masq2 1.0.0

data/config/locales/ru.yml

@@ -0,0 +1,272 @@
+ru:
+
+  # account controller
+  thanks_for_signing_up_activation_link: Спасибо за регистрацию! Мы выслали вам письмо со ссылкой для активации учётной записи.
+  thanks_for_signing_up: Спасибо за регистрацию!
+  activation_link_resent: Мы выслали вам письмо со ссылкой для активации учётной записи.
+  profile_updated: Ваш профиль был изменён.
+  account_disabled: Ваша учётная запись была отключена.
+  entered_password_is_wrong: The entered password is wrong.
+  account_activated_login_now: Your account is activated - you can login now.
+  couldnt_find_account_with_code_create_new_one: We could not find any account with the given activation code. Please create a new account.
+  account_already_activated_please_login: Your account is already activated - please login.
+  account_already_activated_or_missing: "The account is already activated or doesn't exist."
+  password_has_been_changed: Ваш пароль был изменён.
+  sorry_password_couldnt_be_changed: Sorry, your password could not be changed.
+  confirmation_of_new_password_invalid: The confirmation of the new password was incorrect.
+  old_password_incorrect: Your old password is incorrect.
+  # account views
+  public_persona: Публичная персона
+  forgot_password_create_new_one: You forgot your password? Here you can create a new one
+  account_created_but_not_activated_yet: Your OpenID account has been created, but it is not activated, yet.#
+  please_activate_it_by_clicking_the_following_link: Please activate it by clicking the following link
+  my_profile: Мой профиль
+  login: Учётная запись
+  password: Пароль
+  my_password: Мой пароль
+  old_password: Старый пароль
+  new_password_minimum_6_characters: Новый пароль <span class="note">(минимум 6 символов)</span>
+  password_confirmation: Подтверждение пароля
+  submit_update: изменить
+  my_yubikey: Мой Yubikey
+  your_account_is_associated_with_the_yubico_identity: Ваша учётная запись связана с идентификатором Yubico
+  yubikey_how_to_use: "You can use the Yubikey in addition to your password to sign into your account. Just enter your normal
+    password and your Yubico OTP (not seperated by spaces or anything) at the login page."
+  remove_association: remove association
+  your_yubikey_a_one_time_password: Your Yubikey <span class="note">(a Yubico one time password)</span>
+  associate_account_with_yubikey: associate my account with this Yubikey
+  your_yubikey_is_optional_for_login: Your Yubikey is currently optional for login.
+  make_my_yubikey_mandatory: Make my Yubikey mandatory for login
+  your_yubikey_is_mandatory_for_login: Your Yubikey is currently mandatory for login.
+  make_my_yubikey_optional: Make my Yubikey optional for login
+  disable_my_account: Отключить мою учётную запись
+  wont_be_possible_to_reclaim_identifier: Please consider that it won't be possible to reclaim your current OpenID identifier
+  confirm_by_entering_password: Confirm this step by entering your password
+  delete_my_account_and_data: удалить мою учётную запись и все мои данные
+
+  signup_title: Регистрация
+  signup: Signup  # ???
+  resend_activation_email: resend activation email
+
+  # account mailer
+  please_activate_your_account: Пожалуйста, активируйте вашу учётную запись
+  your_request_for_a_new_password: Your request for a new password
+  activation_link: Ссылка на активацию учётной записи
+
+  # consumer controller
+  immediate_request_failed_setup_needed: Immediate request failed - setup needed
+  openid_transaction_cancelled: OpenID-транзакция отменена.
+  verification_of_identifier_failed: "Verification of %{identifier} failed: %{message}"
+  verification_failed_message: "Verification failed: %{message}"
+  verification_of_identifier_succeeded: Verification of %{identifier} succeeded.
+  simple_registration_data_requested: Simple Registration data was requested
+  but_none_was_returned: but none was returned.
+  but_got_no_response: but got no response.
+  but_an_error_occured: "but an error occured:\n%{error_message}"
+  and_saved_at_the_identity_provider: and saved at the Identity Provider.
+  the_following_data_were_sent: "The following data were sent:"
+  attribute_exchange_data_requested: Attribute Exchange data was requested
+  attribute_exchange_store_requested: Attribute Exchange Store request sent
+  authentication_policies_requested: Authentication policies were requested
+  and_server_reported_the_following: "and the server reported the following:"
+  but_the_server_did_not_report_one: but the server did not report one.
+  authentication_time: Authentication time
+
+  # consumer views
+  identifier: Идентификатор
+  verify: Verify
+  use_immediate_mode: Use immediate mode
+  request_registration_data: Request registration data
+  request_attribute_exchange_data: Request attribute exchange data
+  store_attribute_exchange_data: Store attributes with attribute exchange
+  request_pape: Request phishing-resistent auth policy (PAPE)
+  force_post: Force the transaction to use POST by adding 2K of extra data
+
+  # info
+  questions_answers: Вопросы? Ответы!
+  here_we_cover_openid_topics: Here we cover some OpenID related topics.
+  openid_delegation: Делегирование OpenID
+  delegation_explanation: "Делегирование - это способ использовать URL вашего собственного веб-сайта или блога в качестве OpenID-идентификатора. Requests can
+    be forwarded to this server by
+ adding the following HTML fragment to the <code>&lt;head&gt;</code>
+    of your site:"
+  get_your_openid: Get your OpenID
+  openid_intro: "<p>OpenID is a shared identity service, which allows you to log on to many different
+    web sites using a single digital identity, eliminating the need for different user names
+    and passwords for each site.</p>
+    <p>OpenID is a decentralized, free and open standard that lets you control the amount of
+    personal information that you would like to provide to other web sites.</p>"
+  openid_intro_link: "<p>Get started and %{signup_link}.</p>"
+  signup_for_an_openid: signup for an OpenID
+  login_to_proceed: Please log in to proceed
+  host_requests_identification_you_need_to_login: "%{host} requests your identification and you need to log in to proceed."
+  login_intro: "To log in, please navigate to <strong>%{login_url}</strong>. The page your
+    are currently viewing is used to <strong>protect yourself from phishing and online identity theft</strong>
+    and should contain no links.<br />If there are any links, please report to us, who sent you here."
+
+  # nav
+  nav_identity: идентификатор
+  nav_profile: профиль
+  nav_personas: персоны
+  nav_trusted_sites: доверенные сайты
+  logout: выход
+  current_verification_request: current verification request
+  login_link: вход
+  signup_link: регистрация
+  help: помощь
+  get_help: получить помощь
+  openid_consumer_testsuite_title: OpenID Consumer Testsuite
+  relying_party_title: Зависимая сторона
+
+  # passwords controller
+  password_reset_link_has_been_sent: A password reset link has been sent to your email address.
+  could_not_find_user_with_email_address: Could not find a user with that email address.
+  password_reset: Password reset.
+  password_mismatch: Password mismatch.
+  password_cannot_be_blank: Password cannot be blank.
+  reset_code_invalid_try_again: Sorry, your password reset code is invalid. Please check the code and try again.
+
+  # passwords views
+  reset_password: reset password
+  forgot_password_title: Forgot password
+  please_enter_email: Please enter your email address
+  submit_send: отправить
+
+  # personas controller
+  persona_successfully_created: Персона была успешно создана.
+  persona_updated: Персона была изменена.
+  persona_cannot_be_deleted: Эта персона не может быть удалена.
+
+  # personas views
+  edit_your_persona: Редактировать вашу персону «{title}»
+  personal_information: Личная информация
+  professional_information: Профессиональная информация
+  phone: Телефон
+  instant_messaging: Instant Messaging
+  other_information: Другая информация
+
+  nickname: Псевдоним
+  email: Email
+  address: Адрес
+  postcode: Почтовый индекс
+  city: Город
+  state: Область
+  country: Страна
+  language: Язык
+  timezone: Часовой пояс
+  gender: Пол
+  company_name: Организация
+  job_title: Должность
+  phone_home: Домашний телефон
+  phone_mobile: Мобильный телефон
+  phone_fax: Факс
+  phone_work: Рабочий телефон
+  biography: Биография
+  title: Title
+  fullname: Full name
+  birth_date: День рождения
+  address_business: Адрес работы
+  address_additional: Дополнительный адрес
+  address_additional_business: Дополнительный адрес работы
+  postcode_business: Почтовый индекс работы
+  city_business: Город работы
+  state_business: Область работы
+  country_business: Страна работы
+  im_aim: AIM
+  im_icq: ICQ
+  im_msn: MSN
+  im_yahoo: Yahoo
+  im_jabber: Jabber
+  im_skype: Skype
+  image_url: Image URL
+  website_url: URL веб-сайта
+  blog_url: URL блога
+  dob: День рождения
+  date_of_birth: День рождения
+
+  my_personas_title: Мои персоны
+  personas_intro: "Personas define certain roles of your account. For instance you can have a persona for private
+    use and another one for business context. When a relying party requests your information
+    you can choose the persona that you would like to exchange data from."
+  edit: редактировать
+  delete: удалить
+  really_want_to_delete_persona: Вы действительно хотите удалить персону «%{title}»?
+  create_a_new_persona: create a new persona
+  create_a_new_persona_title: Create a new persona
+
+  # sessions controller
+  you_are_logged_in: You are now logged in.
+  account_not_yet_activated: Your account is not activated, yet.
+  login_incorrect: The login is incorrect.
+  password_incorrect: The password is incorrect.
+  you_are_now_logged_out: You are now logged out.
+  account_deactivated: Your account is deactivated.
+
+  # sessions views
+  login_title: Вход
+  your_openid: Ваш OpenID
+  cancel_this_request: отменить этот запрос
+  remember_me: Запомнить меня
+  login_submit: вход
+  i_forgot_my_password: Я забыл свой пароль
+
+  # server controller
+  this_is_openid_not_a_human_resource: This is an OpenID server endpoint, not a human readable resource.
+  identity_verification_request_invalid: The identity verification request is invalid.
+  service_provider_requires_reauthentication_last_login_too_long_ago: The Service Provider requires reauthentication, because your last login is too long ago.
+  login_to_verify_identity: Please log in to verify your identity.
+
+  # server views
+  identity_request_from_host: Запрос идентификатора от %{host}
+  identity_request_missing_persona: Please %{create_link} to answer the identity request.
+  trust_root_requests_some_personal_data: "%{trust_root} requests some personal data."
+  trust_root_sends_some_personal_data: "%{trust_root} sends some personal data:"
+  trust_root_requires_authentication: "%{trust_root} requires your authentication."
+  select_information_to_submit: Пожалуйста, выберите информацию, котрую вы хотите отправить.
+  select_information_to_accept: Пожалуйста, выберите информацию, котрую вы хотите принять.
+  attributes_are_shown_from_persona: The attributes shown are from your persona %{persona}.
+  attributes_will_be_added_to_persona: The attributes will be added to your persona %{persona} (%{choose_link}).
+  to_submit_other_values_you_can_edit_or_choose: To submit other values you can %{edit_link} or %{choose_link}.
+  create_persona_link: создать персону
+  edit_persona_link: редактировать персону
+  choose_other_persona: выбрать другую персону
+  choose_persona_title: Выбрать персону
+  choose_persona_submit: выбрать персону
+  create_new_persona_link: создать новую персону
+  requested_information_title: Запрошенная информация
+  sent_information_title: Отправленная информация
+  disclosure: disclosure
+  accept: принять
+  current: текущий
+  required: обязательно
+  optional: не обязательно
+  not_supported: не поддерживается
+  trust_site_only_this_time: Доверить этому сайту только в этот раз
+  always_trust_site: Всегда доверять этому сайту
+  approve_request: Подтвердить этот запрос
+  cancel_request: Отменить этот запрос
+
+  # sites controllers
+  release_policy_for_site_updated: The release policy for this site has been updated.
+
+  # sites views
+  edit_link: редактировать
+  delete_link: удалить
+  or: или
+  your_release_policy_for_site: Your release policy for %{site}
+  persona_label: Персона
+  property: свойство
+  value: значение
+  update_release_policy_submit: update release policy
+  identity_request_answered_without_interaction: Identity request from the following sites are answered directly without further interaction.
+  alter_release_policies_here: You can alter the release policies for these sites here.
+  really_want_to_delete_trust_for_site: Do you really want to delete the trust for %{site}?
+  no_entries_yet: There are no entries, yet.
+  ext0: Ext0
+  ext1: Ext1
+  ext2: Ext2
+
+  # yubikey controller
+  account_associated_with_yubico_identity: Ваша учётная запись была ассоциирована с вашим идентификатором Yubico.
+  sorry_yubico_one_time_password_incorrect: Sorry, the given Yubico one time password is incorrect.
+  account_disassociated_from_yubico_identity: Your account has been disassociated from the Yubico identity.

data/config/masq.example.yml

@@ -0,0 +1,132 @@
+---
+default: &default
+  send_activation_mail: true
+  trust_basic_auth: false
+  disable_registration: false
+  force_default_persona: false
+  can_change_password: true
+  can_disable_account: true
+  can_use_yubikey: true
+  create_auth_ondemand:
+    enabled: false
+    default_mail_domain: example.com
+    random_password: true
+  protect_phishing: true
+  name: masq
+  host: localhost:3000
+  email: info@your.domain.com
+  use_ssl: false
+  email_as_login: false
+  yubico:
+    id: 99
+    api_key: youryubicoapikey
+  attribute_mappings:
+    nickname:
+      - nickname
+      - http://axschema.org/namePerson/friendly
+    email:
+      - email
+      - http://axschema.org/contact/email
+    fullname:
+      - fullname
+      - http://axschema.org/namePerson
+    firstname:
+      - firstname
+      - http://axschema.org/namePerson/first
+    surname:
+      - surname
+      - http://axschema.org/namePerson/last
+    postcode:
+      - postcode
+      - http://axschema.org/contact/postalCode/home
+    country:
+      - country
+      - http://axschema.org/contact/country/home
+    language:
+      - language
+      - http://axschema.org/pref/language
+    timezone:
+      - timezone
+      - http://axschema.org/pref/timezone
+    gender:
+      - gender
+      - http://axschema.org/person/gender
+    date_of_birth:
+      - dob
+      - http://axschema.org/birthDate
+    dob_day:
+      - dob_day
+      - http://axschema.org/birthDate/birthday
+    dob_month:
+      - dob_month
+      - http://axschema.org/birthDate/birthMonth
+    dob_year:
+      - dob_year
+      - http://axschema.org/birthDate/birthYear
+    address:
+      - http://axschema.org/contact/postalAddress/home
+    address_additional:
+      - http://axschema.org/contact/postalAddressAdditional/home
+    city:
+      - http://axschema.org/contact/city/home
+    state:
+      - http://axschema.org/contact/state/home
+    company_name:
+      - http://axschema.org/company/name
+    job_title:
+      - http://axschema.org/company/title
+    address_business:
+      - http://axschema.org/contact/postalAddress/business
+    address_additional_business:
+      - http://axschema.org/contact/postalAddressAdditional/business
+    postcode_business:
+      - http://axschema.org/contact/postalCode/business
+    city_business:
+      - http://axschema.org/contact/city/business
+    state_business:
+      - http://axschema.org/contact/state/business
+    country_business:
+      - http://axschema.org/contact/country/business
+    phone_home:
+      - http://axschema.org/contact/phone/home
+    phone_mobile:
+      - http://axschema.org/contact/phone/cell
+    phone_work:
+      - http://axschema.org/contact/phone/business
+    phone_fax:
+      - http://axschema.org/contact/phone/fax
+    im_aim:
+      - http://axschema.org/contact/IM/AIM
+    im_icq:
+      - http://axschema.org/contact/IM/ICQ
+    im_msn:
+      - http://axschema.org/contact/IM/MSN
+    im_yahoo:
+      - http://axschema.org/contact/IM/Yahoo
+    im_jabber:
+      - http://axschema.org/contact/IM/Jabber
+    im_skype:
+      - http://axschema.org/contact/IM/Skype
+    image_default:
+      - http://axschema.org/media/image/default
+    biography:
+      - http://axschema.org/media/biography
+    web_default:
+      - http://axschema.org/contact/web/default
+    web_blog:
+      - http://axschema.org/contact/web/blog
+  trusted_domains:
+
+development:
+  <<: *default
+
+test:
+  <<: *default
+  trusted_domains:
+    - trusted-domain.com
+
+production:
+  <<: *default
+  use_ssl: true
+  ssl_certificate_common_name: your.domain.com
+  ssl_certificate_sha1: D2:1B:D8:C4:39:B7:EE:10:DA:E2:4E:0A:65:98:8E:27:C9:32:4B:F0

data/config/routes.rb

@@ -0,0 +1,41 @@
+Masq::Engine.routes.draw do
+  resource :account do
+    get :activate
+    get :password
+    put :change_password
+
+    resources :personas
+    resources :sites
+    resource :yubikey_association, only: [:create, :destroy]
+  end
+
+  resource :password
+  resource :session, only: [:new, :create, :destroy]
+
+  get "/help" => "info#help", :as => :help
+  get "/safe-login" => "info#safe_login", :as => :safe_login
+
+  get "/forgot_password" => "passwords#new", :as => :forgot_password
+  get "/reset_password/:id" => "passwords#edit", :as => :reset_password
+
+  get "/login" => "sessions#new", :as => :login
+  get "/logout" => "sessions#destroy", :as => :logout
+  delete "/logout" => "sessions#destroy"
+  post "/resend_activation_email/*account" => "accounts#resend_activation_email", :as => :resend_activation_email
+
+  match "/server" => "server#index", :as => :server, :via => [:get, :post]
+  match "/server/decide" => "server#decide", :as => :decide, :via => [:get, :post]
+  match "/server/proceed" => "server#proceed", :as => :proceed, :via => [:get, :post]
+  match "/server/complete" => "server#complete", :as => :complete, :via => [:get, :post]
+  match "/server/cancel" => "server#cancel", :as => :cancel, :via => [:get, :post]
+  get "/server/seatbelt/config.:format" => "server#seatbelt_config", :as => :seatbelt_config
+  get "/server/seatbelt/state.:format" => "server#seatbelt_login_state", :as => :seatbelt_state
+
+  get "/consumer" => "consumer#index", :as => :consumer
+  post "/consumer/start" => "consumer#start", :as => :consumer_start
+  match "/consumer/complete" => "consumer#complete", :as => :consumer_complete, :via => [:get, :post]
+
+  get "/*account" => "accounts#show", :as => :identity, :constraints => {format: /\.xrds/}
+
+  root to: "info#index"
+end

data/db/migrate/20120312120000_masq_schema.rb

@@ -0,0 +1,152 @@
+class MasqSchema < ActiveRecord::Migration[4.2]
+  def change
+    # Check for existing masquerade tables. In case the tables already exist,
+    # upgrade the database by renaming the tables - otherwise create them.
+
+    # Accounts: Also check for columns, as account is a pretty generic model name,
+    #   and we don't want to conflict with an existing account tables that's not
+    #   from an existing masquerade installation
+    if table_exists?(:accounts) && column_exists?(:accounts, :public_persona_id) &&
+        column_exists?(:accounts, :yubico_identity)
+      rename_table(:accounts, :masq_accounts)
+    else
+      create_table(:masq_accounts, force: true) do |t|
+        t.boolean(:enabled, default: true)
+        t.string(:login, null: false)
+        t.string(:email, null: false)
+        t.string(:crypted_password, limit: 40, null: false)
+        t.string(:salt, limit: 40, null: false)
+        t.string(:remember_token)
+        t.string(:password_reset_code, limit: 40)
+        t.string(:activation_code, limit: 40)
+        t.string(:yubico_identity, limit: 12)
+        t.integer(:public_persona_id)
+        t.datetime(:last_authenticated_at)
+        t.boolean(:last_authenticated_by_yubikey)
+        t.boolean(:yubikey_mandatory, default: false, null: false)
+        t.datetime(:remember_token_expires_at)
+        t.datetime(:activated_at)
+        t.datetime(:created_at)
+        t.datetime(:updated_at)
+      end
+
+      add_index(:masq_accounts, [:email], unique: true)
+      add_index(:masq_accounts, [:login], unique: true)
+    end
+
+    # OpenID Associations
+    if table_exists?(:open_id_associations)
+      rename_table(:open_id_associations, :masq_open_id_associations)
+    else
+      create_table(:masq_open_id_associations, force: true) do |t|
+        t.binary(:server_url)
+        t.binary(:secret)
+        t.string(:handle)
+        t.string(:assoc_type)
+        t.integer(:issued)
+        t.integer(:lifetime)
+      end
+    end
+
+    # OpenID Nonces
+    if table_exists?(:open_id_nonces)
+      rename_table(:open_id_nonces, :masq_open_id_nonces)
+    else
+      create_table(:masq_open_id_nonces, force: true) do |t|
+        t.string(:server_url, null: false)
+        t.string(:salt, null: false)
+        t.integer(:timestamp, null: false)
+      end
+    end
+
+    # OpenID Requests
+    if table_exists?(:open_id_requests)
+      rename_table(:open_id_requests, :masq_open_id_requests)
+    else
+      create_table(:masq_open_id_requests, force: true) do |t|
+        t.string(:token, limit: 40)
+        t.text(:parameters)
+        t.datetime(:created_at)
+        t.datetime(:updated_at)
+      end
+      add_index(:masq_open_id_requests, [:token], unique: true)
+    end
+
+    # Personas
+    if table_exists?(:personas)
+      rename_table(:personas, :masq_personas)
+    else
+      create_table(:masq_personas, force: true) do |t|
+        t.integer(:account_id, null: false)
+        t.string(:title, null: false)
+        t.string(:nickname)
+        t.string(:email)
+        t.string(:fullname)
+        t.string(:postcode)
+        t.string(:country)
+        t.string(:language)
+        t.string(:timezone)
+        t.string(:gender, limit: 1)
+        t.string(:address)
+        t.string(:address_additional)
+        t.string(:city)
+        t.string(:state)
+        t.string(:company_name)
+        t.string(:job_title)
+        t.string(:address_business)
+        t.string(:address_additional_business)
+        t.string(:postcode_business)
+        t.string(:city_business)
+        t.string(:state_business)
+        t.string(:country_business)
+        t.string(:phone_home)
+        t.string(:phone_mobile)
+        t.string(:phone_work)
+        t.string(:phone_fax)
+        t.string(:im_aim)
+        t.string(:im_icq)
+        t.string(:im_msn)
+        t.string(:im_yahoo)
+        t.string(:im_jabber)
+        t.string(:im_skype)
+        t.string(:image_default)
+        t.string(:biography)
+        t.string(:web_default)
+        t.string(:web_blog)
+        t.integer(:dob_day, limit: 2)
+        t.integer(:dob_month, limit: 2)
+        t.integer(:dob_year)
+        t.boolean(:deletable, default: true, null: false)
+        t.datetime(:created_at)
+        t.datetime(:updated_at)
+      end
+      add_index(:masq_personas, [:account_id, :title], unique: true)
+    end
+
+    # Release Policies
+    if table_exists?(:release_policies)
+      rename_table(:release_policies, :masq_release_policies)
+    else
+      create_table(:masq_release_policies, force: true) do |t|
+        t.integer(:site_id, null: false)
+        t.string(:property, null: false)
+        t.string(:type_identifier)
+      end
+      add_index(:masq_release_policies, [:site_id, :property, :type_identifier], name: :index_masq_release_policies, unique: true)
+    end
+
+    # Sites
+    if table_exists?(:sites)
+      rename_table(:sites, :masq_sites)
+    else
+      create_table(:masq_sites, force: true) do |t|
+        t.integer(:account_id, null: false)
+        t.integer(:persona_id, null: false)
+        t.string(:url, null: false)
+        t.datetime(:created_at)
+        t.datetime(:updated_at)
+      end
+      add_index(:masq_sites, [:account_id, :url], unique: true)
+    end
+  end
+end

data/db/migrate/20130626220915_remame_last_authenticated_with_yubikey_on_masq_accounts.rb

@@ -0,0 +1,11 @@
+class RemameLastAuthenticatedWithYubikeyOnMasqAccounts < ActiveRecord::Migration[4.2]
+  def up
+    # Rename the last last_authenticated_with_yubikey to be within the 30 char column name limit set by Oracle.
+    if table_exists?(:masq_accounts) && column_exists?(:masq_accounts, :last_authenticated_with_yubikey)
+      rename_column(:masq_accounts, :last_authenticated_with_yubikey, :last_authenticated_by_yubikey)
+    end
+  end
+
+  def down
+  end
+end

data/db/migrate/20130704205532_add_first_and_lastname_columns_to_personas.rb

@@ -0,0 +1,11 @@
+class AddFirstAndLastnameColumnsToPersonas < ActiveRecord::Migration[4.2]
+  def change
+    if table_exists?(:masq_personas) && !column_exists?(:masq_personas, :firstname)
+      add_column(:masq_personas, :firstname, :string)
+    end
+
+    if table_exists?(:masq_personas) && !column_exists?(:masq_personas, :surname)
+      add_column(:masq_personas, :surname, :string)
+    end
+  end
+end

data/db/migrate/20130807060329_change_open_id_associations_server_url_column_type.rb

@@ -0,0 +1,22 @@
+class ChangeOpenIdAssociationsServerUrlColumnType < ActiveRecord::Migration[4.2]
+  def up
+    # Only run if the column type is not already a varchar/string.
+    if Masq::Association.columns_hash["server_url"].type != :string
+
+      # Create a new column to move the data to and rename the old one
+      rename_column(:masq_open_id_associations, :server_url, :binary_server_url)
+      add_column(:masq_open_id_associations, :server_url, :string, limit: 2000)
+
+      # Copy the data over since we cant change a binary column type
+      Masq::Association.all.each do |record|
+        record.update_attribute(:server_url, record.binary_server_url.to_s)
+      end
+
+      # Remove the old column
+      remove_column(:masq_open_id_associations, :binary_server_url)
+    end
+  end
+
+  def down
+  end
+end

data/lib/masq/active_record_openid_store/association.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "openid/association"
+require "active_record"
+
+module Masq
+  class Association < ActiveRecord::Base
+    self.table_name = "masq_open_id_associations"
+
+    # attr_accessible :server_url, :handle, :secret, :issued, :lifetime, :assoc_type
+
+    def from_record
+      OpenID::Association.new(handle, secret, issued, lifetime, assoc_type)
+    end
+  end
+end

data/lib/masq/active_record_openid_store/nonce.rb

@@ -0,0 +1,9 @@
+require "active_record"
+
+module Masq
+  class Nonce < ActiveRecord::Base
+    self.table_name = "masq_open_id_nonces"
+
+    # attr_accessible :server_url, :timestamp, :salt
+  end
+end