entp-ruby-openid 2.2

data/examples/active_record_openid_store/test/store_test.rb

@@ -0,0 +1,212 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+require 'test/unit'
+RAILS_ENV = "test"
+require File.expand_path(File.join(File.dirname(__FILE__), '../../../../config/environment.rb'))
+
+module StoreTestCase
+  @@allowed_handle = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'
+  @@allowed_nonce = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+  
+  def _gen_nonce
+    OpenID::CryptUtil.random_string(8, @@allowed_nonce)
+  end
+
+  def _gen_handle(n)
+    OpenID::CryptUtil.random_string(n, @@allowed_handle)
+  end
+
+  def _gen_secret(n, chars=nil)
+    OpenID::CryptUtil.random_string(n, chars)
+  end
+
+  def _gen_assoc(issued, lifetime=600)
+    secret = _gen_secret(20)
+    handle = _gen_handle(128)
+    OpenID::Association.new(handle, secret, Time.now + issued, lifetime,
+                            'HMAC-SHA1') 
+  end
+  
+  def _check_retrieve(url, handle=nil, expected=nil)
+    ret_assoc = @store.get_association(url, handle)
+
+    if expected.nil?
+      assert_nil(ret_assoc)
+    else
+      assert_equal(expected, ret_assoc)
+      assert_equal(expected.handle, ret_assoc.handle)
+      assert_equal(expected.secret, ret_assoc.secret)
+    end
+  end
+
+  def _check_remove(url, handle, expected)
+    present = @store.remove_association(url, handle)
+    assert_equal(expected, present)
+  end
+
+  def test_store
+    server_url = "http://www.myopenid.com/openid"
+    assoc = _gen_assoc(issued=0)
+
+    # Make sure that a missing association returns no result
+    _check_retrieve(server_url)
+
+    # Check that after storage, getting returns the same result
+    @store.store_association(server_url, assoc)
+    _check_retrieve(server_url, nil, assoc)
+
+    # more than once
+    _check_retrieve(server_url, nil, assoc)
+
+    # Storing more than once has no ill effect
+    @store.store_association(server_url, assoc)
+    _check_retrieve(server_url, nil, assoc)
+
+    # Removing an association that does not exist returns not present
+    _check_remove(server_url, assoc.handle + 'x', false)
+
+    # Removing an association that does not exist returns not present
+    _check_remove(server_url + 'x', assoc.handle, false)
+
+    # Removing an association that is present returns present
+    _check_remove(server_url, assoc.handle, true)
+
+    # but not present on subsequent calls
+    _check_remove(server_url, assoc.handle, false)
+
+    # Put assoc back in the store
+    @store.store_association(server_url, assoc)
+
+    # More recent and expires after assoc
+    assoc2 = _gen_assoc(issued=1)
+    @store.store_association(server_url, assoc2)
+
+    # After storing an association with a different handle, but the
+    # same server_url, the handle with the later expiration is returned.
+    _check_retrieve(server_url, nil, assoc2)
+
+    # We can still retrieve the older association
+    _check_retrieve(server_url, assoc.handle, assoc)
+
+    # Plus we can retrieve the association with the later expiration
+    # explicitly
+    _check_retrieve(server_url, assoc2.handle, assoc2)
+
+    # More recent, and expires earlier than assoc2 or assoc. Make sure
+    # that we're picking the one with the latest issued date and not
+    # taking into account the expiration.
+    assoc3 = _gen_assoc(issued=2, lifetime=100)
+    @store.store_association(server_url, assoc3)
+
+    _check_retrieve(server_url, nil, assoc3)
+    _check_retrieve(server_url, assoc.handle, assoc)
+    _check_retrieve(server_url, assoc2.handle, assoc2)
+    _check_retrieve(server_url, assoc3.handle, assoc3)
+
+    _check_remove(server_url, assoc2.handle, true)
+
+    _check_retrieve(server_url, nil, assoc3)
+    _check_retrieve(server_url, assoc.handle, assoc)
+    _check_retrieve(server_url, assoc2.handle, nil)
+    _check_retrieve(server_url, assoc3.handle, assoc3)
+
+    _check_remove(server_url, assoc2.handle, false)
+    _check_remove(server_url, assoc3.handle, true)
+
+    _check_retrieve(server_url, nil, assoc)
+    _check_retrieve(server_url, assoc.handle, assoc)
+    _check_retrieve(server_url, assoc2.handle, nil)
+    _check_retrieve(server_url, assoc3.handle, nil)
+
+    _check_remove(server_url, assoc2.handle, false)
+    _check_remove(server_url, assoc.handle, true)
+    _check_remove(server_url, assoc3.handle, false)
+
+    _check_retrieve(server_url, nil, nil)
+    _check_retrieve(server_url, assoc.handle, nil)
+    _check_retrieve(server_url, assoc2.handle, nil)
+    _check_retrieve(server_url, assoc3.handle, nil)
+
+    _check_remove(server_url, assoc2.handle, false)
+    _check_remove(server_url, assoc.handle, false)
+    _check_remove(server_url, assoc3.handle, false)
+
+    assocValid1 = _gen_assoc(-3600, 7200)
+    assocValid2 = _gen_assoc(-5)
+    assocExpired1 = _gen_assoc(-7200, 3600)
+    assocExpired2 = _gen_assoc(-7200, 3600)
+
+    @store.cleanup_associations
+    @store.store_association(server_url + '1', assocValid1)
+    @store.store_association(server_url + '1', assocExpired1)
+    @store.store_association(server_url + '2', assocExpired2)
+    @store.store_association(server_url + '3', assocValid2)
+
+    cleaned = @store.cleanup_associations()
+    assert_equal(2, cleaned, "cleaned up associations")
+  end
+
+  def _check_use_nonce(nonce, expected, server_url, msg='')
+    stamp, salt = OpenID::Nonce::split_nonce(nonce)
+    actual = @store.use_nonce(server_url, stamp, salt)
+    assert_equal(expected, actual, msg)
+  end
+
+  def test_nonce
+    server_url = "http://www.myopenid.com/openid"
+    [server_url, ''].each{|url|
+      nonce1 = OpenID::Nonce::mk_nonce
+
+      _check_use_nonce(nonce1, true, url, "#{url}: nonce allowed by default") 
+      _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed twice") 
+      _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed third time")
+      
+      # old nonces shouldn't pass
+      old_nonce = OpenID::Nonce::mk_nonce(3600)
+      _check_use_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed")
+
+    }
+
+    now = Time.now.to_i
+    old_nonce1 = OpenID::Nonce::mk_nonce(now - 20000)
+    old_nonce2 = OpenID::Nonce::mk_nonce(now - 10000)
+    recent_nonce = OpenID::Nonce::mk_nonce(now - 600)
+
+    orig_skew = OpenID::Nonce.skew
+    OpenID::Nonce.skew = 0
+    count = @store.cleanup_nonces
+    OpenID::Nonce.skew = 1000000
+    ts, salt = OpenID::Nonce::split_nonce(old_nonce1)
+    assert(@store.use_nonce(server_url, ts, salt), "oldnonce1")
+    ts, salt = OpenID::Nonce::split_nonce(old_nonce2)
+    assert(@store.use_nonce(server_url, ts, salt), "oldnonce2")
+    ts, salt = OpenID::Nonce::split_nonce(recent_nonce)
+    assert(@store.use_nonce(server_url, ts, salt), "recent_nonce")
+
+    
+    OpenID::Nonce.skew = 1000
+    cleaned = @store.cleanup_nonces
+    assert_equal(2, cleaned, "Cleaned #{cleaned} nonces")
+
+    OpenID::Nonce.skew = 100000
+    ts, salt = OpenID::Nonce::split_nonce(old_nonce1)
+    assert(@store.use_nonce(server_url, ts, salt), "oldnonce1 after cleanup")
+    ts, salt = OpenID::Nonce::split_nonce(old_nonce2)
+    assert(@store.use_nonce(server_url, ts, salt), "oldnonce2 after cleanup")
+    ts, salt = OpenID::Nonce::split_nonce(recent_nonce)
+    assert(!@store.use_nonce(server_url, ts, salt), "recent_nonce after cleanup")
+
+    OpenID::Nonce.skew = orig_skew
+
+  end
+end
+
+
+class TestARStore < Test::Unit::TestCase
+  include StoreTestCase
+  
+  def setup
+    @store = ActiveRecordStore.new
+  end
+
+end
+

data/examples/discover

@@ -0,0 +1,49 @@
+#!/usr/bin/env ruby
+require "openid/consumer/discovery"
+require 'openid/fetchers'
+
+OpenID::fetcher_use_env_http_proxy
+
+$names = [[:server_url,   "Server URL  "],
+          [:local_id,     "Local ID    "],
+          [:canonical_id, "Canonical ID"],
+         ]
+
+def show_services(user_input, normalized, services)
+  puts " Claimed identifier: #{normalized}"
+  if services.empty?
+    puts " No OpenID services found"
+    puts
+  else
+    puts " Discovered services:"
+    n = 0
+    services.each do |service|
+      n += 1
+      puts "  #{n}."
+      $names.each do |meth, name|
+        val = service.send(meth)
+        if val
+          printf("     %s: %s\n", name, val)
+        end
+      end
+      puts "     Type URIs:"
+      for type_uri in service.type_uris
+        puts "       * #{type_uri}"
+      end
+      puts
+    end
+  end
+end
+
+ARGV.each do |openid_identifier|
+  puts "=" * 50
+  puts "Running discovery on #{openid_identifier}"
+  begin
+    normalized_identifier, services = OpenID.discover(openid_identifier)
+  rescue OpenID::DiscoveryFailure => why
+    puts "Discovery failed: #{why.message}"
+    puts
+  else
+    show_services(openid_identifier, normalized_identifier, services)
+  end
+end

data/examples/rails_openid/README

@@ -0,0 +1,153 @@
+== Welcome to Rails
+
+Rails is a web-application and persistence framework that includes everything
+needed to create database-backed web-applications according to the
+Model-View-Control pattern of separation. This pattern splits the view (also
+called the presentation) into "dumb" templates that are primarily responsible
+for inserting pre-built data in between HTML tags. The model contains the
+"smart" domain objects (such as Account, Product, Person, Post) that holds all
+the business logic and knows how to persist themselves to a database. The
+controller handles the incoming requests (such as Save New Account, Update
+Product, Show Post) by manipulating the model and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in 
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails.  You can read more about Action Pack in 
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting started
+
+1. Run the WEBrick servlet: <tt>ruby script/server</tt> (run with --help for options)
+   ...or if you have lighttpd installed: <tt>ruby script/lighttpd</tt> (it's faster)
+2. Go to http://localhost:3000/ and get "Congratulations, you've put Ruby on Rails!"
+3. Follow the guidelines on the "Congratulations, you've put Ruby on Rails!" screen
+
+
+== Example for Apache conf
+
+  <VirtualHost *:80>
+    ServerName rails
+    DocumentRoot /path/application/public/
+    ErrorLog /path/application/log/server.log
+  
+    <Directory /path/application/public/>
+      Options ExecCGI FollowSymLinks
+      AllowOverride all
+      Allow from all
+      Order allow,deny
+    </Directory>
+  </VirtualHost>
+
+NOTE: Be sure that CGIs can be executed in that directory as well. So ExecCGI
+should be on and ".cgi" should respond. All requests from 127.0.0.1 go
+through CGI, so no Apache restart is necessary for changes. All other requests
+go through FCGI (or mod_ruby), which requires a restart to show changes.
+
+
+== Debugging Rails
+
+Have "tail -f" commands running on both the server.log, production.log, and
+test.log files. Rails will automatically display debugging and runtime
+information to these files. Debugging info will also be shown in the browser
+on requests from 127.0.0.1.
+
+
+== Breakpoints
+
+Breakpoint support is available through the script/breakpointer client. This
+means that you can break out of execution at any point in the code, investigate
+and change the model, AND then resume execution! Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.find_all
+      breakpoint "Breaking out from the list"
+    end
+  end
+  
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the breakpointer window. Here you can do things like:
+
+Executing breakpoint "Breaking out from the list" at .../webrick_server.rb:16 in 'breakpoint'
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8 @attributes={\"title\"=>nil, \"body\"=>nil, \"id\"=>\"1\"}>, 
+       #<Post:0x14a6620 @attributes={\"title\"=>\"Rails you know!\", \"body\"=>\"Only ten..\", \"id\"=>\"2\"}>]"
+  >> @posts.first.title = "hello from a breakpoint"
+  => "hello from a breakpoint"
+
+...and even better is that you can examine how your runtime objects actually work:
+
+  >> f = @posts.first 
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you press CTRL-D
+
+
+== Console
+
+You can interact with the domain model by starting the console through script/console. 
+Here you'll have all parts of the application configured, just like it is when the
+application is running. You can inspect domain models, change values, and save to the
+database. Starting the script without arguments will launch it in the development environment.
+Passing an argument will specify a different environment, like <tt>console production</tt>.
+
+
+== Description of contents
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/controllers
+  Holds controllers that should be named like weblog_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb.
+  Most models will descend from ActiveRecord::Base.
+  
+app/views
+  Holds the template files for the view that should be named like
+  weblog/index.rhtml for the WeblogController#index action. All views use eRuby
+  syntax. This directory can also be used to keep stylesheets, images, and so on
+  that can be symlinked to public.
+  
+app/helpers
+  Holds view helpers that should be named like weblog_helper.rb.
+
+config
+  Configuration files for the Rails environment, the routing map, the database, and other dependencies.
+
+components
+  Self-contained mini-applications that can bundle together controllers, models, and views.
+
+lib
+  Application specific libraries. Basically, any kind of custom code that doesn't
+  belong under controllers, models, or helpers. This directory is in the load path.
+    
+public
+  The directory available for the web server. Contains subdirectories for images, stylesheets,
+  and javascripts. Also contains the dispatchers and the default HTML files.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins subdirectory.
+  This directory is in the load path.

data/examples/rails_openid/Rakefile

@@ -0,0 +1,10 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/switchtower.rake, and they will automatically be available to Rake.
+
+require(File.join(File.dirname(__FILE__), 'config', 'boot'))
+
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+require 'tasks/rails'

data/examples/rails_openid/app/controllers/application.rb

@@ -0,0 +1,4 @@
+# Filters added to this controller will be run for all controllers in the application.
+# Likewise, all the methods added will be available for all controllers.
+class ApplicationController < ActionController::Base
+end

data/examples/rails_openid/app/controllers/consumer_controller.rb

@@ -0,0 +1,125 @@
+require 'pathname'
+
+require "openid"
+require 'openid/extensions/sreg'
+require 'openid/extensions/pape'
+require 'openid/store/filesystem'
+
+class ConsumerController < ApplicationController
+  layout nil
+
+  def index
+    # render an openid form
+  end
+
+  def start
+    begin
+      identifier = params[:openid_identifier]
+      if identifier.nil?
+        flash[:error] = "Enter an OpenID identifier"
+        redirect_to :action => 'index'
+        return
+      end
+      oidreq = consumer.begin(identifier)
+    rescue OpenID::OpenIDError => e
+      flash[:error] = "Discovery failed for #{identifier}: #{e}"
+      redirect_to :action => 'index'
+      return
+    end
+    if params[:use_sreg]
+      sregreq = OpenID::SReg::Request.new
+      # required fields
+      sregreq.request_fields(['email','nickname'], true)
+      # optional fields
+      sregreq.request_fields(['dob', 'fullname'], false)
+      oidreq.add_extension(sregreq)
+      oidreq.return_to_args['did_sreg'] = 'y'
+    end
+    if params[:use_pape]
+      papereq = OpenID::PAPE::Request.new
+      papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT)
+      papereq.max_auth_age = 2*60*60
+      oidreq.add_extension(papereq)
+      oidreq.return_to_args['did_pape'] = 'y'
+    end
+    if params[:force_post]
+      oidreq.return_to_args['force_post']='x'*2048
+    end
+    return_to = url_for :action => 'complete', :only_path => false
+    realm = url_for :action => 'index', :id => nil, :only_path => false
+
+    if oidreq.send_redirect?(realm, return_to, params[:immediate])
+      redirect_to oidreq.redirect_url(realm, return_to, params[:immediate])
+    else
+      render :text => oidreq.html_markup(realm, return_to, params[:immediate], {'id' => 'openid_form'})
+    end
+  end
+
+  def complete
+    # FIXME - url_for some action is not necessarily the current URL.
+    current_url = url_for(:action => 'complete', :only_path => false)
+    parameters = params.reject { |k,v|
+      # params keys are String; Rails 3.1 path_parameters keys are Symbol
+      request.path_parameters[k.to_sym]
+    }
+    oidresp = consumer.complete(parameters, current_url)
+    case oidresp.status
+    when OpenID::Consumer::FAILURE
+      if oidresp.display_identifier
+        flash[:error] = ("Verification of #{oidresp.display_identifier}"\
+                         " failed: #{oidresp.message}")
+      else
+        flash[:error] = "Verification failed: #{oidresp.message}"
+      end
+    when OpenID::Consumer::SUCCESS
+      flash[:success] = ("Verification of #{oidresp.display_identifier}"\
+                         " succeeded.")
+      if params[:did_sreg]
+        sreg_resp = OpenID::SReg::Response.from_success_response(oidresp)
+        sreg_message = "Simple Registration data was requested"
+        if sreg_resp.empty?
+          sreg_message << ", but none was returned."
+        else
+          sreg_message << ". The following data were sent:"
+          sreg_resp.data.each {|k,v|
+            sreg_message << "<br/><b>#{k}</b>: #{v}"
+          }
+        end
+        flash[:sreg_results] = sreg_message
+      end
+      if params[:did_pape]
+        pape_resp = OpenID::PAPE::Response.from_success_response(oidresp)
+        pape_message = "A phishing resistant authentication method was requested"
+        if pape_resp.auth_policies.member? OpenID::PAPE::AUTH_PHISHING_RESISTANT
+          pape_message << ", and the server reported one."
+        else
+          pape_message << ", but the server did not report one."
+        end
+        if pape_resp.auth_time
+          pape_message << "<br><b>Authentication time:</b> #{pape_resp.auth_time} seconds"
+        end
+        if pape_resp.nist_auth_level
+          pape_message << "<br><b>NIST Auth Level:</b> #{pape_resp.nist_auth_level}"
+        end
+        flash[:pape_results] = pape_message
+      end
+    when OpenID::Consumer::SETUP_NEEDED
+      flash[:alert] = "Immediate request failed - Setup Needed"
+    when OpenID::Consumer::CANCEL
+      flash[:alert] = "OpenID transaction cancelled."
+    else
+    end
+    redirect_to :action => 'index'
+  end
+
+  private
+
+  def consumer
+    if @consumer.nil?
+      dir = Pathname.new(RAILS_ROOT).join('db').join('cstore')
+      store = OpenID::Store::Filesystem.new(dir)
+      @consumer = OpenID::Consumer.new(session, store)
+    end
+    return @consumer
+  end
+end