heyzap-authlogic-oid 1.0.5

data/CHANGELOG.rdoc

@@ -0,0 +1,25 @@
+== 1.0.4 released 2009-5-14
+
+* Only authenticate with OpenID for models when a block is passed.
+* Check for the existence of an openid_identifier field before including the model. Allowing this library to only be activated when present.
+* Change required_field and optional_fields to openid_required_field and openid_optional_fields
+
+== 1.0.3 released 2009-4-3
+
+* Added find_by_openid_identifier config option for AuthlogicOpenid::Session.
+* Set the openid_identifier by the one passed back by the provider in AuthlogicOpenid::ActsAsAuthentic.
+* Added required_fields and optional_fields config options for AuthlogicOpenid::ActsAsAuthentic.
+* Added map_openid_registration, attributes_to_save, and map_saved_attributes methods to customize how attributes are set for AuthlogicOpenid::ActsAsAuthentic.
+* Make authenticating_with_openid? method a little more stringent to avoid trying to double authenticate. Ex: finding a session in the save block during a successful save.
+
+== 1.0.2 released 2009-3-30
+
+* Remove config block in initializer.
+
+== 1.0.1 released 2009-3-30
+
+* Change password validation option when included, and prepend the OpenID module.
+
+== 1.0.0 released 2009-3-30
+
+* Initial release

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Ben Johnson of Binary Logic (binarylogic.com)
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Manifest.txt

@@ -0,0 +1,38 @@
+CHANGELOG.rdoc
+MIT-LICENSE
+Manifest.txt
+README.rdoc
+Rakefile
+init.rb
+lib/authlogic_openid.rb
+lib/authlogic_openid/acts_as_authentic.rb
+lib/authlogic_openid/session.rb
+lib/authlogic_openid/version.rb
+test/acts_as_authentic_test.rb
+test/fixtures/users.yml
+test/libs/open_id_authentication/CHANGELOG
+test/libs/open_id_authentication/README
+test/libs/open_id_authentication/Rakefile
+test/libs/open_id_authentication/generators/open_id_authentication_tables/open_id_authentication_tables_generator.rb
+test/libs/open_id_authentication/generators/open_id_authentication_tables/templates/migration.rb
+test/libs/open_id_authentication/generators/upgrade_open_id_authentication_tables/templates/migration.rb
+test/libs/open_id_authentication/generators/upgrade_open_id_authentication_tables/upgrade_open_id_authentication_tables_generator.rb
+test/libs/open_id_authentication/init.rb
+test/libs/open_id_authentication/lib/open_id_authentication.rb
+test/libs/open_id_authentication/lib/open_id_authentication/association.rb
+test/libs/open_id_authentication/lib/open_id_authentication/db_store.rb
+test/libs/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb
+test/libs/open_id_authentication/lib/open_id_authentication/nonce.rb
+test/libs/open_id_authentication/lib/open_id_authentication/request.rb
+test/libs/open_id_authentication/lib/open_id_authentication/timeout_fixes.rb
+test/libs/open_id_authentication/tasks/open_id_authentication_tasks.rake
+test/libs/open_id_authentication/test/mem_cache_store_test.rb
+test/libs/open_id_authentication/test/normalize_test.rb
+test/libs/open_id_authentication/test/open_id_authentication_test.rb
+test/libs/open_id_authentication/test/status_test.rb
+test/libs/open_id_authentication/test/test_helper.rb
+test/libs/rails_trickery.rb
+test/libs/user.rb
+test/libs/user_session.rb
+test/session_test.rb
+test/test_helper.rb

data/README.rdoc

@@ -0,0 +1,93 @@
+= Authlogic OpenID
+
+Authlogic OpenID is an extension of the Authlogic library to add OpenID support. Authlogic v2.0 introduced an enhanced API that makes "plugging in" alternate authentication methods as easy as installing a gem.
+
+== Helpful links
+
+*	<b>Documentation:</b> http://authlogic-oid.rubyforge.org
+*	<b>Authlogic:</b> http://github.com/binarylogic/authlogic
+*	<b>Live example:</b> http://authlogicexample.binarylogic.com
+
+== Install and use
+
+=== 1. Make some simple changes to your database:
+
+  class AddUsersOpenidField < ActiveRecord::Migration
+    def self.up
+      add_column :users, :openid_identifier, :string
+      add_index :users, :openid_identifier
+
+      change_column :users, :login, :string, :default => nil, :null => true
+      change_column :users, :crypted_password, :string, :default => nil, :null => true
+      change_column :users, :password_salt, :string, :default => nil, :null => true
+    end
+
+    def self.down
+      remove_column :users, :openid_identifier
+
+      [:login, :crypted_password, :password_salt].each do |field|
+        User.all(:conditions => "#{field} is NULL").each { |user| user.update_attribute(field, "") if user.send(field).nil? }
+        change_column :users, field, :string, :default => "", :null => false
+      end
+    end
+  end
+
+=== 2. Install the openid_authentication plugin
+
+  $ script/plugin install git://github.com/rails/open_id_authentication.git
+  $ rake open_id_authentication:db:create
+
+For more information on how to configure the plugin, checkout it's README: http://github.com/rails/open_id_authentication/tree/master
+
+=== 3. Install the Authlogic Openid gem
+
+  $ sudo gem install authlogic-oid
+
+Now add the gem dependency in your config:
+
+  config.gem "authlogic-oid", :lib => "authlogic_openid"
+
+Or for older version of rails, install it as a plugin:
+
+  $ script/plugin install git://github.com/binarylogic/authlogic_openid.git
+
+=== 4. Make sure you save your objects properly
+
+You only need to save your objects this way if you want the user to authenticate with their OpenID provider.
+
+That being said, you probably want to do this in your controllers. You should do this for BOTH your User objects and UserSession objects (assuming you are authenticating users). It should look something like this:
+
+  @user_session.save do |result|
+    if result
+      flash[:notice] = "Login successful!"
+      redirect_back_or_default account_url
+    else
+      render :action => :new
+    end
+  end
+
+You should save your @user objects this way as well, because you also want the user to verify that they own the OpenID identifier that they supplied.
+
+Notice we are saving with a block. Why? Because we need to redirect the user to their OpenID provider so that they can authenticate. When we do this, we don't want to execute that block of code, because if we do, we will get a DoubleRender error. This lets us skip that entire block and send the user along their way without any problems.
+
+That's it! The rest is taken care of for you.
+
+== Redirecting from the models?
+
+If you are interested, I explain myself below. Regardless, if you don't feel comfortable with the organization of the logic,you can easily do this using the traditional method. As you saw in the setup instructions, this library leverages the open_id_authentication rails plugin. After the user has been authenticated just do this:
+
+  UserSession.create(@user)
+
+It's that simple. For more information there is a great OpenID tutorial at: http://railscasts.com/episodes/68-openid-authentication
+
+Now, here are my thoughts on the subject:
+
+You are probably thinking: "Ben, you can't handle controller responsibilities in models". I agree with you on that comment, but my personal opinion is that these are not controller responsibilities. The fact that OpenID authentication requires a redirect should not effect the location of the logic / code. It's all part of the authentication process, which is the entire purpose of this library. This library is not one big module of code, its a collection of modules that all deal with OpenID authentication. These modules get included wherever it makes sense. That's the whole idea behind modules. To group common logic.
+
+Let's take a step back and look at the traditional method of OpenID authentication in rails. What if you wanted to authenticate with OpenID in multiple controllers in your application (Ex: registration and loggin in)? You would probably pull out the common code into a module and include it in the respective controllers. Even better, you might create a class that elegantly handles this process and then place it in your lib directory. Then, if you really wanted to be slick, you might take it another step further and have your models trigger this class during certain actions. Then what do we have? This exact library, that's exactly what this is.
+
+The last thing I will leave you with, to get you thinking, is... where do sweepers lie in the MVC pattern? Without this, things like caching would be extremely difficult. There is a big difference between misplacing code / logic, and organizing logic into a separate module and hooking it in using the API provided by your models. Especially when the logic needs to be triggered by actions invoked on models.
+
+Regardless, if I still haven't convinced you, I hope this library is of some benefit to you. At the very least an example of how to extend Authlogic.
+
+Copyright (c) 2009 Ben Johnson of [Binary Logic](http://www.binarylogic.com), released under the MIT license

data/Rakefile

@@ -0,0 +1,21 @@
+ENV['RDOCOPT'] = "-S -f html -T hanna"
+
+require "rubygems"
+require "hoe"
+require File.dirname(__FILE__) << "/lib/authlogic_openid/version"
+
+Hoe.new("Heyzap Authlogic OpenID", AuthlogicOpenid::Version::STRING) do |p|
+  p.name = "heyzap-authlogic-oid"
+  p.rubyforge_name = "authlogic-oid"
+  p.author = "Ben Johnson of Binary Logic"
+  p.email  = 'bjohnson@binarylogic.com'
+  p.summary = "Extension of the Authlogic library to add OpenID support."
+  p.description = "Extension of the Authlogic library to add OpenID support."
+  p.url = "http://github.com/binarylogic/authlogic_openid"
+  p.history_file = "CHANGELOG.rdoc"
+  p.readme_file = "README.rdoc"
+  p.extra_rdoc_files = ["CHANGELOG.rdoc", "README.rdoc"]
+  p.remote_rdoc_dir = ''
+  p.test_globs = ["test/*/test_*.rb", "test/*_test.rb", "test/*/*_test.rb"]
+  p.extra_deps = %w(authlogic)
+end

data/init.rb

@@ -0,0 +1 @@
+require File.dirname(__FILE__) + "/rails/init.rb"

data/lib/authlogic_openid.rb

@@ -0,0 +1,6 @@
+require "authlogic_openid/version"
+require "authlogic_openid/acts_as_authentic"
+require "authlogic_openid/session"
+
+ActiveRecord::Base.send(:include, AuthlogicOpenid::ActsAsAuthentic)
+Authlogic::Session::Base.send(:include, AuthlogicOpenid::Session)

data/lib/authlogic_openid/acts_as_authentic.rb

@@ -0,0 +1,173 @@
+# This module is responsible for adding OpenID functionality to Authlogic. Checkout the README for more info and please
+# see the sub modules for detailed documentation.
+module AuthlogicOpenid
+  # This module is responsible for adding in the OpenID functionality to your models. It hooks itself into the
+  # acts_as_authentic method provided by Authlogic.
+  module ActsAsAuthentic
+    # Adds in the neccesary modules for acts_as_authentic to include and also disabled password validation if
+    # OpenID is being used.
+    def self.included(klass)
+      klass.class_eval do
+        extend Config
+        add_acts_as_authentic_module(Methods, :prepend)
+      end
+    end
+    
+    module Config
+      # Some OpenID providers support a lightweight profile exchange protocol, for those that do, you can require
+      # certain fields. This is convenient for new registrations, as it will basically fill out the fields in the
+      # form for them, so they don't have to re-type information already stored with their OpenID account.
+      #
+      # For more info and what fields you can use see: http://openid.net/specs/openid-simple-registration-extension-1_0.html
+      #
+      # * <tt>Default:</tt> []
+      # * <tt>Accepts:</tt> Array of symbols
+      def openid_required_fields(value = nil)
+        rw_config(:openid_required_fields, value, [])
+      end
+      alias_method :openid_required_fields=, :openid_required_fields
+      
+      # Same as required_fields, but optional instead.
+      #
+      # * <tt>Default:</tt> []
+      # * <tt>Accepts:</tt> Array of symbols
+      def openid_optional_fields(value = nil)
+        rw_config(:openid_optional_fields, value, [])
+      end
+      alias_method :openid_optional_fields=, :openid_optional_fields
+    end
+    
+    module Methods
+      # Set up some simple validations
+      def self.included(klass)
+        return if !klass.column_names.include?("openid_identifier")
+        
+        klass.class_eval do
+          validates_uniqueness_of :openid_identifier, :scope => validations_scope, :if => :using_openid?
+          validate :validate_openid
+          validates_length_of_password_field_options validates_length_of_password_field_options.merge(:if => :validate_password_with_openid?)
+          validates_confirmation_of_password_field_options validates_confirmation_of_password_field_options.merge(:if => :validate_password_with_openid?)
+          validates_length_of_password_confirmation_field_options validates_length_of_password_confirmation_field_options.merge(:if => :validate_password_with_openid?)
+        end
+      end
+      
+      # Set the openid_identifier field and also resets the persistence_token if this value changes.
+      def openid_identifier=(value)
+        write_attribute(:openid_identifier, value.blank? ? nil : OpenIdAuthentication.normalize_identifier(value))
+        reset_persistence_token if openid_identifier_changed?
+      rescue OpenIdAuthentication::InvalidOpenId => e
+        @openid_error = e.message
+      end
+      
+      # This is where all of the magic happens. This is where we hook in and add all of the OpenID sweetness.
+      #
+      # I had to take this approach because when authenticating with OpenID nonces and what not are stored in database
+      # tables. That being said, the whole save process for ActiveRecord is wrapped in a transaction. Trying to authenticate
+      # with OpenID in a transaction is not good because that transaction be get rolled back, thus reversing all of the OpenID
+      # inserts and making OpenID authentication fail every time. So We need to step outside of the transaction and do our OpenID
+      # madness.
+      #
+      # Another advantage of taking this approach is that we can set fields from their OpenID profile before we save the record,
+      # if their OpenID provider supports it.
+      def save(perform_validation = true, &block)
+        return false if perform_validation && block_given? && authenticate_with_openid? && !authenticate_with_openid
+        
+        result = super
+        yield(result) if block_given?
+        result
+      end
+      
+      private
+        def authenticate_with_openid
+          @openid_error = nil
+          
+          if !openid_complete?
+            session_class.controller.session[:openid_attributes] = attributes_to_save
+          else
+            map_saved_attributes(session_class.controller.session[:openid_attributes])
+            session_class.controller.session[:openid_attributes] = nil
+          end
+          
+          options = {}
+          options[:required] = self.class.openid_required_fields
+          options[:optional] = self.class.openid_optional_fields
+          options[:return_to] = session_class.controller.url_for(:for_model => "1")
+          
+          session_class.controller.send(:authenticate_with_open_id, openid_identifier, options) do |result, openid_identifier, registration|
+            if result.unsuccessful?
+              @openid_error = result.message
+            else
+              self.openid_identifier = openid_identifier
+              map_openid_registration(registration)
+            end
+            
+            return true
+          end
+          return false
+        end
+        
+        # Override this method to map the OpenID registration fields with fields in your model. See the required_fields and
+        # optional_fields configuration options to enable this feature.
+        #
+        # Basically you will get a hash of values passed as a single argument. Then just map them as you see fit. Check out
+        # the source of this method for an example.
+        def map_openid_registration(registration) # :doc:
+          registration.symbolize_keys!
+          [self.class.openid_required_fields+self.class.openid_optional_fields].flatten.each do |field|
+            setter="#{field.to_s}=".to_sym
+            if respond_to?(setter)
+              send setter,registration[field]
+            end
+          end
+        end
+        
+        # This method works in conjunction with map_saved_attributes.
+        #
+        # Let's say a user fills out a registration form, provides an OpenID and submits the form. They are then redirected to their
+        # OpenID provider. All is good and they are redirected back. All of those fields they spent time filling out are forgetten
+        # and they have to retype them all. To avoid this, AuthlogicOpenid saves all of these attributes in the session and then
+        # attempts to restore them. See the source for what attributes it saves. If you need to block more attributes, or save
+        # more just override this method and do whatever you want.
+        def attributes_to_save # :doc:
+          attrs_to_save = attributes.clone.delete_if do |k, v|
+            [:id, :password, crypted_password_field, password_salt_field, :persistence_token, :perishable_token, :single_access_token, :login_count, 
+              :failed_login_count, :last_request_at, :current_login_at, :last_login_at, :current_login_ip, :last_login_ip, :created_at,
+              :updated_at, :lock_version].include?(k.to_sym)
+          end
+          attrs_to_save.merge!(:password => password, :password_confirmation => password_confirmation)
+        end
+        
+        # This method works in conjunction with attributes_to_save. See that method for a description of the why these methods exist.
+        #
+        # If the default behavior of this method is not sufficient for you because you have attr_protected or attr_accessible then
+        # override this method and set them individually. Maybe something like this would be good:
+        #
+        #   attrs.each do |key, value|
+        #     send("#{key}=", value)
+        #   end
+        def map_saved_attributes(attrs) # :doc:
+          self.attributes = attrs
+        end
+        
+        def validate_openid
+          errors.add(:openid_identifier, "had the following error: #{@openid_error}") if @openid_error
+        end
+        
+        def using_openid?
+          respond_to?(:openid_identifier) && !openid_identifier.blank?
+        end
+        
+        def openid_complete?
+          session_class.controller.params[:open_id_complete]
+        end
+        
+        def authenticate_with_openid?
+          session_class.activated? && ((using_openid? && openid_identifier_changed?) || openid_complete?)
+        end
+        
+        def validate_password_with_openid?
+          !using_openid? && require_password?
+        end
+    end
+  end
+end

data/lib/authlogic_openid/session.rb

@@ -0,0 +1,131 @@
+module AuthlogicOpenid
+  # This module is responsible for adding all of the OpenID goodness to the Authlogic::Session::Base class.
+  module Session
+    # Add a simple openid_identifier attribute and some validations for the field.
+    def self.included(klass)
+      klass.class_eval do
+        extend Config
+        include Methods
+      end
+    end
+    
+    module Config
+      # What method should we call to find a record by the openid_identifier?
+      # This is useful if you want to store multiple openid_identifiers for a single record.
+      # You could do something like:
+      #
+      #   class User < ActiveRecord::Base
+      #     def self.find_by_openid_identifier(identifier)
+      #       user.first(:conditions => {:openid_identifiers => {:identifier => identifier}})
+      #     end
+      #   end
+      #
+      # Obviously the above depends on what you are calling your assocition, etc. But you get the point.
+      #
+      # * <tt>Default:</tt> :find_by_openid_identifier
+      # * <tt>Accepts:</tt> Symbol
+      def find_by_openid_identifier_method(value = nil)
+        rw_config(:find_by_openid_identifier_method, value, :find_by_openid_identifier)
+      end
+      alias_method :find_by_openid_identifier_method=, :find_by_openid_identifier_method
+      
+      # Add this in your Session object to Auto Register a new user using openid via sreg
+      def auto_register(value=true)
+        auto_register_value(value)
+      end
+      
+      def auto_register_value(value=nil)
+        rw_config(:auto_register,value,false)
+      end
+      
+      alias_method :auto_register=,:auto_register
+    end
+    
+    module Methods
+      def self.included(klass)
+        klass.class_eval do
+          attr_reader :openid_identifier
+          validate :validate_openid_error
+          validate :validate_by_openid, :if => :authenticating_with_openid?
+        end
+      end
+      
+      # Hooks into credentials so that you can pass an :openid_identifier key.
+      def credentials=(value)
+        super
+        values = value.is_a?(Array) ? value : [value]
+        hash = values.first.is_a?(Hash) ? values.first.with_indifferent_access : nil
+        self.openid_identifier = hash[:openid_identifier] if !hash.nil? && hash.key?(:openid_identifier)
+      end
+      
+      def openid_identifier=(value)
+        @openid_identifier = value.blank? ? nil : OpenIdAuthentication.normalize_identifier(value)
+        @openid_error = nil
+      rescue OpenIdAuthentication::InvalidOpenId => e
+        @openid_identifier = nil
+        @openid_error = e.message
+      end
+      
+      # Cleaers out the block if we are authenticating with OpenID, so that we can redirect without a DoubleRender
+      # error.
+      def save(&block)
+        block = nil if !openid_identifier.blank?
+        super(&block)
+      end
+      
+      private
+        def authenticating_with_openid?
+          attempted_record.nil? && errors.empty? && (!openid_identifier.blank? || (controller.params[:open_id_complete] && controller.params[:for_session]))
+        end
+        
+        def find_by_openid_identifier_method
+          self.class.find_by_openid_identifier_method
+        end
+
+        def find_by_openid_identifier_method
+          self.class.find_by_openid_identifier_method
+        end
+
+        def auto_register?
+          self.class.auto_register_value
+        end
+
+        def validate_by_openid
+          self.remember_me = controller.params[:remember_me] == "true" if controller.params.key?(:remember_me)
+
+          options = {}
+          options[:required] = klass.openid_required_fields
+          options[:optional] = klass.openid_optional_fields
+          options[:return_to] = controller.url_for(:for_session => "1", :remember_me => remember_me?)
+
+          controller.send(:authenticate_with_open_id, openid_identifier, options) do |result, openid_identifier, registration|
+            if result.unsuccessful?
+              errors.add_to_base(result.message)
+              return
+            end
+            
+            self.attempted_record = klass.send(find_by_openid_identifier_method, openid_identifier)
+
+            if !attempted_record
+              if auto_register?
+                self.attempted_record = klass.new :openid_identifier=>openid_identifier
+                self.attempted_record.send(:map_openid_registration, registration)
+
+                if ! attempted_record.save
+                  errors.add(:openid_identifier, "error auto-registering new openid account")
+                end
+                return
+              else
+                errors.add(:openid_identifier, "did not match any users in our database, have you set up your account to use OpenID?")
+                return
+              end
+            end
+          end
+        end
+        
+        def validate_openid_error
+          errors.add(:openid_identifier, @openid_error) if @openid_error
+        end
+    end
+  end
+end