priit-openid_wrapper 0.1.7 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +1 -1
- data/lib/openid_wrapper.rb +1 -0
- data/lib/openid_wrapper/association.rb +9 -0
- data/lib/openid_wrapper/nonce.rb +3 -0
- data/lib/openid_wrapper/openid_ar_store.rb +57 -0
- data/lib/openid_wrapper/openid_wrapper.rb +146 -0
- metadata +7 -1
data/README.rdoc
CHANGED
@@ -52,7 +52,7 @@ Add to config/routes.rb:
|
|
52
52
|
map.login '/login', :controller => 'sessions', :action => 'new'
|
53
53
|
map.logout '/logout', :controller => 'sessions', :action => 'destroy'
|
54
54
|
|
55
|
-
Add to app/controller/sessions_controller.rb
|
55
|
+
Add to app/controller/sessions_controller.rb
|
56
56
|
def create
|
57
57
|
begin_openid # you can change defaults like :return_url => complete_sessions_url etc
|
58
58
|
# take a look lib/openid_wrapper/openid_wrapper.rb def begin_openid
|
@@ -0,0 +1 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/openid_wrapper/openid_wrapper')
|
@@ -0,0 +1,57 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/association')
|
2
|
+
require File.expand_path(File.dirname(__FILE__) + '/nonce')
|
3
|
+
require 'openid/store/interface'
|
4
|
+
|
5
|
+
# not in OpenID module to avoid namespace conflict
|
6
|
+
class ActiveRecordStore < OpenID::Store::Interface
|
7
|
+
def store_association(server_url, assoc)
|
8
|
+
remove_association(server_url, assoc.handle)
|
9
|
+
Association.create(:server_url => server_url,
|
10
|
+
:handle => assoc.handle,
|
11
|
+
:secret => assoc.secret,
|
12
|
+
:issued => assoc.issued,
|
13
|
+
:lifetime => assoc.lifetime,
|
14
|
+
:assoc_type => assoc.assoc_type)
|
15
|
+
end
|
16
|
+
|
17
|
+
def get_association(server_url, handle=nil)
|
18
|
+
assocs = if handle.blank?
|
19
|
+
Association.find_all_by_server_url(server_url)
|
20
|
+
else
|
21
|
+
Association.find_all_by_server_url_and_handle(server_url, handle)
|
22
|
+
end
|
23
|
+
|
24
|
+
assocs.reverse.each do |assoc|
|
25
|
+
a = assoc.from_record
|
26
|
+
if a.expires_in == 0
|
27
|
+
assoc.destroy
|
28
|
+
else
|
29
|
+
return a
|
30
|
+
end
|
31
|
+
end if assocs.any?
|
32
|
+
|
33
|
+
return nil
|
34
|
+
end
|
35
|
+
|
36
|
+
def remove_association(server_url, handle)
|
37
|
+
Association.delete_all(['server_url = ? AND handle = ?', server_url, handle]) > 0
|
38
|
+
end
|
39
|
+
|
40
|
+
def use_nonce(server_url, timestamp, salt)
|
41
|
+
return false if Nonce.find_by_server_url_and_timestamp_and_salt(server_url, timestamp, salt)
|
42
|
+
return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
|
43
|
+
Nonce.create(:server_url => server_url, :timestamp => timestamp, :salt => salt)
|
44
|
+
return true
|
45
|
+
end
|
46
|
+
|
47
|
+
def cleanup_nonces
|
48
|
+
now = Time.now.to_i
|
49
|
+
Nonce.delete_all(["timestamp > ? OR timestamp < ?", now + OpenID::Nonce.skew, now - OpenID::Nonce.skew])
|
50
|
+
end
|
51
|
+
|
52
|
+
def cleanup_associations
|
53
|
+
now = Time.now.to_i
|
54
|
+
Association.delete_all(['issued + lifetime > ?',now])
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
@@ -0,0 +1,146 @@
|
|
1
|
+
require 'openid'
|
2
|
+
require 'openid/extensions/sreg'
|
3
|
+
require 'openid/extensions/pape'
|
4
|
+
require File.expand_path(File.dirname(__FILE__) + '/openid_ar_store')
|
5
|
+
|
6
|
+
module OpenidWrapper
|
7
|
+
def self.included(base)
|
8
|
+
base.send :helper_method, :openid_params
|
9
|
+
end
|
10
|
+
|
11
|
+
protected
|
12
|
+
def begin_openid(options = {}, &check_user)
|
13
|
+
options.assert_valid_keys(
|
14
|
+
:openid_identifier, :return_url, :error_redirect, :realm,
|
15
|
+
:immediate_mode, :required, :optional,
|
16
|
+
|
17
|
+
# You can pass arguments to openid_params, so you can access it from complete_openid with openid_params.
|
18
|
+
# Example: begin_openid :params => {:subdomain => params[:subdomain]} in your create method and
|
19
|
+
# in you can access them at complete method like openid_params[:subdomain] or params[:subdomain].
|
20
|
+
:openid_params,
|
21
|
+
|
22
|
+
# redirect_to is sugar shortcut instead of writing :openid_params => {:redirect_to => params[:redirect_to]}
|
23
|
+
# later you can access it from openid_params[:redirect_to]
|
24
|
+
:redirect_to
|
25
|
+
)
|
26
|
+
|
27
|
+
# trying to be as flexible as possible
|
28
|
+
identifier = options[:openid_identifier] || params[:openid_identifier] || ''
|
29
|
+
return_url = options[:return_url] || complete_sessions_url
|
30
|
+
error_redirect = options[:error_redirect] || request.env['HTTP_REFERER'] || '/'
|
31
|
+
realm = options[:realm] || current_realm
|
32
|
+
immediate = options[:immediate_mode] || params[:immediate_mode] || false
|
33
|
+
|
34
|
+
begin
|
35
|
+
@openid_request = consumer.begin(identifier.strip)
|
36
|
+
rescue OpenID::OpenIDError => e
|
37
|
+
flash[:error] = "Discovery failed for #{identifier}: #{e}"
|
38
|
+
return redirect_to(error_redirect)
|
39
|
+
end
|
40
|
+
|
41
|
+
required = options[:required] || params[:required]
|
42
|
+
optional = options[:optional] || params[:optional]
|
43
|
+
sreg_request = simple_registration_request(required, optional)
|
44
|
+
@openid_request.add_extension(sreg_request)
|
45
|
+
|
46
|
+
if check_user
|
47
|
+
normalized_identifier = @openid_request.endpoint.claimed_id
|
48
|
+
yield normalized_identifier
|
49
|
+
end
|
50
|
+
|
51
|
+
add_to_params(options[:params])
|
52
|
+
add_to_params(:redirect_to => params[:redirect_to]) unless params[:redirect_to].nil?
|
53
|
+
|
54
|
+
redirect_to @openid_request.redirect_url(realm, return_url, immediate)
|
55
|
+
end
|
56
|
+
|
57
|
+
alias :create_openid :begin_openid
|
58
|
+
|
59
|
+
def complete_openid
|
60
|
+
# For wrapper DEVS:
|
61
|
+
# The return_to and its arguments are verified, so you need to pass in
|
62
|
+
# the base URL and the arguments. With Rails, the params method mashes
|
63
|
+
# together parameters from GET, POST, and the path, so you'll need to pull
|
64
|
+
# off the "path parameters"
|
65
|
+
params_without_paths = params.reject {|key,value| request.path_parameters.include?(key)}
|
66
|
+
|
67
|
+
# For wrapper DEVS:
|
68
|
+
# about current_realm from OpenID gem: Extract the URL of the current
|
69
|
+
# request from your application's web request framework and specify it here
|
70
|
+
# to have it checked against the openid.return_to value in the response. Do not
|
71
|
+
# just pass <tt>args['openid.return_to']</tt> here; that will defeat the
|
72
|
+
# purpose of this check. (See OpenID Authentication 2.0 section 11.1.)
|
73
|
+
@openid_response = consumer.complete(params_without_paths, current_realm)
|
74
|
+
|
75
|
+
# Add openid params to params[:openid]
|
76
|
+
params[:openid] = openid_params
|
77
|
+
|
78
|
+
return @openid_response
|
79
|
+
end
|
80
|
+
|
81
|
+
# For wrapper USERS:
|
82
|
+
# openid_params is just a helper method to filter out openid parameters from params, so
|
83
|
+
# you can directly save them to user model. By the way, you can access all them
|
84
|
+
# directly from rails params as well.
|
85
|
+
def openid_params
|
86
|
+
return nil if @openid_response.nil?
|
87
|
+
|
88
|
+
simple_registration = OpenID::SReg::Response.from_success_response(@openid_response).data
|
89
|
+
local_params = HashWithIndifferentAccess.new(simple_registration)
|
90
|
+
|
91
|
+
# For wrapper USERS:
|
92
|
+
# Use openid_params[:openid] for user interface and
|
93
|
+
# use openid_params[:openid_identifier] for querying your database or
|
94
|
+
# authorization server or other identifier equality comparisons.
|
95
|
+
|
96
|
+
# DOTO: I have to find out how much is display_identifier used before using it with identifier.
|
97
|
+
# local_params.merge!(:openid => @openid_response.display_identifier)
|
98
|
+
local_params.merge!(:openid_identifier => @openid_response.identity_url)
|
99
|
+
|
100
|
+
# DOTO: find out other way to access openid_params pool.
|
101
|
+
# Add custom params to openid_params pool.
|
102
|
+
# local_params.merge!(@openid_response.message.get_args(:bare_namespace))
|
103
|
+
|
104
|
+
return local_params
|
105
|
+
end
|
106
|
+
|
107
|
+
private
|
108
|
+
def consumer
|
109
|
+
OpenID::Consumer.new(session, ActiveRecordStore.new)
|
110
|
+
end
|
111
|
+
|
112
|
+
def simple_registration_request(required, optional)
|
113
|
+
required ||= []
|
114
|
+
optional ||= []
|
115
|
+
|
116
|
+
valid_attributes = %w[nickname fullname email dob gender postcode country timezone language]
|
117
|
+
|
118
|
+
if optional.size == 0 && required.size == 0
|
119
|
+
optional = valid_attributes
|
120
|
+
else
|
121
|
+
(required + optional).each do |atr|
|
122
|
+
raise "Invalid option: #{atr}. Must be one of: #{valid_attributes.join(', ')}" unless valid_attributes.index(atr)
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
sreg_request = OpenID::SReg::Request.new
|
127
|
+
sreg_request.request_fields(required, true) if required.size > 0
|
128
|
+
sreg_request.request_fields(optional, false) if optional.size > 0
|
129
|
+
return sreg_request
|
130
|
+
end
|
131
|
+
|
132
|
+
# For Wrapper DEVS:
|
133
|
+
# current_realm will be checked against openid.return_to value. Read more from method complete_openid.
|
134
|
+
def current_realm
|
135
|
+
request.protocol + request.host_with_port + request.relative_url_root + request.path
|
136
|
+
end
|
137
|
+
|
138
|
+
def add_to_params(args)
|
139
|
+
return nil if @openid_request.nil?
|
140
|
+
return nil if args.nil?
|
141
|
+
|
142
|
+
args.each do |key,value|
|
143
|
+
@openid_request.return_to_args[key.to_s] = value.to_s
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: priit-openid_wrapper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Priit Tamboom
|
@@ -34,6 +34,12 @@ extra_rdoc_files:
|
|
34
34
|
files:
|
35
35
|
- README.rdoc
|
36
36
|
- MIT-LICENSE
|
37
|
+
- CHANGLOG.rdoc
|
38
|
+
- lib/openid_wrapper.rb
|
39
|
+
- lib/openid_wrapper/openid_wrapper.rb
|
40
|
+
- lib/openid_wrapper/openid_ar_store.rb
|
41
|
+
- lib/openid_wrapper/nonce.rb
|
42
|
+
- lib/openid_wrapper/association.rb
|
37
43
|
- CHANGELOG.rdoc
|
38
44
|
has_rdoc: true
|
39
45
|
homepage: http://priit.mx.ee/openid_wrapper
|