hancock-client 0.0.7 → 0.0.8

data/README.md

@@ -3,18 +3,11 @@ hancock-client
 
 A gem that integrates [sinatra][sinatra] applications into the Hancock SSO
 environment.  It also doubles as rack middleware that can be used in 
-rails(>= 2.3.2) and merb(>= 1.0)
+rails(>= 2.3.2) and sinatra applications.
 
 Dependencies
 ============
-    % gem sources
-    *** CURRENT SOURCES ***
-
-    http://gems.rubyforge.org
-    % sudo gem sources -a http://gems.github.com
-    http://gems.github.com added to sources
-
-    % sudo gem install sinatra hancock haml
+    % sudo geminstaller
 
 testing
 =======
@@ -30,22 +23,24 @@ The goal is to make it simple to write sso enabled apps.
     require 'hancock-client'
     require 'logger'
 
-    # OpenID writes to STDERR by default.  This is closed under passenger so
-    # to make this reliable you should have openid write failures somewhere.
-    OpenID::Util.logger = Logger.new(Dir.tmpdir + "/openid.log")
-
     class HancockClientDemo < Sinatra::Default
       set :views,  File.dirname(__FILE__) + '/views'
       set :public, File.dirname(__FILE__) + '/public'
-      use Hancock::Client::Default do |sso|
+      use Hancock::Client::Middleware do |sso|
         sso.sso_url = 'http://hancock.atmos.org/sso'
+        sso.exclude_paths = %w(/api/)
       end
 
       get '/' do
-        haml(%Q{%h3= "#{session[:first_name]} #{session[:last_name]} - #{session[:email]}"})
+        haml(%Q{%h3= "#{sso_user_full_name} - #{sso_user_email}"})
       end
     end
 
     run HancockClientDemo
 
+Feedback
+========
+* [Google Group][googlegroup]
+
 [sinatra]: http://www.sinatrarb.com
+[googlegroup]: http://groups.google.com/group/hancock-users

data/Rakefile

@@ -6,7 +6,7 @@ require 'spec/rake/spectask'
 require 'cucumber/rake/task'
 
 GEM = "hancock-client"
-GEM_VERSION = "0.0.7"
+GEM_VERSION = "0.0.8"
 AUTHOR = "Corey Donohoe"
 EMAIL = ['atmos@atmos.org', 'tim@spork.in']
 HOMEPAGE = "http://github.com/atmos/hancock-client"
@@ -28,6 +28,8 @@ spec = Gem::Specification.new do |s|
   s.add_dependency "sinatra",     "~>0.9.2"
   s.add_dependency "ruby-openid", "~>2.1.6"
   s.add_dependency "haml",        "~>2.0.9"
+  s.add_dependency "rack-openid", "~>0.2"
+
   s.require_path = 'lib'
   s.autorequire = GEM
   s.files = %w(LICENSE README.md Rakefile) + Dir.glob("{lib,spec}/**/*")

data/lib/hancock-client.rb

@@ -3,25 +3,18 @@ require 'sinatra/base'
 
 gem 'ruby-openid', '>=2.1.6'
 require 'openid'
+require 'openid/store/memory'
+
+gem 'rack-openid', '>=0.2'
+require 'rack-openid'
 
 gem 'haml', '~>2.0.9'
 require 'haml'
 
-require File.dirname(__FILE__)+'/sinatra/hancock/sso'
-
-module Hancock
-  module Client
-    class Default < ::Sinatra::Base
-      enable :sessions
-      disable :raise_errors
-      disable :show_exceptions
-
-      set :sso_url, nil
+require 'tmpdir'
 
-      def sso_url=(url)
-        options.sso_url = url
-      end
-      register Sinatra::Hancock::SSO
-    end
-  end
-end
+require File.dirname(__FILE__)+'/hancock-client/helpers/rack'
+require File.dirname(__FILE__)+'/hancock-client/default'
+require File.dirname(__FILE__)+'/hancock-client/sso'
+require File.dirname(__FILE__)+'/hancock-client/middleware'
+require File.dirname(__FILE__)+'/hancock-client/mock_middleware'

data/lib/hancock-client/default.rb

@@ -0,0 +1,20 @@
+module Hancock
+  module Client
+    class DefaultMiddleware < ::Sinatra::Base
+      enable :sessions
+      enable :raise_errors
+      disable :show_exceptions
+
+      set :sso_url, nil
+      set :exclude_paths, nil
+
+      def sso_url=(url)
+        options.sso_url = url
+      end
+
+      def exclude_paths=(paths)
+        options.exclude_paths = paths
+      end
+    end
+  end
+end

data/lib/hancock-client/helpers/rack.rb

@@ -0,0 +1,55 @@
+module Hancock
+  module Client
+    module Helpers
+      module Rack
+        def sso_logged_in?
+          session[:sso] && sso_user_id
+        end
+
+        def sso_login_as(user_id, sreg_params)
+          session.delete(:last_oidreq)
+          session.delete('OpenID::Consumer::last_requested_endpoint')
+          session.delete('OpenID::Consumer::DiscoveredServices::OpenID::Consumer::')
+
+          session[:sso] ||= { }
+          session[:sso][:user_id] = user_id
+          sreg_params.each { |key, value| session[:sso][key.to_sym] = value.to_s }
+        end
+
+        def sso_user_id
+          session[:sso][:user_id]
+        end
+
+        def sso_user_email
+          session[:sso][:email]
+        end
+
+        def sso_user_first_name
+          session[:sso][:first_name]
+        end
+
+        def sso_user_last_name
+          session[:sso][:last_name]
+        end
+
+        def sso_user_full_name
+          "#{session[:sso][:first_name]} #{session[:sso][:last_name]}"
+        end
+
+        def absolute_url(suffix = nil)
+          port_part = case request.scheme
+                      when "http"
+                        request.port == 80 ? "" : ":#{request.port}"
+                      when "https"
+                        request.port == 443 ? "" : ":#{request.port}"
+                      end
+          "#{request.scheme}://#{request.host}#{port_part}#{suffix}"
+        end
+
+        def excluded_path?
+          options.exclude_paths && options.exclude_paths.include?(request.path_info)
+        end
+      end
+    end
+  end
+end

data/lib/hancock-client/middleware.rb

@@ -0,0 +1,7 @@
+module Hancock
+  module Client
+    class Middleware < DefaultMiddleware
+      register ::Hancock::Client::SSO
+    end
+  end
+end

data/lib/hancock-client/mock_middleware.rb

@@ -0,0 +1,20 @@
+module Hancock
+  module Client
+    class MockMiddleware < DefaultMiddleware
+      helpers Hancock::Client::Helpers::Rack
+
+      before do
+        unless sso_logged_in?
+          sso_login_as((0..42).pick, {
+            :email => "#{/\w{3,8}/.gen.downcase}@example.com",
+            :first_name => Randgen.first_name,
+            :last_name => Randgen.first_name
+          })
+        end
+      end
+
+      register Hancock::Client::SSO
+
+    end
+  end
+end

data/lib/{sinatra/hancock → hancock-client}/sso.rb

@@ -1,33 +1,15 @@
-require 'sinatra/base'
-require File.dirname(__FILE__)+'/../../rack-openid'
-
-module Sinatra
-  module Hancock
+module Hancock
+  module Client
     module SSO
-      module Helpers
-        def absolute_url(suffix = nil)
-          port_part = case request.scheme
-                      when "http"
-                        request.port == 80 ? "" : ":#{request.port}"
-                      when "https"
-                        request.port == 443 ? "" : ":#{request.port}"
-                      end
-          "#{request.scheme}://#{request.host}#{port_part}#{suffix}"
-        end
-      end
-
       def self.registered(app)
-        app.use(Rack::OpenID)
-        app.helpers Hancock::SSO::Helpers
-
-        app.not_found do
-          next if session[:user_id]
-        end
+        app.use(Rack::OpenID, OpenID::Store::Filesystem.new("#{Dir.tmpdir}/openid"))
+        app.helpers Hancock::Client::Helpers::Rack
 
         app.before do 
           next if request.path_info == '/sso/login'
           next if request.path_info == '/sso/logout'
-          next if session[:user_id]
+          next if excluded_path?
+          next if sso_logged_in?
           throw(:halt, [302, {'Location' => '/sso/login'}, ''])
         end
 
@@ -41,13 +23,8 @@ module Sinatra
           elsif openid = request.env["rack.openid.response"]
             if openid.status == :success
               if contact_id = openid.display_identifier.split("/").last
-                session.delete(:last_oidreq)
-                session.delete('OpenID::Consumer::last_requested_endpoint')
-                session.delete('OpenID::Consumer::DiscoveredServices::OpenID::Consumer::')
-
-                session[:user_id] = contact_id
-                params = openid.message.get_args("http://openid.net/extensions/sreg/1.1")
-                params.each { |key, value| session[key.to_sym] = value.to_s }
+                sreg_params = openid.message.get_args("http://openid.net/extensions/sreg/1.1")
+                sso_login_as(contact_id, sreg_params)
                 redirect '/'
               else
                 raise "No contact could be found for #{openid.display_identifier}"

data/spec/hancock_sinatra_spec.rb

@@ -1,25 +1,23 @@
 require File.dirname(__FILE__) + '/spec_helper'
 
-describe Sinatra::Hancock::SSO do
-
-  it "should protect the root url" do
-    get '/'
-    last_response.headers['Location'].should eql('/sso/login')
-    get last_response.headers['Location']
-    last_response.headers['Location'].should eql('http://localhost:20000/login?return_to=http://example.org/sso/login')
+describe 'Hancock::Client::Default' do
+  def app
+    @app = Rack::Builder.new do
+      use Hancock::Client::Middleware do |sso|
+        sso.sso_url = 'http://localhost:20000'
+      end
+      map '/' do
+        run Proc.new {|env| [200, {'Content-Type' => 'text/html', 'Content-Length' => '5'}, ['HELLO']] }
+      end
+    end
   end
 
-  %w(get post put head delete).each do |verb|
-    it "should protect the root url from HTTP #{verb}" do
+  it "should protect the root url from all HTTP verbs" do
+    %w(get post put head delete).each do |verb|
       send(verb, '/')
       last_response.headers['Location'].should eql('/sso/login')
       get last_response.headers['Location']
       last_response.headers['Location'].should eql('http://localhost:20000/login?return_to=http://example.org/sso/login')
     end
   end
-  it "should greet the user when authenticated" do
-    pending
-    get '/'
-    last_response.should have_selector('p')
-  end
 end

data/spec/mock_sso_user_spec.rb

@@ -0,0 +1,26 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+class MyMockApp
+  def self.call(env)
+    request = Rack::Request.new(env)
+    [200, {'Content-Type' => 'text/html', 'Content-Length' => '5'}, ["HELLO #{request.session[:sso][:email]}"] ]
+  end
+end
+
+describe "Hancock::Client::MockMiddleware" do
+  def app
+    @app = Rack::Builder.new do
+      use Hancock::Client::MockMiddleware do |sso|
+        sso.sso_url = 'http://localhost:20000'
+      end
+      map '/' do
+        run MyMockApp
+      end
+    end
+  end
+  it "should have a valid users logged in" do
+    get '/'
+    last_response.body.should match(/^HELLO \w{3,12}@example.com$/)
+    last_response.status.should eql(200)
+  end
+end

data/spec/pattern_exclusion_spec.rb

@@ -0,0 +1,30 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+describe "Hancock::Client::Default.exclude_paths=" do
+  def app
+    @app = Rack::Builder.new do
+      use Hancock::Client::Middleware do |sso|
+        sso.sso_url = 'http://localhost:20000'
+        sso.exclude_paths = %w(/foo/bar /api/tokenz)
+      end
+      map '/' do
+        run Proc.new {|env| [200, {'Content-Type' => 'text/html', 'Content-Length' => '5'}, ['HELLO']] }
+      end
+      map '/api/tokenz' do
+        run Proc.new {|env| [200, {'Content-Type' => 'text/html', 'Content-Length' => '5'}, ['HELLO']] }
+      end
+    end
+  end
+  it "should exclude the specified path" do
+    get '/api/tokenz'
+    last_response.status.should eql(200)
+  end
+  it "should exclude the specified path given query parameters" do
+    get '/api/tokenz?foo=bar'
+    last_response.status.should eql(200)
+  end
+  it "should exclude the specified path at a nested level" do
+    get '/api/tokenz/foo/bar/'
+    last_response.status.should eql(302)
+  end
+end

data/spec/spec_helper.rb

@@ -1,30 +1,19 @@
-$:.push File.join(File.dirname(__FILE__), '..', 'lib')
-require 'rubygems'
 require 'pp'
+require 'rubygems'
 gem 'rspec', '~>1.2.0'
 require 'spec'
-gem 'webrat', '~>0.4.2'
+gem 'webrat', '~>0.4.4'
 require 'webrat'
 require 'dm-sweatshop'
 
-require 'sinatra/hancock/sso'
-gem 'rack-test', '~>0.3.0'
+gem 'rack-test', '~>0.4.0'
 require 'rack/test'
 
-require 'hancock-client'
+require File.join(File.dirname(__FILE__), '..', 'lib', 'hancock-client')
+require File.join(File.dirname(__FILE__), '..', 'lib', 'hancock-client', 'mock_middleware')
 
 Spec::Runner.configure do |config|
   config.include(Rack::Test::Methods)
   config.include(Webrat::Methods)
   config.include(Webrat::Matchers)
-  def app
-    @app = Rack::Builder.new do
-      use Hancock::Client::Default do |sso|
-        sso.sso_url = 'http://localhost:20000'
-      end
-      map '/' do
-        run Proc.new {|env| [200, {'Content-Type' => 'text/html', 'Content-Length' => '5'}, ['HELLO']] }
-      end
-    end
-  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: hancock-client
 version: !ruby/object:Gem::Version 
-  version: 0.0.7
+  version: 0.0.8
 platform: ruby
 authors: 
 - Corey Donohoe
@@ -9,7 +9,7 @@ autorequire: hancock-client
 bindir: bin
 cert_chain: []
 
-date: 2009-06-15 00:00:00 -07:00
+date: 2009-07-04 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -42,6 +42,16 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: 2.0.9
     version: 
+- !ruby/object:Gem::Dependency 
+  name: rack-openid
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "0.2"
+    version: 
 description: Hancock SSO rack middleware written in sinatra
 email: 
 - atmos@atmos.org
@@ -57,13 +67,17 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- lib/hancock-client
+- lib/hancock-client/default.rb
+- lib/hancock-client/helpers
+- lib/hancock-client/helpers/rack.rb
+- lib/hancock-client/middleware.rb
+- lib/hancock-client/mock_middleware.rb
+- lib/hancock-client/sso.rb
 - lib/hancock-client.rb
-- lib/rack-openid.rb
-- lib/sinatra
-- lib/sinatra/hancock
-- lib/sinatra/hancock/mock.rb
-- lib/sinatra/hancock/sso.rb
 - spec/hancock_sinatra_spec.rb
+- spec/mock_sso_user_spec.rb
+- spec/pattern_exclusion_spec.rb
 - spec/spec_helper.rb
 has_rdoc: true
 homepage: http://github.com/atmos/hancock-client

data/lib/rack-openid.rb

@@ -1,195 +0,0 @@
-require 'openid'
-require 'openid/consumer'
-require 'openid/extensions/sreg'
-require 'openid/store/filesystem'
-
-module Rack
-  class OpenID
-    def self.build_header(params = {})
-      value = 'OpenID '
-      value += params.map { |k, v|
-        if v.is_a?(Array)
-          "#{k}=\"#{v.join(',')}\""
-        else
-          "#{k}=\"#{v}\""
-        end
-      }.join(', ')
-      value
-    end
-
-    def self.parse_header(str)
-      params = {}
-      if str =~ /^OpenID/
-        str = str.gsub(/^OpenID /, '')
-        str.split(', ').each { |e|
-          k, v = e.split('=')
-          v.gsub!(/^\"/, '').gsub!(/\"$/, "")
-          v = v.split(',')
-          params[k] = v.length > 1 ? v : v.first
-        }
-      end
-      params
-    end
-
-    class TimeoutResponse
-      include ::OpenID::Consumer::Response
-      STATUS = :failure
-    end
-
-    class MissingResponse
-      include ::OpenID::Consumer::Response
-      STATUS = :missing
-    end
-
-    HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS)
-
-    RESPONSE = "rack.openid.response".freeze
-    AUTHENTICATE_HEADER = "WWW-Authenticate".freeze
-
-
-    def initialize(app, store = nil)
-      @app = app
-      @store = store || ::OpenID::Store::Filesystem.new("tmp/openid")
-      freeze
-    end
-
-    def call(env)
-      req = Rack::Request.new(env)
-      if env["REQUEST_METHOD"] == "GET" && req.GET["openid.mode"]
-        complete_authentication(env)
-      end
-
-      status, headers, body = @app.call(env)
-
-      if status.to_i == 401 && (qs = headers[AUTHENTICATE_HEADER])
-        begin_authentication(env, qs)
-      else
-        [status, headers, body]
-      end
-    end
-
-    private
-      def begin_authentication(env, qs)
-        req = Rack::Request.new(env)
-        params = self.class.parse_header(qs)
-
-        unless session = env["rack.session"]
-          raise RuntimeError, "Rack::OpenID requires a session"
-        end
-
-        consumer = ::OpenID::Consumer.new(session, @store)
-        identifier = params["identifier"]
-
-        begin
-          oidreq = consumer.begin(identifier)
-          add_simple_registration_fields(oidreq, params)
-          url = open_id_redirect_url(req, oidreq, params["trust_root"], params["return_to"], params["method"])
-          return redirect_to(url)
-        rescue ::OpenID::OpenIDError, Timeout::Error => e
-          env[RESPONSE] = MissingResponse.new
-          return @app.call(env)
-        end
-      end
-
-      def complete_authentication(env)
-        req = Rack::Request.new(env)
-
-        unless session = env["rack.session"]
-          raise RuntimeError, "Rack::OpenID requires a session"
-        end
-
-        oidresp = timeout_protection_from_identity_server {
-          consumer = ::OpenID::Consumer.new(session, @store)
-          consumer.complete(req.params, req.url)
-        }
-
-        if oidresp.status == :failure
-          raise "Open ID Response is a failure: #{oidresp.inspect}"
-        end
-
-        env[RESPONSE] = oidresp
-
-        if method = req.GET["_method"]
-          method = method.upcase
-          if HTTP_METHODS.include?(method)
-            env["REQUEST_METHOD"] = method
-          end
-        end
-
-        query_hash = env["rack.request.query_hash"]
-        query_hash.delete("_method")
-        query_hash.delete_if do |key, value|
-          key =~ /^openid\./
-        end
-
-        env["QUERY_STRING"] = env["rack.request.query_string"] =
-          Rack::Utils.build_query(env["rack.request.query_hash"])
-
-        request_uri = env["PATH_INFO"]
-        if env["QUERY_STRING"].any?
-          request_uri << "?" + env["QUERY_STRING"]
-        end
-        env["REQUEST_URI"] = request_uri
-      end
-
-      def realm_url(req)
-        url = req.scheme + "://"
-        url << req.host
-
-        if req.scheme == "https" && req.port != 443 ||
-            req.scheme == "http" && req.port != 80
-          url << ":#{req.port}"
-        end
-
-        url
-      end
-
-      def request_url(req)
-        url = realm_url(req)
-        url << req.script_name
-        url << req.path_info
-        url
-      end
-
-      def redirect_to(url)
-        [303, {"Content-Type" => "text/html", "Location" => url}, []]
-      end
-
-      def open_id_redirect_url(req, oidreq, trust_root = nil, return_to = nil, method = nil)
-        if return_to
-          method ||= "get"
-        else
-          return_to = request_url(req)
-          method ||= req.request_method
-        end
-
-        method = method.to_s.downcase
-        oidreq.return_to_args['_method'] = method unless method == "get"
-        oidreq.redirect_url(trust_root || realm_url(req), return_to || request_url(req))
-      end
-
-      def add_simple_registration_fields(oidreq, fields)
-        sregreq = ::OpenID::SReg::Request.new
-
-        if required = fields["required"]
-          sregreq.request_fields(Array(required), true)
-        end
-
-        if optional = fields["optional"]
-          sregreq.request_fields(Array(optional), false)
-        end
-
-        if policy_url = fields["policy_url"]
-          sregreq.policy_url = policy_url
-        end
-
-        oidreq.add_extension(sregreq)
-      end
-
-      def timeout_protection_from_identity_server
-        yield
-      rescue Timeout::Error
-        TimeoutResponse.new
-      end
-  end
-end