foreverman-authlogic-connect 0.0.1

data/lib/authlogic_connect/authlogic_connect.rb

@@ -0,0 +1,46 @@
+module AuthlogicConnect
+  KEY = "connect" unless defined?(KEY)
+  OAUTH = "oauth" unless defined?(OAUTH)
+  OPEN_ID = "open_id" unless defined?(OPEN_ID)
+  
+  class << self
+    
+    attr_accessor :config
+    
+    def config=(value)
+      value.recursively_symbolize_keys!
+      @config = value
+    end
+    
+    def key(path)
+      result = self.config
+      path.to_s.split(".").each { |node| result = result[node.to_sym] if result }
+      result
+    end
+    
+    def credentials(service)
+      key("#{KEY}.#{service.to_s}")
+    end
+    
+    def services
+      key(KEY)
+    end
+    
+    def service_names
+      services.keys.collect(&:to_s)
+    end
+    
+    def include?(service)
+      !credentials(service).nil?
+    end
+    
+    def token(key)
+      raise "can't find key '#{key.to_s}' in AuthlogicConnect.config" unless AuthlogicConnect.include?(key) and !key.to_s.empty?
+      "#{key.to_s.camelcase}Token".constantize
+    end
+    
+    def consumer(key)
+      token(key).consumer
+    end
+  end
+end

data/lib/authlogic_connect/callback_filter.rb

@@ -0,0 +1,19 @@
+class AuthlogicConnect::CallbackFilter
+  def initialize(app)
+    @app = app
+  end
+  
+  # this intercepts how the browser interprets the url.
+  # so we override it and say,
+  # "if we've stored a variable in the session called :auth_callback_method,
+  # then convert that into a POST call so we re-call the original method"
+  def call(env)
+    if env["rack.session"].nil?
+      raise "Make sure you are setting the session in Rack too!  Place this in config/application.rb"
+    end
+    unless env["rack.session"][:auth_callback_method].blank?
+      env["REQUEST_METHOD"] = env["rack.session"].delete(:auth_callback_method).to_s.upcase
+    end
+    @app.call(env)
+  end
+end

data/lib/authlogic_connect/common.rb

@@ -0,0 +1,10 @@
+module AuthlogicConnect::Common
+end
+
+require File.dirname(__FILE__) + "/common/state"
+require File.dirname(__FILE__) + "/common/variables"
+require File.dirname(__FILE__) + "/common/user"
+require File.dirname(__FILE__) + "/common/session"
+
+ActiveRecord::Base.send(:include, AuthlogicConnect::Common::User)
+Authlogic::Session::Base.send(:include, AuthlogicConnect::Common::Session)

data/lib/authlogic_connect/common/session.rb

@@ -0,0 +1,30 @@
+module AuthlogicConnect::Common
+  module Session
+    
+    def self.included(base)    
+      base.class_eval do
+        include Variables
+        include InstanceMethods
+      end
+    end
+    
+    module InstanceMethods
+      
+      # core save method coordinating how to save the session.
+      # want to destroy the block if we redirect to a remote service, that's it.
+      # otherwise the block contains the render methods we wan to use
+      def save(&block)
+        self.errors.clear
+        # log_state
+        authenticate_via_protocol(block_given?) do |redirecting|
+          block = nil if redirecting
+          result = super(&block)
+          cleanup_authentication_session unless block.nil?
+          result
+        end
+      end
+      
+    end
+    
+  end
+end

data/lib/authlogic_connect/common/state.rb

@@ -0,0 +1,45 @@
+# This class holds query/state variables common to oauth and openid
+module AuthlogicConnect::Common::State
+  
+  def auth_controller?
+    !auth_controller.blank?
+  end
+
+  def auth_params?
+    auth_controller? && !auth_params.blank?
+  end
+  
+  def auth_session?
+    !auth_session.blank?
+  end
+  
+  def is_auth_session?
+    self.is_a?(Authlogic::Session::Base)
+  end
+  
+  def start_authentication?
+    start_oauth? || start_openid?
+  end
+  
+  def validate_password_with_oauth?
+    !using_openid? && super
+  end
+  
+  def validate_password_with_openid?
+    !using_oauth? && super
+  end
+  
+  # because user and session are so closely tied together, I am still
+  # uncertain as to how they are saved.  So this makes sure if we are
+  # logging in, it must be saving the session, otherwise the user.
+  def correct_request_class?
+    return false unless auth_params?
+    
+    if is_auth_session?
+      auth_type.to_s == "session"
+    else
+      auth_type.to_s == "user"
+    end
+  end
+  
+end

data/lib/authlogic_connect/common/user.rb

@@ -0,0 +1,77 @@
+# This class is the main api for the user.
+# It is also required to properly sequence the save methods
+# for the different authentication types (oauth and openid)
+module AuthlogicConnect::Common::User
+    
+  def self.included(base)
+    base.class_eval do
+      add_acts_as_authentic_module(InstanceMethods, :append)
+      add_acts_as_authentic_module(AuthlogicConnect::Common::Variables, :prepend)
+    end
+  end
+  
+  module InstanceMethods
+    
+    def self.included(base)
+      base.class_eval do
+        has_many :access_tokens, :class_name => "AccessToken", :dependent => :destroy
+        belongs_to :active_token, :class_name => "AccessToken", :dependent => :destroy
+        accepts_nested_attributes_for :access_tokens, :active_token
+      end
+    end
+    
+    def authenticated_with
+      @authenticated_with ||= self.access_tokens.collect{|t| t.service_name.to_s}
+    end
+    
+    def authenticated_with?(service)
+      self.access_tokens.detect{|t| t.service_name.to_s == service.to_s}
+    end
+    
+    def update_attributes(attributes, &block)
+      self.attributes = attributes
+      save(:validate => true, &block)
+    end
+    
+    def has_token?(service_name)
+      !get_token(service_name).nil?
+    end
+    
+    def get_token(service_name)
+      self.access_tokens.detect {|i| i.service_name.to_s == service_name.to_s}
+    end
+    
+    # core save method coordinating how to save the user.
+    # we dont' want to ru validations based on the 
+    # authentication mission we are trying to accomplish.
+    # instead, we just return save as false.
+    # the next time around, when we recieve the callback,
+    # we will run the validations.
+    # when you call 'current_user_session' in ApplicationController,
+    # it leads to calling 'save' on this User object via "session.record.save",
+    # from the 'persisting?' method.  So we don't want any of this to occur
+    # when that save is called, and the only way to check currently is
+    # to check if there is a block_given?
+    def save(options = {}, &block)
+      self.errors.clear
+      # log_state
+      options = {} if options == false
+      options[:validate] = true unless options.has_key?(:validate)
+      save_options = ActiveRecord::VERSION::MAJOR < 3 ? options[:validate] : options
+      
+      # kill the block if we're starting authentication
+      authenticate_via_protocol(block_given?, options) do |start_authentication|
+        block = nil if start_authentication # redirecting
+        # forces you to validate, only if a block is given
+        result = super(save_options) # validate!
+        unless block.nil?
+          cleanup_authentication_session(options)
+          yield(result)
+        end
+        result
+      end
+    end
+    
+  end
+  
+end

data/lib/authlogic_connect/common/variables.rb

@@ -0,0 +1,124 @@
+module AuthlogicConnect::Common::Variables
+  include AuthlogicConnect::Common::State
+
+  attr_reader :processing_authentication
+  
+  def auth_class
+    is_auth_session? ? self.class : session_class
+  end
+  
+  def auth_controller
+    is_auth_session? ? controller : session_class.controller
+  end
+  
+  def auth_params
+    return nil unless auth_controller?
+    auth_controller.params.symbolize_keys!
+    auth_controller.params.keys.each do |key|
+      auth_controller.params[key.to_s] = auth_controller.params.delete(key) if key.to_s =~ /^OpenID/
+    end
+    auth_controller.params
+  end
+  
+  def auth_session
+    return nil unless auth_controller?
+    auth_controller.session.symbolize_keys!
+    auth_controller.session.keys.each do |key|
+      auth_controller.session[key.to_s] = auth_controller.session.delete(key) if key.to_s =~ /^OpenID/
+    end
+    auth_controller.session
+  end
+  
+  def auth_callback_url(options = {})
+    auth_controller.url_for({:controller => auth_controller.controller_name, :action => auth_controller.action_name}.merge(options))
+  end
+  
+  # if we've said it's a "user" (registration), or a "session" (login)
+  def auth_type
+    from_session_or_params(:authentication_type)
+  end
+  
+  # auth_params and auth_session attributes are all String!
+  def from_session_or_params(attribute)
+    return nil unless auth_controller?
+    key = attribute.is_a?(Symbol) ? attribute : attribute.to_sym
+    result = auth_params[key] if (auth_params && auth_params[key])
+    result = auth_session[key] if (result.nil? || result.blank?)
+    result
+  end
+  
+  def add_session_key(key, value)
+    
+  end
+  
+  def remove_session_key(key)
+    keys = key.is_a?(Symbol) ? [key, key.to_s] : [key, key.to_sym]
+    keys.each {|k| auth_session.delete(k)}
+  end
+    
+  # wraps the call to "save" (in yield).
+  # reason being, we need to somehow not allow oauth/openid validations to run
+  # when we don't have a block.  We can't know that using class methods, so we create
+  # this property "processing_authentication", which is used in the validation method.
+  # it's value is set to "block_given", which is the value of block_given?
+  def authenticate_via_protocol(block_given = false, options = {}, &block)
+    @processing_authentication = auth_controller? && block_given
+    saved = yield start_authentication?
+    @processing_authentication = false
+    saved
+  end
+  
+  # returns boolean
+  def authentication_protocol(with, phase)
+    returning(send("#{phase.to_s}_#{with.to_s}?")) do |ready|
+      send("#{phase.to_s}_#{with.to_s}") if ready
+    end if send("using_#{with.to_s}?")
+  end
+  
+  # it only reaches this point once it has returned, or you
+  # have manually skipped the redirect and save was called directly.
+  def cleanup_authentication_session(options = {}, &block)
+    unless (options.has_key?(:keep_session) && options[:keep_session])
+      %w(oauth openid).each do |type|
+        send("cleanup_#{type.to_s}_session")
+      end
+    end
+  end
+  
+  def log(*methods)
+    methods.each do |method|
+      puts "#{method.to_s}: #{send(method).inspect}"
+    end
+  end
+    
+  def log_state
+    log(:correct_request_class?)
+    log(:using_oauth?, :start_oauth?, :complete_oauth?)
+    log(:oauth_request?, :oauth_response?, :stored_oauth_token_and_secret?)
+    log(:using_openid?, :start_openid?, :complete_openid?, :openid_request?, :openid_response?)
+    log(:authenticating_with_openid?)
+    log(:stored_oauth_token_and_secret)
+  end
+  
+  # because we may need to store 6+ session variables, all with pretty lengthy names,
+  # might as well just tinify them.
+  # just an idea
+  def optimized_session_key(key)
+    @optimized_session_keys ||= {
+      :auth_request_class         => :authcl,
+      :authentication_method      => :authme,
+      :authentication_type        => :authty,
+      :oauth_provider             => :authpr,
+      :auth_callback_method       => :authcb,
+      :oauth_request_token        => :authtk,
+      :oauth_request_token_secret => :authsc,
+      :auth_attributes            => :authat
+    }
+    @optimized_session_keys[key]
+  end
+  
+  def auto_register?
+    true
+  end
+  
+end

data/lib/authlogic_connect/engine.rb

@@ -0,0 +1,14 @@
+module AuthlogicConnect
+  class Engine < Rails::Engine
+    
+    initializer "authlogic_connect.authentication_hook" do |app|
+      app.middleware.use AuthlogicConnect::CallbackFilter
+      app.middleware.use OpenIdAuthentication
+    end
+    
+    initializer "authlogic_connect.finalize", :after => "authlogic_connect.authentication_hook" do |app|
+      OpenID::Util.logger = Rails.logger
+      ActionController::Base.send :include, OpenIdAuthentication
+    end
+  end
+end

data/lib/authlogic_connect/ext.rb

@@ -0,0 +1,56 @@
+# these are extensions I've found useful for this project
+class String
+  # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
+  def normalize_identifier
+    # clean up whitespace
+    identifier = self.dup.strip
+
+    # if an XRI has a prefix, strip it.
+    identifier.gsub!(/xri:\/\//i, '')
+
+    # dodge XRIs -- TODO: validate, don't just skip.
+    unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
+      # does it begin with http?  if not, add it.
+      identifier = "http://#{identifier}" unless identifier =~ /^http/i
+
+      # strip any fragments
+      identifier.gsub!(/\#(.*)$/, '')
+
+      begin
+        uri = URI.parse(identifier)
+        uri.scheme = uri.scheme.downcase  # URI should do this
+        identifier = uri.normalize.to_s
+      rescue URI::InvalidURIError
+        raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
+      end
+    end
+
+    return identifier
+  end
+end
+
+class Hash
+  def recursively_symbolize_keys!
+    self.symbolize_keys!
+    self.values.each do |v|
+      if v.is_a? Hash
+        v.recursively_symbolize_keys!
+      elsif v.is_a? Array
+        v.recursively_symbolize_keys!
+      end
+    end
+    self
+  end
+end
+
+class Array
+  def recursively_symbolize_keys!
+    self.each do |item|
+      if item.is_a? Hash
+        item.recursively_symbolize_keys!
+      elsif item.is_a? Array
+        item.recursively_symbolize_keys!
+      end
+    end
+  end
+end

data/lib/authlogic_connect/oauth.rb

@@ -0,0 +1,14 @@
+module AuthlogicConnect::Oauth
+end
+
+require File.dirname(__FILE__) + "/oauth/state"
+require File.dirname(__FILE__) + "/oauth/variables"
+require File.dirname(__FILE__) + "/oauth/process"
+require File.dirname(__FILE__) + "/oauth/user"
+require File.dirname(__FILE__) + "/oauth/session"
+require File.dirname(__FILE__) + "/oauth/helper"
+
+ActiveRecord::Base.send(:include, AuthlogicConnect::Oauth::User)
+Authlogic::Session::Base.send(:include, AuthlogicConnect::Oauth::Session)
+ActionController::Base.helper AuthlogicConnect::Oauth::Helper
+ActionView::Helpers::FormBuilder.send(:include, AuthlogicConnect::Oauth::FormHelper)