "lib/easy_rack_open_id.rb", "lib/generic_openid_form.html.erb", "easy-rack-open-id.gemspec"]
+  s.homepage = %q{http://samsm.com/}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Easy-rack-open-id", "--main", "README"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{easy-rack-open-id}
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Super easy OpenID protection for Rack.}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rack-openid>, [">= 0"])
+    else
+      s.add_dependency(%q<rack-openid>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rack-openid>, [">= 0"])
+  end
+end

data/lib/easy_rack_open_id.rb

@@ -0,0 +1,123 @@
+class EasyRackOpenID
+  
+  attr_accessor :env, :options
+  
+  def initialize(app, options ={})
+    @app = app
+    @options = options
+  end
+  
+  def call(env)
+    @env = env
+    if logout_path == path
+      logout_result = logout
+      return logout_result if logout_result
+    end
+    if allowed?
+      # pass through
+      @app.call(env)
+    else
+      # break chain, start open_id_login
+      open_id_login
+    end
+  end
+  
+  def open_id_login
+    if resp = env["rack.openid.response"]
+      case resp.status
+      when :success
+        #... save id and forward to ...
+        self.verified_identity = resp.identity_url
+        forward_to(protected_path)
+      when :failure
+        present_login_options
+      end
+    else
+      if identitifier_to_verify
+        self.protected_path = path
+        [401, {"WWW-Authenticate" => "OpenID identifier=\"#{identitifier_to_verify}\""}, []]
+      else
+        present_login_options
+      end
+    end
+    
+  end
+  
+  def path
+    env['REQUEST_PATH']
+  end
+  
+  def present_login_options
+    if login_path
+      forward_to(login_path)
+    else
+      dir = File.dirname(__FILE__)
+      form = IO.read(dir + '/generic_openid_form.html.erb')
+      ok(form)
+    end
+  end
+  
+  def forward_to(url)
+    [302, {'Location' => url}, ["Forwarding to #{url}"]]
+  end
+  
+  def allowed?
+    allowed_identifiers.include? verified_identity
+  end
+  
+  def allowed_identifiers
+    options[:allowed_identifiers]
+  end
+  
+  def logout_path
+    options[:logout_path] || '/logout'
+  end
+  
+  def logout
+    self.verified_identity = nil
+    if after_logout_path
+      forward_to(after_logout_path)
+    end
+  end
+  
+  def after_logout_path
+    options[:after_logout_path]
+  end
+  
+  def login_path
+    options[:login_path]
+  end
+  
+  def identitifier_to_verify
+    env["rack.request.query_hash"]["openid_identifier"]
+  end
+  
+  def verified_identity=(url)
+    session['verified_identity'] = url
+  end
+  
+  def verified_identity
+    session['verified_identity']
+  end
+  
+  def session
+    env['rack.session']
+  end
+  
+  def protected_path=(path)
+    session['return_to'] = path
+  end
+  
+  def protected_path
+    session['return_to'] || default_return_to
+  end
+  
+  def default_return_to
+    options[:default_return_to] || '/'
+  end
+  
+  def ok(text)
+    [200,{"Content-Type" => 'text/html', 'Content-Length'=> text.length},text]
+  end
+
+end

data/lib/generic_openid_form.html.erb

@@ -0,0 +1,7 @@
+<form action="" method="get" accept-charset="utf-8">
+  <p>
+    <label for="openid_identifier">OpenID</label>
+    <input type="text" name="openid_identifier" value="" id="openid_identifier" />
+  </p>
+  <p><input type="submit" value="Continue &rarr;"></p>
+</form>

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification 
+name: easy-rack-open-id
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Sam Schenkman-Moore
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-11-16 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack-openid
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: You supply OpenIDs, this keeps anyone but people with access to those ids from getting through.
+email: samsm@samsm.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- lib/easy_rack_open_id.rb
+- lib/generic_openid_form.html.erb
+files: 
+- Manifest
+- README
+- Rakefile
+- config.ru
+- lib/easy_rack_open_id.rb
+- lib/generic_openid_form.html.erb
+- easy-rack-open-id.gemspec
+has_rdoc: true
+homepage: http://samsm.com/
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --line-numbers
+- --inline-source
+- --title
+- Easy-rack-open-id
+- --main
+- README
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "1.2"
+  version: 
+requirements: []
+
+rubyforge_project: easy-rack-open-id
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Super easy OpenID protection for Rack.
+test_files: []
+