googleapps-auth 0.0.6 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/googleapps_auth.rb +54 -18
- data/lib/googleapps_auth/railtie.rb +7 -0
- data/lib/{version.rb → googleapps_auth/version.rb} +1 -1
- data/spec/controllers/configuration_spec.rb +10 -0
- data/spec/controllers/googleapps_auth_controller_spec.rb +41 -1
- data/spec/resources/sessions_controller.rb +6 -9
- data/spec/spec_helper.rb +3 -1
- metadata +8 -10
- data/lib/railtie.rb +0 -9
data/lib/googleapps_auth.rb
CHANGED
|
@@ -1,18 +1,21 @@
|
|
|
1
|
-
require "railtie" if defined?(
|
|
1
|
+
require "googleapps_auth/railtie" if defined?(Rails::Railtie)
|
|
2
2
|
|
|
3
3
|
require 'openid'
|
|
4
4
|
require 'openid/store/memory'
|
|
5
5
|
require 'openid/extensions/ax'
|
|
6
6
|
|
|
7
7
|
module GoogleAppsAuth
|
|
8
|
-
ID_PREFIX = "https://www.google.com/accounts/o8/
|
|
9
|
-
|
|
8
|
+
ID_PREFIX = "https://www.google.com/accounts/o8/id"
|
|
9
|
+
DOMAIN_ID_PREFIX = "https://www.google.com/accounts/o8/site-xrds?hd="
|
|
10
|
+
DOMAIN_XRDS_PREFIX = "https://www.google.com/accounts/o8/user-xrds?uri="
|
|
10
11
|
AX_SCHEMAS = {
|
|
11
12
|
:email => "http://schema.openid.net/contact/email",
|
|
12
13
|
:firstname => "http://axschema.org/namePerson/first",
|
|
13
14
|
:lastname => "http://axschema.org/namePerson/last",
|
|
14
|
-
:language => "http://axschema.org/pref/language"
|
|
15
|
+
:language => "http://axschema.org/pref/language",
|
|
16
|
+
:country => "http://axschema.org/contact/country/home",
|
|
15
17
|
}
|
|
18
|
+
@@default_domain = nil
|
|
16
19
|
|
|
17
20
|
def self.certificate_authority_file=(path)
|
|
18
21
|
OpenID.fetcher.ca_file = path
|
|
@@ -26,6 +29,14 @@ module GoogleAppsAuth
|
|
|
26
29
|
OpenID.fetcher.ca_file
|
|
27
30
|
end
|
|
28
31
|
|
|
32
|
+
def self.default_domain=(domain)
|
|
33
|
+
@@default_domain = domain
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def self.default_domain
|
|
37
|
+
@@default_domain
|
|
38
|
+
end
|
|
39
|
+
|
|
29
40
|
class Result
|
|
30
41
|
attr_reader :error
|
|
31
42
|
def initialize(status, error=nil, attrs=nil)
|
|
@@ -54,21 +65,35 @@ module GoogleAppsAuth
|
|
|
54
65
|
class CertificateAuthorityFileError < StandardError; end
|
|
55
66
|
|
|
56
67
|
protected
|
|
57
|
-
|
|
68
|
+
|
|
69
|
+
##
|
|
70
|
+
# return_to::
|
|
71
|
+
# return_action::
|
|
72
|
+
# domain::
|
|
73
|
+
# attrs:: zero or more of [ :email, :firstname, :lastname, :language ]
|
|
74
|
+
def google_apps_auth_begin(opts={})
|
|
58
75
|
assert_certificate_authority_file_present!
|
|
59
76
|
|
|
60
|
-
|
|
77
|
+
opts = {
|
|
78
|
+
:return_action => 'finish',
|
|
79
|
+
:return_to => nil,
|
|
80
|
+
:domain => GoogleAppsAuth.default_domain,
|
|
81
|
+
:attrs => []
|
|
82
|
+
}.merge(opts)
|
|
83
|
+
|
|
61
84
|
begin
|
|
62
|
-
oidreq = consumer.begin GoogleAppsAuth::
|
|
63
|
-
return_to = url_for
|
|
85
|
+
oidreq = consumer.begin opts[:domain] ? GoogleAppsAuth::DOMAIN_ID_PREFIX + opts[:domain] : GoogleAppsAuth::ID_PREFIX
|
|
86
|
+
return_to = opts[:return_to] || url_for(:action => opts[:return_action], :only_path => false)
|
|
64
87
|
realm = request.protocol + request.host_with_port
|
|
65
88
|
ax = OpenID::AX::FetchRequest.new
|
|
66
|
-
|
|
89
|
+
opts[:attrs].each { |attr|
|
|
67
90
|
ax.add OpenID::AX::AttrInfo.new(GoogleAppsAuth::AX_SCHEMAS[attr], attr.to_s, true)
|
|
68
91
|
}
|
|
69
92
|
oidreq.add_extension(ax)
|
|
70
93
|
redirect_to oidreq.redirect_url(realm, return_to, false)
|
|
71
94
|
rescue OpenID::OpenIDError => e
|
|
95
|
+
Rails.logger.error "ERROR: #{e.inspect}" if defined?(Rails)
|
|
96
|
+
|
|
72
97
|
if block_given?
|
|
73
98
|
yield
|
|
74
99
|
else
|
|
@@ -78,8 +103,7 @@ module GoogleAppsAuth
|
|
|
78
103
|
end
|
|
79
104
|
end
|
|
80
105
|
|
|
81
|
-
|
|
82
|
-
def google_apps_handle_auth
|
|
106
|
+
def google_apps_auth_finish
|
|
83
107
|
assert_certificate_authority_file_present!
|
|
84
108
|
|
|
85
109
|
current_url = url_for(:action => request.symbolized_path_parameters[:action], :only_path => false)
|
|
@@ -112,21 +136,33 @@ module GoogleAppsAuth
|
|
|
112
136
|
end
|
|
113
137
|
|
|
114
138
|
def assert_certificate_authority_file_present!
|
|
115
|
-
|
|
139
|
+
unless GoogleAppsAuth.certificate_authority_file?
|
|
116
140
|
raise CertificateAuthorityFileError,
|
|
117
141
|
"Configure a CA file through GoogleAppsAuth.certificate_authority_file="
|
|
118
142
|
end
|
|
143
|
+
|
|
144
|
+
unless File.exists?(GoogleAppsAuth.certificate_authority_file)
|
|
145
|
+
raise CertificateAuthorityFileError,
|
|
146
|
+
"GoogleAppsAuth.certificate_authority_file= is a non-existent file"
|
|
147
|
+
end
|
|
119
148
|
end
|
|
120
149
|
end
|
|
121
150
|
|
|
122
151
|
## TemplateURI's are not followed by the openid gem - so we have to trick it
|
|
152
|
+
## when we're in private domain mode.
|
|
123
153
|
class OpenID::Consumer::IdResHandler
|
|
124
|
-
|
|
154
|
+
original_verify_discovery_results = instance_method(:verify_discovery_results)
|
|
155
|
+
|
|
156
|
+
define_method(:verify_discovery_results) do
|
|
125
157
|
oldid = @message.get_arg(OpenID::OPENID_NS, 'identity', nil)
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
158
|
+
if oldid =~ /google.com\/accounts/
|
|
159
|
+
original_verify_discovery_results.bind(self).call
|
|
160
|
+
else
|
|
161
|
+
@message.set_arg(OpenID::OPENID_NS, 'identity', GoogleAppsAuth::DOMAIN_XRDS_PREFIX + oldid)
|
|
162
|
+
@message.set_arg(OpenID::OPENID_NS, 'claimed_id', GoogleAppsAuth::DOMAIN_XRDS_PREFIX + oldid)
|
|
163
|
+
verify_discovery_results_openid2
|
|
164
|
+
@message.set_arg(OpenID::OPENID_NS, 'identity', oldid)
|
|
165
|
+
@message.set_arg(OpenID::OPENID_NS, 'claimed_id', oldid)
|
|
166
|
+
end
|
|
131
167
|
end
|
|
132
168
|
end
|
|
@@ -17,6 +17,11 @@ describe GoogleAppsAuth do
|
|
|
17
17
|
OpenID.fetcher.should_receive(:ca_file=).with(ca_file)
|
|
18
18
|
GoogleAppsAuth.certificate_authority_file = ca_file
|
|
19
19
|
end
|
|
20
|
+
|
|
21
|
+
it "should know its value" do
|
|
22
|
+
GoogleAppsAuth.certificate_authority_file = ca_file
|
|
23
|
+
GoogleAppsAuth.certificate_authority_file.should eql(ca_file)
|
|
24
|
+
end
|
|
20
25
|
end
|
|
21
26
|
|
|
22
27
|
describe "when not setting the certificate_authority_file property" do
|
|
@@ -30,6 +35,11 @@ describe GoogleAppsAuth do
|
|
|
30
35
|
OpenID.fetcher.should_receive(:ca_file=).with(nil)
|
|
31
36
|
GoogleAppsAuth.certificate_authority_file = nil
|
|
32
37
|
end
|
|
38
|
+
|
|
39
|
+
it "should know its value is nil" do
|
|
40
|
+
GoogleAppsAuth.certificate_authority_file = nil
|
|
41
|
+
GoogleAppsAuth.certificate_authority_file.should be_nil
|
|
42
|
+
end
|
|
33
43
|
end
|
|
34
44
|
|
|
35
45
|
end
|
|
@@ -2,7 +2,11 @@ require File.dirname(__FILE__) + "/../spec_helper"
|
|
|
2
2
|
|
|
3
3
|
describe SessionsController, :type => :controller do
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
let :certfile do
|
|
6
|
+
File.dirname(__FILE__) + "/../cacert.pem"
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
describe "when configuring the plugin" do
|
|
6
10
|
|
|
7
11
|
describe "and no certfile is configured" do
|
|
8
12
|
|
|
@@ -24,4 +28,40 @@ describe SessionsController, :type => :controller do
|
|
|
24
28
|
|
|
25
29
|
end
|
|
26
30
|
|
|
31
|
+
describe "in the auth sequence" do
|
|
32
|
+
|
|
33
|
+
before :all do
|
|
34
|
+
GoogleAppsAuth.certificate_authority_file = certfile
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
describe "when beginning" do
|
|
38
|
+
|
|
39
|
+
it "should redirect away to google when given the correct google apps domain" do
|
|
40
|
+
check_id_request = double(:check_id_request, {:add_extension => nil, :redirect_url => "http://google.com/a/example.com"})
|
|
41
|
+
controller.__send__(:consumer).stub!(:begin).and_return(check_id_request)
|
|
42
|
+
|
|
43
|
+
get :start
|
|
44
|
+
response.should redirect_to("http://google.com/a/example.com")
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
describe "when completing the auth sequence from a correct google apps domain" do
|
|
50
|
+
|
|
51
|
+
it "should return a success result when " do
|
|
52
|
+
status_response = double(:status_response, {:status => OpenID::Consumer::SUCCESS})
|
|
53
|
+
controller.__send__(:consumer).stub!(:complete).and_return(status_response)
|
|
54
|
+
|
|
55
|
+
oid_response = double(:oid_response, {:data => {}})
|
|
56
|
+
OpenID::AX::FetchResponse.stub!(:from_success_response).and_return(oid_response)
|
|
57
|
+
|
|
58
|
+
get :conclude
|
|
59
|
+
|
|
60
|
+
response.should be_success
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
end
|
|
66
|
+
|
|
27
67
|
end
|
|
@@ -1,21 +1,18 @@
|
|
|
1
1
|
class SessionsController < ActionController::Base
|
|
2
2
|
protect_from_forgery
|
|
3
3
|
|
|
4
|
-
cattr_accessor :start_result_spy
|
|
5
|
-
cattr_accessor :conclude_result_spy
|
|
6
|
-
|
|
7
4
|
def start
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
5
|
+
## google_apps_auth_begin :return_action => :conclude, :attrs => [:email] do
|
|
6
|
+
google_apps_auth_begin :domain => "example.com", :return_action => :conclude, :attrs => [:email] do
|
|
7
|
+
render :status => 500, :text => ""
|
|
11
8
|
end
|
|
12
9
|
end
|
|
13
10
|
|
|
14
11
|
def conclude
|
|
15
|
-
if(the_google =
|
|
16
|
-
|
|
12
|
+
if(the_google = google_apps_auth_finish) && the_google.succeeded?
|
|
13
|
+
render :status => 200, :text => ""
|
|
17
14
|
else
|
|
18
|
-
|
|
15
|
+
render :status => 500, :text => ""
|
|
19
16
|
end
|
|
20
17
|
end
|
|
21
18
|
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -4,7 +4,9 @@ $LOAD_PATH.unshift(File.expand_path(File.join(File.dirname(__FILE__), "..", "lib
|
|
|
4
4
|
require "action_controller/railtie"
|
|
5
5
|
|
|
6
6
|
module GoogleAppsAuth
|
|
7
|
-
class Application < ::Rails::Application
|
|
7
|
+
class Application < ::Rails::Application
|
|
8
|
+
config.active_support.deprecation = :log
|
|
9
|
+
end
|
|
8
10
|
end
|
|
9
11
|
|
|
10
12
|
GoogleAppsAuth::Application.initialize!
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: googleapps-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
5
|
-
prerelease:
|
|
4
|
+
hash: 27
|
|
5
|
+
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
+
- 1
|
|
8
9
|
- 0
|
|
9
|
-
|
|
10
|
-
version: 0.0.6
|
|
10
|
+
version: 0.1.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Brian Muller
|
|
@@ -15,8 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date:
|
|
19
|
-
default_executable:
|
|
18
|
+
date: 2012-05-21 00:00:00 Z
|
|
20
19
|
dependencies:
|
|
21
20
|
- !ruby/object:Gem::Dependency
|
|
22
21
|
name: actionpack
|
|
@@ -135,9 +134,9 @@ extensions: []
|
|
|
135
134
|
extra_rdoc_files: []
|
|
136
135
|
|
|
137
136
|
files:
|
|
137
|
+
- lib/googleapps_auth/railtie.rb
|
|
138
|
+
- lib/googleapps_auth/version.rb
|
|
138
139
|
- lib/googleapps_auth.rb
|
|
139
|
-
- lib/railtie.rb
|
|
140
|
-
- lib/version.rb
|
|
141
140
|
- LICENSE
|
|
142
141
|
- Gemfile
|
|
143
142
|
- spec/cacert.pem
|
|
@@ -146,7 +145,6 @@ files:
|
|
|
146
145
|
- spec/controllers/result_spec.rb
|
|
147
146
|
- spec/resources/sessions_controller.rb
|
|
148
147
|
- spec/spec_helper.rb
|
|
149
|
-
has_rdoc: true
|
|
150
148
|
homepage: https://github.com/livingsocial/rails-googleapps-auth
|
|
151
149
|
licenses: []
|
|
152
150
|
|
|
@@ -176,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
176
174
|
requirements: []
|
|
177
175
|
|
|
178
176
|
rubyforge_project:
|
|
179
|
-
rubygems_version: 1.
|
|
177
|
+
rubygems_version: 1.8.17
|
|
180
178
|
signing_key:
|
|
181
179
|
specification_version: 3
|
|
182
180
|
summary: Google Apps Auth Provider for Rails
|