jspooner-authlogic-connect 0.0.19

data/lib/authlogic_connect/common/variables.rb

@@ -0,0 +1,124 @@
+module AuthlogicConnect::Common::Variables
+  include AuthlogicConnect::Common::State
+
+  attr_reader :processing_authentication
+  
+  def auth_class
+    is_auth_session? ? self.class : session_class
+  end
+  
+  def auth_controller
+    is_auth_session? ? controller : session_class.controller
+  end
+  
+  def auth_params
+    return nil unless auth_controller?
+    auth_controller.params.symbolize_keys!
+    auth_controller.params.keys.each do |key|
+      auth_controller.params[key.to_s] = auth_controller.params.delete(key) if key.to_s =~ /^OpenID/
+    end
+    auth_controller.params
+  end
+  
+  def auth_session
+    return nil unless auth_controller?
+    auth_controller.session.symbolize_keys!
+    auth_controller.session.keys.each do |key|
+      auth_controller.session[key.to_s] = auth_controller.session.delete(key) if key.to_s =~ /^OpenID/
+    end
+    auth_controller.session
+  end
+  
+  def auth_callback_url(options = {})
+    auth_controller.url_for({:controller => auth_controller.controller_name, :action => auth_controller.action_name}.merge(options))
+  end
+  
+  # if we've said it's a "user" (registration), or a "session" (login)
+  def auth_type
+    from_session_or_params(:authentication_type)
+  end
+  
+  # auth_params and auth_session attributes are all String!
+  def from_session_or_params(attribute)
+    return nil unless auth_controller?
+    key = attribute.is_a?(Symbol) ? attribute : attribute.to_sym
+    result = auth_params[key] if (auth_params && auth_params[key])
+    result = auth_session[key] if (result.nil? || result.blank?)
+    result
+  end
+  
+  def add_session_key(key, value)
+    
+  end
+  
+  def remove_session_key(key)
+    keys = key.is_a?(Symbol) ? [key, key.to_s] : [key, key.to_sym]
+    keys.each {|k| auth_session.delete(k)}
+  end
+    
+  # wraps the call to "save" (in yield).
+  # reason being, we need to somehow not allow oauth/openid validations to run
+  # when we don't have a block.  We can't know that using class methods, so we create
+  # this property "processing_authentication", which is used in the validation method.
+  # it's value is set to "block_given", which is the value of block_given?
+  def authenticate_via_protocol(block_given = false, options = {}, &block)
+    @processing_authentication = auth_controller? && block_given
+    saved = yield start_authentication?
+    @processing_authentication = false
+    saved
+  end
+  
+  # returns boolean
+  def authentication_protocol(with, phase)
+    returning(send("#{phase.to_s}_#{with.to_s}?")) do |ready|
+      send("#{phase.to_s}_#{with.to_s}") if ready
+    end if send("using_#{with.to_s}?")
+  end
+  
+  # it only reaches this point once it has returned, or you
+  # have manually skipped the redirect and save was called directly.
+  def cleanup_authentication_session(options = {}, &block)
+    unless (options.has_key?(:keep_session) && options[:keep_session])
+      %w(oauth openid).each do |type|
+        send("cleanup_#{type.to_s}_session")
+      end
+    end
+  end
+  
+  def log(*methods)
+    methods.each do |method|
+      puts "#{method.to_s}: #{send(method).inspect}"
+    end
+  end
+    
+  def log_state
+    log(:correct_request_class?)
+    log(:using_oauth?, :start_oauth?, :complete_oauth?)
+    log(:oauth_request?, :oauth_response?, :stored_oauth_token_and_secret?)
+    log(:using_openid?, :start_openid?, :complete_openid?, :openid_request?, :openid_response?)
+    log(:authenticating_with_openid?)
+    log(:stored_oauth_token_and_secret)
+  end
+  
+  # because we may need to store 6+ session variables, all with pretty lengthy names,
+  # might as well just tinify them.
+  # just an idea
+  def optimized_session_key(key)
+    @optimized_session_keys ||= {
+      :auth_request_class         => :authcl,
+      :authentication_method      => :authme,
+      :authentication_type        => :authty,
+      :oauth_provider             => :authpr,
+      :auth_callback_method       => :authcb,
+      :oauth_request_token        => :authtk,
+      :oauth_request_token_secret => :authsc,
+      :auth_attributes            => :authat
+    }
+    @optimized_session_keys[key]
+  end
+  
+  def auto_register?
+    true
+  end
+  
+end

data/lib/authlogic_connect/common.rb

@@ -0,0 +1,10 @@
+module AuthlogicConnect::Common
+end
+
+require File.dirname(__FILE__) + "/common/state"
+require File.dirname(__FILE__) + "/common/variables"
+require File.dirname(__FILE__) + "/common/user"
+require File.dirname(__FILE__) + "/common/session"
+
+ActiveRecord::Base.send(:include, AuthlogicConnect::Common::User)
+Authlogic::Session::Base.send(:include, AuthlogicConnect::Common::Session)

data/lib/authlogic_connect/engine.rb

@@ -0,0 +1,14 @@
+module AuthlogicConnect
+  class Engine < Rails::Engine
+    
+    initializer "authlogic_connect.authentication_hook" do |app|
+      app.middleware.use AuthlogicConnect::CallbackFilter
+      app.middleware.use OpenIdAuthentication
+    end
+    
+    initializer "authlogic_connect.finalize", :after => "authlogic_connect.authentication_hook" do |app|
+      OpenID::Util.logger = Rails.logger
+      ActionController::Base.send :include, OpenIdAuthentication
+    end
+  end
+end

data/lib/authlogic_connect/ext.rb

@@ -0,0 +1,56 @@
+# these are extensions I've found useful for this project
+class String
+  # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
+  def normalize_identifier
+    # clean up whitespace
+    identifier = self.dup.strip
+
+    # if an XRI has a prefix, strip it.
+    identifier.gsub!(/xri:\/\//i, '')
+
+    # dodge XRIs -- TODO: validate, don't just skip.
+    unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
+      # does it begin with http?  if not, add it.
+      identifier = "http://#{identifier}" unless identifier =~ /^http/i
+
+      # strip any fragments
+      identifier.gsub!(/\#(.*)$/, '')
+
+      begin
+        uri = URI.parse(identifier)
+        uri.scheme = uri.scheme.downcase  # URI should do this
+        identifier = uri.normalize.to_s
+      rescue URI::InvalidURIError
+        raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
+      end
+    end
+
+    return identifier
+  end
+end
+
+class Hash
+  def recursively_symbolize_keys!
+    self.symbolize_keys!
+    self.values.each do |v|
+      if v.is_a? Hash
+        v.recursively_symbolize_keys!
+      elsif v.is_a? Array
+        v.recursively_symbolize_keys!
+      end
+    end
+    self
+  end
+end
+
+class Array
+  def recursively_symbolize_keys!
+    self.each do |item|
+      if item.is_a? Hash
+        item.recursively_symbolize_keys!
+      elsif item.is_a? Array
+        item.recursively_symbolize_keys!
+      end
+    end
+  end
+end

data/lib/authlogic_connect/oauth/helper.rb

@@ -0,0 +1,20 @@
+module AuthlogicConnect::Oauth::Helper
+  
+  # options include "name"
+  def oauth_register_hidden_input
+    oauth_input(:type => "user")
+  end
+  
+  def oauth_login_hidden_input
+    oauth_input(:type => "session")
+  end
+  
+  def oauth_input(options = {})
+    tag(:input, {:type => "hidden", :name => "authentication_type", :value => options[:type]})
+  end
+  
+end
+
+module AuthlogicConnect::Oauth::FormHelper
+  
+end

data/lib/authlogic_connect/oauth/process.rb

@@ -0,0 +1,77 @@
+module AuthlogicConnect::Oauth::Process
+
+  include AuthlogicConnect::Oauth::Variables
+
+  # Step 2: after save is called, it runs this method for validation
+  def validate_by_oauth
+    if processing_authentication
+      authentication_protocol(:oauth, :start) || authentication_protocol(:oauth, :complete)
+    end
+  end
+  
+  # Step 3: if new_oauth_request?, redirect to oauth provider
+  def start_oauth
+    save_oauth_session
+    authorize_url = token_class.authorize_url(auth_callback_url) do |request_token|
+      request_token.display = "popup"
+      save_auth_session_token(request_token) # only for oauth version 1
+    end
+    puts "4 AAAAAAAAAA -----------------   authorize_url #{authorize_url}"
+    auth_controller.redirect_to authorize_url
+  end
+  
+  # Step 4: on callback, run this method
+  def complete_oauth
+    # implemented in User and Session Oauth modules
+    unless new_oauth_request? # shouldn't be validating if it's redirecting...
+      restore_attributes
+      complete_oauth_transaction
+      return true
+    end
+    return false
+  end
+  
+  # Step 3a: save our passed-parameters into the session,
+  # so we can retrieve them after the redirect calls back
+  def save_oauth_session
+    # Store the class which is redirecting, so we can ensure other classes
+    # don't get confused and attempt to use the response
+    auth_session[:auth_request_class]         = self.class.name
+  
+    auth_session[:authentication_type]        = auth_params[:authentication_type]
+    auth_session[:oauth_provider]             = auth_params[:oauth_provider]
+    auth_session[:auth_method]                = "oauth"
+    
+    # Tell our rack callback filter what method the current request is using
+    auth_session[:auth_callback_method]       = auth_controller.request.method
+  end
+  
+  # Step 3b (if version 1.0 of oauth)
+  def save_auth_session_token(request)
+    # store token and secret
+    auth_session[:oauth_request_token]        = request.token
+    auth_session[:oauth_request_token_secret] = request.secret
+  end
+  
+  def restore_attributes
+  end
+  
+  # Step last, after the response
+  # having lots of trouble testing logging and out multiple times,
+  # so there needs to be a solid way to know when a user has messed up loggin in.
+  def cleanup_oauth_session
+    [:auth_request_class,
+      :authentication_type,
+      :auth_method,
+      :auth_attributes,
+      :oauth_provider,
+      :auth_callback_method,
+      :oauth_request_token,
+      :oauth_request_token_secret,
+      :_key,
+      :_token,
+      :_secret,
+    ].each {|key| remove_session_key(key)}
+  end
+  
+end

data/lib/authlogic_connect/oauth/session.rb

@@ -0,0 +1,90 @@
+module AuthlogicConnect::Oauth
+  # This module is responsible for adding oauth
+  # to the Authlogic::Session::Base class.
+  module Session
+    def self.included(base)
+      base.class_eval do
+        include InstanceMethods
+      end
+    end
+    
+    module InstanceMethods
+      include Process
+
+      def self.included(klass)
+        klass.class_eval do
+          validate :validate_by_oauth, :if => :authenticating_with_oauth?
+        end
+      end
+      
+      # Hooks into credentials so that you can pass a user who has already has an oauth access token.
+      def credentials=(value)
+        super
+        values = value.is_a?(Array) ? value : [value]
+        hash = values.first.is_a?(Hash) ? values.first.with_indifferent_access : nil
+        self.record = hash[:priority_record] if !hash.nil? && hash.key?(:priority_record)
+      end
+
+      def record=(record)
+        @record = record
+      end
+
+    private
+      
+      def complete_oauth_transaction
+        if @record
+          self.attempted_record = record
+        else
+          # this generated token is always the same for a user!
+          # this is searching with User.find ...
+          # attempted_record is part of AuthLogic
+          hash = oauth_token_and_secret
+          puts "//////////////////////////   OAUTH" 
+          puts "//////////////////////////   OAUTH #{hash}" 
+          puts "//////////////////////////   OAUTH.inspect #{hash.inspect}" 
+          puts "//////////////////////////   hash[:key] #{hash[:key]}" 
+          puts "//////////////////////////   hash[:token] #{hash[:token]}" 
+          token = token_class.find_by_key_or_token(hash[:key], hash[:token], :include => [:user]) # some weird error if I leave out the include)
+          if token
+            self.attempted_record = token.user
+          elsif auto_register?
+            self.attempted_record = klass.new
+            self.attempted_record.access_tokens << token_class.new(hash)
+            
+            puts "//////////////   FACEBOOK TOKEN???   #{self.attempted_record.get_token(:facebook)}"
+            puts "//////////////   FACEBOOK TOKEN???   #{self.attempted_record.get_token(:facebook).inspect}"
+            # If it's a facebook token lets look up the users email address
+            if self.attempted_record.has_token?(:facebook)
+              self.attempted_record.active_token = self.attempted_record.get_token(:facebook)
+              facebook = JSON.parse(self.attempted_record.active_token.get("/me"))
+              puts "//////////////   FACEBOOK DETAILS #{facebook.inspect}"
+              puts "//////////////   FACEBOOK EMAIL #{facebook[:email]}"  
+              if facebook[:email]
+                existing_user = klass.find_by_email(facebook[:email])
+                puts "//////////////   FACEBOOK DETAILS YES YES YES YES #{existing_user} #{existing_user.inspect}"
+                if existing_user
+                  # It would be nice to place this app specific code somewhere else
+                  self.attempted_record            = existing_user
+                  self.attempted_record.access_tokens << token_class.new(hash)                  
+                end
+              end
+              self.attempted_record.first_name = facebook[:first_name] if !facebook[:first_name].nil? and !self.attempted_record.first_name.nil?
+              self.attempted_record.last_name  = facebook[:last_name] if !facebook[:last_name].nil? and !self.attempted_record.last_name.nil?              
+            end
+            
+            
+            self.attempted_record.save
+          else
+            auth_session[:_key] = hash[:key]
+            auth_session[:_token] = hash[:token]
+            auth_session[:_secret] = hash[:secret]
+          end
+        end
+
+        if !attempted_record
+          errors.add(:user, "Could not find user in our database, have you registered with your oauth account?")
+        end
+      end
+    end
+  end
+end

data/lib/authlogic_connect/oauth/state.rb

@@ -0,0 +1,60 @@
+# all these methods must return true or false
+module AuthlogicConnect::Oauth::State
+  
+  # 1. to call
+  # checks that we just passed parameters to it,
+  # and that the parameters say 'authentication_method' == 'oauth'
+  def oauth_request?
+    auth_params? && oauth_provider?
+  end
+  
+  # 2. from call
+  # checks that the correct session variables are there
+  def oauth_response?
+    !oauth_response.nil? && auth_session? && auth_session[:auth_request_class] == self.class.name && auth_session[:auth_method] == "oauth"
+  end
+  
+  def oauth_complete?
+    oauth_response? || stored_oauth_token_and_secret?
+  end
+  
+  # 3. either to or from call
+  def using_oauth?
+    oauth_request? || oauth_response? || stored_oauth_token_and_secret?
+  end
+  
+  def new_oauth_request?
+    return false if stored_oauth_token_and_secret?
+    return oauth_response.blank?
+  end
+  
+  def oauth_provider?
+    !oauth_provider.blank?
+  end
+  
+  # main method we call on validation
+  def authenticating_with_oauth?
+    correct_request_class? && using_oauth?
+  end
+  
+  def allow_oauth_redirect?
+    authenticating_with_oauth? && !oauth_complete?
+  end
+  
+  def start_oauth?
+    authenticating_with_oauth? && !oauth_complete?
+  end
+  
+  def complete_oauth?
+    using_oauth? && !new_oauth_request?
+  end
+  
+  def validate_password_with_oauth?
+    !using_oauth? && require_password?
+  end
+  
+  def stored_oauth_token_and_secret?
+    !is_auth_session? && auth_params? && auth_params.has_key?(:_key) && auth_params.has_key?(:_token) && auth_params.has_key?(:_secret)
+  end
+  
+end

data/lib/authlogic_connect/oauth/tokens/aol_token.rb

@@ -0,0 +1,2 @@
+# http://dev.aol.com/openauth_gettingstarted
+# https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=dev.aol.com&authLev=1&lang=en&locale=us&siteState=OrigUrl%3Dhttp%253A%252F%252Fdev.aol.com%252Fkeys

data/lib/authlogic_connect/oauth/tokens/facebook_token.rb

@@ -0,0 +1,11 @@
+# http://www.facebook.com/developers/apps.php
+# http://developers.facebook.com/setup/
+class FacebookToken < OauthToken
+  
+  version 2.0
+  
+  settings "https://graph.facebook.com",
+    :authorize_url => "https://graph.facebook.com/oauth/authorize",
+    :scope         => "email, offline_access"
+  
+end

data/lib/authlogic_connect/oauth/tokens/foursquare_token.rb

@@ -0,0 +1,15 @@
+class FoursquareToken < OauthToken
+  
+  key do |access_token|
+    body = JSON.parse(access_token.get("/user.json").body)
+    user_id = body['user']['id'].to_s
+  end
+  
+  settings "http://api.foursquare.com/:api_version",
+    :request_token_url  => "http://foursquare.com/oauth/request_token",
+    :access_token_url   => "http://foursquare.com/oauth/access_token",
+    :authorize_url      => "http://foursquare.com/oauth/authorize",
+    :api_versions       => {1 => "v1", 2 => "v2"},
+    :api_version        => 1
+  
+end

data/lib/authlogic_connect/oauth/tokens/get_satisfaction_token.rb

@@ -0,0 +1,9 @@
+# http://getsatisfaction.com/developers/oauth
+class GetSatisfactionToken < OauthToken
+  
+  settings "http://getsatisfaction.com",
+    :request_token_path => "/api/request_token",
+    :authorize_url      => "/api/authorize",
+    :access_token_path  => "/api/access_token"
+  
+end

data/lib/authlogic_connect/oauth/tokens/github_token.rb

@@ -0,0 +1,14 @@
+class GithubToken < OauthToken
+  
+  version 2
+  
+  key do |access_token|
+    user = JSON.parse(access_token.get("/api/v2/json/user/show"))
+    user["id"]
+  end
+  
+  settings "https://github.com",
+    :authorize_path     => "/login/oauth/authorize",
+    :access_token_path  => "/login/oauth/access_token"
+  
+end

data/lib/authlogic_connect/oauth/tokens/google_token.rb

@@ -0,0 +1,41 @@
+# http://code.google.com/apis/accounts/docs/OAuth_ref.html
+# http://code.google.com/apis/accounts/docs/OpenID.html#settingup
+# http://code.google.com/apis/accounts/docs/OAuth.html
+# http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html
+# http://www.manu-j.com/blog/add-google-oauth-ruby-on-rails-sites/214/
+# http://googlecodesamples.com/oauth_playground/
+# Scopes:
+# Analytics         https://www.google.com/analytics/feeds/ 
+# Google Base       http://www.google.com/base/feeds/       
+# Book Search       http://www.google.com/books/feeds/      
+# Blogger           http://www.blogger.com/feeds/           
+# Calendar          http://www.google.com/calendar/feeds/   
+# Contacts          http://www.google.com/m8/feeds/         
+# Documents List    http://docs.google.com/feeds/           
+# Finance           http://finance.google.com/finance/feeds/
+# GMail             https://mail.google.com/mail/feed/atom
+# Health            https://www.google.com/health/feeds/
+# H9                https://www.google.com/h9/feeds/
+# Maps              http://maps.google.com/maps/feeds/
+# OpenSocial        http://www-opensocial.googleusercontent.com/api/people/
+# orkut             http://www.orkut.com/social/rest
+# Picasa Web        http://picasaweb.google.com/data/
+# Sidewiki          http://www.google.com/sidewiki/feeds/
+# Sites             http://sites.google.com/feeds/
+# Spreadsheets      http://spreadsheets.google.com/feeds/
+# Webmaster Tools   http://www.google.com/webmasters/tools/feeds/
+# YouTube           http://gdata.youtube.com
+class GoogleToken < OauthToken
+  
+   settings "https://www.google.com",
+     :request_token_path => "/accounts/OAuthGetRequestToken",
+     :authorize_path     => "/accounts/OAuthAuthorizeToken",
+     :access_token_path  => "/accounts/OAuthGetAccessToken",
+     :scope              => "https://www.googleapis.com/auth/userinfo#email"
+
+   key do |access_token|
+     body = JSON.parse(access_token.get("https://www.googleapis.com/userinfo/email?alt=json").body)
+     email = body["data"]["email"]
+   end
+   
+end

data/lib/authlogic_connect/oauth/tokens/linked_in_token.rb

@@ -0,0 +1,19 @@
+# http://developer.linkedin.com/docs/DOC-1008
+# https://www.linkedin.com/secure/developer
+# http://github.com/pengwynn/linkedin/tree/master/lib/linked_in/
+class LinkedInToken < OauthToken
+  
+  key do |access_token|
+    body = access_token.get("https://api.linkedin.com/v1/people/~:(id)").body
+    id = body.gsub("<id>([^><]+)</id>", "\\1") # so we don't need to also import nokogiri
+    id
+  end
+  
+  settings "https://api.linkedin.com",
+    :request_token_path => "/uas/oauth/requestToken",
+    :access_token_path  => "/uas/oauth/accessToken",
+    :authorize_path     => "/uas/oauth/authorize",
+    :http_method        => "get",
+    :scheme             => :query_string
+  
+end

data/lib/authlogic_connect/oauth/tokens/meetup_token.rb

@@ -0,0 +1,12 @@
+# http://www.meetup.com/meetup_api/docs/#oauth
+# protected resources: http://api.meetup.com
+class MeetupToken < OauthToken
+  
+  key :user_id
+
+  settings "http://www.meetup.com/"
+    :request_token_path => "/oauth/request",
+    :authorize_path     => "/authorize",
+    :access_token_path  => "/oauth/access"
+
+end

data/lib/authlogic_connect/oauth/tokens/myspace_token.rb

@@ -0,0 +1,26 @@
+# http://wiki.developer.myspace.com/index.php?title=Category:MySpaceID
+# http://developerwiki.myspace.com/index.php?title=OAuth_REST_API_Usage_-_Authentication_Process
+# http://developerwiki.myspace.com/index.php?title=How_to_Set_Up_a_New_Application_for_OpenID
+# http://developer.myspace.com/Modules/Apps/Pages/ApplyDevSandbox.aspx
+# after you've signed up:
+# http://developer.myspace.com/modules/apps/pages/createappaccount.aspx
+# "Create a MySpaceID App"
+# http://developer.myspace.com/modules/apps/pages/editapp.aspx?appid=188312&mode=create
+# http://developer.myspace.com/Modules/APIs/Pages/OAuthTool.aspx
+# http://developer.myspace.com/Community/forums/p/3626/15947.aspx
+class MyspaceToken < OauthToken
+  
+  # http://wiki.developer.myspace.com/index.php?title=Portable_Contacts_REST_Resources
+  key do |access_token|
+    body = JSON.parse(access_token.get("/v2/people/@me/@self?format=json").body)
+    id = body["entry"]["id"]
+  end
+  
+  settings "http://api.myspace.com", 
+    :request_token_path => "/request_token",
+    :authorize_path     => "/authorize",
+    :access_token_path  => "/access_token",
+    :http_method        => "get",
+    :scheme             => :query_string
+  
+end

data/lib/authlogic_connect/oauth/tokens/netflix_token.rb

@@ -0,0 +1,10 @@
+class NetflixToken < OauthToken
+  
+  key :user_id
+
+  settings "http://api.netflix.com",
+    :request_token_path => "/oauth/request_token",
+    :access_token_path => "/oauth/access_token",
+    :authorize_path => "/oauth/login"
+
+end