openid_active_record_store 1.0.0

data/README.rdoc

@@ -0,0 +1,63 @@
+= openid_active_record_store
+
+http://rubygems.org/gems/openid_active_record_store
+{Project}[http://rubygems.org/gems/openid_active_record_store]
+{Wiki}[http://wiki.github.com/raggi/openid_active_record_store/]
+{Source Code}[http://github.com/raggi/openid_active_record_store/]
+{Issues}[http://github.com/raggi/openid_active_record_store/issues]
+
+== DESCRIPTION:
+
+A rails engine for OpenID/Omniauth that writes to ActiveRecord for the OpenID data. Forked from an old project by Kazuyoshi Tlacaelel.
+
+== FEATURES/PROBLEMS:
+
+* Simple
+* Lowish test coverage
+* Binary column may not work well with some adapters
+
+== SYNOPSIS:
+
+    rake openid_active_record_store:install:migrations
+    rake db:migrate
+
+    # Omniauth example:
+    Rails.application.config.middleware.use(
+      OmniAuth::Strategies::GoogleApps,
+      OpenID::Store::ActiveRecord.new,
+      { :name => 'example', :domain => 'example.org' }
+    )
+
+== REQUIREMENTS:
+
+* Rails 3+
+* OpenID
+
+== INSTALL:
+
+* gem install openid_active_record_store
+
+== LICENSE:
+
+(The MIT License)
+
+Copyright (c) 2011 Kazuyoshi Tlacaelel, James Tucker, Wildfire Interactive Inc
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,29 @@
+#!/usr/bin/env rake
+require 'rake/testtask'
+require 'rdoc/task'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the openid_store_active_record plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.ruby_opts << '-rubygems'
+  t.libs += %w[test]
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+  t.warning = true
+end
+
+desc 'Generate documentation for the openid_store_active_record plugin.'
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'OpenidStoreActiveRecord'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+desc "build gem"
+task :gem do
+  sh "gem build openid_active_record_store.gemspec"
+end

data/app/models/openid_abstract.rb

@@ -0,0 +1,5 @@
+require 'active_record'
+
+class OpenidAbstract < ActiveRecord::Base
+  self.abstract_class = true
+end

data/app/models/openid_association.rb

@@ -0,0 +1,2 @@
+class OpenidAssociation < OpenidAbstract
+end

data/app/models/openid_nonce.rb

@@ -0,0 +1,8 @@
+class OpenidNonce < OpenidAbstract
+
+  # attempt to scan timestamps (integers) first for fast access.
+  def self.exists_by_target?(timestamp, salt, target)
+    where(:timestamp => timestamp, :target => target).size > 0
+  end
+
+end

data/db/migrate/create_openid_associations.rb

@@ -0,0 +1,22 @@
+class CreateOpenidAssociations < ActiveRecord::Migration
+
+  def self.up
+    create_table :openid_associations do |t|
+      t.datetime  :issued_at
+      t.integer   :lifetime
+      t.string    :assoc_type
+      t.text      :handle
+      t.binary    :secret
+
+      t.string    :target, :size => 32
+      t.text      :server_url
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :openid_associations
+  end
+
+end

data/db/migrate/create_openid_nonces.rb

@@ -0,0 +1,17 @@
+class CreateOpenidNonces < ActiveRecord::Migration
+
+  def self.up
+    create_table :openid_nonces do |t|
+      t.integer   :timestamp
+      t.string    :salt
+      t.string    :target, :size => 32
+      t.text      :server_url
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :openid_nonces
+  end
+
+end

data/lib/openid/store/active_record.rb

@@ -0,0 +1,121 @@
+require 'openid/util'
+require 'openid/store/interface'
+require 'openid/association'
+require 'openssl'
+
+module OpenID
+  module Store
+    class ActiveRecord < Interface
+
+      # Put a Association object into storage.
+      # When implementing a store, don't assume that there are any limitations
+      # on the character set of the server_url.  In particular, expect to see
+      # unescaped non-url-safe characters in the server_url field.
+      def store_association(server_url, association)
+        OpenidAssociation.create!(
+          :server_url => server_url,
+          :target     => targetize(server_url),
+          :handle     => association.handle,
+          :secret     => association.secret,
+          :issued_at  => association.issued,
+          :lifetime   => association.lifetime,
+          :assoc_type => association.assoc_type
+        )
+        true
+      end
+
+      # Returns a Association object from storage that matches
+      # the server_url.  Returns nil if no such association is found or if
+      # the one matching association is expired. (Is allowed to GC expired
+      # associations when found.)
+      def get_association(server_url, handle=nil)
+        oas = OpenidAssociation.find_all_by_target targetize(server_url)
+        return nil if oas.empty?
+        unless handle.nil?
+          return nil unless oas.collect(&:handle).include? handle
+          return build_association(oas.find { |oa| oa.handle == handle })
+        end
+        oas.sort_by(&:issued_at).collect { |oa| build_association(oa) }.last
+      end
+
+      # If there is a matching association, remove it from the store and
+      # return true, otherwise return false.
+      def remove_association(server_url, handle)
+        oas = OpenidAssociation.find_all_by_target targetize(server_url)
+        return false unless oas.collect(&:handle).include? handle
+        oas.find_all { |oa| oa.handle == handle }.each(&:delete).size > 0
+      end
+
+      # Return true if the nonce has not been used before, and store it
+      # for a while to make sure someone doesn't try to use the same value
+      # again.  Return false if the nonce has already been used or if the
+      # timestamp is not current.
+      # You can use OpenID::Store::Nonce::SKEW for your timestamp window.
+      # server_url: URL of the server from which the nonce originated
+      # timestamp: time the nonce was created in seconds since unix epoch
+      # salt: A random string that makes two nonces issued by a server in
+      #       the same second unique
+      def use_nonce(server_url, timestamp, salt)
+        return false if (timestamp - Time.now.to_i).abs > Nonce.skew
+        params = [timestamp, salt, targetize(server_url)]
+        return false if OpenidNonce.exists_by_target?(*params)
+        return create_nonce(server_url, timestamp, salt)
+      end
+
+      # Remove expired nonces and associations from the store
+      # Not called during normal library operation, this method is for store
+      # admins to keep their storage from filling up with expired data
+      def cleanup
+        cleanup_nonces
+        cleanup_associations
+      end
+
+      # Remove expired associations from the store
+      # Not called during normal library operation, this method is for store
+      # admins to keep their storage from filling up with expired data
+      def cleanup_associations
+        oas = OpenidAssociation.all.collect do |oa|
+          oa.id if build_association(oa).expires_in == 0
+        end
+        OpenidAssociation.delete oas.compact
+      end
+
+      # Remove expired nonces from the store
+      # Discards any nonce that is old enough that it wouldn't pass use_nonce
+      # Not called during normal library operation, this method is for store
+      # admins to keep their storage from filling up with expired data
+      def cleanup_nonces
+        now = Time.now.to_i
+        nonces = OpenidNonce.all
+        ids = nonces.collect { |n| n.id if (n.timestamp - now).abs > Nonce.skew }
+        OpenidNonce.delete ids.compact
+      end
+
+      private
+
+      def targetize(server_url)
+        OpenSSL::Digest::MD5.hexdigest(server_url)
+      end
+
+      def build_association(open_id_association)
+        OpenID::Association.new(
+          open_id_association.handle,
+          open_id_association.secret,
+          open_id_association.issued_at,
+          open_id_association.lifetime,
+          open_id_association.assoc_type
+        )
+      end
+
+      def create_nonce(server_url, timestamp, salt)
+        OpenidNonce.create!(
+          :target     => targetize(server_url),
+          :server_url => server_url,
+          :timestamp  => timestamp
+        )
+        true
+      end
+
+    end
+  end
+end

data/lib/openid_active_record_store.rb

@@ -0,0 +1,33 @@
+require 'rails/engine'
+require 'openid/store/active_record'
+
+module OpenidActiveRecordStore
+  class Engine < Rails::Engine
+    config.eager_load_paths << File.expand_path("../../app/models", __FILE__)
+  end
+  class Railtie < Rails::Railtie
+    rake_tasks do
+      namespace :openid_active_record_store do
+        namespace :install do
+
+          files = File.expand_path("../../db/migrate/*.rb", __FILE__)
+          sources = FileList[files]
+          targets = sources.map do |source|
+            ts = Time.now.to_f.to_s.sub('.', '')
+            "db/migrate/#{ts}_#{File.basename(source)}"
+          end
+
+          desc "install migrations"
+          task :migrations => targets
+
+          sources.zip(targets).each do |source, target|
+            file target => source do
+              cp source, target
+            end
+          end
+
+        end
+      end
+    end unless Gem::Version.new(Rails.version) >= Gem::Version.new('3.1.0')
+  end
+end

data/test/openid_store_active_record_test.rb

@@ -0,0 +1,237 @@
+require 'test_helper'
+require 'openid/store/nonce'
+
+class OpenidStoreActiveRecordTest < ActiveSupport::TestCase
+
+  # ============================================================================
+  # TESTING SCENARIO
+  # ============================================================================
+
+  setup :prepare_scenario, :clean_tables
+  teardown :destroy_scenario
+
+  def prepare_scenario
+    @store = OpenID::Store::ActiveRecord.new
+    @@allowed_nonce = '0123456789abcdefghijklmnopqrst' +
+      'uvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
+    @@allowed_handle = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQ' +
+      'RSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'
+  end
+
+  def clean_tables
+    # super duper make sure talbes are empty
+    OpenidAssociation.all.each { |ao| ao.destroy }
+    OpenidNonce.all.each { |nonce| nonce.destroy }
+  end
+
+  def destroy_scenario
+    @@allowed_handle = @@allowed_nonce = @store = nil
+  end
+
+  # ============================================================================
+  # TESTS BELOW BROUGHT FROM THE ORIGINAL 'ruby-openid' (store) test suite
+  # these methods test the association interactivity with a store object
+  # ============================================================================
+
+  def _gen_secret(n, chars=nil)
+    OpenID::CryptUtil.random_string(n, chars)
+  end
+
+  def _gen_handle(n)
+    OpenID::CryptUtil.random_string(n, @@allowed_handle)
+  end
+
+  def _gen_assoc(issued_at, lifetime=600)
+    secret = _gen_secret(20)
+    handle = _gen_handle(128)
+    OpenID::Association.new(handle, secret, Time.now + issued_at, lifetime,
+                            'HMAC-SHA1')
+  end
+
+  def _check_retrieve(url, handle=nil, expected=nil)
+    ret_assoc = @store.get_association(url, handle)
+
+    if expected.nil?
+      assert_nil(ret_assoc)
+    else
+      %w[assoc_type handle issued lifetime secret].each do |prop|
+        ex, actual = expected.send(prop), ret_assoc.send(prop)
+        if ex.kind_of?(Time)
+          ex, actual = ex.to_i, actual.to_i
+        end
+        assert_equal ex, actual, "#{prop} doesn't match"
+      end
+    end
+  end
+
+  def _check_remove(url, handle, expected)
+    present = @store.remove_association(url, handle)
+    assert_equal(expected, present)
+  end
+
+  def test_store
+    server_url = "http://www.myopenid.com/openid"
+    assoc = _gen_assoc(issued_at=0)
+
+    # Make sure that a missing association returns no result
+    _check_retrieve(server_url)
+
+    # Check that after storage, getting returns the same result
+    @store.store_association(server_url, assoc)
+    _check_retrieve(server_url, nil, assoc)
+
+    # more than once
+    _check_retrieve(server_url, nil, assoc)
+
+    # Storing more than once has no ill effect
+    @store.store_association(server_url, assoc)
+    _check_retrieve(server_url, nil, assoc)
+
+    # Removing an association that does not exist returns not present
+    _check_remove(server_url, assoc.handle + 'x', false)
+
+    # Removing an association that does not exist returns not present
+    _check_remove(server_url + 'x', assoc.handle, false)
+
+    # Removing an association that is present returns present
+    _check_remove(server_url, assoc.handle, true)
+
+    # but not present on subsequent calls
+    _check_remove(server_url, assoc.handle, false)
+
+    # Put assoc back in the store
+    @store.store_association(server_url, assoc)
+
+    # More recent and expires after assoc
+    assoc2 = _gen_assoc(issued_at=1)
+    @store.store_association(server_url, assoc2)
+
+    # After storing an association with a different handle, but the
+    # same server_url, the handle with the later expiration is returned.
+    _check_retrieve(server_url, nil, assoc2)
+
+    # We can still retrieve the older association
+    _check_retrieve(server_url, assoc.handle, assoc)
+
+    # Plus we can retrieve the association with the later expiration
+    # explicitly
+    _check_retrieve(server_url, assoc2.handle, assoc2)
+
+    # More recent, and expires earlier than assoc2 or assoc. Make sure
+    # that we're picking the one with the latest issued date and not
+    # taking into account the expiration.
+    assoc3 = _gen_assoc(issued_at=2, lifetime=100)
+    @store.store_association(server_url, assoc3)
+
+    _check_retrieve(server_url, nil, assoc3)
+    _check_retrieve(server_url, assoc.handle, assoc)
+    _check_retrieve(server_url, assoc2.handle, assoc2)
+    _check_retrieve(server_url, assoc3.handle, assoc3)
+
+    _check_remove(server_url, assoc2.handle, true)
+
+    _check_retrieve(server_url, nil, assoc3)
+    _check_retrieve(server_url, assoc.handle, assoc)
+    _check_retrieve(server_url, assoc2.handle, nil)
+    _check_retrieve(server_url, assoc3.handle, assoc3)
+
+    _check_remove(server_url, assoc2.handle, false)
+    _check_remove(server_url, assoc3.handle, true)
+
+    _check_retrieve(server_url, nil, assoc)
+    _check_retrieve(server_url, assoc.handle, assoc)
+    _check_retrieve(server_url, assoc2.handle, nil)
+    _check_retrieve(server_url, assoc3.handle, nil)
+
+    _check_remove(server_url, assoc2.handle, false)
+    _check_remove(server_url, assoc.handle, true)
+    _check_remove(server_url, assoc3.handle, false)
+
+    _check_retrieve(server_url, nil, nil)
+    _check_retrieve(server_url, assoc.handle, nil)
+    _check_retrieve(server_url, assoc2.handle, nil)
+    _check_retrieve(server_url, assoc3.handle, nil)
+
+    _check_remove(server_url, assoc2.handle, false)
+    _check_remove(server_url, assoc.handle, false)
+    _check_remove(server_url, assoc3.handle, false)
+
+    assocValid1 = _gen_assoc(-3600, 7200)
+    assocValid2 = _gen_assoc(-5)
+    assocExpired1 = _gen_assoc(-7200, 3600)
+    assocExpired2 = _gen_assoc(-7200, 3600)
+
+    @store.cleanup_associations
+    @store.store_association(server_url + '1', assocValid1)
+    @store.store_association(server_url + '1', assocExpired1)
+    @store.store_association(server_url + '2', assocExpired2)
+    @store.store_association(server_url + '3', assocValid2)
+
+    cleaned = @store.cleanup_associations()
+    assert_equal(2, cleaned, "cleaned up associations")
+  end
+
+  # ============================================================================
+  # am including open id here because the nonce module is not being mocked
+  # ============================================================================
+  include OpenID
+
+  # ============================================================================
+  # TESTS BELOW BROUGHT FROM THE ORIGINAL 'ruby-openid' (store) test suite
+  # these methods test the nonce interactivity with a store object
+  # ============================================================================
+
+  def _check_use_nonce(nonce, expected, server_url, msg='')
+    stamp, salt = Nonce::split_nonce(nonce)
+    actual = @store.use_nonce(server_url, stamp, salt)
+    assert_equal(expected, actual, msg)
+  end
+
+  def test_nonce
+    server_url = "http://www.myopenid.com/openid"
+    [server_url, ''].each{|url|
+      nonce1 = Nonce::mk_nonce
+
+      _check_use_nonce(nonce1, true, url, "#{url}: nonce allowed by default")
+      _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed twice")
+      _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed third time")
+
+      # old nonces shouldn't pass
+      old_nonce = Nonce::mk_nonce(3600)
+      _check_use_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed")
+
+    }
+
+    now = Time.now.to_i
+    old_nonce1 = Nonce::mk_nonce(now - 20000)
+    old_nonce2 = Nonce::mk_nonce(now - 10000)
+    recent_nonce = Nonce::mk_nonce(now - 600)
+
+    orig_skew = Nonce.skew
+    Nonce.skew = 0
+    count = @store.cleanup_nonces
+    Nonce.skew = 1000000
+    ts, salt = Nonce::split_nonce(old_nonce1)
+    assert(@store.use_nonce(server_url, ts, salt), "oldnonce1")
+    ts, salt = Nonce::split_nonce(old_nonce2)
+    assert(@store.use_nonce(server_url, ts, salt), "oldnonce2")
+    ts, salt = Nonce::split_nonce(recent_nonce)
+    assert(@store.use_nonce(server_url, ts, salt), "recent_nonce")
+
+
+    Nonce.skew = 1000
+    cleaned = @store.cleanup_nonces
+    assert_equal(2, cleaned, "Cleaned #{cleaned} nonces")
+
+    Nonce.skew = 100000
+    ts, salt = Nonce::split_nonce(old_nonce1)
+    assert(@store.use_nonce(server_url, ts, salt), "oldnonce1 after cleanup")
+    ts, salt = Nonce::split_nonce(old_nonce2)
+    assert(@store.use_nonce(server_url, ts, salt), "oldnonce2 after cleanup")
+    ts, salt = Nonce::split_nonce(recent_nonce)
+    assert(!@store.use_nonce(server_url, ts, salt), "recent_nonce after cleanup")
+
+    Nonce.skew = orig_skew
+  end
+
+end

data/test/test_helper.rb

@@ -0,0 +1,24 @@
+require 'test/unit'
+require 'openid_active_record_store'
+require 'active_record'
+
+db = {
+  :adapter => :mysql2,
+  :database => 'openid_active_record_store'
+}
+
+# XXX  yes, there are better ways. patches please!
+
+system "echo 'drop   database #{db[:database]};' | mysql5 -uroot" rescue nil
+system "echo 'create database #{db[:database]};' | mysql5 -uroot"
+
+ActiveRecord::Base.establish_connection db
+
+Dir['app/models/*.rb'].each do |model|
+  require File.expand_path(model)
+end
+
+Dir['db/migrations/*.rb'].each do |migration|
+  require migration
+  Object.const_get(File.basename(migration, '.rb').camelize).up
+end

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification 
+name: openid_active_record_store
+version: !ruby/object:Gem::Version 
+  hash: 23
+  prerelease: 
+  segments: 
+  - 1
+  - 0
+  - 0
+  version: 1.0.0
+platform: ruby
+authors: 
+- James Tucker
+- Kazuyoshi Tlacaelel
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-05-24 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 5
+        segments: 
+        - 3
+        version: "3"
+  type: :runtime
+  version_requirements: *id001
+description: An ActiveRecord store for OpenID, forked from its original author for rails 3 support
+email: info@wildfireapp.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- README.rdoc
+- Rakefile
+- app/models/openid_abstract.rb
+- app/models/openid_association.rb
+- app/models/openid_nonce.rb
+- db/migrate/create_openid_associations.rb
+- db/migrate/create_openid_nonces.rb
+- lib/openid/store/active_record.rb
+- lib/openid_active_record_store.rb
+- test/openid_store_active_record_test.rb
+- test/test_helper.rb
+has_rdoc: true
+homepage: http://github.com/wildfireapp/openid_active_record_store
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.5.2
+signing_key: 
+specification_version: 3
+summary: An ActiveRecord store for OpenID
+test_files: []
+