hancock-client 0.0.2

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Corey Donohoe <cdonohoe@engineyard.com, Tim Carey-Smith <tim@spork.in>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,49 @@
+hancock-client
+==============
+
+A gem that integrates [sinatra][sinatra] applications into the Hancock SSO
+environment.  It also doubles as rack middleware that can be used in 
+rails(>= 2.3.2) and merb(>= 1.0)
+
+Dependencies
+============
+    % gem sources
+    *** CURRENT SOURCES ***
+
+    http://gems.rubyforge.org
+    % sudo gem sources -a http://gems.github.com
+    http://gems.github.com added to sources
+
+    % sudo gem install sinatra-sinatra 
+    % sudo gem install atmos-hancock
+
+testing
+=======
+Rake works but I'm not 100% sure how to test this correctly
+
+Application
+===========
+The goal is to make it simple to write sso enabled apps.
+
+    require 'rubygems'
+    require 'sinatra'
+    require 'sinatra/base'
+    require 'hancock-client'
+
+    run Hancock::Client
+    class ConsumerApp < Hancock::Client::Default
+      set :sso_url, 'http://hancock.atmos.org/sso'
+
+      set :views,  'views'
+      set :public, 'public'
+      set :environment, :production
+
+      get '/' do
+      redirect '/login' unless session[:user_id]
+      haml(%Q{%h3= "#{session[:first_name]} #{session[:last_name]} - #{session[:email]}"})
+      end
+    end
+
+    run ConsumerApp
+
+[sinatra]: http://www.sinatrarb.com

data/Rakefile

@@ -0,0 +1,58 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+require 'rubygems/specification'
+require 'date'
+require 'spec/rake/spectask'
+
+GEM = "hancock-client"
+GEM_VERSION = "0.0.2"
+AUTHOR = "Corey Donohoe"
+EMAIL = ['atmos@atmos.org', 'tim@spork.in']
+HOMEPAGE = "http://github.com/atmos/hancock-client"
+SUMMARY = "A gem that SSO enables sinatra applications with hancock"
+
+spec = Gem::Specification.new do |s|
+  s.name = GEM
+  s.version = GEM_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README.md", "LICENSE"]
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+
+  # Uncomment this to add a dependency
+  s.add_dependency "sinatra", ">=0.9.1.1"
+  s.add_dependency "ruby-openid", ">=2.1.2"
+
+  s.require_path = 'lib'
+  s.autorequire = GEM
+  s.files = %w(LICENSE README.md Rakefile) + Dir.glob("{lib,spec}/**/*")
+end
+
+task :default => :spec
+
+desc "Run specs"
+Spec::Rake::SpecTask.new do |t|
+  t.spec_files = FileList['spec/**/*_spec.rb']
+  t.spec_opts = %w(-fs --color)
+end
+
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "install the gem locally"
+task :install => [:package] do
+  sh %{sudo gem install pkg/#{GEM}-#{GEM_VERSION}}
+end
+
+desc "create a gemspec file"
+task :make_spec do
+  File.open("#{GEM}.gemspec", "w") do |file|
+    file.puts spec.to_ruby
+  end
+end

data/lib/hancock-client.rb

@@ -0,0 +1,26 @@
+gem 'sinatra', '~>0.9.1'
+require 'rack'
+require 'sinatra/base'
+gem 'dm-core', '~>0.9.10'
+require 'dm-core'
+
+gem 'ruby-openid', '>=2.1.2'
+require 'openid'
+
+require File.dirname(__FILE__)+'/sinatra/hancock/sso'
+
+module Hancock
+  module Client
+    class Default < ::Sinatra::Default
+      enable :sessions
+      cattr_accessor :sso_url
+
+      register Sinatra::Hancock::SSO
+
+      def self.sso_configure(&block)
+        yield self
+      end
+    end
+  end
+end
+

data/lib/rack-openid.rb

@@ -0,0 +1,195 @@
+require 'openid'
+require 'openid/consumer'
+require 'openid/extensions/sreg'
+require 'openid/store/filesystem'
+
+module Rack
+  class OpenID
+    def self.build_header(params = {})
+      value = 'OpenID '
+      value += params.map { |k, v|
+        if v.is_a?(Array)
+          "#{k}=\"#{v.join(',')}\""
+        else
+          "#{k}=\"#{v}\""
+        end
+      }.join(', ')
+      value
+    end
+
+    def self.parse_header(str)
+      params = {}
+      if str =~ /^OpenID/
+        str = str.gsub(/^OpenID /, '')
+        str.split(', ').each { |e|
+          k, v = e.split('=')
+          v.gsub!(/^\"/, '').gsub!(/\"$/, "")
+          v = v.split(',')
+          params[k] = v.length > 1 ? v : v.first
+        }
+      end
+      params
+    end
+
+    class TimeoutResponse
+      include ::OpenID::Consumer::Response
+      STATUS = :failure
+    end
+
+    class MissingResponse
+      include ::OpenID::Consumer::Response
+      STATUS = :missing
+    end
+
+    HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS)
+
+    RESPONSE = "rack.openid.response".freeze
+    AUTHENTICATE_HEADER = "WWW-Authenticate".freeze
+
+
+    def initialize(app, store = nil)
+      @app = app
+      @store = store || ::OpenID::Store::Filesystem.new("tmp/openid")
+      freeze
+    end
+
+    def call(env)
+      req = Rack::Request.new(env)
+      if env["REQUEST_METHOD"] == "GET" && req.GET["openid.mode"]
+        complete_authentication(env)
+      end
+
+      status, headers, body = @app.call(env)
+
+      if status.to_i == 401 && (qs = headers[AUTHENTICATE_HEADER])
+        begin_authentication(env, qs)
+      else
+        [status, headers, body]
+      end
+    end
+
+    private
+      def begin_authentication(env, qs)
+        req = Rack::Request.new(env)
+        params = self.class.parse_header(qs)
+
+        unless session = env["rack.session"]
+          raise RuntimeError, "Rack::OpenID requires a session"
+        end
+
+        consumer = ::OpenID::Consumer.new(session, @store)
+        identifier = params["identifier"]
+
+        begin
+          oidreq = consumer.begin(identifier)
+          add_simple_registration_fields(oidreq, params)
+          url = open_id_redirect_url(req, oidreq, params["trust_root"], params["return_to"], params["method"])
+          return redirect_to(url)
+        rescue ::OpenID::OpenIDError, Timeout::Error => e
+          env[RESPONSE] = MissingResponse.new
+          return self.call(env)
+        end
+      end
+
+      def complete_authentication(env)
+        req = Rack::Request.new(env)
+
+        unless session = env["rack.session"]
+          raise RuntimeError, "Rack::OpenID requires a session"
+        end
+
+        oidresp = timeout_protection_from_identity_server {
+          consumer = ::OpenID::Consumer.new(session, @store)
+          consumer.complete(req.params, req.url)
+        }
+
+        if oidresp.status == :failure
+          raise "Open ID Response is a failure: #{oidresp.inspect}"
+        end
+
+        env[RESPONSE] = oidresp
+
+        if method = req.GET["_method"]
+          method = method.upcase
+          if HTTP_METHODS.include?(method)
+            env["REQUEST_METHOD"] = method
+          end
+        end
+
+        query_hash = env["rack.request.query_hash"]
+        query_hash.delete("_method")
+        query_hash.delete_if do |key, value|
+          key =~ /^openid\./
+        end
+
+        env["QUERY_STRING"] = env["rack.request.query_string"] =
+          Rack::Utils.build_query(env["rack.request.query_hash"])
+
+        request_uri = env["PATH_INFO"]
+        if env["QUERY_STRING"].any?
+          request_uri << "?" + env["QUERY_STRING"]
+        end
+        env["REQUEST_URI"] = request_uri
+      end
+
+      def realm_url(req)
+        url = req.scheme + "://"
+        url << req.host
+
+        if req.scheme == "https" && req.port != 443 ||
+            req.scheme == "http" && req.port != 80
+          url << ":#{req.port}"
+        end
+
+        url
+      end
+
+      def request_url(req)
+        url = realm_url(req)
+        url << req.script_name
+        url << req.path_info
+        url
+      end
+
+      def redirect_to(url)
+        [303, {"Content-Type" => "text/html", "Location" => url}, []]
+      end
+
+      def open_id_redirect_url(req, oidreq, trust_root = nil, return_to = nil, method = nil)
+        if return_to
+          method ||= "get"
+        else
+          return_to = request_url(req)
+          method ||= req.request_method
+        end
+
+        method = method.to_s.downcase
+        oidreq.return_to_args['_method'] = method unless method == "get"
+        oidreq.redirect_url(trust_root || realm_url(req), return_to || request_url(req))
+      end
+
+      def add_simple_registration_fields(oidreq, fields)
+        sregreq = ::OpenID::SReg::Request.new
+
+        if required = fields["required"]
+          sregreq.request_fields(Array(required), true)
+        end
+
+        if optional = fields["optional"]
+          sregreq.request_fields(Array(optional), false)
+        end
+
+        if policy_url = fields["policy_url"]
+          sregreq.policy_url = policy_url
+        end
+
+        oidreq.add_extension(sregreq)
+      end
+
+      def timeout_protection_from_identity_server
+        yield
+      rescue Timeout::Error
+        TimeoutResponse.new
+      end
+  end
+end

data/lib/sinatra/hancock/sso.rb

@@ -0,0 +1,67 @@
+require 'sinatra/base'
+require File.dirname(__FILE__)+'/../../rack-openid'
+
+module Sinatra
+  module Hancock
+    module SSO
+      module Helpers
+        def sso_url
+          @app.class.sso_url
+        end
+
+        def absolute_url(suffix = nil)
+          port_part = case request.scheme
+                      when "http"
+                        request.port == 80 ? "" : ":#{request.port}"
+                      when "https"
+                        request.port == 443 ? "" : ":#{request.port}"
+                      end
+          "#{request.scheme}://#{request.host}#{port_part}#{suffix}"
+        end
+      end
+
+      def self.registered(app)
+        app.use(Rack::OpenID)
+        app.helpers Hancock::SSO::Helpers
+        app.enable  :sessions
+        app.disable :raise_errors
+        app.before { ensure_sso_authenticated unless request.path_info =~ %r!^/sso/log(in|out)! }
+
+        app.get '/sso/login' do
+          if contact_id = params['id']
+            response['WWW-Authenticate'] = Rack::OpenID.build_header(
+              :identifier => "#{sso_url}/users/#{contact_id}",
+              :trust_root => absolute_url('/sso/login')
+            )
+            throw :halt, [401, 'got openid?']
+          elsif openid = request.env["rack.openid.response"]
+            if openid.status == :success
+              if contact_id = openid.display_identifier.split("/").last
+                session.delete(:last_oidreq)
+                session.delete('OpenID::Consumer::last_requested_endpoint')
+                session.delete('OpenID::Consumer::DiscoveredServices::OpenID::Consumer::')
+
+                session[:user_id] = contact_id
+                params = openid.message.get_args("http://openid.net/extensions/sreg/1.1")
+                params.each { |key, value| session[key.to_sym] = value.to_s }
+                redirect '/'
+              else
+                raise "No contact could be found for #{openid.display_identifier}"
+              end
+            else
+              throw :halt, [503, "Error: #{openid.status}"]
+            end
+          else
+            redirect "#{sso_url}/login?return_to=#{absolute_url('/sso/login')}"
+          end
+        end
+
+        app.get '/sso/logout' do
+          session.clear
+          redirect "#{sso_url}/logout"
+        end
+      end
+    end
+  end
+  register Hancock::SSO
+end

data/spec/client.rb

@@ -0,0 +1,16 @@
+require 'sinatra/base'
+
+module Hancock
+  module Spec
+    class Client < ::Hancock::Client::Default
+      get '/' do
+        redirect '/sso/login' unless session[:user_id]
+        haml(<<-HAML
+%p
+  Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
+HAML
+)
+      end
+    end
+  end
+end

data/spec/hancock_sinatra_spec.rb

@@ -0,0 +1,12 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+describe Sinatra::Hancock::SSO do
+  it "should protect the root url" do
+    get '/'
+    @response.headers['Location'].should eql('/sso/login')
+  end
+  it "should greet the user when authenticated" do
+    get '/', { }, :session => {:user_id => 42}
+    @response.body.should have_selector('p')
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,28 @@
+$:.push File.join(File.dirname(__FILE__), '..', 'lib')
+require 'rubygems'
+require 'pp'
+gem 'rspec', '~>1.2.0'
+require 'spec'
+gem 'webrat', '~>0.4.2'
+require 'webrat'
+require 'dm-sweatshop'
+
+gem 'sinatra', '~>0.9.1'
+require 'sinatra/base'
+require 'sinatra/test'
+require 'sinatra/hancock/sso'
+
+require 'hancock-client'
+
+require File.dirname(__FILE__)+'/client'
+
+Spec::Runner.configure do |config|
+  config.include(Sinatra::Test)
+  config.include(Webrat::Methods)
+  config.include(Webrat::Matchers)
+  config.before(:each) do
+    @app = Rack::Builder.new do
+      run Hancock::Spec::Client
+    end
+  end
+end

metadata

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification 
+name: hancock-client
+version: !ruby/object:Gem::Version 
+  version: 0.0.2
+platform: ruby
+authors: 
+- Corey Donohoe
+autorequire: hancock-client
+bindir: bin
+cert_chain: []
+
+date: 2009-03-20 00:00:00 -06:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: sinatra
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.9.1.1
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: ruby-openid
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 2.1.2
+    version: 
+description: A gem that SSO enables sinatra applications with hancock
+email: 
+- atmos@atmos.org
+- tim@spork.in
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+- LICENSE
+files: 
+- LICENSE
+- README.md
+- Rakefile
+- lib/hancock-client.rb
+- lib/rack-openid.rb
+- lib/sinatra
+- lib/sinatra/hancock
+- lib/sinatra/hancock/sso.rb
+- spec/client.rb
+- spec/hancock_sinatra_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/atmos/hancock-client
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.1
+signing_key: 
+specification_version: 2
+summary: A gem that SSO enables sinatra applications with hancock
+test_files: []
+