google-authsub 0.0.4

data/google-authsub.gemspec

@@ -0,0 +1,109 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{google-authsub}
+  s.version = "0.0.4"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Stuart Coyle", "Jesse Storimer"]
+  s.date = %q{2010-01-22}
+  s.description = %q{GoogleAuthSub provides the Google Authentications for Web Applications API.}
+  s.email = %q{stuart.coyle@gmail.com}
+  s.extra_rdoc_files = [
+    "README"
+  ]
+  s.files = [
+    ".gitignore",
+     "MIT-LICENSE",
+     "README",
+     "Rakefile",
+     "VERSION",
+     "coverage/-Library-Ruby-Gems-1_8-gems-FakeWeb-1_1_2-lib-fake_net_http_rb.html",
+     "coverage/-Library-Ruby-Gems-1_8-gems-FakeWeb-1_1_2-lib-fake_web_rb.html",
+     "coverage/-Library-Ruby-Gems-1_8-gems-rcov-0_8_1_2_0-lib-rcov_rb.html",
+     "coverage/index.html",
+     "coverage/lib-googleauthsub_rb.html",
+     "coverage/spec-googleauthsub_spec_rb.html",
+     "coverage/spec-spec_helper_rb.html",
+     "doc/classes/AuthEchoServlet.html",
+     "doc/classes/AuthEchoServlet.src/M000001.html",
+     "doc/classes/AuthEchoServlet.src/M000002.html",
+     "doc/classes/GData.html",
+     "doc/classes/GData/AuthSubError.html",
+     "doc/classes/GData/AuthSubError.src/M000019.html",
+     "doc/classes/GData/Error.html",
+     "doc/classes/GData/GoogleAuthSub.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000001.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000002.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000003.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000004.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000005.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000006.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000007.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000008.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000009.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000010.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000011.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000012.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000013.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000014.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000015.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000016.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000017.html",
+     "doc/classes/GData/GoogleAuthSub.src/M000018.html",
+     "doc/created.rid",
+     "doc/files/googleauthsub_rb.html",
+     "doc/files/lib/googleauthsub_rb.html",
+     "doc/files/spec/googleauthsub_spec_rb.html",
+     "doc/files/spec/googleresponder_rb.html",
+     "doc/files/spec/spec_helper_rb.html",
+     "doc/fr_class_index.html",
+     "doc/fr_file_index.html",
+     "doc/fr_method_index.html",
+     "doc/index.html",
+     "doc/rdoc-style.css",
+     "google-authsub-0.0.2.gem",
+     "google-authsub-0.0.3.gem",
+     "google-authsub.gemspec",
+     "lib/googleauthsub.rb",
+     "live test/authsub_test.html",
+     "live test/gastest.rb",
+     "spec/googleauthsub_spec.rb",
+     "spec/googleresponder.rb",
+     "spec/mock responses/bad_token_info.txt",
+     "spec/mock responses/calendar.txt",
+     "spec/mock responses/revoke_token.txt",
+     "spec/mock responses/revoked_token.txt",
+     "spec/mock responses/session_token.txt",
+     "spec/mock responses/token_info.txt",
+     "spec/mock responses/unauthorized.txt",
+     "spec/mock_certs/test_private_key.pem",
+     "spec/mock_certs/test_public_key.pem",
+     "spec/spec_helper.rb",
+     "spec/spec_opts"
+  ]
+  s.homepage = %q{http://github.com/stuart/google-authsub/tree/master}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{A ruby implementation of Google Authentication for Web Applications API}
+  s.test_files = [
+    "spec/googleauthsub_spec.rb",
+     "spec/googleresponder.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end
+

data/lib/googleauthsub.rb

@@ -0,0 +1,271 @@
+# AuthSub - Ruby library for Google Authorization
+# # Copyright 2008-2009 Stuart Coyle <stuart.coyle@gmail.com>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'uri'
+require 'net/https'
+require 'openssl'
+require 'base64'
+require 'cgi'
+
+# Note: The module declared here may change depending on what other developers are using.
+#
+module GData
+  
+    GOOGLE_HOST_URL = "www.google.com"
+    GOOGLE_AUTHSUB_BASE_PATH = "/accounts"
+    GOOGLE_AUTHSUB_REQUEST_PATH = GOOGLE_AUTHSUB_BASE_PATH + "/AuthSubRequest"
+    GOOGLE_AUTHSUB_SESSION_TOKEN_PATH = GOOGLE_AUTHSUB_BASE_PATH + "/AuthSubSessionToken"
+    GOOGLE_AUTHSUB_REVOKE_PATH = GOOGLE_AUTHSUB_BASE_PATH + "/AuthSubRevokeToken"
+    GOOGLE_AUTHSUB_TOKEN_INFO_PATH = GOOGLE_AUTHSUB_BASE_PATH + "/AuthSubTokenInfo"
+
+class Error < Exception
+end
+
+class AuthSubError < Error
+  def message
+    "Google Authentication Error" << " : #{@message}" if @message
+  end
+end
+
+
+# GoogleAuthSub
+# This class handles the Google Authentication for Web Applications API
+#
+class GoogleAuthSub
+
+  attr_accessor :target, :scope, :session, :secure, :next_url, :token, :sigalg
+
+  # +key+ can be a File, String or OpenSSL::Pkey::RSA
+  # Sets the private key to use for secure sessions.
+  # This should correspond to the public key sent to Google in
+  # the registration process.
+  # For registration details see:
+  #   http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html
+  #
+  # This sets the class variable @@pkey to an OpenSSL::Pkey::RSA object
+  # 
+  def self.set_private_key(key)
+     case key
+       when OpenSSL::PKey::RSA
+         @@pkey = key
+       when File
+         # Read key from a PEM file.
+         @@pkey = OpenSSL::PKey::RSA.new(key.read)
+       when String
+         # Get key from a PEM in the form of a string.
+         @@pkey = OpenSSL::PKey::RSA.new(key)
+       else
+         raise AuthSubError, "Private Key in wrong format. Require IO, String or OpenSSL::Pkey::RSA, you gave me #{key.class}"
+     end
+  end
+
+  # Create a new GoogleAuthsub object
+  # Options specified in +opts+ consist of:
+  #
+  # * :next_url - (String)  The url to redirect back to once the user has signed in to Google.
+  # * :scope_url - (String) The service from Google that you wish to receive data from with this token.
+  # * :session - (boolean)  Whether the token is able to be used to get a session token or is just one use.
+  # * :secure - (boolean) Whether the token can be used for sessions.
+  # * :sigalg - (String) Currently not needed, as the Authsub specification only has rsa-sha1.  
+  def initialize(opts = {})
+    self.next_url = opts[:next_url] || ''
+    self.scope = opts[:scope_url] || ''
+    self.session = opts[:session] || false
+    self.secure = opts[:secure] || false
+    self.sigalg = opts[:sigalg] || "rsa-sha1"
+  end
+
+  # This returns a URI::HTTPS object which contains the Google url to request a token from.
+  def request_url
+     raise AuthSubError, "Invalid next URL: #{@next_url}" if !full_url?(@next_url)
+     raise AuthSubError, "Invalid scope URL: #{@scope}" if !full_url?(@scope)
+     query = "next=" << @next_url << "&scope=" << @scope << "&session="<<
+             (session_token? ? '1' : '0')<< "&secure="<< (secure_token? ? '1' : '0')
+     query = URI.encode(query)
+     URI::HTTPS.build({:host => GOOGLE_HOST_URL, :path => GOOGLE_AUTHSUB_REQUEST_PATH, :query => query })
+  end
+
+  # +url+ :the URL received from Google once the user has signed in.
+  #
+  # This method extracts the token from the request url that Google
+  # sends the user back to.
+  # This url will be like: http://www.example.com/next?Token=CMDshfjfkeodf
+  # In Rails applications you don't need this method, just use
+  # +GoogleAuthsub#token=params[:token]+
+  #
+  def receive_token(url)
+      raise AuthSubError, "receive_token() was not passed a url, #{@url.class} received instead." if !url.class == URI::HTTP
+      q = url.query.match( /.*token=(.*)/i) if !url.query.nil?
+      @token = q[1] if !q.nil?
+  end
+
+  # Returns true if this token can be exchanged for a session token
+  def session_token?
+    session == true
+  end
+
+  # Returns true if the token is used for secure sessions
+  def secure_token?
+    secure == true
+  end
+
+  # request_session_token
+  # This method exchanges a previously received single use token with a session token.
+  # Raises error if an invalid response is received.
+  def request_session_token
+   url =  URI::HTTPS.build({:host => GOOGLE_HOST_URL,
+        :path => GOOGLE_AUTHSUB_SESSION_TOKEN_PATH})
+   begin
+     response = get(url)
+   rescue
+     raise AuthSubError, "Invalid session token response."
+   end 
+   @token = response.body.match(/^Token=(.*)$/)[1]
+  end
+
+  # revoke_token
+  # This revokes either a single use or session token
+  # The token will not be able to be used again if this call is successful.
+  # It returns true on sucess, false on failure.
+  def revoke_token
+    url = URI::HTTPS.build({:host=>GOOGLE_HOST_URL,
+      :path => GOOGLE_AUTHSUB_REVOKE_PATH})
+    begin
+     response = get(url)
+     true
+    rescue
+     false
+    end
+  end
+
+  # token_info
+  # Returns the information for the session token from Google.
+  # Returns a map {:target, :scope, :secure}
+  def token_info
+    url =  URI::HTTPS.build({:host=>GOOGLE_HOST_URL,
+      :path => GOOGLE_AUTHSUB_TOKEN_INFO_PATH})
+    response = get(url)
+    info = Hash.new
+    begin
+      info[:target] = response.body.match(/^Target=(.*)$/)[1]
+      info[:scope] = response.body.match(/^Scope=(.*)$/)[1]
+      info[:secure] = (response.body.match(/^Secure=(.*)$/)[1].downcase == 'true')
+    rescue
+      raise AuthSubError, "Google Authsub Error: invalid token info packet received."
+    end
+    return info
+  end
+
+  # get +url+s
+  # Does a HTTP GET request to Google using the AuthSub token.
+  # This returns a Net::HTTPResponse object.
+  def get(url)
+     authsub_http_request(Net::HTTP::Get,url)
+  end
+  
+  # post +url+
+  # Does a HTTP POST request to Google using the AuthSub token.
+  # This returns a Net::HTTPResponse object.
+  def post(url)
+     authsub_http_request(Net::HTTP::Post,url)
+  end
+
+  # put +url+
+  # Does a HTTP PUT request to Google using the AuthSub token.
+  # This returns a Net::HTTPResponse object.
+  def put(url)
+    authsub_http_request(Net::HTTP::Put,url)
+  end
+
+  # delete +url+
+  # Does a HTTP DELETE request to Google using the AuthSub token.
+  # This returns a Net::HTTPResponse object.
+  def delete(url)
+    authsub_http_request(Net::HTTP::Delete,url)
+  end
+
+  private
+
+  def authsub_http_request(method, u) #:nodoc:
+    case u
+      when String
+        # Add scope
+        u = (@scope << u) if @scope && !u.include?(@scope)
+        begin
+          url = URI.parse(u)
+        rescue URI::InvalidURIError
+          raise URI::InvalidURIError
+        end
+      when URI
+        url = u
+      else
+        raise AuthSubError, "url must be String or URI, #{url.class} received."
+    end
+
+    if method.superclass != Net::HTTPRequest
+      raise AuthSubError, "method must be a Net::HTTPRequest subclass (GET POST PUT DELETE). #{method} received."
+    end
+    request = method.new(url.path)
+    request['Authorization'] = authorization_header(request, url)
+    connection =  Net::HTTP.new(url.host, url.port)
+    connection.use_ssl= (url.scheme == 'https')
+    response = connection.start{ |http| http.request(request) }
+    case response
+       when Net::HTTPSuccess
+         #OK
+       else
+         response.error!
+       end
+    response
+  end
+
+  # Construct the authorization header for a request
+  def authorization_header(request, url)
+    case secure_token?
+    when false
+      return "AuthSub token=\"#{@token}\""
+    when true
+      timestamp = Time.now.to_i
+      nonce = OpenSSL::BN.rand_range(2**64)
+      data = request.method + ' ' + url.to_s + ' ' + timestamp.to_s + ' ' + nonce.to_s
+      digest = OpenSSL::Digest::SHA1.new(data).hexdigest
+      sig = [@@pkey.private_encrypt(digest)].pack("m")  #Base64 encode
+      return "AuthSub token=\"#{@token}\" data=\"#{data}\" sig=\"#{sig}\" sigalg=\"#{@sigalg}\""
+    end
+  end
+  
+  # Checks whether a URL is a full url, i.e. has all of scheme, host and path.
+  def full_url?(url)
+    # First check if it is a bad uri
+    begin
+      u = URI.parse(url)
+    rescue URI.InvalidURIError
+      return false
+    end
+    return false if u.scheme.nil? || u.host.nil? || u.path.nil?
+    true
+  end
+  
+end
+
+end
+

data/live test/authsub_test.html

@@ -0,0 +1,40 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
+   "http://www.w3.org/TR/html4/strict.dtd">
+
+<html lang="en">
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+	<title>authsub_test</title>
+	<meta name="generator" content="TextMate http://macromates.com/">
+	<meta name="author" content="stuart">
+	<!-- Date: 2008-08-20 -->
+</head>
+<body>
+    <h2>Google Authsub Test</h2>
+    <p>These pages test the Ruby google-authsub library and explain how to use it.</p>
+    <h3>STEP 1: <i>Request a token from Google</i></h3>
+    <p>For a web app to access Google's services. We need to get an authorization token from Google.</p>
+    
+    <p>We will create our GoogleAuthSub object something like this:</p>
+       <p> <code>auth = GoogleAuthSub.new(:next_url=>"http://www.schedy.com/test2.html, :session=>false, :secure=>false, :scope=>"http://google.com/calendar/feeds")</code>
+    </p>
+    <p>The url to redirect to is found from <code>auth.request_url</code>. It is then up to the application to perform this redirect.
+    </p>
+    <p>If the request is successful and the user logs in correctly, the user will be redirected back to the <code>auth.next_url</code>
+    </p>
+    <p>To try it, use the form below and press 'Continue'</p>
+    <form action="authsub_test_2" method="get" accept-charset="utf-8">
+    <h3>Google Authsub Token Attributes</h3>
+    <b>Token Type</b><p>If session is selected, the token will be able to be exchanged for a session (i.e. multiple use) token.</p><nbsp> 
+    Session:<input type="radio" name="session" value="true" id="session">
+    Single Use:<input type="radio" name="session" value="false" id="session" checked="true"><br/><br/>
+    <b>Secure (use https)</b><p>If secure=true, this token will be used for secure exchanges using https. The web application site must be registered with Google and have the correct certificate for this to work.</p><nbsp>
+    True<input type="radio" name="secure" value="true" id="session">
+    False<input type="radio" name="secure" value="false" id="session" checked="true"><br/><br/>
+    <b>Scope:</b>
+    <input type="text" name="scope" value="http://google.com/calendar/feeds" id="scope" size="60">
+    <p><input type="submit" value="Continue &rarr;"></p>
+</form>
+<div id=request_url></div>
+</body>
+</html>

data/live test/gastest.rb

@@ -0,0 +1,90 @@
+#!/usr/bin/env ruby
+
+#require 'rubygems'
+require '../lib/googleauthsub'
+require 'webrick'
+include WEBrick
+include GData
+
+s = HTTPServer.new( :Port => 2000,
+                    :SSLEnable => true
+                  )
+
+class SimpleAuthServlet < HTTPServlet::AbstractServlet
+  def do_GET(req, res)
+    @@auth.next_url="http://schedy.com:2000/simpletest"
+    @@auth.receive_token(req.request_uri);
+    url =  @@auth.request_url.to_s
+    res.body = << END_RESPONSE
+    <html><head></head><body><h2>Google-Authsub Test</h2>
+    <p>TOKEN: #{req.query_string.to_s}</p>
+    <p><a href= #{url}>Request GoogleAuthsub Token</a></p>
+    <p><a href=/tokeninfo>Token Information</a></body></html>
+    END_RESPONSE
+    res['Content-Type'] = "text/html"
+  end
+  
+end
+
+class SessionAuthServlet < HTTPServlet::AbstractServlet
+  def do_GET(req, res)
+    @@auth.session = true
+    @@auth.receive_token(req.request_uri)
+    @@auth.request_session_token if !@@auth.token.nil?
+    url =  @@auth.request_url.to_s
+    res.body = "<html><head></head><body><h2>Google-Authsub Test</h2><p>Session Token</p><p>TOKEN: "+req.query_string.to_s+
+    "</p><p><a href="+ url +
+    ">Request GoogleAuthsub Token</a></p><p><a href=/tokeninfo>Token Information</a></body></html>"
+    res['Content-Type'] = "text/html"
+  end
+end
+
+class SecureAuthServlet < HTTPServlet::AbstractServlet
+  def do_GET(req, res)
+    @@auth.next_url="http://schedy.com:2000/sessiontest"
+    @@auth.session = true
+    @@auth.secure = true
+    @@auth.receive_token(req.request_uri);
+    url =  @@auth.request_url.to_s
+    res.body = "<html><head></head><body><h2>Google-Authsub Test</h2><p>Secure Token</p><p>TOKEN: "+req.query_string.to_s+
+    "</p><p><a href="+ url +
+    ">Request GoogleAuthsub Token</a></p><p>INFO:<a href=/tokeninfo>Token Information</a>"
+    "</body></html>"
+    res['Content-Type'] = "text/html"
+  end
+end
+
+class TokenInfoServlet < HTTPServlet::AbstractServlet
+  def do_GET(req, res)
+    info = @@auth.token_info
+    res.body = "<html><head></head><body><h2>Google-Authsub Test</h2><p>TOKEN INFORMATION<ul>" +
+    "<li>Target: "+ info[:target] + "</li>" +
+    "<li>Secure: "+ info[:secure].to_s + "</li>" +
+    "<li>Scope: "+ info[:scope] + "</li>" +
+    "</ul></ul></p></body></html>"
+    res['Content-Type'] = "text/html"
+  end
+
+class CalendarServlet < HTTPServlet::AbstractServlet
+  def do_GET(req, res)
+     res = @@auth.get("http://www.google.com/calendar/feeds/default/owncalendars/full")
+     res['Content-Type'] = "text/html"
+   end
+end
+end
+
+@@auth = GoogleAuthSub.new(:scope_url=>"http://www.google.com/calendar/feeds");
+#s.mount("/authsub_test",AuthSub1Servlet)
+#s.mount("/authsub_test_2",AuthSub2Servlet)
+
+# Assume we have the private key in the file google.key
+GoogleAuthSub.set_private_key("google.key")
+
+s.mount("/simpletest", SimpleAuthServlet)
+s.mount("/tokeninfo",TokenInfoServlet)
+s.mount("/sessiontest", SessionAuthServlet)
+s.mount("/securetest", SecureAuthServlet)
+s.mount("/mycalendars", CalendarServlet)
+
+trap("INT"){ s.shutdown }
+s.start