open_id_authentication 1.0.0

data/CHANGELOG

@@ -0,0 +1,37 @@
+* Dump heavy lifting off to rack-openid gem. OpenIdAuthentication is just a simple controller concern.
+
+* Fake HTTP method from OpenID server since they only support a GET. Eliminates the need to set an extra route to match the server's reply. [Josh Peek]
+
+* OpenID 2.0 recommends that forms should use the field name "openid_identifier" rather than "openid_url" [Josh Peek]
+
+* Return open_id_response.display_identifier to the application instead of .endpoints.claimed_id. [nbibler]
+
+* Add Timeout protection [Rick]
+
+* An invalid identity url passed through authenticate_with_open_id will no longer raise an InvalidOpenId exception. Instead it will return Result[:missing] to the completion block.
+
+* Allow a return_to option to be used instead of the requested url [Josh Peek]
+
+* Updated plugin to use Ruby OpenID 2.x.x [Josh Peek]
+
+* Tied plugin to ruby-openid 1.1.4 gem until we can make it compatible with 2.x [DHH]
+
+* Use URI instead of regexps to normalize the URL and gain free, better matching #8136 [dkubb]
+
+* Allow -'s in #normalize_url [Rick]
+
+* remove instance of mattr_accessor, it was breaking tests since they don't load ActiveSupport.  Fix Timeout test [Rick]
+
+* Throw a InvalidOpenId exception instead of just a RuntimeError when the URL can't be normalized [DHH]
+
+* Just use the path for the return URL, so extra query parameters don't interfere [DHH]
+
+* Added a new default database-backed store after experiencing trouble with the filestore on NFS. The file store is still available as an option [DHH]
+
+* Added normalize_url and applied it to all operations going through the plugin [DHH]
+
+* Removed open_id? as the idea of using the same input box for both OpenID and username has died -- use using_open_id? instead (which checks for the presence of params[:openid_url] by default) [DHH]
+
+* Added OpenIdAuthentication::Result to make it easier to deal with default situations where you don't care to do something particular for each error state [DHH]
+
+* Stop relying on root_url being defined, we can just grab the current url instead [DHH]

data/CONTRIBUTION_GUIDELINES.md

@@ -0,0 +1,8 @@
+Contributing to open_id_authentication:
+
+1. Fork the [official repository](http://github.com/Velir/open_id_authentication/tree/master).
+2. Make your changes in a topic branch.
+3. Send a pull request.
+
+Notes:
+* Please don't update the Gem version.

data/README.md

@@ -0,0 +1,242 @@
+OpenIdAuthentication
+====================
+
+Provides a thin wrapper around the excellent ruby-openid gem from JanRan. Be sure to install that first:
+
+  gem install ruby-openid
+
+To understand what OpenID is about and how it works, it helps to read the documentation for lib/openid/consumer.rb
+from that gem.
+
+The specification used is http://openid.net/specs/openid-authentication-2_0.html.
+
+
+Prerequisites
+-------------
+
+OpenID authentication uses the session, so be sure that you haven't turned that off.
+
+Alternatively, you can use the file-based store, which just relies on on tmp/openids being present in RAILS_ROOT. But be aware that this store only works if you have a single application server. And it's not safe to use across NFS. It's recommended that you use the database store if at all possible. To use the file-based store, you'll also have to add this line to your config/environment.rb:
+
+    OpenIdAuthentication.store = :file
+
+This particular plugin also relies on the fact that the authentication action allows for both POST and GET operations.
+If you're using RESTful authentication, you'll need to explicitly allow for this in your routes.rb.
+
+The plugin also expects to find a root_url method that points to the home page of your site. You can accomplish this by using a root route in config/routes.rb:
+
+    root :to => "articles#index"
+
+This plugin relies on Rails Edge revision 6317 or newer.
+
+
+Example
+-------
+
+This example is just to meant to demonstrate how you could use OpenID authentication. You might well want to add
+salted hash logins instead of plain text passwords and other requirements on top of this. Treat it as a starting point,
+not a destination.
+
+Note that the User model referenced in the simple example below has an 'identity_url' attribute. You will want to add the same or similar field to whatever
+model you are using for authentication.
+
+Also of note is the following code block used in the example below:
+
+    authenticate_with_open_id do |result, identity_url|
+      ...
+    end
+
+In the above code block, 'identity_url' will need to match user.identity_url exactly. 'identity_url' will be a string in the form of 'http://example.com' -
+If you are storing just 'example.com' with your user, the lookup will fail.
+
+There is a handy method in this plugin called 'normalize_url' that will help with validating OpenID URLs.
+
+    OpenIdAuthentication.normalize_url(user.identity_url)
+
+The above will return a standardized version of the OpenID URL - the above called with 'example.com' will return 'http://example.com/'
+It will also raise an InvalidOpenId exception if the URL is determined to not be valid.
+Use the above code in your User model and validate OpenID URLs before saving them.
+
+config/routes.rb
+
+    #config/routes.rb
+    root :to => "articles#index"
+    resource :session
+
+app/views/sessions/new.erb
+
+    #app/views/sessions/new.erb
+    <% form_tag(session_url) do %>
+      <p>
+        <label for="name">Username:</label>
+        <%= text_field_tag "name" %>
+      </p>
+
+      <p>
+        <label for="password">Password:</label>
+        <%= password_field_tag %>
+      </p>
+
+      <p>
+        <!-- ...or use: -->
+      </p>
+
+      <p>
+        <label for="openid_identifier">OpenID:</label>
+        <%= text_field_tag "openid_identifier" %>
+      </p>
+
+      <p>
+        <%= submit_tag 'Sign in', :disable_with => "Signing in&hellip;" %>
+      </p>
+    <% end %>
+
+
+app/controllers/sessions_controller.rb
+
+    #app/controllers/sessions_controller.rb
+    class SessionsController < ApplicationController
+      def create
+        if using_open_id?
+          open_id_authentication
+        else
+          password_authentication(params[:name], params[:password])
+        end
+      end
+
+
+      protected
+      def password_authentication(name, password)
+        if @current_user = @account.users.authenticate(params[:name], params[:password])
+          successful_login
+        else
+          failed_login "Sorry, that username/password doesn't work"
+        end
+      end
+
+      def open_id_authentication
+        authenticate_with_open_id do |result, identity_url|
+          if result.successful?
+            if @current_user = @account.users.find_by_identity_url(identity_url)
+              successful_login
+            else
+              failed_login "Sorry, no user by that identity URL exists (#{identity_url})"
+            end
+          else
+            failed_login result.message
+          end
+        end
+      end
+
+
+      private
+      def successful_login
+        session[:user_id] = @current_user.id
+        redirect_to(root_url)
+      end
+
+      def failed_login(message)
+        flash[:error] = message
+        redirect_to(new_session_url)
+      end
+    end
+
+
+
+If you're fine with the result messages above and don't need individual logic on a per-failure basis,
+you can collapse the case into a mere boolean:
+
+    def open_id_authentication
+      authenticate_with_open_id do |result, identity_url|
+        if result.successful? && @current_user = @account.users.find_by_identity_url(identity_url)
+          successful_login
+        else
+          failed_login(result.message || "Sorry, no user by that identity URL exists (#{identity_url})")
+        end
+      end
+    end
+
+
+Simple Registration OpenID Extension
+------------------------------------
+
+Some OpenID Providers support this lightweight profile exchange protocol.  See more: http://www.openidenabled.com/openid/simple-registration-extension
+
+You can support it in your app by changing #open_id_authentication
+
+      def open_id_authentication(identity_url)
+        # Pass optional :required and :optional keys to specify what sreg fields you want.
+        # Be sure to yield registration, a third argument in the
+        # #authenticate_with_open_id block.
+        authenticate_with_open_id(identity_url,
+            :required => [ :nickname, :email ],
+            :optional => :fullname) do |result, identity_url, registration|
+          case result.status
+          when :missing
+            failed_login "Sorry, the OpenID server couldn't be found"
+          when :invalid
+            failed_login "Sorry, but this does not appear to be a valid OpenID"
+          when :canceled
+            failed_login "OpenID verification was canceled"
+          when :failed
+            failed_login "Sorry, the OpenID verification failed"
+          when :successful
+            if @current_user = @account.users.find_by_identity_url(identity_url)
+              assign_registration_attributes!(registration)
+
+              if current_user.save
+                successful_login
+              else
+                failed_login "Your OpenID profile registration failed: " +
+                  @current_user.errors.full_messages.to_sentence
+              end
+            else
+              failed_login "Sorry, no user by that identity URL exists"
+            end
+          end
+        end
+      end
+
+      # registration is a hash containing the valid sreg keys given above
+      # use this to map them to fields of your user model
+      def assign_registration_attributes!(registration)
+        model_to_registration_mapping.each do |model_attribute, registration_attribute|
+          unless registration[registration_attribute].blank?
+            @current_user.send("#{model_attribute}=", registration[registration_attribute])
+          end
+        end
+      end
+
+      def model_to_registration_mapping
+        { :login => 'nickname', :email => 'email', :display_name => 'fullname' }
+      end
+
+Attribute Exchange OpenID Extension
+-----------------------------------
+
+Some OpenID providers also support the OpenID AX (attribute exchange) protocol for exchanging identity information between endpoints.  See more: http://openid.net/specs/openid-attribute-exchange-1_0.html
+
+Accessing AX data is very similar to the Simple Registration process, described above -- just add the URI identifier for the AX field to your :optional or :required parameters.  For example:
+
+    authenticate_with_open_id(identity_url,
+      :required => [ :email, 'http://schema.openid.net/birthDate' ]) do 
+        |result, identity_url, registration, ax|
+
+This would provide the sreg data for :email via registration, and the AX data for http://schema.openid.net/birthDate via ax.
+
+Contributing
+------------
+
+Please see the [contribution guidelines](http://github.com/Velir/open_id_authentication/blob/master/CONTRIBUTION_GUIDELINES.md).
+
+Credits
+-------
+
+open_id_authentication was written by David Heinemeier Hansson with a number of other [contributors](https://github.com/Velir/open_id_authentication/contributors).
+
+open_id_authentication maintenance is funded by [Velir](http://velir.com).
+
+
+License
+-------
+Copyright (c) 2007-2011 David Heinemeier Hansson, released under the MIT license

data/lib/open_id_authentication/version.rb

@@ -0,0 +1,4 @@
+module OpenIdAuthentication
+  VERSION = "1.0.0"
+end
+  

data/lib/open_id_authentication.rb

@@ -0,0 +1,129 @@
+require 'uri'
+require 'openid'
+require 'rack/openid'
+
+module OpenIdAuthentication
+  def self.new(app)
+    store = OpenIdAuthentication.store
+    if store.nil?
+      Rails.logger.warn "OpenIdAuthentication.store is nil. Using in-memory store."
+    end
+
+    ::Rack::OpenID.new(app, OpenIdAuthentication.store)
+  end
+
+  def self.store
+    @@store
+  end
+
+  def self.store=(*store_option)
+    store, *parameters = *([ store_option ].flatten)
+
+    @@store = case store
+    when :memory
+      require 'openid/store/memory'
+      OpenID::Store::Memory.new
+    when :file
+      require 'openid/store/filesystem'
+      OpenID::Store::Filesystem.new(Rails.root.join('tmp/openids'))
+    when :memcache
+      require 'memcache'
+      require 'openid/store/memcache'
+      OpenID::Store::Memcache.new(MemCache.new(parameters))
+    else
+      store
+    end
+  end
+
+  self.store = nil
+
+  class Result
+    ERROR_MESSAGES = {
+      :missing      => "Sorry, the OpenID server couldn't be found",
+      :invalid      => "Sorry, but this does not appear to be a valid OpenID",
+      :canceled     => "OpenID verification was canceled",
+      :failed       => "OpenID verification failed",
+      :setup_needed => "OpenID verification needs setup"
+    }
+
+    def self.[](code)
+      new(code)
+    end
+
+    def initialize(code)
+      @code = code
+    end
+
+    def status
+      @code
+    end
+
+    ERROR_MESSAGES.keys.each { |state| define_method("#{state}?") { @code == state } }
+
+    def successful?
+      @code == :successful
+    end
+
+    def unsuccessful?
+      ERROR_MESSAGES.keys.include?(@code)
+    end
+
+    def message
+      ERROR_MESSAGES[@code]
+    end
+  end
+
+  protected
+    # The parameter name of "openid_identifier" is used rather than
+    # the Rails convention "open_id_identifier" because that's what
+    # the specification dictates in order to get browser auto-complete
+    # working across sites
+    def using_open_id?(identifier = nil) #:doc:
+      identifier ||= open_id_identifier
+      !identifier.blank? || request.env[Rack::OpenID::RESPONSE]
+    end
+
+    def authenticate_with_open_id(identifier = nil, options = {}, &block) #:doc:
+      identifier ||= open_id_identifier
+
+      if request.env[Rack::OpenID::RESPONSE]
+        complete_open_id_authentication(&block)
+      else
+        begin_open_id_authentication(identifier, options, &block)
+      end
+    end
+
+  private
+    def open_id_identifier
+      params[:openid_identifier] || params[:openid_url]
+    end
+
+    def begin_open_id_authentication(identifier, options = {})
+      options[:identifier] = identifier
+      value = Rack::OpenID.build_header(options)
+      response.headers[Rack::OpenID::AUTHENTICATE_HEADER] = value
+      head :unauthorized
+    end
+
+    def complete_open_id_authentication
+      response   = request.env[Rack::OpenID::RESPONSE]
+      identifier = response.display_identifier
+
+      case response.status
+      when OpenID::Consumer::SUCCESS
+        yield Result[:successful], identifier,
+          OpenID::SReg::Response.from_success_response(response),
+          OpenID::AX::FetchResponse.from_success_response(response)
+      when :missing
+        yield Result[:missing], identifier, nil
+      when :invalid
+        yield Result[:invalid], identifier, nil
+      when OpenID::Consumer::CANCEL
+        yield Result[:canceled], identifier, nil
+      when OpenID::Consumer::FAILURE
+        yield Result[:failed], identifier, nil
+      when OpenID::Consumer::SETUP_NEEDED
+        yield Result[:setup_needed], response.setup_url, nil
+      end
+    end
+end

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification 
+name: open_id_authentication
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 1.0.0
+platform: ruby
+authors: 
+- Patrick Robertson
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-08-01 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack-openid
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "1.3"
+  type: :runtime
+  version_requirements: *id001
+description: |-
+  open_id_authentication provides a thin wrapper around the excellent rack-openid
+                        gem.
+email: patrick.robertson@velir.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- CHANGELOG
+- CONTRIBUTION_GUIDELINES.md
+- README.md
+- lib/open_id_authentication/version.rb
+- lib/open_id_authentication.rb
+has_rdoc: true
+homepage: https://github.com/Velir/open_id_authentication
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: open_id_authentication provides a thin wrapper around the excellent rack-openid gem.
+test_files: []
+