entp-ruby-openid 2.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +215 -0
- data/INSTALL +47 -0
- data/LICENSE +210 -0
- data/NOTICE +2 -0
- data/README +85 -0
- data/UPGRADE +127 -0
- data/admin/runtests.rb +45 -0
- data/examples/README +32 -0
- data/examples/active_record_openid_store/README +58 -0
- data/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb +24 -0
- data/examples/active_record_openid_store/XXX_upgrade_open_id_store.rb +26 -0
- data/examples/active_record_openid_store/init.rb +8 -0
- data/examples/active_record_openid_store/lib/association.rb +10 -0
- data/examples/active_record_openid_store/lib/nonce.rb +3 -0
- data/examples/active_record_openid_store/lib/open_id_setting.rb +4 -0
- data/examples/active_record_openid_store/lib/openid_ar_store.rb +57 -0
- data/examples/active_record_openid_store/test/store_test.rb +212 -0
- data/examples/discover +49 -0
- data/examples/rails_openid/README +153 -0
- data/examples/rails_openid/Rakefile +10 -0
- data/examples/rails_openid/app/controllers/application.rb +4 -0
- data/examples/rails_openid/app/controllers/consumer_controller.rb +125 -0
- data/examples/rails_openid/app/controllers/login_controller.rb +45 -0
- data/examples/rails_openid/app/controllers/server_controller.rb +265 -0
- data/examples/rails_openid/app/helpers/application_helper.rb +3 -0
- data/examples/rails_openid/app/helpers/login_helper.rb +2 -0
- data/examples/rails_openid/app/helpers/server_helper.rb +9 -0
- data/examples/rails_openid/app/views/consumer/index.rhtml +81 -0
- data/examples/rails_openid/app/views/layouts/server.rhtml +68 -0
- data/examples/rails_openid/app/views/login/index.rhtml +56 -0
- data/examples/rails_openid/app/views/server/decide.rhtml +26 -0
- data/examples/rails_openid/config/boot.rb +19 -0
- data/examples/rails_openid/config/database.yml +74 -0
- data/examples/rails_openid/config/environment.rb +54 -0
- data/examples/rails_openid/config/environments/development.rb +19 -0
- data/examples/rails_openid/config/environments/production.rb +19 -0
- data/examples/rails_openid/config/environments/test.rb +19 -0
- data/examples/rails_openid/config/routes.rb +24 -0
- data/examples/rails_openid/doc/README_FOR_APP +2 -0
- data/examples/rails_openid/public/404.html +8 -0
- data/examples/rails_openid/public/500.html +8 -0
- data/examples/rails_openid/public/dispatch.cgi +12 -0
- data/examples/rails_openid/public/dispatch.fcgi +26 -0
- data/examples/rails_openid/public/dispatch.rb +12 -0
- data/examples/rails_openid/public/favicon.ico +0 -0
- data/examples/rails_openid/public/images/openid_login_bg.gif +0 -0
- data/examples/rails_openid/public/javascripts/controls.js +750 -0
- data/examples/rails_openid/public/javascripts/dragdrop.js +584 -0
- data/examples/rails_openid/public/javascripts/effects.js +854 -0
- data/examples/rails_openid/public/javascripts/prototype.js +1785 -0
- data/examples/rails_openid/public/robots.txt +1 -0
- data/examples/rails_openid/script/about +3 -0
- data/examples/rails_openid/script/breakpointer +3 -0
- data/examples/rails_openid/script/console +3 -0
- data/examples/rails_openid/script/destroy +3 -0
- data/examples/rails_openid/script/generate +3 -0
- data/examples/rails_openid/script/performance/benchmarker +3 -0
- data/examples/rails_openid/script/performance/profiler +3 -0
- data/examples/rails_openid/script/plugin +3 -0
- data/examples/rails_openid/script/process/reaper +3 -0
- data/examples/rails_openid/script/process/spawner +3 -0
- data/examples/rails_openid/script/process/spinner +3 -0
- data/examples/rails_openid/script/runner +3 -0
- data/examples/rails_openid/script/server +3 -0
- data/examples/rails_openid/test/functional/login_controller_test.rb +18 -0
- data/examples/rails_openid/test/functional/server_controller_test.rb +18 -0
- data/examples/rails_openid/test/test_helper.rb +28 -0
- data/lib/hmac/hmac.rb +112 -0
- data/lib/hmac/sha1.rb +11 -0
- data/lib/hmac/sha2.rb +25 -0
- data/lib/openid.rb +22 -0
- data/lib/openid/association.rb +249 -0
- data/lib/openid/consumer.rb +395 -0
- data/lib/openid/consumer/associationmanager.rb +344 -0
- data/lib/openid/consumer/checkid_request.rb +186 -0
- data/lib/openid/consumer/discovery.rb +497 -0
- data/lib/openid/consumer/discovery_manager.rb +123 -0
- data/lib/openid/consumer/html_parse.rb +134 -0
- data/lib/openid/consumer/idres.rb +523 -0
- data/lib/openid/consumer/responses.rb +150 -0
- data/lib/openid/cryptutil.rb +115 -0
- data/lib/openid/dh.rb +89 -0
- data/lib/openid/extension.rb +39 -0
- data/lib/openid/extensions/ax.rb +539 -0
- data/lib/openid/extensions/oauth.rb +91 -0
- data/lib/openid/extensions/pape.rb +179 -0
- data/lib/openid/extensions/sreg.rb +277 -0
- data/lib/openid/extras.rb +11 -0
- data/lib/openid/fetchers.rb +258 -0
- data/lib/openid/kvform.rb +136 -0
- data/lib/openid/kvpost.rb +58 -0
- data/lib/openid/message.rb +553 -0
- data/lib/openid/protocolerror.rb +12 -0
- data/lib/openid/server.rb +1544 -0
- data/lib/openid/store.rb +10 -0
- data/lib/openid/store/filesystem.rb +272 -0
- data/lib/openid/store/interface.rb +75 -0
- data/lib/openid/store/memcache.rb +109 -0
- data/lib/openid/store/memory.rb +84 -0
- data/lib/openid/store/nonce.rb +68 -0
- data/lib/openid/trustroot.rb +349 -0
- data/lib/openid/urinorm.rb +75 -0
- data/lib/openid/util.rb +119 -0
- data/lib/openid/version.rb +3 -0
- data/lib/openid/yadis.rb +15 -0
- data/lib/openid/yadis/accept.rb +148 -0
- data/lib/openid/yadis/constants.rb +21 -0
- data/lib/openid/yadis/discovery.rb +153 -0
- data/lib/openid/yadis/filters.rb +205 -0
- data/lib/openid/yadis/htmltokenizer.rb +305 -0
- data/lib/openid/yadis/parsehtml.rb +45 -0
- data/lib/openid/yadis/services.rb +42 -0
- data/lib/openid/yadis/xrds.rb +155 -0
- data/lib/openid/yadis/xri.rb +90 -0
- data/lib/openid/yadis/xrires.rb +91 -0
- data/test/data/test_discover/openid_utf8.html +11 -0
- data/test/support/test_data_mixin.rb +127 -0
- data/test/support/test_util.rb +53 -0
- data/test/support/yadis_data.rb +131 -0
- data/test/support/yadis_data/accept.txt +124 -0
- data/test/support/yadis_data/dh.txt +29 -0
- data/test/support/yadis_data/example-xrds.xml +14 -0
- data/test/support/yadis_data/linkparse.txt +587 -0
- data/test/support/yadis_data/n2b64 +650 -0
- data/test/support/yadis_data/test1-discover.txt +137 -0
- data/test/support/yadis_data/test1-parsehtml.txt +152 -0
- data/test/support/yadis_data/test_discover/malformed_meta_tag.html +19 -0
- data/test/support/yadis_data/test_discover/openid.html +11 -0
- data/test/support/yadis_data/test_discover/openid2.html +11 -0
- data/test/support/yadis_data/test_discover/openid2_xrds.xml +12 -0
- data/test/support/yadis_data/test_discover/openid2_xrds_no_local_id.xml +11 -0
- data/test/support/yadis_data/test_discover/openid_1_and_2.html +11 -0
- data/test/support/yadis_data/test_discover/openid_1_and_2_xrds.xml +16 -0
- data/test/support/yadis_data/test_discover/openid_1_and_2_xrds_bad_delegate.xml +17 -0
- data/test/support/yadis_data/test_discover/openid_and_yadis.html +12 -0
- data/test/support/yadis_data/test_discover/openid_no_delegate.html +10 -0
- data/test/support/yadis_data/test_discover/openid_utf8.html +11 -0
- data/test/support/yadis_data/test_discover/yadis_0entries.xml +12 -0
- data/test/support/yadis_data/test_discover/yadis_2_bad_local_id.xml +15 -0
- data/test/support/yadis_data/test_discover/yadis_2entries_delegate.xml +22 -0
- data/test/support/yadis_data/test_discover/yadis_2entries_idp.xml +21 -0
- data/test/support/yadis_data/test_discover/yadis_another_delegate.xml +14 -0
- data/test/support/yadis_data/test_discover/yadis_idp.xml +12 -0
- data/test/support/yadis_data/test_discover/yadis_idp_delegate.xml +13 -0
- data/test/support/yadis_data/test_discover/yadis_no_delegate.xml +11 -0
- data/test/support/yadis_data/test_xrds/=j3h.2007.11.14.xrds +25 -0
- data/test/support/yadis_data/test_xrds/README +12 -0
- data/test/support/yadis_data/test_xrds/delegated-20060809-r1.xrds +34 -0
- data/test/support/yadis_data/test_xrds/delegated-20060809-r2.xrds +34 -0
- data/test/support/yadis_data/test_xrds/delegated-20060809.xrds +34 -0
- data/test/support/yadis_data/test_xrds/no-xrd.xml +7 -0
- data/test/support/yadis_data/test_xrds/not-xrds.xml +2 -0
- data/test/support/yadis_data/test_xrds/prefixsometimes.xrds +34 -0
- data/test/support/yadis_data/test_xrds/ref.xrds +109 -0
- data/test/support/yadis_data/test_xrds/sometimesprefix.xrds +34 -0
- data/test/support/yadis_data/test_xrds/spoof1.xrds +25 -0
- data/test/support/yadis_data/test_xrds/spoof2.xrds +25 -0
- data/test/support/yadis_data/test_xrds/spoof3.xrds +37 -0
- data/test/support/yadis_data/test_xrds/status222.xrds +9 -0
- data/test/support/yadis_data/test_xrds/subsegments.xrds +58 -0
- data/test/support/yadis_data/test_xrds/valid-populated-xrds.xml +39 -0
- data/test/support/yadis_data/trustroot.txt +153 -0
- data/test/support/yadis_data/urinorm.txt +79 -0
- data/test/test_accept.rb +170 -0
- data/test/test_association.rb +268 -0
- data/test/test_associationmanager.rb +918 -0
- data/test/test_ax.rb +690 -0
- data/test/test_checkid_request.rb +293 -0
- data/test/test_consumer.rb +260 -0
- data/test/test_cryptutil.rb +119 -0
- data/test/test_dh.rb +85 -0
- data/test/test_discover.rb +848 -0
- data/test/test_discovery_manager.rb +259 -0
- data/test/test_extension.rb +46 -0
- data/test/test_extras.rb +35 -0
- data/test/test_fetchers.rb +554 -0
- data/test/test_filters.rb +269 -0
- data/test/test_helper.rb +4 -0
- data/test/test_idres.rb +961 -0
- data/test/test_kvform.rb +164 -0
- data/test/test_kvpost.rb +64 -0
- data/test/test_linkparse.rb +100 -0
- data/test/test_message.rb +1115 -0
- data/test/test_nonce.rb +89 -0
- data/test/test_oauth.rb +176 -0
- data/test/test_openid_yadis.rb +177 -0
- data/test/test_pape.rb +248 -0
- data/test/test_parsehtml.rb +79 -0
- data/test/test_responses.rb +63 -0
- data/test/test_server.rb +2455 -0
- data/test/test_sreg.rb +479 -0
- data/test/test_stores.rb +292 -0
- data/test/test_trustroot.rb +111 -0
- data/test/test_urinorm.rb +34 -0
- data/test/test_util.rb +145 -0
- data/test/test_xrds.rb +167 -0
- data/test/test_xri.rb +48 -0
- data/test/test_xrires.rb +67 -0
- data/test/test_yadis_discovery.rb +218 -0
- metadata +268 -0
data/NOTICE
ADDED
data/README
ADDED
@@ -0,0 +1,85 @@
|
|
1
|
+
=Ruby OpenID
|
2
|
+
|
3
|
+
A Ruby library for verifying and serving OpenID identities.
|
4
|
+
|
5
|
+
This is a fork by courtenay @ entp (http://entp.com) which merges in many pull requests,
|
6
|
+
fixes some tests and works on ruby 1.8.7 and ruby 1.9.2 (at least). This library seems
|
7
|
+
otherwise abandoned by its authors.
|
8
|
+
|
9
|
+
==Features
|
10
|
+
* Easy to use API for verifying OpenID identites - OpenID::Consumer
|
11
|
+
* Support for serving OpenID identites - OpenID::Server
|
12
|
+
* Does not depend on underlying web framework
|
13
|
+
* Supports multiple storage mechanisms (Filesystem, ActiveRecord, Memory)
|
14
|
+
* Example code to help you get started, including:
|
15
|
+
* Ruby on Rails based consumer and server
|
16
|
+
* OpenIDLoginGenerator for quickly getting creating a rails app that uses
|
17
|
+
OpenID for authentication
|
18
|
+
* ActiveRecordOpenIDStore plugin
|
19
|
+
* Comprehensive test suite
|
20
|
+
* Supports both OpenID 1 and OpenID 2 transparently
|
21
|
+
|
22
|
+
==Installing
|
23
|
+
Before running the examples or writing your own code you'll need to install
|
24
|
+
the library. See the INSTALL file or use rubygems:
|
25
|
+
|
26
|
+
gem install ruby-openid
|
27
|
+
|
28
|
+
Check the installation:
|
29
|
+
|
30
|
+
$ irb
|
31
|
+
irb> require 'rubygems'
|
32
|
+
irb> require_gem 'ruby-openid'
|
33
|
+
=> true
|
34
|
+
|
35
|
+
The library is known to work with Ruby 1.8.4 on Unix, Max OSX and
|
36
|
+
Win32. Examples have been tested with Rails 1.1 and 1.2, and 2.0.
|
37
|
+
|
38
|
+
==Getting Started
|
39
|
+
The best way to start is to look at the rails_openid example.
|
40
|
+
You can run it with:
|
41
|
+
cd examples/rails_openid
|
42
|
+
script/server
|
43
|
+
|
44
|
+
If you are writing an OpenID Relying Party, a good place to start is:
|
45
|
+
examples/rails_openid/app/controllers/consumer_controller.rb
|
46
|
+
|
47
|
+
And if you are writing an OpenID provider:
|
48
|
+
examples/rails_openid/app/controllers/server_controller.rb
|
49
|
+
|
50
|
+
The library code is quite well documented, so don't be squeamish, and
|
51
|
+
look at the library itself if there's anything you don't understand in
|
52
|
+
the examples.
|
53
|
+
|
54
|
+
==Homepage
|
55
|
+
http://github.com/openid/ruby-openid
|
56
|
+
|
57
|
+
See also:
|
58
|
+
http://openid.net/
|
59
|
+
|
60
|
+
==Community
|
61
|
+
Discussion regarding the Ruby OpenID library and other JanRain OpenID
|
62
|
+
libraries takes place on the the OpenID mailing list on
|
63
|
+
openid.net.
|
64
|
+
|
65
|
+
http://openid.net/developers/dev-mailing-lists/
|
66
|
+
|
67
|
+
Please join this list to discuss, ask implementation questions, report
|
68
|
+
bugs, etc. Also check out the openid channel on the freenode IRC
|
69
|
+
network.
|
70
|
+
|
71
|
+
If you have a bugfix or feature you'd like to contribute, don't
|
72
|
+
hesitate to send it to us. For more detailed information on how to
|
73
|
+
contribute, see
|
74
|
+
|
75
|
+
http://openidenabled.com/contribute/
|
76
|
+
|
77
|
+
==Author
|
78
|
+
Copyright 2006-2008, JanRain, Inc.
|
79
|
+
|
80
|
+
Contact openid@janrain.com or visit the OpenID channel on pibb.com:
|
81
|
+
|
82
|
+
http://pibb.com/go/openid
|
83
|
+
|
84
|
+
==License
|
85
|
+
Apache Software License. For more information see the LICENSE file.
|
data/UPGRADE
ADDED
@@ -0,0 +1,127 @@
|
|
1
|
+
= Upgrading from the OpenID 1.x series library
|
2
|
+
|
3
|
+
== Consumer Upgrade
|
4
|
+
|
5
|
+
The flow is largely the same, however there are a number of significant
|
6
|
+
changes. The consumer example is helpful to look at:
|
7
|
+
examples/rails_openid/app/controllers/consumer_controller.rb
|
8
|
+
|
9
|
+
|
10
|
+
=== Stores
|
11
|
+
|
12
|
+
You will need to require the file for the store that you are using.
|
13
|
+
For the filesystem store, this is 'openid/stores/filesystem'
|
14
|
+
They are also now in modules. The filesystem store is
|
15
|
+
OpenID::Store::Filesystem
|
16
|
+
The format has changed, and you should remove your old store directory.
|
17
|
+
|
18
|
+
The ActiveRecord store ( examples/active_record_openid_store ) still needs
|
19
|
+
to be put in a plugin directory for your rails app. There's a migration
|
20
|
+
that needs to be run; examine the README in that directory.
|
21
|
+
|
22
|
+
Also, note that the stores now can be garbage collected with the method
|
23
|
+
store.cleanup
|
24
|
+
|
25
|
+
|
26
|
+
=== Starting the OpenID transaction
|
27
|
+
|
28
|
+
The OpenIDRequest object no longer has status codes. Instead,
|
29
|
+
consumer.begin raises an OpenID::OpenIDError if there is a problem
|
30
|
+
initiating the transaction, so you'll want something along the lines of:
|
31
|
+
|
32
|
+
begin
|
33
|
+
openid_request = consumer.begin(params[:openid_identifier])
|
34
|
+
rescue OpenID::OpenIDError => e
|
35
|
+
# display error e
|
36
|
+
return
|
37
|
+
end
|
38
|
+
#success case
|
39
|
+
|
40
|
+
Data regarding the OpenID server once lived in
|
41
|
+
openid_request.service
|
42
|
+
|
43
|
+
The corresponding object in the 2.0 lib can be retrieved with
|
44
|
+
openid_request.endpoint
|
45
|
+
|
46
|
+
Getting the unverified identifier: Where you once had
|
47
|
+
openid_request.identity_url
|
48
|
+
you will now want
|
49
|
+
openid_request.endpoint.claimed_id
|
50
|
+
which might be different from what you get at the end of the transaction,
|
51
|
+
since it is now possible for users to enter their server's url directly.
|
52
|
+
|
53
|
+
Arguments on the return_to URL are now verified, so if you want to add
|
54
|
+
additional arguments to the return_to url, use
|
55
|
+
openid_request.return_to_args['param'] = value
|
56
|
+
|
57
|
+
Generating the redirect is the same as before, but add any extensions
|
58
|
+
first.
|
59
|
+
|
60
|
+
If you need to set up an SSL certificate authority list for the fetcher,
|
61
|
+
use the 'ca_file' attr_accessor on the OpenID::StandardFetcher. This has
|
62
|
+
changed from 'ca_path' in the 1.x.x series library. That is, set
|
63
|
+
OpenID.fetcher.ca_file = '/path/to/ca.list'
|
64
|
+
before calling consumer.begin.
|
65
|
+
|
66
|
+
=== Requesting Simple Registration Data
|
67
|
+
|
68
|
+
You'll need to require the code for the extension
|
69
|
+
require 'openid/extensions/sreg'
|
70
|
+
|
71
|
+
The new code for adding an SReg request now looks like:
|
72
|
+
|
73
|
+
sreg_request = OpenID::SReg::Request.new
|
74
|
+
sreg_request.request_fields(['email', 'dob'], true) # required
|
75
|
+
sreg_request.request_fields(['nickname', 'fullname'], false) # optional
|
76
|
+
sreg_request.policy_url = policy_url
|
77
|
+
openid_request.add_extension(sreg_request)
|
78
|
+
|
79
|
+
The code for adding other extensions is similar. Code for the Attribute
|
80
|
+
Exchange (AX) and Provider Authentication Policy Extension (PAPE) are
|
81
|
+
included with the library, and additional extensions can be implemented
|
82
|
+
subclassing OpenID::Extension.
|
83
|
+
|
84
|
+
|
85
|
+
=== Completing the transaction
|
86
|
+
|
87
|
+
The return_to and its arguments are verified, so you need to pass in
|
88
|
+
the base URL and the arguments. With Rails, the params method mashes
|
89
|
+
together parameters from GET, POST, and the path, so you'll need to pull
|
90
|
+
off the path "parameters" with something like
|
91
|
+
|
92
|
+
return_to = url_for(:only_path => false,
|
93
|
+
:controller => 'openid',
|
94
|
+
:action => 'complete')
|
95
|
+
parameters = params.reject{|k,v| request.path_parameters[k] }
|
96
|
+
openid_response = consumer.complete(parameters, return_to)
|
97
|
+
|
98
|
+
The response still uses the status codes, but they are now namespaced
|
99
|
+
slightly differently, for example OpenID::Consumer::SUCCESS
|
100
|
+
|
101
|
+
In the case of failure, the error message is now found in
|
102
|
+
openid_response.message
|
103
|
+
|
104
|
+
The identifier to display to the user can be found in
|
105
|
+
openid_response.endpoint.display_identifier
|
106
|
+
|
107
|
+
The Simple Registration response can be read from the OpenID response
|
108
|
+
with
|
109
|
+
sreg_response = OpenID::SReg::Response.from_success_response(openid_response)
|
110
|
+
nickname = sreg_response['nickname']
|
111
|
+
# etc.
|
112
|
+
|
113
|
+
|
114
|
+
== Server Upgrade
|
115
|
+
|
116
|
+
The server code is mostly the same as before, with the exception of
|
117
|
+
extensions. Also, you must pass in the endpoint URL to the server
|
118
|
+
constructor:
|
119
|
+
@server = OpenID::Server.new(store, server_url)
|
120
|
+
|
121
|
+
I recommend looking at
|
122
|
+
examples/rails_openid/app/controllers/server_controller.rb
|
123
|
+
for an example of the new way of doing extensions.
|
124
|
+
|
125
|
+
--
|
126
|
+
Dag Arneson, JanRain Inc.
|
127
|
+
Please direct questions to openid@janrain.com
|
data/admin/runtests.rb
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
require "logger"
|
4
|
+
require "stringio"
|
5
|
+
require "pathname"
|
6
|
+
|
7
|
+
require 'test/unit/collector/dir'
|
8
|
+
require 'test/unit/ui/console/testrunner'
|
9
|
+
|
10
|
+
begin
|
11
|
+
require 'rubygems'
|
12
|
+
require 'memcache'
|
13
|
+
rescue LoadError
|
14
|
+
else
|
15
|
+
if ENV['TESTING_MEMCACHE']
|
16
|
+
TESTING_MEMCACHE = MemCache.new(ENV['TESTING_MEMCACHE'])
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def main
|
21
|
+
old_verbose = $VERBOSE
|
22
|
+
$VERBOSE = true
|
23
|
+
|
24
|
+
tests_dir = Pathname.new(__FILE__).dirname.dirname.join('test')
|
25
|
+
|
26
|
+
# Collect tests from everything named test_*.rb.
|
27
|
+
c = Test::Unit::Collector::Dir.new
|
28
|
+
|
29
|
+
if c.respond_to?(:base=)
|
30
|
+
# In order to supress warnings from ruby 1.8.6 about accessing
|
31
|
+
# undefined member
|
32
|
+
c.base = tests_dir
|
33
|
+
suite = c.collect
|
34
|
+
else
|
35
|
+
# Because base is not defined in ruby < 1.8.6
|
36
|
+
suite = c.collect(tests_dir)
|
37
|
+
end
|
38
|
+
|
39
|
+
result = Test::Unit::UI::Console::TestRunner.run(suite)
|
40
|
+
result.passed?
|
41
|
+
ensure
|
42
|
+
$VERBOSE = old_verbose
|
43
|
+
end
|
44
|
+
|
45
|
+
exit(main)
|
data/examples/README
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
This directory contains several examples that demonstrate use of the
|
2
|
+
OpenID library. Make sure you have properly installed the library
|
3
|
+
before running the examples. These examples are a great place to
|
4
|
+
start in integrating OpenID into your application.
|
5
|
+
|
6
|
+
==Rails example
|
7
|
+
|
8
|
+
The rails_openid contains a fully functional OpenID server and relying
|
9
|
+
party, and acts as a starting point for implementing your own
|
10
|
+
production rails server. You'll need the latest version of Ruby on
|
11
|
+
Rails installed, and then:
|
12
|
+
|
13
|
+
cd rails_openid
|
14
|
+
./script/server
|
15
|
+
|
16
|
+
Open a web browser to http://localhost:3000/ and follow the instructions.
|
17
|
+
|
18
|
+
The relevant code to work from when writing your Rails OpenID Relying
|
19
|
+
Party is:
|
20
|
+
rails_openid/app/controllers/consumer_controller.rb
|
21
|
+
If you are working on an OpenID provider, check out
|
22
|
+
rails_openid/app/controllers/server_controller.rb
|
23
|
+
|
24
|
+
Since the library and examples are Apache-licensed, don't be shy about
|
25
|
+
copy-and-paste.
|
26
|
+
|
27
|
+
==Rails ActiveRecord OpenIDStore plugin
|
28
|
+
|
29
|
+
For various reasons you may want or need to deploy your ruby openid
|
30
|
+
consumer/server using an SQL based store. The active_record_openid_store
|
31
|
+
is a plugin that makes using an SQL based store simple. Follow the
|
32
|
+
README inside the plugin's dir for usage.
|
@@ -0,0 +1,58 @@
|
|
1
|
+
=Active Record OpenID Store Plugin
|
2
|
+
|
3
|
+
A store is required by an OpenID server and optionally by the consumer
|
4
|
+
to store associations, nonces, and auth key information across
|
5
|
+
requests and processes. If rails is distributed across several
|
6
|
+
machines, they must must all have access to the same OpenID store
|
7
|
+
data, so the FilesystemStore won't do.
|
8
|
+
|
9
|
+
This directory contains a plugin for connecting your
|
10
|
+
OpenID enabled rails app to an ActiveRecord based OpenID store.
|
11
|
+
|
12
|
+
==Install
|
13
|
+
|
14
|
+
1) Copy this directory and all it's contents into your
|
15
|
+
RAILS_ROOT/vendor/plugins directory. You structure should look like
|
16
|
+
this:
|
17
|
+
|
18
|
+
RAILS_ROOT/vendor/plugins/active_record_openid_store/
|
19
|
+
|
20
|
+
2) Copy the migration, XXX_add_open_id_store_to_db.rb to your
|
21
|
+
RAILS_ROOT/db/migrate directory. Rename the XXX portion of the
|
22
|
+
file to next sequential migration number.
|
23
|
+
|
24
|
+
3) Run the migration:
|
25
|
+
|
26
|
+
rake migrate
|
27
|
+
|
28
|
+
4) Change your app to use the ActiveRecordOpenIDStore:
|
29
|
+
|
30
|
+
store = ActiveRecordOpenIDStore.new
|
31
|
+
consumer = OpenID::Consumer.new(session, store)
|
32
|
+
|
33
|
+
5) That's it! All your OpenID state will now be stored in the database.
|
34
|
+
|
35
|
+
==Upgrade
|
36
|
+
|
37
|
+
If you are upgrading from the 1.x ActiveRecord store, replace your old
|
38
|
+
RAILS_ROOT/vendor/plugins/active_record_openid_store/ directory with
|
39
|
+
the new one and run the migration XXX_upgrade_open_id_store.rb.
|
40
|
+
|
41
|
+
==What about garbage collection?
|
42
|
+
|
43
|
+
You may garbage collect unused nonces and expired associations using
|
44
|
+
the gc instance method of ActiveRecordOpenIDStore. Hook it up to a
|
45
|
+
task in your app's Rakefile like so:
|
46
|
+
|
47
|
+
desc 'GC OpenID store'
|
48
|
+
task :gc_openid_store => :environment do
|
49
|
+
ActiveRecordOpenIDStore.new.cleanup
|
50
|
+
end
|
51
|
+
|
52
|
+
Run it by typing:
|
53
|
+
|
54
|
+
rake gc_openid_store
|
55
|
+
|
56
|
+
|
57
|
+
==Questions?
|
58
|
+
Contact Dag Arneson: dag at janrain dot com
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# Use this migration to create the tables for the ActiveRecord store
|
2
|
+
class AddOpenIdStoreToDb < ActiveRecord::Migration
|
3
|
+
def self.up
|
4
|
+
create_table "open_id_associations", :force => true do |t|
|
5
|
+
t.column "server_url", :binary, :null => false
|
6
|
+
t.column "handle", :string, :null => false
|
7
|
+
t.column "secret", :binary, :null => false
|
8
|
+
t.column "issued", :integer, :null => false
|
9
|
+
t.column "lifetime", :integer, :null => false
|
10
|
+
t.column "assoc_type", :string, :null => false
|
11
|
+
end
|
12
|
+
|
13
|
+
create_table "open_id_nonces", :force => true do |t|
|
14
|
+
t.column :server_url, :string, :null => false
|
15
|
+
t.column :timestamp, :integer, :null => false
|
16
|
+
t.column :salt, :string, :null => false
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.down
|
21
|
+
drop_table "open_id_associations"
|
22
|
+
drop_table "open_id_nonces"
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# Use this migration to upgrade the old 1.1 ActiveRecord store schema
|
2
|
+
# to the new 2.0 schema.
|
3
|
+
class UpgradeOpenIdStore < ActiveRecord::Migration
|
4
|
+
def self.up
|
5
|
+
drop_table "open_id_settings"
|
6
|
+
drop_table "open_id_nonces"
|
7
|
+
create_table "open_id_nonces", :force => true do |t|
|
8
|
+
t.column :server_url, :string, :null => false
|
9
|
+
t.column :timestamp, :integer, :null => false
|
10
|
+
t.column :salt, :string, :null => false
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.down
|
15
|
+
drop_table "open_id_nonces"
|
16
|
+
create_table "open_id_nonces", :force => true do |t|
|
17
|
+
t.column "nonce", :string
|
18
|
+
t.column "created", :integer
|
19
|
+
end
|
20
|
+
|
21
|
+
create_table "open_id_settings", :force => true do |t|
|
22
|
+
t.column "setting", :string
|
23
|
+
t.column "value", :binary
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'association'
|
2
|
+
require 'nonce'
|
3
|
+
require 'openid/store/interface'
|
4
|
+
|
5
|
+
# not in OpenID module to avoid namespace conflict
|
6
|
+
class ActiveRecordStore < OpenID::Store::Interface
|
7
|
+
def store_association(server_url, assoc)
|
8
|
+
remove_association(server_url, assoc.handle)
|
9
|
+
Association.create!(:server_url => server_url,
|
10
|
+
:handle => assoc.handle,
|
11
|
+
:secret => assoc.secret,
|
12
|
+
:issued => assoc.issued.to_i,
|
13
|
+
:lifetime => assoc.lifetime,
|
14
|
+
:assoc_type => assoc.assoc_type)
|
15
|
+
end
|
16
|
+
|
17
|
+
def get_association(server_url, handle=nil)
|
18
|
+
assocs = if handle.blank?
|
19
|
+
Association.find_all_by_server_url(server_url)
|
20
|
+
else
|
21
|
+
Association.find_all_by_server_url_and_handle(server_url, handle)
|
22
|
+
end
|
23
|
+
|
24
|
+
assocs.reverse.each do |assoc|
|
25
|
+
a = assoc.from_record
|
26
|
+
if a.expires_in == 0
|
27
|
+
assoc.destroy
|
28
|
+
else
|
29
|
+
return a
|
30
|
+
end
|
31
|
+
end if assocs.any?
|
32
|
+
|
33
|
+
return nil
|
34
|
+
end
|
35
|
+
|
36
|
+
def remove_association(server_url, handle)
|
37
|
+
Association.delete_all(['server_url = ? AND handle = ?', server_url, handle]) > 0
|
38
|
+
end
|
39
|
+
|
40
|
+
def use_nonce(server_url, timestamp, salt)
|
41
|
+
return false if Nonce.find_by_server_url_and_timestamp_and_salt(server_url, timestamp, salt)
|
42
|
+
return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
|
43
|
+
Nonce.create!(:server_url => server_url, :timestamp => timestamp, :salt => salt)
|
44
|
+
return true
|
45
|
+
end
|
46
|
+
|
47
|
+
def cleanup_nonces
|
48
|
+
now = Time.now.to_i
|
49
|
+
Nonce.delete_all(["timestamp > ? OR timestamp < ?", now + OpenID::Nonce.skew, now - OpenID::Nonce.skew])
|
50
|
+
end
|
51
|
+
|
52
|
+
def cleanup_associations
|
53
|
+
now = Time.now.to_i
|
54
|
+
Association.delete_all(['issued + lifetime > ?',now])
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|