openid_connect 0.0.12 → 0.0.13

data/Gemfile.lock

@@ -1,12 +1,13 @@
 PATH
   remote: .
   specs:
-    openid_connect (0.0.11)
+    openid_connect (0.0.12)
       activemodel (>= 3)
       attr_required (>= 0.0.3)
       json (>= 1.4.3)
       jwt (>= 0.1.3)
       rack-oauth2 (>= 0.9)
+      swd (>= 0.0.1)
       tzinfo
       validate_email
       validate_url
@@ -53,6 +54,12 @@ GEM
     rspec-expectations (2.6.0)
       diff-lcs (~> 1.1.2)
     rspec-mocks (2.6.0)
+    swd (0.0.1)
+      activesupport (>= 3)
+      attr_required (>= 0.0.3)
+      httpclient (>= 2.2.1)
+      i18n
+      json (>= 1.4.3)
     treetop (1.4.10)
       polyglot
       polyglot (>= 0.3.1)

data/README.rdoc

@@ -10,7 +10,7 @@ OpenID Connect Server & Client Library
 
 * View Source on GitHub (https://github.com/nov/openid_connect)
 * Report Issues on GitHub (https://github.com/nov/openid_connect/issues)
-* Subscribe Update Info (https://www.facebook.com/pages/OpenID-Connect/134681459957370)
+* Subscribe Update Info (https://www.facebook.com/OpenIDConnect.rb)
 
 == Examples
 

data/VERSION

@@ -1 +1 @@
-0.0.12
+0.0.13

data/lib/openid_connect.rb

@@ -6,4 +6,5 @@ require 'openid_connect/exception'
 require 'openid_connect/client'
 require 'openid_connect/access_token'
 require 'openid_connect/response_object'
-require 'openid_connect/server/id_token'
+require 'openid_connect/server'
+require 'openid_connect/discovery'

data/lib/openid_connect/access_token.rb

@@ -23,13 +23,13 @@ module OpenIDConnect
       when 200
         JSON.parse(res.body).with_indifferent_access
       when 400
-        raise BadRequest.new('API Access Faild')
+        raise BadRequest.new('API Access Faild', res)
       when 401
-        raise Unauthorized.new('Access Token Invalid or Expired')
+        raise Unauthorized.new('Access Token Invalid or Expired', res)
       when 403
-        raise Forbidden.new('Insufficient Scope')
+        raise Forbidden.new('Insufficient Scope', res)
       else
-        raise HttpError.new(res.status, 'Unknown HttpError')
+        raise HttpError.new(res.status, 'Unknown HttpError', res)
       end
     end
   end

data/lib/openid_connect/discovery.rb

@@ -0,0 +1,9 @@
+module OpenIDConnect
+  module Discovery
+    class InvalidIdentifier < Exception; end
+    class DiscoveryFailed < Exception; end
+  end
+end
+
+require 'openid_connect/discovery/principal'
+require 'openid_connect/discovery/provider'

data/lib/openid_connect/discovery/principal.rb

@@ -0,0 +1,38 @@
+require 'swd'
+
+module OpenIDConnect
+  module Discovery
+    class Principal
+      attr_reader :identifier, :host
+
+      def initialize(identifier)
+        raise InvalidIdentifier if identifier.blank?
+        type = case identifier
+        when /^(=|@|!)/
+          XRI
+        when /@/
+          Email
+        else
+          URI
+        end
+        principal = type.new identifier
+        @identifier = principal.identifier
+        @host = principal.host
+      end
+
+      def discover!
+        SWD.discover!(
+          :principal => identifier,
+          :service => 'http://openid.net/specs/connect/1.0/issuer',
+          :host => host
+        )
+      rescue SWD::Exception => e
+        raise DiscoveryFailed.new(e.message)
+      end
+    end
+  end
+end
+
+require 'openid_connect/discovery/principal/email'
+require 'openid_connect/discovery/principal/uri'
+require 'openid_connect/discovery/principal/xri'

data/lib/openid_connect/discovery/principal/email.rb

@@ -0,0 +1,12 @@
+module OpenIDConnect
+  module Discovery
+    class Principal
+      class Email < Principal
+        def initialize(identifier)
+          @identifier = identifier
+          @host = identifier.split('@').last
+        end
+      end
+    end
+  end
+end

data/lib/openid_connect/discovery/principal/uri.rb

@@ -0,0 +1,25 @@
+module OpenIDConnect
+  module Discovery
+    class Principal
+      class URI < Principal
+        def initialize(identifier)
+          uri = normalize(identifier)
+          @identifier = uri.to_s
+          @host = uri.host
+        end
+
+        private
+
+        def normalize(identifier)
+          uri = ::URI.parse(identifier)
+          if uri.host.blank?
+            uri.host, uri.path = uri.path.split('/', 2)
+            uri.path = File.join('/', uri.path)
+          end
+          uri.scheme ||= 'https'
+          uri
+        end
+      end
+    end
+  end
+end

data/lib/openid_connect/discovery/principal/xri.rb

@@ -0,0 +1,11 @@
+module OpenIDConnect
+  module Discovery
+    class Principal
+      class XRI < Principal
+        def initialize(identifier)
+          @identifier = identifier
+        end
+      end
+    end
+  end
+end

data/lib/openid_connect/discovery/provider.rb

@@ -0,0 +1,11 @@
+module OpenIDConnect
+  module Discovery
+    module Provider
+      def self.discover!(identifier)
+        Principal.new(identifier).discover!
+      end
+    end
+  end
+end
+
+require 'openid_connect/discovery/provider/config'

data/lib/openid_connect/discovery/provider/config.rb

@@ -0,0 +1,11 @@
+module OpenIDConnect
+  module Discovery
+    module Provider
+      class Config
+        def self.discover!(host)
+          # TODO
+        end
+      end
+    end
+  end
+end

data/lib/openid_connect/exception.rb

@@ -3,7 +3,7 @@ module OpenIDConnect
 
   class HttpError < Exception
     attr_accessor :status, :response
-    def initialize(status, message, response = nil)
+    def initialize(status, message = nil, response = nil)
       super message
       @status = status
       @response = response

data/lib/openid_connect/response_object.rb

@@ -46,7 +46,7 @@ module OpenIDConnect
     end
 
     def validate!
-      raise ValidationFailed.new(errors) unless valid?
+      valid? or raise ValidationFailed.new(errors)
     end
   end
 end

data/lib/openid_connect/server.rb

@@ -0,0 +1 @@
+require 'openid_connect/server/id_token'

data/lib/rack/oauth2/server/id_token_response.rb

@@ -4,12 +4,11 @@ module Rack::OAuth2::Server
       klass.send :attr_optional, :id_token, :private_key
       klass.class_eval do
         def jwt_string
-          case id_token
-          when String
-            id_token
-          when OpenIDConnect::ResponseObject::IdToken
+          if id_token.is_a? OpenIDConnect::ResponseObject::IdToken
             raise AttrRequired::AttrMissing.new('private_key is required') unless private_key
             id_token.to_jwt private_key
+          else
+            id_token
           end
         end
 

data/openid_connect.gemspec

@@ -10,13 +10,14 @@ Gem::Specification.new do |s|
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
+  s.add_runtime_dependency "json", ">= 1.4.3"
+  s.add_runtime_dependency "tzinfo"
+  s.add_runtime_dependency "attr_required", ">= 0.0.3"
   s.add_runtime_dependency "activemodel", ">= 3"
   s.add_runtime_dependency "validate_url"
   s.add_runtime_dependency "validate_email"
-  s.add_runtime_dependency "tzinfo"
   s.add_runtime_dependency "jwt", ">= 0.1.3"
-  s.add_runtime_dependency "json", ">= 1.4.3"
-  s.add_runtime_dependency "attr_required", ">= 0.0.3"
+  s.add_runtime_dependency "swd", ">= 0.0.1"
   s.add_runtime_dependency "rack-oauth2", ">= 0.9"
   s.add_development_dependency "rake", ">= 0.8"
   s.add_development_dependency "rcov", ">= 0.9"

data/spec/openid_connect/access_token_spec.rb

@@ -34,8 +34,7 @@ describe OpenIDConnect::AccessToken do
           :iss => 'https://server.example.com',
           :user_id => 'user_id',
           :aud => 'client_id',
-          :exp => 1313424327,
-          :secret => 'secret'
+          :exp => 1313424327
         )
       end
       its(:id_token) { should be_a OpenIDConnect::ResponseObject::IdToken }

data/spec/openid_connect/discovery/principal/email_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe OpenIDConnect::Discovery::Principal::Email do
+  it :TODO
+end

data/spec/openid_connect/discovery/principal/uri_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe OpenIDConnect::Discovery::Principal::URI do
+  it :TODO
+end

data/spec/openid_connect/discovery/principal/xri_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe OpenIDConnect::Discovery::Principal::XRI do
+  it :TODO
+end

data/spec/openid_connect/discovery/principal_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe OpenIDConnect::Discovery::Principal do
+  it :TODO
+end

data/spec/openid_connect/discovery_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe OpenIDConnect::Discovery do
+  it :TODO
+end

data/spec/openid_connect/response_object/id_token_spec.rb

@@ -47,7 +47,11 @@ describe OpenIDConnect::ResponseObject::IdToken do
   describe '#as_json' do
     subject { id_token.as_json }
     let(:attributes) { required_attributes }
-    it { should_not include :secret }
+    it do
+      hash = required_attributes
+      hash[:exp] = required_attributes[:exp].to_i
+      should == hash
+    end
   end
 
   describe '.from_jwt' do

data/spec/openid_connect/response_object_spec.rb

@@ -7,8 +7,9 @@ describe OpenIDConnect::ResponseObject do
     validates :required, :inclusion => {:in => ['Required', 'required']}, :length => 1..10
   end
 
-  subject { klass.new attributes }
-  let(:klass) { OpenIDConnect::ResponseObject::SubClass }
+  subject        { instance }
+  let(:klass)    { OpenIDConnect::ResponseObject::SubClass }
+  let(:instance) { klass.new attributes }
   let :attributes do
     {:required => 'Required', :optional => 'Optional'}
   end
@@ -46,24 +47,45 @@ describe OpenIDConnect::ResponseObject do
   end
 
   describe '#as_json' do
-    its(:as_json) do
-      should == {:required => 'Required', :optional => 'Optional'}
+    context 'when valid' do
+      its(:as_json) do
+        should == attributes
+      end
+    end
+
+    context 'otherwise' do
+      let :attributes do
+        {:required => 'Out of List and Too Long'}
+      end
+
+      it 'should raise OpenIDConnect::ResponseObject::ValidationFailed with ActiveModel::Errors' do
+        expect { instance.as_json }.should raise_error(OpenIDConnect::ResponseObject::ValidationFailed) { |e|
+          e.message.should include 'Required is not included in the list'
+          e.message.should include 'Required is too long (maximum is 10 characters)'
+          e.errors.should be_a ActiveModel::Errors
+        }
+      end
     end
   end
 
   describe '#validate!' do
-    let(:invalid) do
-      instance = klass.new attributes
-      instance.required = 'Out of List and Too Long'
-      instance
+    context 'when valid' do
+      subject { instance.validate! }
+      it { should be_true }
     end
 
-    it 'should raise OpenIDConnect::ResponseObject::ValidationFailed with ActiveModel::Errors' do
-      expect { invalid.validate! }.should raise_error(OpenIDConnect::ResponseObject::ValidationFailed) { |e|
-        e.message.should include 'Required is not included in the list'
-        e.message.should include 'Required is too long (maximum is 10 characters)'
-        e.errors.should be_a ActiveModel::Errors
-      }
+    context 'otherwise' do
+      let :attributes do
+        {:required => 'Out of List and Too Long'}
+      end
+
+      it 'should raise OpenIDConnect::ResponseObject::ValidationFailed with ActiveModel::Errors' do
+        expect { instance.validate! }.should raise_error(OpenIDConnect::ResponseObject::ValidationFailed) { |e|
+          e.message.should include 'Required is not included in the list'
+          e.message.should include 'Required is too long (maximum is 10 characters)'
+          e.errors.should be_a ActiveModel::Errors
+        }
+      end
     end
   end
 end

data/spec/rack/oauth2/server/authorize/token_spec.rb

@@ -11,8 +11,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
       :iss => 'https://server.example.com',
       :user_id => 'user_id',
       :aud => 'client_id',
-      :exp => 1313424327,
-      :secret => 'secret'
+      :exp => 1313424327
     )
   end
 

metadata

@@ -1,13 +1,8 @@
 --- !ruby/object:Gem::Specification 
 name: openid_connect
 version: !ruby/object:Gem::Version 
-  hash: 7
   prerelease: 
-  segments: 
-  - 0
-  - 0
-  - 12
-  version: 0.0.12
+  version: 0.0.13
 platform: ruby
 authors: 
 - nov matake
@@ -15,187 +10,151 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-08-18 00:00:00 Z
+date: 2011-08-19 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: activemodel
+  name: json
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 3
-        version: "3"
+        version: 1.4.3
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
-  name: validate_url
+  name: tzinfo
   prerelease: false
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
         version: "0"
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
-  name: validate_email
+  name: attr_required
   prerelease: false
   requirement: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+        version: 0.0.3
   type: :runtime
   version_requirements: *id003
 - !ruby/object:Gem::Dependency 
-  name: tzinfo
+  name: activemodel
   prerelease: false
   requirement: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
+        version: "3"
   type: :runtime
   version_requirements: *id004
 - !ruby/object:Gem::Dependency 
-  name: jwt
+  name: validate_url
   prerelease: false
   requirement: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 29
-        segments: 
-        - 0
-        - 1
-        - 3
-        version: 0.1.3
+        version: "0"
   type: :runtime
   version_requirements: *id005
 - !ruby/object:Gem::Dependency 
-  name: json
+  name: validate_email
   prerelease: false
   requirement: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 1
-        segments: 
-        - 1
-        - 4
-        - 3
-        version: 1.4.3
+        version: "0"
   type: :runtime
   version_requirements: *id006
 - !ruby/object:Gem::Dependency 
-  name: attr_required
+  name: jwt
   prerelease: false
   requirement: &id007 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 25
-        segments: 
-        - 0
-        - 0
-        - 3
-        version: 0.0.3
+        version: 0.1.3
   type: :runtime
   version_requirements: *id007
 - !ruby/object:Gem::Dependency 
-  name: rack-oauth2
+  name: swd
   prerelease: false
   requirement: &id008 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 25
-        segments: 
-        - 0
-        - 9
-        version: "0.9"
+        version: 0.0.1
   type: :runtime
   version_requirements: *id008
 - !ruby/object:Gem::Dependency 
-  name: rake
+  name: rack-oauth2
   prerelease: false
   requirement: &id009 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 0
-        - 8
+        version: "0.9"
+  type: :runtime
+  version_requirements: *id009
+- !ruby/object:Gem::Dependency 
+  name: rake
+  prerelease: false
+  requirement: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
         version: "0.8"
   type: :development
-  version_requirements: *id009
+  version_requirements: *id010
 - !ruby/object:Gem::Dependency 
   name: rcov
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  requirement: &id011 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 25
-        segments: 
-        - 0
-        - 9
         version: "0.9"
   type: :development
-  version_requirements: *id010
+  version_requirements: *id011
 - !ruby/object:Gem::Dependency 
   name: rspec
   prerelease: false
-  requirement: &id011 !ruby/object:Gem::Requirement 
+  requirement: &id012 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 2
         version: "2"
   type: :development
-  version_requirements: *id011
+  version_requirements: *id012
 - !ruby/object:Gem::Dependency 
   name: webmock
   prerelease: false
-  requirement: &id012 !ruby/object:Gem::Requirement 
+  requirement: &id013 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 1
-        - 6
-        - 2
         version: 1.6.2
   type: :development
-  version_requirements: *id012
+  version_requirements: *id013
 description: OpenID Connect Server & Client Library
 email: 
 - nov@matake.jp
@@ -217,12 +176,20 @@ files:
 - lib/openid_connect.rb
 - lib/openid_connect/access_token.rb
 - lib/openid_connect/client.rb
+- lib/openid_connect/discovery.rb
+- lib/openid_connect/discovery/principal.rb
+- lib/openid_connect/discovery/principal/email.rb
+- lib/openid_connect/discovery/principal/uri.rb
+- lib/openid_connect/discovery/principal/xri.rb
+- lib/openid_connect/discovery/provider.rb
+- lib/openid_connect/discovery/provider/config.rb
 - lib/openid_connect/exception.rb
 - lib/openid_connect/response_object.rb
 - lib/openid_connect/response_object/id_token.rb
 - lib/openid_connect/response_object/user_info.rb
 - lib/openid_connect/response_object/user_info/open_id.rb
 - lib/openid_connect/response_object/user_info/open_id/address.rb
+- lib/openid_connect/server.rb
 - lib/openid_connect/server/id_token.rb
 - lib/openid_connect/server/id_token/error.rb
 - lib/rack/oauth2/server/id_token_response.rb
@@ -239,6 +206,11 @@ files:
 - spec/mock_response/user_info/openid.json
 - spec/openid_connect/access_token_spec.rb
 - spec/openid_connect/client_spec.rb
+- spec/openid_connect/discovery/principal/email_spec.rb
+- spec/openid_connect/discovery/principal/uri_spec.rb
+- spec/openid_connect/discovery/principal/xri_spec.rb
+- spec/openid_connect/discovery/principal_spec.rb
+- spec/openid_connect/discovery_spec.rb
 - spec/openid_connect/exception_spec.rb
 - spec/openid_connect/response_object/id_token_spec.rb
 - spec/openid_connect/response_object/user_info/open_id/address_spec.rb
@@ -263,18 +235,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
       version: "0"
 requirements: []
 
@@ -296,6 +262,11 @@ test_files:
 - spec/mock_response/user_info/openid.json
 - spec/openid_connect/access_token_spec.rb
 - spec/openid_connect/client_spec.rb
+- spec/openid_connect/discovery/principal/email_spec.rb
+- spec/openid_connect/discovery/principal/uri_spec.rb
+- spec/openid_connect/discovery/principal/xri_spec.rb
+- spec/openid_connect/discovery/principal_spec.rb
+- spec/openid_connect/discovery_spec.rb
 - spec/openid_connect/exception_spec.rb
 - spec/openid_connect/response_object/id_token_spec.rb
 - spec/openid_connect/response_object/user_info/open_id/address_spec.rb