rack-openid 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 Joshua Peek
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,24 @@
+= Rack::OpenID
+
+Provides a more HTTPish API around the ruby-openid library.
+
+=== Usage
+
+You trigger an OpenID request similar to HTTP authentication. From your app, return a "401 Unauthorized" and a "WWW-Authenticate" header with the identifier you would like to validate.
+
+On completition, the OpenID response is automatically verified and assigned to env["rack.openid.response"].
+
+  MyApp = lambda { |env|
+    if resp = env["rack.openid.response"]
+      case resp.status
+      when :success
+        ...
+      when :failure
+        ...
+    else
+      [401, {"WWW-Authenticate" => 'OpenID identity="http://example.com/"'}, []]
+    end
+  }
+
+  use Rack::OpenID
+  run MyApp

data/lib/rack/openid.rb

@@ -0,0 +1,195 @@
+require 'rubygems'
+require 'rack'
+
+gem 'ruby-openid', '>=2.1.6'
+require 'openid'
+require 'openid/consumer'
+require 'openid/extensions/sreg'
+require 'openid/store/memory'
+
+module Rack
+  class OpenID
+    def self.build_header(params = {})
+      value = 'OpenID '
+      value += params.map { |k, v|
+        if v.is_a?(Array)
+          "#{k}=\"#{v.join(',')}\""
+        else
+          "#{k}=\"#{v}\""
+        end
+      }.join(', ')
+      value
+    end
+
+    def self.parse_header(str)
+      params = {}
+      if str =~ /^OpenID/
+        str = str.gsub(/^OpenID /, '')
+        str.split(', ').each { |e|
+          k, v = e.split('=')
+          v.gsub!(/^\"/, '').gsub!(/\"$/, "")
+          v = v.split(',')
+          params[k] = v.length > 1 ? v : v.first
+        }
+      end
+      params
+    end
+
+    class TimeoutResponse
+      include ::OpenID::Consumer::Response
+      STATUS = :failure
+    end
+
+    class MissingResponse
+      include ::OpenID::Consumer::Response
+      STATUS = :missing
+    end
+
+    HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS)
+
+    RESPONSE = "rack.openid.response".freeze
+    AUTHENTICATE_HEADER = "WWW-Authenticate".freeze
+
+
+    def initialize(app, store = nil)
+      @app = app
+      @store = store || ::OpenID::Store::Memory.new
+      freeze
+    end
+
+    def call(env)
+      req = Rack::Request.new(env)
+      if env["REQUEST_METHOD"] == "GET" && req.GET["openid.mode"]
+        complete_authentication(env)
+      end
+
+      status, headers, body = @app.call(env)
+
+      if status.to_i == 401 && (qs = headers[AUTHENTICATE_HEADER])
+        begin_authentication(env, qs)
+      else
+        [status, headers, body]
+      end
+    end
+
+    private
+      def begin_authentication(env, qs)
+        req = Rack::Request.new(env)
+        params = self.class.parse_header(qs)
+
+        unless session = env["rack.session"]
+          raise RuntimeError, "Rack::OpenID requires a session"
+        end
+
+        consumer = ::OpenID::Consumer.new(session, @store)
+        identifier = params["identifier"]
+
+        begin
+          oidreq = consumer.begin(identifier)
+          add_simple_registration_fields(oidreq, params)
+          url = open_id_redirect_url(req, oidreq, params["trust_root"], params["return_to"], params["method"])
+          return redirect_to(url)
+        rescue ::OpenID::OpenIDError, Timeout::Error => e
+          env[RESPONSE] = MissingResponse.new
+          return @app.call(env)
+        end
+      end
+
+      def complete_authentication(env)
+        req = Rack::Request.new(env)
+
+        unless session = env["rack.session"]
+          raise RuntimeError, "Rack::OpenID requires a session"
+        end
+
+        oidresp = timeout_protection_from_identity_server {
+          consumer = ::OpenID::Consumer.new(session, @store)
+          consumer.complete(req.params, req.url)
+        }
+
+        env[RESPONSE] = oidresp
+
+        if method = req.GET["_method"]
+          method = method.upcase
+          if HTTP_METHODS.include?(method)
+            env["REQUEST_METHOD"] = method
+          end
+        end
+
+        query_hash = env["rack.request.query_hash"]
+        query_hash.delete("_method")
+        query_hash.delete_if do |key, value|
+          key =~ /^openid\./
+        end
+
+        env["QUERY_STRING"] = env["rack.request.query_string"] =
+          Rack::Utils.build_query(env["rack.request.query_hash"])
+
+        request_uri = env["PATH_INFO"]
+        if env["QUERY_STRING"].any?
+          request_uri << "?" + env["QUERY_STRING"]
+        end
+        env["REQUEST_URI"] = request_uri
+      end
+
+      def realm_url(req)
+        url = req.scheme + "://"
+        url << req.host
+
+        if req.scheme == "https" && req.port != 443 ||
+            req.scheme == "http" && req.port != 80
+          url << ":#{req.port}"
+        end
+
+        url
+      end
+
+      def request_url(req)
+        url = realm_url(req)
+        url << req.script_name
+        url << req.path_info
+        url
+      end
+
+      def redirect_to(url)
+        [303, {"Content-Type" => "text/html", "Location" => url}, []]
+      end
+
+      def open_id_redirect_url(req, oidreq, trust_root = nil, return_to = nil, method = nil)
+        if return_to
+          method ||= "get"
+        else
+          return_to = request_url(req)
+          method ||= req.request_method
+        end
+
+        method = method.to_s.downcase
+        oidreq.return_to_args['_method'] = method unless method == "get"
+        oidreq.redirect_url(trust_root || realm_url(req), return_to || request_url(req))
+      end
+
+      def add_simple_registration_fields(oidreq, fields)
+        sregreq = ::OpenID::SReg::Request.new
+
+        if required = fields["required"]
+          sregreq.request_fields(Array(required), true)
+        end
+
+        if optional = fields["optional"]
+          sregreq.request_fields(Array(optional), false)
+        end
+
+        if policy_url = fields["policy_url"]
+          sregreq.policy_url = policy_url
+        end
+
+        oidreq.add_extension(sregreq)
+      end
+
+      def timeout_protection_from_identity_server
+        yield
+      rescue Timeout::Error
+        TimeoutResponse.new
+      end
+  end
+end

metadata

@@ -0,0 +1,67 @@
+--- !ruby/object:Gem::Specification 
+name: rack-openid
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Joshua Peek
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-05-04 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">"
+      - !ruby/object:Gem::Version 
+        version: 1.0.0
+    version: 
+description: Provides a more HTTPish API around the ruby-openid library
+email: josh@joshpeek.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+- MIT-LICENSE
+files: 
+- lib/rack/openid.rb
+- README.rdoc
+- MIT-LICENSE
+has_rdoc: true
+homepage: http://github.com/josh/rack-openid
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: rack-openid
+rubygems_version: 1.3.2
+signing_key: 
+specification_version: 3
+summary: Provides a more HTTPish API around the ruby-openid library
+test_files: []
+