lsdr-authlogic-connect 0.0.3.9

data/lib/authlogic_connect/common/state.rb

@@ -0,0 +1,16 @@
+# This class holds query/state variables common to oauth and openid
+module AuthlogicConnect::Common::State
+  
+  def auth_session?
+    !auth_session.blank?
+  end
+  
+  def auth_params?
+    !auth_params.blank?
+  end
+  
+  def is_auth_session?
+    self.is_a?(Authlogic::Session::Base)
+  end
+  
+end

data/lib/authlogic_connect/common/user.rb

@@ -0,0 +1,115 @@
+# This class is the main api for the user.
+# It is also required to properly sequence the save methods
+# for the different authentication types (oauth and openid)
+module AuthlogicConnect::Common::User
+    
+  def self.included(base)
+    base.class_eval do
+      add_acts_as_authentic_module(InstanceMethods, :append)
+      add_acts_as_authentic_module(AuthlogicConnect::Common::Variables, :prepend)
+    end
+  end
+  
+  module InstanceMethods
+    
+    def self.included(base)
+      base.class_eval do
+        has_many :tokens, :class_name => "Token", :dependent => :destroy
+        belongs_to :active_token, :class_name => "Token", :dependent => :destroy
+        accepts_nested_attributes_for :tokens, :active_token
+      end
+    end
+    
+    def authenticated_with
+      @authenticated_with ||= self.tokens.collect{|t| t.service_name.to_s}
+    end
+    
+    def authenticated_with?(service)
+      self.tokens.detect{|t| t.service_name.to_s == service.to_s}
+    end
+    
+    def update_attributes(attributes, &block)
+      self.attributes = attributes
+      save(:validate => true, &block)
+    end
+    
+    def has_token?(service_name)
+      !get_token(service_name).nil?
+    end
+    
+    def get_token(service_name)
+      self.tokens.detect {|i| i.service_name.to_s == service_name.to_s}
+    end
+    
+    # core save method coordinating how to save the user.
+    # we dont' want to ru validations based on the 
+    # authentication mission we are trying to accomplish.
+    # instead, we just return save as false.
+    # the next time around, when we recieve the callback,
+    # we will run the validations
+    def save(options = {}, &block)
+      # debug_user_save_pre(options, &block)
+      options = {} if options == false
+      unless options[:skip_redirect] == true
+        return false if remotely_authenticating?(&block)
+      end
+      # forces you to validate, maybe get rid of if needed,
+      # but everything depends on this
+      if ActiveRecord::VERSION::MAJOR < 3
+        result = super(true) # validate!
+      else
+        result = super(options.merge(:validate => true))
+      end
+      # debug_user_save_post
+      yield(result) if block_given? # give back to controller
+      
+      cleanup_auth_session if result && !(options.has_key?(:keep_session) && options[:keep_session])
+      
+      result
+    end
+    
+    def remotely_authenticating?(&block)
+      return redirecting_to_oauth_server? if using_oauth? && block_given?
+      return redirecting_to_openid_server? if using_openid?
+      return false
+    end
+    
+    # it only reaches this point once it has returned, or you
+    # have manually skipped the redirect and save was called directly.
+    def cleanup_auth_session
+      cleanup_oauth_session
+      cleanup_openid_session
+    end
+    
+    def validate_password_with_oauth?
+      !using_openid? && super
+    end
+    
+    def validate_password_with_openid?
+      !using_oauth? && super
+    end
+    
+    # test methods for dev/debugging, commented out by default
+    def debug_user_save_pre(options = {}, &block)
+      puts "USER SAVE "
+      puts "block_given? #{block_given?.to_s}"
+      puts "using_oauth? #{using_oauth?.to_s}"
+      puts "using_openid? #{using_openid?.to_s}"
+      puts "authenticating_with_oauth? #{authenticating_with_oauth?.to_s}"
+      puts "authenticating_with_openid? #{authenticating_with_openid?.to_s}"
+      puts "validate_password_with_oauth? #{validate_password_with_oauth?.to_s}"
+      puts "validate_password_with_openid? #{validate_password_with_openid?.to_s}"
+      puts "!using_openid? && require_password? #{(!using_openid? && require_password?).to_s}"
+    end
+    
+    def debug_user_save_post
+      puts "ERRORS: #{errors.full_messages}"
+      puts "using_oauth? #{using_oauth?.to_s}"
+      puts "using_openid? #{using_openid?.to_s}"
+      puts "validate_password_with_oauth? #{validate_password_with_oauth?.to_s}"
+      puts "validate_password_with_openid? #{validate_password_with_openid?.to_s}"
+    end
+    
+  end
+  
+end

data/lib/authlogic_connect/common/variables.rb

@@ -0,0 +1,77 @@
+module AuthlogicConnect::Common::Variables
+  include AuthlogicConnect::Common::State
+  
+  def auth_controller
+    is_auth_session? ? controller : session_class.controller
+  end
+  
+  def auth_session
+    return {} unless (auth_controller && auth_controller.session)
+
+    auth_controller.session.symbolize_keys!
+    auth_controller.session.keys.each do |key|
+      auth_controller.session[key.to_s] = auth_controller.session.delete(key) if key.to_s =~ /^OpenID/
+    end
+    auth_controller.session
+  end
+  
+  def auth_params
+    return {} unless (auth_controller && auth_controller.params)
+
+    auth_controller.params.symbolize_keys!
+    auth_controller.params.keys.each do |key|
+      auth_controller.params[key.to_s] = auth_controller.params.delete(key) if key.to_s =~ /^OpenID/
+    end
+    auth_controller.params
+  end
+  
+  def auth_callback_url(options = {})
+    auth_controller.url_for({:controller => auth_controller.controller_name, :action => auth_controller.action_name}.merge(options))
+  end
+  
+  # if we've said it's a "user" (registration), or a "session" (login)
+  def auth_type
+    from_session_or_params(:authentication_type)
+  end
+  
+  # auth_params and auth_session attributes are all String!
+  def from_session_or_params(by)
+    key = by.is_a?(Symbol) ? by : by.to_sym
+    result = auth_params[key] if (auth_params && auth_params[key])
+    result = auth_session[key] if (result.nil? || result.blank?)
+    result
+  end
+  
+  # because user and session are so closely tied together, I am still
+  # uncertain as to how they are saved.  So this makes sure if we are
+  # logging in, it must be saving the session, otherwise the user.
+  def correct_request_class?
+    if is_auth_session?
+      auth_type.to_s == "session"
+    else
+      auth_type.to_s == "user"
+    end
+  end
+  
+  def add_session_key(key, value)
+    
+  end
+  
+  # because we may need to store 6+ session variables, all with pretty lengthy names,
+  # might as well just tinify them.
+  # just an idea
+  def optimized_session_key(key)
+    @optimized_session_keys ||= {
+      :auth_request_class         => :authcl,
+      :authentication_method      => :authme,
+      :authentication_type        => :authty,
+      :oauth_provider             => :authpr,
+      :auth_callback_method       => :authcb,
+      :oauth_request_token        => :authtk,
+      :oauth_request_token_secret => :authsc,
+      :auth_attributes            => :authat
+    }
+    @optimized_session_keys[key]
+  end
+  
+end

data/lib/authlogic_connect/engine.rb

@@ -0,0 +1,14 @@
+module AuthlogicConnect
+  class Engine < Rails::Engine
+    
+    initializer "authlogic_connect.authentication_hook" do |app|
+      app.middleware.use AuthlogicConnect::CallbackFilter
+      app.middleware.use OpenIdAuthentication
+    end
+    
+    initializer "authlogic_connect.finalize", :after => "authlogic_connect.authentication_hook" do |app|
+      OpenID::Util.logger = Rails.logger
+      ActionController::Base.send :include, OpenIdAuthentication
+    end
+  end
+end

data/lib/authlogic_connect/ext.rb

@@ -0,0 +1,56 @@
+# these are extensions I've found useful for this project
+class String
+  # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
+  def normalize_identifier
+    # clean up whitespace
+    identifier = self.dup.strip
+
+    # if an XRI has a prefix, strip it.
+    identifier.gsub!(/xri:\/\//i, '')
+
+    # dodge XRIs -- TODO: validate, don't just skip.
+    unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
+      # does it begin with http?  if not, add it.
+      identifier = "http://#{identifier}" unless identifier =~ /^http/i
+
+      # strip any fragments
+      identifier.gsub!(/\#(.*)$/, '')
+
+      begin
+        uri = URI.parse(identifier)
+        uri.scheme = uri.scheme.downcase  # URI should do this
+        identifier = uri.normalize.to_s
+      rescue URI::InvalidURIError
+        raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
+      end
+    end
+
+    return identifier
+  end
+end
+
+class Hash
+  def recursively_symbolize_keys!
+    self.symbolize_keys!
+    self.values.each do |v|
+      if v.is_a? Hash
+        v.recursively_symbolize_keys!
+      elsif v.is_a? Array
+        v.recursively_symbolize_keys!
+      end
+    end
+    self
+  end
+end
+
+class Array
+  def recursively_symbolize_keys!
+    self.each do |item|
+      if item.is_a? Hash
+        item.recursively_symbolize_keys!
+      elsif item.is_a? Array
+        item.recursively_symbolize_keys!
+      end
+    end
+  end
+end

data/lib/authlogic_connect/oauth.rb

@@ -0,0 +1,14 @@
+module AuthlogicConnect::Oauth
+end
+
+require File.dirname(__FILE__) + "/oauth/state"
+require File.dirname(__FILE__) + "/oauth/variables"
+require File.dirname(__FILE__) + "/oauth/process"
+require File.dirname(__FILE__) + "/oauth/user"
+require File.dirname(__FILE__) + "/oauth/session"
+require File.dirname(__FILE__) + "/oauth/helper"
+
+ActiveRecord::Base.send(:include, AuthlogicConnect::Oauth::User)
+Authlogic::Session::Base.send(:include, AuthlogicConnect::Oauth::Session)
+ActionController::Base.helper AuthlogicConnect::Oauth::Helper
+ActionView::Helpers::FormBuilder.send(:include, AuthlogicConnect::Oauth::FormHelper)

data/lib/authlogic_connect/oauth/helper.rb

@@ -0,0 +1,20 @@
+module AuthlogicConnect::Oauth::Helper
+  
+  # options include "name"
+  def oauth_register_hidden_input
+    oauth_input(:type => "user")
+  end
+  
+  def oauth_login_hidden_input
+    oauth_input(:type => "session")
+  end
+  
+  def oauth_input(options = {})
+    tag(:input, {:type => "hidden", :name => "authentication_type", :value => options[:type]})
+  end
+  
+end
+
+module AuthlogicConnect::Oauth::FormHelper
+  
+end

data/lib/authlogic_connect/oauth/process.rb

@@ -0,0 +1,68 @@
+module AuthlogicConnect::Oauth::Process
+
+  include AuthlogicConnect::Oauth::Variables
+
+  # Step 2: after save is called, it runs this method for validation
+  def validate_by_oauth
+    validate_email_field = false
+    unless new_oauth_request? # shouldn't be validating if it's redirecting...
+      restore_attributes
+      complete_oauth_transaction
+    end
+  end
+  
+  # Step 3: if new_oauth_request?, redirect to oauth provider
+  def redirect_to_oauth
+    save_oauth_session
+    authorize_url = token_class.authorize_url(auth_callback_url) do |request_token|
+      save_auth_session_token(request_token) # only for oauth version 1
+    end
+    auth_controller.redirect_to authorize_url
+  end
+  
+  # Step 3a: save our passed-parameters into the session,
+  # so we can retrieve them after the redirect calls back
+  def save_oauth_session
+    # Store the class which is redirecting, so we can ensure other classes
+    # don't get confused and attempt to use the response
+    auth_session[:auth_request_class]         = self.class.name
+  
+    auth_session[:authentication_type]        = auth_params[:authentication_type]
+    auth_session[:oauth_provider]             = auth_params[:oauth_provider]
+    auth_session[:auth_method]                = "oauth"
+    
+    # Tell our rack callback filter what method the current request is using
+    auth_session[:auth_callback_method]       = auth_controller.request.method
+  end
+  
+  # Step 3b (if version 1.0 of oauth)
+  def save_auth_session_token(request)
+    # store token and secret
+    auth_session[:oauth_request_token]        = request.token
+    auth_session[:oauth_request_token_secret] = request.secret
+  end
+  
+  def restore_attributes
+  end
+  
+  # Step 4: on callback, run this method
+  def authenticate_with_oauth
+    # implemented in User and Session Oauth modules
+  end
+  
+  # Step last, after the response
+  # having lots of trouble testing logging and out multiple times,
+  # so there needs to be a solid way to know when a user has messed up loggin in.
+  def cleanup_oauth_session
+    [:auth_request_class,
+      :authentication_type,
+      :auth_method,
+      :auth_attributes,
+      :oauth_provider,
+      :auth_callback_method,
+      :oauth_request_token,
+      :oauth_request_token_secret
+    ].each {|key| auth_session.delete(key)}
+  end
+    
+end

data/lib/authlogic_connect/oauth/session.rb

@@ -0,0 +1,58 @@
+module AuthlogicConnect::Oauth
+  # This module is responsible for adding oauth
+  # to the Authlogic::Session::Base class.
+  module Session
+    def self.included(base)
+      base.class_eval do
+        include InstanceMethods
+      end
+    end
+
+    module InstanceMethods
+      include Process
+
+      def self.included(klass)
+        klass.class_eval do
+          validate :validate_by_oauth, :if => :authenticating_with_oauth?
+        end
+      end
+      
+      # Hooks into credentials so that you can pass a user who has already has an oauth access token.
+      def credentials=(value)
+        super
+        values = value.is_a?(Array) ? value : [value]
+        hash = values.first.is_a?(Hash) ? values.first.with_indifferent_access : nil
+        self.record = hash[:priority_record] if !hash.nil? && hash.key?(:priority_record)
+      end
+
+      def record=(record)
+        @record = record
+      end
+
+    private
+      # Clears out the block if we are authenticating with oauth,
+      # so that we can redirect without a DoubleRender error.
+      def save_with_oauth(&block)
+        block = nil if redirecting_to_oauth_server?
+        return block.nil?
+      end
+      
+      def complete_oauth_transaction
+        if @record
+          self.attempted_record = record
+        else
+          # this generated token is always the same for a user!
+          # this is searching with User.find ...
+          # attempted_record is part of AuthLogic
+          hash = oauth_token_and_secret
+          token = token_class.find_by_key_or_token(hash[:key], hash[:token], :include => [:user]) # some weird error if I leave out the include)
+          self.attempted_record = token.user
+        end
+        
+        if !attempted_record
+          errors.add_to_base("Could not find user in our database, have you registered with your oauth account?")
+        end
+      end
+    end
+  end
+end