openid-store-sequel 0.0.1

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+*.swp
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.travis.yml

@@ -0,0 +1,14 @@
+before_script:
+  - psql -c 'create database openid_store_sequel_test;' -U postgres
+
+env: DATABASE_URL=postgres://postgres:@localhost/openid_store_sequel_test
+
+language: ruby
+
+rvm:
+  - 1.9.2
+  - 1.9.3
+  - jruby-19mode
+  - rbx-19mode
+
+script: bundle exec rake test --trace

data/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+
+gemspec

data/Makefile

@@ -0,0 +1,26 @@
+VERSION=$(shell ruby -r./lib/openid/store/sequel/version -e "puts OpenID::Store::Sequel::VERSION")
+
+# default the projcet name to the directory name
+PROJECT?=$(notdir $(PWD))
+GEM=$(PROJECT)-$(VERSION).gem
+
+.PHONY: test
+test:
+	bundle exec rake test
+
+.PHONY: package
+package: $(GEM)
+
+# Always build the gem
+.PHONY: $(GEM)
+$(GEM):
+	gem build $(PROJECT).gemspec
+
+.PHONY: install
+install: $(GEM)
+	gem install $<
+
+# Publish to gemgate
+.PHONY: publish
+publish: $(GEM)
+	 gem push $(GEM)

data/README.md

@@ -0,0 +1,42 @@
+# OpenID Store Sequel
+
+![](https://github.com/dylanegan/openid-store-sequel/raw/master/cat-attack.gif)
+
+Storing your OpenIDs in your Sequels.
+
+## Usage
+
+```ruby
+require 'openid/store/sequel'
+
+DB = Sequel.connect(ENV['DATABASE_URL'] || "postgres://localhost/openid_store_sequel")
+
+DB.create_table! :open_id_associations do
+  primary_key :id
+  File        :server_url, :null => false
+  String      :handle, :null => false
+  File        :secret, :null => false
+  Integer     :issued, :null => false
+  Integer     :lifetime, :null => false
+  String      :assoc_type, :null => false
+end
+
+DB.create_table! :open_id_nonces do
+  primary_key :id
+  String      :server_url, :null => false
+  DateTime    :timestamp, :null => false
+  String      :salt, :null => false
+end
+
+server = OpenID::Server::Server.new(OpenID::Store::Sequel.new, ...)
+```
+
+## License (MIT)
+
+Copyright © 2012 [Merman](http://dylanegan.com/)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,11 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs.push "lib"
+  t.libs.push "test"
+  t.test_files = FileList['test/**/*_test.rb']
+  t.verbose = true
+end

data/lib/openid/store/sequel/association.rb

@@ -0,0 +1,11 @@
+module OpenID
+  module Store
+    class Sequel
+      class Association < ::Sequel::Model(:open_id_associations)
+        def from_record
+          OpenID::Association.new(handle, Base64.decode64(secret), Time.at(issued), lifetime, assoc_type)
+        end
+      end
+    end
+  end
+end

data/lib/openid/store/sequel/nonce.rb

@@ -0,0 +1,8 @@
+module OpenID
+  module Store
+    class Sequel
+      class Nonce < ::Sequel::Model(:open_id_nonces)
+      end
+    end
+  end
+end

data/lib/openid/store/sequel/version.rb

@@ -0,0 +1,7 @@
+module OpenID
+  module Store
+    class Sequel
+      VERSION = "0.0.1"
+    end
+  end
+end

data/lib/openid/store/sequel.rb

@@ -0,0 +1,77 @@
+require "base64"
+require "sequel"
+
+require 'openid/util'
+require 'openid/store/nonce'
+require 'openid/association'
+
+module OpenID
+  module Store
+    class Sequel
+      autoload :Association, "openid/store/sequel/association"
+      autoload :Nonce, "openid/store/sequel/nonce"
+
+      def store_association(server_url, assoc)
+        remove_association(server_url, assoc.handle)
+        OpenID::Store::Sequel::Association.create(
+                           server_url: server_url,
+                           handle: assoc.handle,
+                           secret: Base64.encode64(assoc.secret),
+                           issued: assoc.issued,
+                           lifetime: assoc.lifetime,
+                           assoc_type: assoc.assoc_type
+        )
+      end
+
+      def get_association(server_url, handle=nil)
+        assocs = if handle.nil? || handle.empty?
+            OpenID::Store::Sequel::Association.where(server_url: server_url)
+          else
+            OpenID::Store::Sequel::Association.where(server_url: server_url, handle: handle)
+          end
+
+        assocs.to_a.reverse.each do |assoc|
+          a = assoc.from_record
+          if a.expires_in == 0
+            assoc.destroy
+          else
+            return a
+          end
+        end if assocs.any?
+
+        return nil
+      end
+
+      def remove_association(server_url, handle)
+        OpenID::Store::Sequel::Association.dataset.filter(server_url: server_url, handle: handle).delete > 0 ? true : false
+      end
+
+      def use_nonce(server_url, timestamp, salt)
+        return false if OpenID::Store::Sequel::Nonce.first(server_url: server_url, timestamp: Time.at(timestamp), salt: salt) || (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
+        OpenID::Store::Sequel::Nonce.create(server_url: server_url, timestamp: Time.at(timestamp), salt: salt)
+        return true
+      end
+
+      def cleanup_nonces
+        now = Time.now.to_i
+        count = 0
+        OpenID::Store::Sequel::Nonce.where("timestamp > '#{Time.at(now + OpenID::Nonce.skew)}' OR timestamp < '#{Time.at(now - OpenID::Nonce.skew)}'").each do |nonce|
+          nonce.destroy
+          count += 1
+        end
+        count
+      end
+
+      def cleanup_associations
+        count = 0
+        OpenID::Store::Sequel::Association.where('issued > 0').each do |association|
+          if association.lifetime + association.issued > Time.now.to_i
+            association.destroy
+            count += 1
+          end
+        end
+        count
+      end
+    end
+  end
+end

data/openid-store-sequel.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/openid/store/sequel/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Dylan Egan"]
+  gem.email         = ["dylanegan@gmail.com"]
+  gem.description   = %q{Storing your OpenIDs in your Sequels.}
+  gem.summary       = %q{Storing OpenIDs in Sequels.}
+  gem.homepage      = ""
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "openid-store-sequel"
+  gem.require_paths = ["lib"]
+  gem.version       = OpenID::Store::Sequel::VERSION
+
+  gem.add_runtime_dependency "ruby-openid"
+  gem.add_runtime_dependency "sequel"
+
+  gem.add_development_dependency "pg"
+  gem.add_development_dependency "rake"
+  gem.add_development_dependency "sqlite3"
+end

data/test/helper.rb

@@ -0,0 +1,20 @@
+require 'test/unit'
+require 'openid/store/sequel'
+
+DB = Sequel.connect(ENV['DATABASE_URL'] || "postgres://localhost/openid_store_sequel_test")
+DB.create_table! :open_id_associations do
+  primary_key :id
+  File        :server_url, :null => false
+  String      :handle, :null => false
+  File        :secret, :null => false
+  Integer     :issued, :null => false
+  Integer     :lifetime, :null => false
+  String      :assoc_type, :null => false
+end
+
+DB.create_table! :open_id_nonces do
+  primary_key :id
+  String      :server_url, :null => false
+  DateTime    :timestamp, :null => false
+  String      :salt, :null => false
+end

data/test/openid/store/sequel_test.rb

@@ -0,0 +1,219 @@
+require "helper"
+
+module OpenID
+  module Store
+    module StoreTestCase
+      @@allowed_handle = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'
+      @@allowed_nonce = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+      def _gen_nonce
+        OpenID::CryptUtil.random_string(8, @@allowed_nonce)
+      end
+
+      def _gen_handle(n)
+        OpenID::CryptUtil.random_string(n, @@allowed_handle)
+      end
+
+      def _gen_secret(n, chars=nil)
+        OpenID::CryptUtil.random_string(n, chars)
+      end
+
+      def _gen_assoc(issued, lifetime=600)
+        secret = _gen_secret(20)
+        handle = _gen_handle(128)
+        OpenID::Association.new(handle, secret, Time.now + issued, lifetime,
+                                'HMAC-SHA1')
+      end
+
+      def _check_retrieve(url, handle=nil, expected=nil)
+        ret_assoc = @store.get_association(url, handle)
+
+        if expected.nil?
+          assert_nil(ret_assoc)
+        else
+          assert_equal(expected, ret_assoc)
+          assert_equal(expected.handle, ret_assoc.handle)
+          assert_equal(expected.secret, ret_assoc.secret)
+        end
+      end
+
+      def _check_remove(url, handle, expected)
+        present = @store.remove_association(url, handle)
+        assert_equal(expected, present)
+      end
+
+      def test_store
+        assoc = _gen_assoc(issued=0)
+
+        # Make sure that a missing association returns no result
+        _check_retrieve(server_url)
+
+        # Check that after storage, getting returns the same result
+        @store.store_association(server_url, assoc)
+        _check_retrieve(server_url, nil, assoc)
+
+        # more than once
+        _check_retrieve(server_url, nil, assoc)
+
+        # Storing more than once has no ill effect
+        @store.store_association(server_url, assoc)
+        _check_retrieve(server_url, nil, assoc)
+
+        # Removing an association that does not exist returns not present
+        _check_remove(server_url, assoc.handle + 'x', false)
+
+        # Removing an association that does not exist returns not present
+        _check_remove(server_url + 'x', assoc.handle, false)
+
+        # Removing an association that is present returns present
+        _check_remove(server_url, assoc.handle, true)
+
+        # but not present on subsequent calls
+        _check_remove(server_url, assoc.handle, false)
+
+        # Put assoc back in the store
+        @store.store_association(server_url, assoc)
+
+        # More recent and expires after assoc
+        assoc2 = _gen_assoc(issued=1)
+        @store.store_association(server_url, assoc2)
+
+        # After storing an association with a different handle, but the
+        # same server_url, the handle with the later expiration is returned.
+        _check_retrieve(server_url, nil, assoc2)
+
+        # We can still retrieve the older association
+        _check_retrieve(server_url, assoc.handle, assoc)
+
+        # Plus we can retrieve the association with the later expiration
+        # explicitly
+        _check_retrieve(server_url, assoc2.handle, assoc2)
+
+        # More recent, and expires earlier than assoc2 or assoc. Make sure
+        # that we're picking the one with the latest issued date and not
+        # taking into account the expiration.
+        assoc3 = _gen_assoc(issued=2, lifetime=100)
+        @store.store_association(server_url, assoc3)
+
+        _check_retrieve(server_url, nil, assoc3)
+        _check_retrieve(server_url, assoc.handle, assoc)
+        _check_retrieve(server_url, assoc2.handle, assoc2)
+        _check_retrieve(server_url, assoc3.handle, assoc3)
+
+        _check_remove(server_url, assoc2.handle, true)
+
+        _check_retrieve(server_url, nil, assoc3)
+        _check_retrieve(server_url, assoc.handle, assoc)
+        _check_retrieve(server_url, assoc2.handle, nil)
+        _check_retrieve(server_url, assoc3.handle, assoc3)
+
+        _check_remove(server_url, assoc2.handle, false)
+        _check_remove(server_url, assoc3.handle, true)
+
+        ret_assoc = @store.get_association(server_url, nil)
+        unexpected = [assoc2.handle, assoc3.handle]
+        assert(ret_assoc.nil? || !unexpected.member?(ret_assoc.handle),
+               "correct association")
+
+        _check_retrieve(server_url, assoc.handle, assoc)
+        _check_retrieve(server_url, assoc2.handle, nil)
+        _check_retrieve(server_url, assoc3.handle, nil)
+
+        _check_remove(server_url, assoc2.handle, false)
+        _check_remove(server_url, assoc.handle, true)
+        _check_remove(server_url, assoc3.handle, false)
+
+        _check_retrieve(server_url, nil, nil)
+        _check_retrieve(server_url, assoc.handle, nil)
+        _check_retrieve(server_url, assoc2.handle, nil)
+        _check_retrieve(server_url, assoc3.handle, nil)
+
+        _check_remove(server_url, assoc2.handle, false)
+        _check_remove(server_url, assoc.handle, false)
+        _check_remove(server_url, assoc3.handle, false)
+      end
+
+      def test_assoc_cleanup
+        assocValid1 = _gen_assoc(-3600, 7200)
+        assocValid2 = _gen_assoc(-5)
+        assocExpired1 = _gen_assoc(-7200, 3600)
+        assocExpired2 = _gen_assoc(-7200, 3600)
+
+        @store.cleanup_associations
+        @store.store_association(server_url + '1', assocValid1)
+        @store.store_association(server_url + '1', assocExpired1)
+        @store.store_association(server_url + '2', assocExpired2)
+        @store.store_association(server_url + '3', assocValid2)
+
+        cleaned = @store.cleanup_associations()
+        assert_equal(2, cleaned, "cleaned up associations")
+      end
+
+      def _check_use_nonce(nonce, expected, server_url, msg='')
+        stamp, salt = Nonce::split_nonce(nonce)
+        actual = @store.use_nonce(server_url, stamp, salt)
+        assert_equal(expected, actual, msg)
+      end
+
+      def server_url
+        "http://www.myopenid.com/openid"
+      end
+
+      def test_nonce
+        [server_url, ''].each{|url|
+          nonce1 = Nonce::mk_nonce
+
+          _check_use_nonce(nonce1, true, url, "#{url}: nonce allowed by default")
+          _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed twice")
+          _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed third time")
+
+          # old nonces shouldn't pass
+          old_nonce = Nonce::mk_nonce(3600)
+          _check_use_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed")
+
+        }
+      end
+
+      def test_nonce_cleanup
+        now = Time.now.to_i
+        old_nonce1 = Nonce::mk_nonce(now - 20000)
+        old_nonce2 = Nonce::mk_nonce(now - 10000)
+        recent_nonce = Nonce::mk_nonce(now - 600)
+
+        orig_skew = Nonce.skew
+        Nonce.skew = 0
+        count = @store.cleanup_nonces
+        Nonce.skew = 1000000
+        ts, salt = Nonce::split_nonce(old_nonce1)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce1")
+        ts, salt = Nonce::split_nonce(old_nonce2)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce2")
+        ts, salt = Nonce::split_nonce(recent_nonce)
+        assert(@store.use_nonce(server_url, ts, salt), "recent_nonce")
+
+        Nonce.skew = 1000
+        cleaned = @store.cleanup_nonces
+        assert_equal(2, cleaned, "Cleaned #{cleaned} nonces")
+
+        Nonce.skew = 100000
+        ts, salt = Nonce::split_nonce(old_nonce1)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce1 after cleanup")
+        ts, salt = Nonce::split_nonce(old_nonce2)
+        assert(@store.use_nonce(server_url, ts, salt), "oldnonce2 after cleanup")
+        ts, salt = Nonce::split_nonce(recent_nonce)
+        assert(!@store.use_nonce(server_url, ts, salt), "recent_nonce after cleanup")
+
+        Nonce.skew = orig_skew
+
+      end
+    end
+
+    class SequelStoreTestCase < Test::Unit::TestCase
+      include StoreTestCase
+
+      def setup
+        @store = OpenID::Store::Sequel.new
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,141 @@
+--- !ruby/object:Gem::Specification
+name: openid-store-sequel
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Dylan Egan
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-05-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-openid
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Storing your OpenIDs in your Sequels.
+email:
+- dylanegan@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- Makefile
+- README.md
+- Rakefile
+- cat-attack.gif
+- lib/openid/store/sequel.rb
+- lib/openid/store/sequel/association.rb
+- lib/openid/store/sequel/nonce.rb
+- lib/openid/store/sequel/version.rb
+- openid-store-sequel.gemspec
+- test/helper.rb
+- test/openid/store/sequel_test.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.21
+signing_key: 
+specification_version: 3
+summary: Storing OpenIDs in Sequels.
+test_files:
+- test/helper.rb
+- test/openid/store/sequel_test.rb