pelle-ruby-openid 2.1.8

data/lib/openid/yadis/services.rb

@@ -0,0 +1,42 @@
+
+require 'openid/yadis/filters'
+require 'openid/yadis/discovery'
+require 'openid/yadis/xrds'
+
+module OpenID
+  module Yadis
+    def Yadis.get_service_endpoints(input_url, flt=nil)
+      # Perform the Yadis protocol on the input URL and return an
+      # iterable of resulting endpoint objects.
+      #
+      # @param flt: A filter object or something that is convertable
+      # to a filter object (using mkFilter) that will be used to
+      # generate endpoint objects. This defaults to generating
+      # BasicEndpoint objects.
+      result = Yadis.discover(input_url)
+      begin
+        endpoints = Yadis.apply_filter(result.normalized_uri,
+                                       result.response_text, flt)
+      rescue XRDSError => err
+        raise DiscoveryFailure.new(err.to_s, nil)
+      end
+
+      return [result.normalized_uri, endpoints]
+    end
+
+    def Yadis.apply_filter(normalized_uri, xrd_data, flt=nil)
+      # Generate an iterable of endpoint objects given this input data,
+      # presumably from the result of performing the Yadis protocol.
+
+      flt = Yadis.make_filter(flt)
+      et = Yadis.parseXRDS(xrd_data)
+
+      endpoints = []
+      each_service(et) { |service_element|
+        endpoints += flt.get_service_endpoints(normalized_uri, service_element)
+      }
+
+      return endpoints
+    end
+  end
+end

data/lib/openid/yadis/xrds.rb

@@ -0,0 +1,155 @@
+require 'rexml/document'
+require 'rexml/element'
+require 'rexml/xpath'
+
+require 'openid/yadis/xri'
+
+module OpenID
+  module Yadis
+
+    XRD_NS_2_0 = 'xri://$xrd*($v*2.0)'
+    XRDS_NS = 'xri://$xrds'
+
+    XRDS_NAMESPACES = {
+      'xrds' => XRDS_NS,
+      'xrd' => XRD_NS_2_0,
+    }
+
+    class XRDSError < StandardError; end
+
+    # Raised when there's an assertion in the XRDS that it does not
+    # have the authority to make.
+    class XRDSFraud < XRDSError
+    end
+
+    def Yadis::get_canonical_id(iname, xrd_tree)
+      # Return the CanonicalID from this XRDS document.
+      #
+      # @param iname: the XRI being resolved.
+      # @type iname: unicode
+      #
+      # @param xrd_tree: The XRDS output from the resolver.
+      #
+      # @returns: The XRI CanonicalID or None.
+      # @returntype: unicode or None
+
+      xrd_list = []
+      REXML::XPath::match(xrd_tree.root, '/xrds:XRDS/xrd:XRD', XRDS_NAMESPACES).each { |el|
+        xrd_list << el
+      }
+
+      xrd_list.reverse!
+
+      cid_elements = []
+
+      if !xrd_list.empty?
+        xrd_list[0].elements.each { |e|
+          if !e.respond_to?('name')
+            next
+          end
+          if e.name == 'CanonicalID'
+            cid_elements << e
+          end
+        }
+      end
+
+      cid_element = cid_elements[0]
+
+      if !cid_element
+        return nil
+      end
+
+      canonicalID = XRI.make_xri(cid_element.text)
+
+      childID = canonicalID.downcase
+
+      xrd_list[1..-1].each { |xrd|
+        parent_sought = childID[0...childID.rindex('!')]
+
+        parent = XRI.make_xri(xrd.elements["CanonicalID"].text)
+
+        if parent_sought != parent.downcase
+          raise XRDSFraud.new(sprintf("%s can not come from %s", parent_sought,
+                                      parent))
+        end
+
+        childID = parent_sought
+      }
+
+      root = XRI.root_authority(iname)
+      if not XRI.provider_is_authoritative(root, childID)
+        raise XRDSFraud.new(sprintf("%s can not come from root %s", childID, root))
+      end
+
+      return canonicalID
+    end
+
+    class XRDSError < StandardError
+    end
+
+    def Yadis::parseXRDS(text)
+      if text.nil?
+        raise XRDSError.new("Not an XRDS document.")
+      end
+
+      begin
+        d = REXML::Document.new(text)
+      rescue RuntimeError => why
+        raise XRDSError.new("Not an XRDS document. Failed to parse XML.")
+      end
+
+      if is_xrds?(d)
+        return d
+      else
+        raise XRDSError.new("Not an XRDS document.")
+      end
+    end
+
+    def Yadis::is_xrds?(xrds_tree)
+      xrds_root = xrds_tree.root
+      return (!xrds_root.nil? and
+        xrds_root.name == 'XRDS' and
+        xrds_root.namespace == XRDS_NS)
+    end
+
+    def Yadis::get_yadis_xrd(xrds_tree)
+      REXML::XPath.each(xrds_tree.root,
+                        '/xrds:XRDS/xrd:XRD[last()]',
+                        XRDS_NAMESPACES) { |el|
+        return el
+      }
+      raise XRDSError.new("No XRD element found.")
+    end
+
+    # aka iterServices in Python
+    def Yadis::each_service(xrds_tree, &block)
+      xrd = get_yadis_xrd(xrds_tree)
+      xrd.each_element('Service', &block)
+    end
+
+    def Yadis::services(xrds_tree)
+      s = []
+      each_service(xrds_tree) { |service|
+        s << service
+      }
+      return s
+    end
+
+    def Yadis::expand_service(service_element)
+      es = service_element.elements
+      uris = es.each('URI') { |u| }
+      uris = prio_sort(uris)
+      types = es.each('Type/text()')
+      # REXML::Text objects are not strings.
+      types = types.collect { |t| t.to_s }
+      uris.collect { |uri| [types, uri.text, service_element] }
+    end
+
+    # Sort a list of elements that have priority attributes.
+    def Yadis::prio_sort(elements)
+      elements.sort { |a,b|
+        a.attribute('priority').to_s.to_i <=> b.attribute('priority').to_s.to_i
+      }
+    end
+  end
+end

data/lib/openid/yadis/xri.rb

@@ -0,0 +1,90 @@
+require 'openid/yadis/xrds'
+require 'openid/fetchers'
+
+module OpenID
+  module Yadis
+    module XRI
+
+      # The '(' is for cross-reference authorities, and hopefully has a
+      # matching ')' somewhere.
+      XRI_AUTHORITIES = ["!", "=", "@", "+", "$", "("]
+
+      def self.identifier_scheme(identifier)
+        if (!identifier.nil? and
+            identifier.length > 0 and
+            (identifier.match('^xri://') or
+             XRI_AUTHORITIES.member?(identifier[0].chr)))
+          return :xri
+        else
+          return :uri
+        end
+      end
+
+      # Transform an XRI reference to an IRI reference.  Note this is
+      # not not idempotent, so do not apply this to an identifier more
+      # than once.  XRI Syntax section 2.3.1
+      def self.to_iri_normal(xri)
+        iri = xri.dup
+        iri.insert(0, 'xri://') if not iri.match('^xri://')
+        return escape_for_iri(iri)
+      end
+
+      # Note this is not not idempotent, so do not apply this more than
+      # once.  XRI Syntax section 2.3.2
+      def self.escape_for_iri(xri)
+        esc = xri.dup
+        # encode all %
+        esc.gsub!(/%/, '%25')
+        esc.gsub!(/\((.*?)\)/) { |xref_match|
+          xref_match.gsub(/[\/\?\#]/) { |char_match|
+            CGI::escape(char_match)
+          }
+        }
+        return esc
+      end
+
+      # Transform an XRI reference to a URI reference.  Note this is not
+      # not idempotent, so do not apply this to an identifier more than
+      # once.  XRI Syntax section 2.3.1
+      def self.to_uri_normal(xri)
+        return iri_to_uri(to_iri_normal(xri))
+      end
+
+      # RFC 3987 section 3.1
+      def self.iri_to_uri(iri)
+        uri = iri.dup
+        # for char in ucschar or iprivate
+        # convert each char to %HH%HH%HH (as many %HH as octets)
+        return uri
+      end
+
+      def self.provider_is_authoritative(provider_id, canonical_id)
+        lastbang = canonical_id.rindex('!')
+        return false unless lastbang
+        parent = canonical_id[0...lastbang]
+        return parent == provider_id
+      end
+
+      def self.root_authority(xri)
+        xri = xri[6..-1] if xri.index('xri://') == 0
+        authority = xri.split('/', 2)[0]
+        if authority[0].chr == '('
+          root = authority[0...authority.index(')')+1]
+        elsif XRI_AUTHORITIES.member?(authority[0].chr)
+          root = authority[0].chr
+        else
+          root = authority.split(/[!*]/)[0]
+        end
+
+        self.make_xri(root)
+      end
+
+      def self.make_xri(xri)
+        if xri.index('xri://') != 0
+          xri = 'xri://' + xri
+        end
+        return xri
+      end
+    end
+  end
+end

data/lib/openid/yadis/xrires.rb

@@ -0,0 +1,106 @@
+require "cgi"
+require "openid/yadis/xri"
+require "openid/yadis/xrds"
+require "openid/fetchers"
+
+module OpenID
+
+  module Yadis
+
+    module XRI
+
+      class XRIHTTPError < StandardError; end
+
+      class ProxyResolver
+
+        DEFAULT_PROXY = 'http://proxy.xri.net/'
+
+        def initialize(proxy_url=nil)
+          if proxy_url
+            @proxy_url = proxy_url
+          else
+            @proxy_url = DEFAULT_PROXY
+          end
+
+          @proxy_url += '/' unless @proxy_url.match('/$')
+        end
+
+        def query_url(xri, service_type=nil)
+          # URI normal form has a leading xri://, but we need to strip
+          # that off again for the QXRI.  This is under discussion for
+          # XRI Resolution WD 11.
+          qxri = XRI.to_uri_normal(xri)[6..-1]
+          hxri = @proxy_url + qxri
+          args = {'_xrd_r' => 'application/xrds+xml'}
+          if service_type
+            args['_xrd_t'] = service_type
+          else
+            # don't perform service endpoint selection
+            args['_xrd_r'] += ';sep=false'
+          end
+
+          return XRI.append_args(hxri, args)
+        end
+
+        def query(xri, service_types)
+          # these can be query args or http headers, needn't be both.
+          # headers = {'Accept' => 'application/xrds+xml;sep=true'}
+          canonicalID = nil
+
+          services = service_types.collect { |service_type|
+            url = self.query_url(xri, service_type)
+            begin
+              response = OpenID.fetch(url)
+            rescue
+              raise XRIHTTPError, ["Could not fetch #{xri}", $!]
+            end
+            raise XRIHTTPError, "Could not fetch #{xri}" if response.nil?
+
+            xrds = Yadis::parseXRDS(response.body)
+            canonicalID = Yadis::get_canonical_id(xri, xrds)
+
+            Yadis::services(xrds) unless xrds.nil?
+          }
+          # TODO:
+          #  * If we do get hits for multiple service_types, we're almost
+          #    certainly going to have duplicated service entries and
+          #    broken priority ordering.
+          services = services.inject([]) { |flatter, some_services|
+            flatter += some_services unless some_services.nil?
+          }
+
+          return canonicalID, services
+        end
+      end
+
+      def self.urlencode(args)
+        a = []
+        args.each do |key, val|
+          a << (CGI::escape(key) + "=" + CGI::escape(val))
+        end
+        a.join("&")
+      end
+
+      def self.append_args(url, args)
+        return url if args.length == 0
+
+        # rstrip question marks
+        rstripped = url.dup
+        while rstripped[-1].chr == '?'
+          rstripped = rstripped[0...rstripped.length-1]
+        end
+
+        if rstripped.index('?')
+          sep = '&'
+        else
+          sep = '?'
+        end
+
+        return url + sep + XRI.urlencode(args)
+      end
+
+    end
+
+  end
+
+end

data/lib/openid.rb

@@ -0,0 +1,20 @@
+# Copyright 2006-2007 JanRain, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you
+# may not use this file except in compliance with the License. You may
+# obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+module OpenID
+  VERSION = "2.1.8"
+end
+
+require "openid/consumer"
+require 'openid/server'