priit-openid_wrapper 0.1.7 → 0.1.8

data/README.rdoc

@@ -52,7 +52,7 @@ Add to config/routes.rb:
   map.login '/login', :controller => 'sessions', :action => 'new'
   map.logout '/logout', :controller => 'sessions', :action => 'destroy'
 
-Add to app/controller/sessions_controller.rb # Look how slim and clean controller :-)
+Add to app/controller/sessions_controller.rb
   def create
     begin_openid # you can change defaults like :return_url => complete_sessions_url etc
                  # take a look lib/openid_wrapper/openid_wrapper.rb def begin_openid

data/lib/openid_wrapper.rb

@@ -0,0 +1 @@
+require File.expand_path(File.dirname(__FILE__) + '/openid_wrapper/openid_wrapper')

data/lib/openid_wrapper/association.rb

@@ -0,0 +1,9 @@
+require 'openid/association'
+
+class Association < ActiveRecord::Base
+  set_table_name 'openid_associations'
+  def from_record
+    OpenID::Association.new(handle, secret, issued, lifetime, assoc_type)
+  end
+end
+

data/lib/openid_wrapper/nonce.rb

@@ -0,0 +1,3 @@
+class Nonce < ActiveRecord::Base
+  set_table_name 'openid_nonces'
+end

data/lib/openid_wrapper/openid_ar_store.rb

@@ -0,0 +1,57 @@
+require File.expand_path(File.dirname(__FILE__) + '/association')
+require File.expand_path(File.dirname(__FILE__) + '/nonce')
+require 'openid/store/interface'
+
+# not in OpenID module to avoid namespace conflict
+class ActiveRecordStore < OpenID::Store::Interface
+  def store_association(server_url, assoc)
+    remove_association(server_url, assoc.handle)    
+    Association.create(:server_url => server_url,
+                       :handle     => assoc.handle,
+                       :secret     => assoc.secret,
+                       :issued     => assoc.issued,
+                       :lifetime   => assoc.lifetime,
+                       :assoc_type => assoc.assoc_type)
+  end
+
+  def get_association(server_url, handle=nil)
+    assocs = if handle.blank?
+        Association.find_all_by_server_url(server_url)
+      else
+        Association.find_all_by_server_url_and_handle(server_url, handle)
+      end
+
+    assocs.reverse.each do |assoc|
+      a = assoc.from_record    
+      if a.expires_in == 0
+        assoc.destroy
+      else
+        return a
+      end
+    end if assocs.any?
+    
+    return nil
+  end
+  
+  def remove_association(server_url, handle)
+    Association.delete_all(['server_url = ? AND handle = ?', server_url, handle]) > 0
+  end
+  
+  def use_nonce(server_url, timestamp, salt)
+    return false if Nonce.find_by_server_url_and_timestamp_and_salt(server_url, timestamp, salt)
+    return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
+    Nonce.create(:server_url => server_url, :timestamp => timestamp, :salt => salt)
+    return true
+  end
+  
+  def cleanup_nonces
+    now = Time.now.to_i
+    Nonce.delete_all(["timestamp > ? OR timestamp < ?", now + OpenID::Nonce.skew, now - OpenID::Nonce.skew])
+  end
+
+  def cleanup_associations
+    now = Time.now.to_i
+    Association.delete_all(['issued + lifetime > ?',now])
+  end
+
+end

data/lib/openid_wrapper/openid_wrapper.rb

@@ -0,0 +1,146 @@
+require 'openid'
+require 'openid/extensions/sreg'
+require 'openid/extensions/pape'
+require File.expand_path(File.dirname(__FILE__) + '/openid_ar_store')
+
+module OpenidWrapper
+  def self.included(base)
+    base.send :helper_method, :openid_params
+  end
+
+protected
+  def begin_openid(options = {}, &check_user)
+    options.assert_valid_keys(
+      :openid_identifier, :return_url, :error_redirect, :realm,
+      :immediate_mode, :required, :optional,
+
+    # You can pass arguments to openid_params, so you can access it from complete_openid with openid_params.
+    # Example: begin_openid :params => {:subdomain => params[:subdomain]} in your create method and
+    # in you can access them at complete method like openid_params[:subdomain] or params[:subdomain].
+      :openid_params, 
+ 
+    # redirect_to is sugar shortcut instead of writing :openid_params => {:redirect_to => params[:redirect_to]}
+    # later you can access it from openid_params[:redirect_to]
+      :redirect_to 
+    )
+ 
+    # trying to be as flexible as possible
+    identifier = options[:openid_identifier]  || params[:openid_identifier] || ''
+    return_url = options[:return_url]         || complete_sessions_url
+    error_redirect = options[:error_redirect] || request.env['HTTP_REFERER'] || '/'
+    realm      = options[:realm]              || current_realm
+    immediate  = options[:immediate_mode]     || params[:immediate_mode] || false
+    
+    begin
+      @openid_request = consumer.begin(identifier.strip)
+    rescue OpenID::OpenIDError => e
+      flash[:error] = "Discovery failed for #{identifier}: #{e}"
+      return redirect_to(error_redirect)
+    end
+    
+    required = options[:required] || params[:required]
+    optional = options[:optional] || params[:optional]
+    sreg_request = simple_registration_request(required, optional)
+    @openid_request.add_extension(sreg_request)
+    
+    if check_user
+      normalized_identifier = @openid_request.endpoint.claimed_id
+      yield normalized_identifier
+    end
+
+    add_to_params(options[:params])
+    add_to_params(:redirect_to => params[:redirect_to]) unless params[:redirect_to].nil?
+
+    redirect_to @openid_request.redirect_url(realm, return_url, immediate)
+  end
+  
+  alias :create_openid :begin_openid
+  
+  def complete_openid
+    # For wrapper DEVS: 
+    # The return_to and its arguments are verified, so you need to pass in
+    # the base URL and the arguments.  With Rails, the params method mashes
+    # together parameters from GET, POST, and the path, so you'll need to pull
+    # off the "path parameters"
+    params_without_paths = params.reject {|key,value| request.path_parameters.include?(key)}
+    
+    # For wrapper DEVS: 
+    # about current_realm from OpenID gem: Extract the URL of the current 
+    # request from your application's web request framework and specify it here
+    # to have it checked against the openid.return_to value in the response.  Do not
+    # just pass <tt>args['openid.return_to']</tt> here; that will defeat the
+    # purpose of this check.  (See OpenID Authentication 2.0 section 11.1.)
+    @openid_response = consumer.complete(params_without_paths, current_realm)
+
+    # Add openid params to params[:openid]
+    params[:openid] = openid_params
+
+    return @openid_response
+  end
+  
+  # For wrapper USERS:
+  # openid_params is just a helper method to filter out openid parameters from params, so
+  # you can directly save them to user model. By the way, you can access all them 
+  # directly from rails params as well.
+  def openid_params
+    return nil if @openid_response.nil?
+
+    simple_registration = OpenID::SReg::Response.from_success_response(@openid_response).data
+    local_params = HashWithIndifferentAccess.new(simple_registration)
+
+    # For wrapper USERS: 
+    # Use openid_params[:openid] for user interface and 
+    # use openid_params[:openid_identifier] for querying your database or 
+    # authorization server or other identifier equality comparisons.
+
+    # DOTO: I have to find out how much is display_identifier used before using it with identifier.
+    # local_params.merge!(:openid => @openid_response.display_identifier)
+    local_params.merge!(:openid_identifier => @openid_response.identity_url)
+    
+    # DOTO: find out other way to access openid_params pool.
+    # Add custom params to openid_params pool.
+    # local_params.merge!(@openid_response.message.get_args(:bare_namespace))
+    
+    return local_params
+  end  
+  
+private
+  def consumer
+    OpenID::Consumer.new(session, ActiveRecordStore.new)
+  end
+
+  def simple_registration_request(required, optional)
+    required ||= []
+    optional ||= []
+
+    valid_attributes = %w[nickname fullname email dob gender postcode country timezone language]
+
+    if optional.size == 0 && required.size == 0
+      optional = valid_attributes
+    else
+      (required + optional).each do |atr|
+        raise "Invalid option: #{atr}. Must be one of: #{valid_attributes.join(', ')}" unless valid_attributes.index(atr)
+      end
+    end
+
+    sreg_request = OpenID::SReg::Request.new
+    sreg_request.request_fields(required, true) if required.size > 0
+    sreg_request.request_fields(optional, false) if optional.size > 0
+    return sreg_request
+  end
+
+  # For Wrapper DEVS:
+  # current_realm will be checked against openid.return_to value. Read more from method complete_openid.
+  def current_realm
+    request.protocol + request.host_with_port + request.relative_url_root + request.path
+  end
+
+  def add_to_params(args)
+    return nil if @openid_request.nil?
+    return nil if args.nil?
+    
+    args.each do |key,value|
+      @openid_request.return_to_args[key.to_s] = value.to_s
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: priit-openid_wrapper
 version: !ruby/object:Gem::Version 
-  version: 0.1.7
+  version: 0.1.8
 platform: ruby
 authors: 
 - Priit Tamboom
@@ -34,6 +34,12 @@ extra_rdoc_files:
 files: 
 - README.rdoc
 - MIT-LICENSE
+- CHANGLOG.rdoc
+- lib/openid_wrapper.rb
+- lib/openid_wrapper/openid_wrapper.rb
+- lib/openid_wrapper/openid_ar_store.rb
+- lib/openid_wrapper/nonce.rb
+- lib/openid_wrapper/association.rb
 - CHANGELOG.rdoc
 has_rdoc: true
 homepage: http://priit.mx.ee/openid_wrapper