openid_login_generator 0.1

data/USAGE

@@ -0,0 +1,23 @@
+NAME
+     openid_login - creates a functional openid login system
+
+SYNOPSIS
+     openid_login [Controller name]
+     
+     Good names are Account Myaccount Security
+
+DESCRIPTION
+     This generator creates a general purpose login system.
+
+     Included:
+      - a User model which stores OpenID authenticated users
+      - a Controller with login, welcome and logoff actions
+      - a mixin which lets you easily add advanced authentication 
+        features to your abstract base controller
+
+            
+EXAMPLE
+      ./script/generate openid_login Account
+
+     This will generate an Account controller with login and logout methods. 
+     The model is always called User 

data/openid_login_generator.rb

@@ -0,0 +1,36 @@
+class OpenidLoginGenerator < Rails::Generator::NamedBase
+  def manifest
+    record do |m|
+      
+      # Login module, controller class, functional test, and helper.
+      m.template "openid_login_system.rb", "lib/openid_login_system.rb"
+      m.template "controller.rb", File.join("app/controllers", class_path, "#{file_name}_controller.rb")
+      m.template "controller_test.rb", File.join("test/functional", class_path, "#{file_name}_controller_test.rb")
+      m.template "helper.rb", File.join("app/helpers", class_path, "#{file_name}_helper.rb")
+
+      # Model class, unit test, fixtures, and example schema.
+      m.template "user.rb", "app/models/user.rb"
+      m.template "user_test.rb", "test/unit/user_test.rb"
+      m.template "users.yml", "test/fixtures/users.yml"
+
+      # Layout and stylesheet.
+      m.template "scaffold:layout.rhtml", "app/views/layouts/scaffold.rhtml"
+      m.template "scaffold:style.css", "public/stylesheets/scaffold.css"
+
+      # Views. 
+      m.directory File.join("app/views", class_path, file_name)
+      login_views.each do |action|
+        m.template "view_#{action}.rhtml",
+          File.join("app/views", class_path, file_name, "#{action}.rhtml")
+      end
+
+      m.template "README", "README_LOGIN"
+    end
+  end
+
+  attr_accessor :controller_class_name
+  
+  def login_views
+    %w(welcome login logout)
+  end
+end

data/templates/README

@@ -0,0 +1,116 @@
+== About
+
+This is a port of the standard LoginGenerator to use OpenID for
+authentication.  It is distributed with the Ruby OpenID library.
+
+Read more at:
+* http://openidenabled.com
+* http://openidenabled.com/openid/libraries/ruby
+* http://openid.net
+
+== Installation
+
+If you are reading this, then you have installed the openid_login
+system, but there are still a few things you have to do
+manually. First open your app/controllers/application.rb and add
+
+  require_dependency "openid_login_system"
+
+to the top of the file and include the login system with
+
+  include OpenidLoginSystem 
+
+The beginning of your ApplicationController.
+It should look something like this : 
+
+  require_dependency "openid_login_system"
+
+  class ApplicationController < ActionController::Base
+    include OpenidLoginSystem
+    model :user
+
+After you have done the modifications the the AbstractController you can import
+the user model into the database. This model is meant as an example and you
+should extend it. 
+
+The model :user is required when you are hitting problems to the degree of
+"Session could not be restored becuase not all items in it are known"
+
+== Requirements
+
+You need a database table corresponding to the User model. 
+
+  mysql syntax:
+  CREATE TABLE users (
+    id int(11) NOT NULL auto_increment,
+    openid_url varchar(256) default NULL,
+    PRIMARY KEY  (id)
+  );
+�
+  postgres :
+  CREATE TABLE "users" (
+  �"id" SERIAL NOT NULL UNIQUE,
+  �"openid_url" VARCHAR(256),
+  �PRIMARY KEY("id")
+  ) WITH OIDS;
+
+  sqlite:
+  CREATE TABLE 'users' (
+    'id' INTEGER PRIMARY KEY NOT NULL,
+    'openid_url' VARCHAR(256) DEFAULT NULL
+  );
+
+Of course your user model can have any amount of extra fields. This is just a
+starting point
+
+== How to use it 
+
+Now you can go around and happily add "before_filter :login_required" to the
+controllers which you would like to protect. 
+
+After integrating the login system with your rails application
+navigate to your new controller's login method. There you may login
+which will create a new User object if you've never logged in
+before. After you are done you should have a look at your DB, and
+you'll see the record for your User with the openid_url you entered.
+
+
+== Tips & Tricks
+
+How do I...
+
+  ... access the user who is currently logged in
+
+  A: You can get the user id from the session using @session[:user_id]
+     Example: 
+	
+	@session[:user_id] 
+
+       To get the User object:
+
+	user = User.find(@session[:user_id])
+
+      	The OpenidController also has a find_user method
+     	which will return the User object of the logged in user, or nil
+	if no user is logged in.
+	
+
+  ... restrict access to only a few methods? 
+  
+  A: Use before_filters build in scoping. 
+     Example: 
+       before_filter :login_required, :only => [:myaccount, :changepassword]
+       before_filter :login_required, :except => [:index]
+     
+  ... check if a user is logged-in in my views?
+  
+  A: @session[:user_id] will tell you. Here is an example helper which you can use to make this more pretty:
+     Example: 
+       def user?
+         !@session[:user_id].nil?
+       end
+
+
+
+
+

data/templates/controller.rb

@@ -0,0 +1,111 @@
+require "pathname"
+require "cgi"
+
+# load the openid library
+begin
+  require "rubygems"
+  require_gem "ruby-openid", ">= 1.0.2"
+rescue LoadError
+  require "openid"
+end
+
+class <%= class_name %>Controller < ApplicationController
+  layout  'scaffold'
+  
+  # process the login request, disover the openid server, and
+  # then redirect.
+  def login
+    openid_url = @params[:openid_url]
+
+    if @request.post?
+      request = consumer.begin(openid_url)
+
+      case request.status
+      when OpenID::SUCCESS
+        return_to = url_for(:action=> 'complete')
+        trust_root = url_for(:controller=>'')
+
+        url = request.redirect_url(trust_root, return_to)
+        redirect_to(url)
+        return
+
+      when OpenID::FAILURE
+        escaped_url = CGI::escape(openid_url)
+        flash[:notice] = "Could not find OpenID server for #{escaped_url}"
+        
+      else
+        flash[:notice] = "An unknown error occured."
+
+      end      
+    end    
+
+  end
+
+  # handle the openid server response
+  def complete
+    response = consumer.complete(@params)
+    
+    case response.status
+    when OpenID::SUCCESS
+
+      @user = User.get(response.identity_url)
+      
+      # create user object if one does not exist
+      if @user.nil?
+        @user = User.new(:openid_url => response.identity_url)
+        @user.save
+      end
+
+      # storing both the openid_url and user id in the session for for quick
+      # access to both bits of information.  Change as needed.
+      @session[:user_id] = @user.id
+
+      flash[:notice] = "Logged in as #{CGI::escape(response.identity_url)}"
+       
+      redirect_to :action => "welcome"
+      return
+
+    when OpenID::FAILURE
+      if response.identity_url
+        flash[:notice] = "Verification of #{CGI::escape(response.identity_url)} failed."
+
+      else
+        flash[:notice] = 'Verification failed.'
+      end
+
+    when OpenID::CANCEL
+      flash[:notice] = 'Verification cancelled.'
+
+    else
+      flash[:notice] = 'Unknown response from OpenID server.'
+    end
+  
+    redirect_to :action => 'login'
+  end
+  
+  def logout
+    @session[:user_id] = nil
+  end
+    
+  def welcome
+  end
+
+  private
+
+  # Get the OpenID::Consumer object.
+  def consumer
+    # create the OpenID store for storing associations and nonces,
+    # putting it in your app's db directory
+    store_dir = Pathname.new(RAILS_ROOT).join('db').join('openid-store')
+    store = OpenID::FilesystemStore.new(store_dir)
+
+    return OpenID::Consumer.new(@session, store)
+  end
+
+  # get the logged in user object
+  def find_user
+    return nil if session[:user_id].nil?
+    User.find(session[:user_id])
+  end
+  
+end

data/templates/controller.rb~

@@ -0,0 +1,111 @@
+require "pathname"
+require "cgi"
+
+# load the openid library
+begin
+  require "rubygems"
+  require_gem "ruby-openid", ">= 1.0"
+rescue LoadError
+  require "openid"
+end
+
+class <%= class_name %>Controller < ApplicationController
+  layout  'scaffold'
+  
+  # process the login request, disover the openid server, and
+  # then redirect.
+  def login
+    openid_url = @params[:openid_url]
+
+    if @request.post?
+      request = consumer.begin(openid_url)
+
+      case request.status
+      when OpenID::SUCCESS
+        return_to = url_for(:action=> 'complete')
+        trust_root = url_for(:controller=>'')
+
+        url = request.redirect_url(trust_root, return_to)
+        redirect_to(url)
+        return
+
+      when OpenID::FAILURE
+        escaped_url = CGI::escape(openid_url)
+        flash[:notice] = "Could not find OpenID server for #{escaped_url}"
+        
+      else
+        flash[:notice] = "An unknown error occured."
+
+      end      
+    end    
+
+  end
+
+  # handle the openid server response
+  def complete
+    response = consumer.complete(@params)
+    
+    case response.status
+    when OpenID::SUCCESS
+
+      @user = User.get(response.identity_url)
+      
+      # create user object if one does not exist
+      if @user.nil?
+        @user = User.new(:openid_url => response.identity_url)
+        @user.save
+      end
+
+      # storing both the openid_url and user id in the session for for quick
+      # access to both bits of information.  Change as needed.
+      @session[:user_id] = @user.id
+
+      flash[:notice] = "Logged in as #{CGI::escape(response.identity_url)}"
+       
+      redirect_to :action => "welcome"
+      return
+
+    when OpenID::FAILURE
+      if response.identity_url
+        flash[:notice] = "Verification of #{CGI::escape(response.identity_url)} failed."
+
+      else
+        flash[:notice] = 'Verification failed.'
+      end
+
+    when OpenID::CANCEL
+      flash[:notice] = 'Verification cancelled.'
+
+    else
+      flash[:notice] = 'Unknown response from OpenID server.'
+    end
+  
+    redirect_to :action => 'login'
+  end
+  
+  def logout
+    @session[:user_id] = nil
+  end
+    
+  def welcome
+  end
+
+  private
+
+  # Get the OpenID::Consumer object.
+  def consumer
+    # create the OpenID store for storing associations and nonces,
+    # putting it in your app's db directory
+    store_dir = Pathname.new(RAILS_ROOT).join('db').join('openid-store')
+    store = OpenID::FilesystemStore.new(store_dir)
+
+    return OpenID::Consumer.new(@session, store)
+  end
+
+  # get the logged in user object
+  def find_user
+    return nil if session[:user_id].nil?
+    User.find(session[:user_id])
+  end
+  
+end

data/templates/helper.rb

@@ -0,0 +1,2 @@
+module <%= class_name %>Helper
+end

data/templates/openid_login_system.rb

@@ -0,0 +1,87 @@
+require_dependency "user"
+
+module OpenidLoginSystem 
+  
+  protected
+  
+  # overwrite this if you want to restrict access to only a few actions
+  # or if you want to check if the user has the correct rights  
+  # example:
+  #
+  #  # only allow nonbobs
+  #  def authorize?(user)
+  #    user.login != "bob"
+  #  end
+  def authorize?(user)
+     true
+  end
+  
+  # overwrite this method if you only want to protect certain actions of the controller
+  # example:
+  # 
+  #  # don't protect the login and the about method
+  #  def protect?(action)
+  #    if ['action', 'about'].include?(action)
+  #       return false
+  #    else
+  #       return true
+  #    end
+  #  end
+  def protect?(action)
+    true
+  end
+   
+  # login_required filter. add 
+  #
+  #   before_filter :login_required
+  #
+  # if the controller should be under any rights management. 
+  # for finer access control you can overwrite
+  #   
+  #   def authorize?(user)
+  # 
+  def login_required
+    
+    if not protect?(action_name)
+      return true  
+    end
+
+    if @session[:user_id] and authorize?(User.find(@session[:user_id]))
+      return true
+    end
+
+    # store current location so that we can 
+    # come back after the user logged in
+    store_location
+  
+    # call overwriteable reaction to unauthorized access
+    access_denied
+    return false 
+  end
+
+  # overwrite if you want to have special behavior in case the user is not authorized
+  # to access the current operation. 
+  # the default action is to redirect to the login screen
+  # example use :
+  # a popup window might just close itself for instance
+  def access_denied
+    redirect_to :controller=>"/<%= file_name %>", :action =>"login"
+  end  
+  
+  # store current uri in  the session.
+  # we can return to this location by calling return_location
+  def store_location
+    @session[:return_to] = @request.request_uri
+  end
+
+  # move to the last store_location call or to the passed default one
+  def redirect_back_or_default(default)
+    if @session[:return_to].nil?
+      redirect_to default
+    else
+      redirect_to_url @session[:return_to]
+      @session[:return_to] = nil
+    end
+  end
+
+end

data/templates/user.rb

@@ -0,0 +1,14 @@
+
+# this model expects a certain database layout and its based on the name/login pattern. 
+class User < ActiveRecord::Base
+
+  def self.get(openid_url)
+    find_first(["openid_url = ?", openid_url])
+  end  
+  
+
+  protected
+  
+  validates_uniqueness_of :openid_url, :on => :create
+  validates_presence_of :openid_url
+end

data/templates/view_login.rhtml

@@ -0,0 +1,15 @@
+<%%= start_form_tag :action=> "login" %>
+
+<div title="Account login" id="loginform" class="form">
+    <h3>Please login</h3>
+    
+    <label for="user_login">Login:</label><br/>
+    <input type="text" name="openid_url" id="openid_url" size="30" value="<%= @login %>"/><br/>
+
+    <br/>
+    <input type="submit" name="login" value="Login &#187;" class="primary" />
+
+</div>
+
+<%%= end_form_tag %>
+

data/templates/view_logout.rhtml

@@ -0,0 +1,10 @@
+
+<div class="memo">
+    <h3>Logoff</h3>
+
+    <p>You are now logged out of the system...</p>
+      
+    <%%= link_to "&#171; login", :action=>"login"%>  
+      
+</div>
+

data/templates/view_welcome.rhtml

@@ -0,0 +1,9 @@
+
+<div class="memo">
+    <h3>Welcome</h3>
+
+    <p>You are now logged into the system...</p>
+      
+    <%%= link_to "&#171; logout", :action=>"logout"%>  
+      
+</div>

metadata

@@ -0,0 +1,66 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.8.11
+specification_version: 1
+name: openid_login_generator
+version: !ruby/object:Gem::Version 
+  version: "0.1"
+date: 2006-06-12 00:00:00 -07:00
+summary: "[Rails] OpenID Login generator."
+require_paths: 
+- .
+email: brian@janrain.com
+homepage: http://wiki.rubyonrails.org/rails/pages/OpenidLoginGenerator
+rubyforge_project: 
+description: Generates Rails code implementing an OpenID based login system for your Rails app. Based on the original Rails Login Generator.
+autorequire: 
+default_executable: 
+bindir: bin
+has_rdoc: false
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
+  version: 
+platform: ruby
+signing_key: 
+cert_chain: 
+authors: 
+- Brian Ellin, JanRain Inc.
+files: 
+- templates/controller.rb
+- templates/README
+- templates/user_test.rb
+- templates/helper.rb
+- templates/user.rb
+- templates/view_login.rhtml
+- templates/users.yml
+- templates/view_logout.rhtml
+- templates/controller.rb~
+- templates/view_welcome.rhtml
+- templates/controller_test.rb
+- templates/openid_login_system.rb
+- USAGE
+- openid_login_generator.rb
+test_files: []
+
+rdoc_options: []
+
+extra_rdoc_files: []
+
+executables: []
+
+extensions: []
+
+requirements: []
+
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: ruby-openid
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Version::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.0.2
+    version: