oxd-ruby 0.1.3

data/demosite/README.md

@@ -0,0 +1,172 @@
+# oxD Ruby Demo site
+
+This is a demo site for oxd-ruby written using Ruby and Rails to demonstrate how to use oxd-ruby to perform authorization with an OpenID Provider and fetch information.
+
+## Deployment
+
+### Prerequisites
+
+Ubuntu 14.04 with some basic utilities listed below
+
+```bash
+$ sudo apt-get install apache2
+$ a2enmod ssl
+```
+
+### Installing and configuring the oxd-server
+You can download the oxd-server and follow the installation instructions from [here](https://www.gluu.org/docs-oxd)
+
+## Demosite deployment
+
+OpenID Connect works only with HTTPS connections. So let us get the ssl certs ready.
+```bash
+$ mkdir /etc/certs
+$ cd /etc/certs
+$ openssl genrsa -des3 -out demosite.key 2048
+$ openssl rsa -in demosite.key -out demosite.key.insecure
+$ mv demosite.key.insecure demosite.key
+$ openssl req -new -key demosite.key -out demosite.csr
+$ openssl x509 -req -days 365 -in demosite.csr -signkey demosite.key -out demosite.crt
+```
+
+###Install RVM and Ruby on ubuntu
+
+Install mpapis public key first (might need gpg2) 
+
+```bash
+$ sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
+```
+
+Install RVM stable with ruby:
+
+```bash
+$ sudo \curl -sSL https://get.rvm.io | bash -s stable --ruby
+$ cd /var/www/html
+```
+
+Reload shell configuration & test
+```bash
+$ source ~/.rvm/scripts/rvm
+```
+
+Run this command in terminal to get list of installed ruby versions on your system
+```bash
+$ rvm list
+```
+
+Using rvm you can install specific ruby version. E.g. for ruby-2.2.0 :
+```bash
+$ rvm install ruby-2.2.0
+```
+
+To change ruby version simply run this command. E.g. to switch to ruby-2.2.0 :
+```bash
+$ rvm use ruby-2.2.0
+```
+
+Rails is distributed as a Ruby gem and adding it to the local system is extremely simple:
+```bash
+$ gem install rails 
+```
+
+For more help you can see rvm commands here :
+https://rvm.io/rvm/install
+
+###Phusion Passenger Setup 
+
+Phusion Passenger (commonly shortened to Passenger or referred to as mod_passenger) is an application server and it is often used to power Ruby sites. Its code is distributed in form of a Ruby gem, which is then compiled on the target machine and installed into Apache as a module.
+
+First, the gem needs to be installed on the system:
+```bash
+$ gem install passenger
+```
+
+The environment is now ready for the compilation. The process takes a few minutes and it’s started by the following command:
+```bash
+$ passenger-install-apache2-module
+```
+
+Note that this script will not install the module really. It will compile module’s binary and place it under gem’s path. The path will be printed on screen and it needs to be copy-pasted into Apache’s config file 
+
+The output will be similar to this one:
+```
+LoadModule passenger_module /home/username/.rvm/gems/ruby-2.2.1/gems/passenger-5.0.28/buildout/apache2/mod_passenger.so
+```
+
+Then in Apache's config file add these lines :
+```
+<IfModule mod_passenger.c>
+ PassengerRoot /home/username/.rvm/gems/ruby-2.2.1/gems/passenger-5.0.28
+ PassengerDefaultRuby /home/username/.rvm/gems/ruby-2.2.1/wrappers/ruby
+</IfModule>
+```
+
+In console :
+```bash
+$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/oxd-ruby.conf
+$ sudo vi /etc/apache2/sites-available/oxd-ruby.conf
+```
+Replace the content of oxd-ruby.conf file with following:
+```
+<IfModule mod_ssl.c>
+	<VirtualHost *:443>
+		ServerAdmin webmaster@localhost
+		ServerName oxd-rails.com
+		DocumentRoot /var/www/html/oxdrails
+
+		LogLevel info ssl:warn
+		ErrorLog ${APACHE_LOG_DIR}/error.log
+		CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+		#   SSL Engine Switch:
+		#   Enable/Disable SSL for this virtual host.
+		SSLEngine on
+		SSLCertificateFile	/etc/certs/demosite.crt
+		SSLCertificateKeyFile /etc/certs/demosite.key
+
+		<Directory /var/www/html/oxdrails>
+			AllowOverride All
+            		Options Indexes FollowSymLinks
+			Order allow,deny
+			Allow from all
+		</Directory>
+	</VirtualHost>
+</IfModule>
+```
+
+Then enable `oxd-rails.com` virtual host by running:
+```bash
+$ sudo a2ensite oxd-ruby.conf 
+```
+
+After that add domain name in virtual host file.
+In console:
+```bash
+$ sudo nano /etc/hosts
+```
+
+Add these lines in virtual host file:
+```
+127.0.0.1 www.oxd-rails.com
+127.0.0.1 oxd-rails.com
+```
+
+Reload the apache server
+```bash
+$ sudo service apache2 restart
+```
+### Setting up and running demo app
+
+Navigate to Rails app root:
+```bash
+cd /var/www/html/oxdrails
+```
+
+Run :
+```bash
+bundle install
+```
+
+Now your rails app should work from http://oxd-rails.com
+
+##Enjoy!

data/demosite/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

data/demosite/app/assets/javascripts/application.js

@@ -0,0 +1,17 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require jquery
+//= require jquery_ujs
+//= require twitter/bootstrap
+//= require turbolinks
+//= require_tree .

data/demosite/app/assets/javascripts/bootstrap.js.coffee

@@ -0,0 +1,3 @@
+jQuery ->
+  $("a[rel~=popover], .has-popover").popover()
+  $("a[rel~=tooltip], .has-tooltip").tooltip()

data/demosite/app/assets/stylesheets/application.css

@@ -0,0 +1,16 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ *= require bootstrap_and_overrides
+ */

data/demosite/app/assets/stylesheets/bootstrap_and_overrides.css

@@ -0,0 +1,7 @@
+/*
+  =require twitter-bootstrap-static/bootstrap
+
+  Use Font Awesome icons (default)
+  To use Glyphicons sprites instead of Font Awesome, replace with "require twitter-bootstrap-static/sprites"
+  =require twitter-bootstrap-static/fontawesome
+  */

data/demosite/app/controllers/application_controller.rb

@@ -0,0 +1,14 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  	layout "application"
+  	require 'resolv-replace'
+  	require 'oxd-ruby'
+  	protect_from_forgery with: :exception
+
+ 	before_filter :set_oxd_commands_instance
+	protected
+		def set_oxd_commands_instance
+			@oxd_command = Oxd::ClientOxdCommands.new
+		end  
+end

data/demosite/app/controllers/home_controller.rb

@@ -0,0 +1,38 @@
+class HomeController < ApplicationController
+	skip_before_filter :verify_authenticity_token  
+
+	def index	
+	end
+
+	def register_site		
+		if(!@oxd_command.getOxdId.present?)			
+			@oxd_command.register_site # Register site and store the returned oxd_id in config
+	    end
+	    authorization_url = @oxd_command.get_authorization_url
+	    redirect_to authorization_url # redirect user to obtained authorization_url to authenticate
+	end
+
+	def login
+		if(@oxd_command.getOxdId.present?)
+			if (params[:code].present? && params[:state].present?)
+				scopes = params[:scope].split("+")
+				# pass the parameters obtained from callback url to get access_token
+				@access_token = @oxd_command.get_tokens_by_code( params[:code], scopes, params[:state]) 
+    		end
+	        session.delete('oxd_access_token') if(session[:oxd_access_token].present?)
+        	session[:oxd_access_token] = @access_token
+        	session[:state] = params[:state]
+        	session[:session_state] = params[:session_state]
+			@user = @oxd_command.get_user_info(session[:oxd_access_token]) # pass access_token get user information from OP
+			render :template => "home/index", :locals => { :user => @user }				
+		end
+	end
+
+	def logout
+		# get logout url and redirect user that URL to logout from OP
+		if(session[:oxd_access_token])
+			@logout_url = @oxd_command.get_logout_uri(session[:oxd_access_token], session[:state], session[:session_state])
+			redirect_to @logout_url
+		end	    
+	end
+end

data/demosite/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/demosite/app/views/home/index.html.erb

@@ -0,0 +1,127 @@
+<div class="jumbotron">
+    <h2>Ruby on Rails demo Site for OxD Ruby Library</h2>
+    <p>This is a demo site showcasing the usage of OxD Ruby Library. The demo site is written in Ruby on Rails and shows that the library can be used to perform OpenID based authentication.</p>
+</div>
+<div class="row">
+    <div class="col-md-6">
+        <h3>Configuration File</h3>
+        <p>Website specific configuration information is stored in a config file. This is necessary for storing persistant information like Oxd ID generated during the site registration with the Open ID provider.
+        The <code>oxd_config.rb</code> shows the config file used for this demo app. The complete documentation about the config file can be obtained <a href="https://github.com/GluuFederation/oxd-ruby">here in Github</a>
+        </p>
+    </div>
+    <div class="col-md-6">
+        <h3>oxd_config.rb</h3>
+        <pre class="prettyprint">
+Oxd.configure do |config|
+    config.oxd_host_ip = '127.0.0.1'
+    config.oxd_host_port = 8099
+    config.authorization_redirect_uri = "https://domain.example.com/login"
+    config.logout_redirect_uri = "https://domain.example.com/logout"
+    config.post_logout_redirect_uri = "https://domain.example.com/"
+    config.scope = [ "openid", "profile" ]
+    config.application_type = "web"
+    config.redirect_uris = ["https://domain.example.com/login"]
+    config.client_jwks_uri = ""
+    config.client_token_endpoint_auth_method = ""
+    config.client_request_uris = []
+    config.contacts = ["example-email@gmail.com"]
+    config.grant_types = []
+    config.response_types = ["code"]
+    config.acr_values = [ "basic" ]
+    config.client_logout_uris = ['https://domain.example.com/logout']
+end
+        </pre>
+    </div>
+</div>
+<div class="row">
+    <div class="col-md-6">
+        <h3>Registration and Fetching Auth URL</h3>
+        <p>The first step is to register the client with the OP. Once the client is registered, then the user data can be fetched upon user authorization.
+        oxD Ruby performs client registration automatically when you request for an authorization url. Redirect the user to the authorization url to get user
+        consent.</p>
+        <hr>
+        <p><strong> Live demo. </strong><a class="btn btn-primary" href="<%=  register_site_path %>">Go to Authorization Page</a></p>
+    </div>
+    <div class="col-md-6">
+    <pre class="prettyprint">
+def register_site
+    if(!@oxd_command.getOxdId.present?)
+        @oxd_command.register_site
+    end
+    authorization_url = @oxd_command.get_authorization_url
+    redirect_to authorization_url
+end
+    </pre>
+    </div>
+</div>
+<div class="row">
+    <div class="col-md-6">
+    <h3>Get user information</h3>
+    <p>Once the user authorizes the website to use the information from the OP, the OP calls back the website with code and scopes for accessing the user data in the registered callback <code>authorization_redirect_uri</code> in the config file. Then an access token is obtained from the OP using which user claims can be requested.</p>
+    </div>
+    <div class="col-md-6">
+        <pre class="prettyprint">
+def login
+    if(@oxd_command.getOxdId.present?)
+        if (params[:code].present? && params[:state].present?)
+            scopes = params[:scope].split("+")
+            @access_token = @oxd_command.get_tokens_by_code( params[:code], scopes, params[:state])
+        end
+        session.delete('oxd_access_token') if(session[:oxd_access_token].present?)
+        session[:oxd_access_token] = @access_token
+        session[:state] = params[:state]
+        session[:session_state] = params[:session_state]
+        @user = @oxd_command.get_user_info(session[:oxd_access_token])  
+        render :template => "home/index", :locals => { :user => @user }     
+    end
+end
+        </pre>
+    </div>
+</div>
+<div class="row">
+    <div class="col-md-6">
+        <h3>Using the user claims</h3>
+        <p>Once the user data is obtained, the various claims supported by the OP can be used as required.</p>
+        <% if defined?(user) %>
+        <div class="alert alert-success">
+            <% user.each do |field,value| %>
+               <%= "#{field} : #{value}" %>
+               <br>
+            <% end %>
+        </div>
+        <% else %>
+            <div class="alert alert-warning">No business card for you. You haven't authorized the demo user yet.</div>
+        <% end %>
+    </div>
+    <div class="col-md-6">
+        <h3>Template code</h3>
+        <pre class="prettyprint">
+if defined?(user)
+    &lt;div class="alert alert-success"&gt;
+        user.each do |field,value|
+           "#{field} : #{value}"
+           &lt;br&gt;
+        end
+    &lt;/div&gt;
+end
+        </pre>
+    </div>
+</div>
+
+<div class="row">
+    <div class="col-md-6">
+        <h3>Logging Out</h3>
+        <p>Once the required work is done the user can be logged out of the system.</p>
+        <a class="btn btn-danger" href="<%= logout_path %>">Logout</a>
+    </div>
+   <div class="col-md-6">
+    <pre class="prettyprint">
+def logout
+    if(session[:oxd_access_token])
+        @logout_url = @oxd_command.get_logout_uri(session[:oxd_access_token], session[:state], session[:session_state])
+        redirect_to @logout_url
+    end    
+end
+    </pre>
+    </div>
+</div>

data/demosite/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Oxdrails</title>
+  <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track' => true %>
+  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+	<div class="container">
+		<%= yield %>
+	</div>
+</body>
+</html>