rack-webmoney 0.0.2

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/README.rdoc

@@ -0,0 +1,81 @@
+= Rack::Webmoney
+
+=== Usage
+
+You trigger an Webmoney request similar to HTTP authentication. From your app,
+return a "401 Unauthorized" and a "WWW-Authenticate" header with the identifier you would like to validate.
+
+On competition, the Webmoney response is automatically verified and assigned to
+<tt>env["rack.webmoney.response"]</tt>.
+
+=== Rails 3 Example
+
+application.rb
+
+  ...
+  config.middleware.insert_before(Warden::Manager, Rack::Webmoney,
+    :credentials => {:site_rid => 'your_site_rid', :site_holder_wmid => 'your_site_holder_wmid'},
+    :mode => Rails.env)
+  ...
+
+=== Rack Example
+
+  MyApp = lambda { |env|
+    if resp = env["rack.webmoney.response"]
+      case resp.status
+      when :successful
+        ...
+      else
+        ...
+    else
+      [401, {"WWW-Authenticate" => 'Webmoney"}, []]
+    end
+  }
+
+  use Rack::Webmoney, :credentials => {:site_rid => 'your_site_rid', :site_holder_wmid => 'your_site_holder_wmid'}, :mode => "development_OR_test_FOR_TESTING"
+  run MyApp
+
+=== Sinatra Example
+
+  # Session needs to be before Rack::OpenID
+  use Rack::Session::Cookie
+
+  require 'rack/webmoney'
+  use Rack::Webmoney, :credentials => {:site_rid => 'your_site_rid', :site_holder_wmid => 'your_site_holder_wmid'}, :mode => "development_OR_test_FOR_TESTING"
+
+  get '/login' do
+    erb :login
+  end
+
+  post '/login' do
+    if resp = request.env["rack.webmoney.response"]
+      if resp.status == :successful
+        "Welcome: #{resp.display_identifier}"
+      else
+        "#{resp.status}: #{resp.message}"
+      end
+    else
+      headers 'WWW-Authenticate' => Rack::Webmoney.build_header({})
+      throw :halt, [401, 'got webmoney?']
+    end
+  end
+
+  use_in_file_templates!
+
+  __END__
+
+  @@ login
+  <form action="/login" method="post">
+    <p>
+      <input style="display:none;" name="auth_provider" type="text" value="webmoney"/>
+    </p>
+
+    <p>
+      <input name="commit" type="submit" value="Sign in" />
+    </p>
+  </form>
+
+
+== Thank for inspiration goes to:
+
+rack-openid[http://github.com/josh/rack-openid.git]

data/Rakefile

@@ -0,0 +1,54 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "rack-webmoney"
+    gem.summary = 'Rack Webmoney authentication'
+    gem.description = %q{Rack webmoney authentication}
+    gem.email = ['eagle.anton@gmail.com', 'eagle.alex@gmail.com']
+    gem.homepage = "http://github.com/SkyEagle/rack-webmoney"
+    gem.authors = ['Anton Orel', 'Alexander Orel']
+    gem.add_dependency(%q<rack>, ">= 1.2.1")
+    gem.add_dependency(%q<savon>, ">= 0.7.9")
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :test => :check_dependencies
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "rack-webmoney #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.2

data/lib/rack/webmoney.rb

@@ -0,0 +1,253 @@
+#encoding: utf-8
+require 'rack/request'
+require 'rack/utils'
+
+require "savon"
+
+module Rack #:nodoc:
+  # A Rack middleware that provides a more HTTPish API around Webmoney authentication
+  #
+  # You trigger an Webmoney request similar to HTTP authentication.
+  # From your app, return a "401 Unauthorized" and a "WWW-Authenticate"
+  # header with the identifier you would like to validate.
+  #
+  # On competition, the Webmoney response is automatically verified and
+  # assigned to <tt>env["rack.webmoney.response"]</tt>.
+  class Webmoney
+    class Response
+      ERROR_MESSAGES = {
+        # -2 raised network error
+        :server_not_available => "Sorry, the Webmoney Login server is not available",
+        # -1
+        :internal_error       => "Webmoney Login server internal error",
+        # 1
+        :invalid_arguments    => "Invalid arguments",
+        # 2
+        :ticket_invalid       => "Sorry, invalid authorization ticket",
+        # 3
+        :ticket_expired       => "Sorry, authorization ticket expired",
+        # 4
+        :user_not_found       => "Sorry, user not found",
+        # 5
+        :holder_not_found     => "The holder of a site not found",
+        # 6
+        :website_not_found    => "Website Not Found",
+        # 7
+        :url_not_found        => "This url is not found, or does not belong to the site",
+        # 8
+        :settings_not_found   => "Security Settings for the site could not be found",
+        # 9
+        :invalid_password     => "Access service is not authorized. Invalid password.",
+        # 10
+        :not_trusted          => "Attempting to gain access to the site, which does not accept you as a trustee",
+        # 11
+        :pwd_access_blocked   => "Password access to the service blocked",
+        # 12
+        :user_blocked         => "The user is temporarily blocked. Probably made the selection Ticket",
+        # 201
+        :ip_differs           => "Ip address in the request differs from the address, which was an authorized user"
+      }
+
+      def initialize(code, info)
+        @code = code
+        @info = info
+      end
+
+      def status
+        @code
+      end
+
+      def successful?
+        @code == :successful
+      end
+
+      def unsuccessful?
+        ERROR_MESSAGES.keys.include?(@code)
+      end
+
+      def message
+        ERROR_MESSAGES[@code]
+      end
+
+      def wmid
+        @info[:wmid]
+      end
+    end
+
+    #SOAP driver setup
+    #@@driver = SOAP::WSDLDriverFactory.new('https://login.wmtransfer.com/ws/Security.asmx?WSDL').create_rpc_driver
+    #@@driver.options['protocol.http.ssl_config.verify_mode'] = OpenSSL::SSL::VERIFY_PEER
+
+    #
+    # Helper method for building the "WWW-Authenticate" header value.
+    #
+    #   Rack::Webmoney.build_header(:site_rid => "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
+    #     #=> Webmoney site_rid="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+    def self.build_header(params = {})
+      'Webmoney ' + params.map { |key, value|
+        if value.is_a?(Array)
+          "#{key}=\"#{value.join(',')}\""
+        else
+          "#{key}=\"#{value}\""
+        end
+      }.join(', ')
+    end
+
+    # Helper method for parsing "WWW-Authenticate" header values into
+    # a hash.
+    #
+    #   Rack::Webmoney.parse_header("Webmoney site_rid="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
+    #     #=> {:site_rid => "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"}
+    def self.parse_header(str)
+      params = {}
+      if str =~ AUTHENTICATE_REGEXP
+        str = str.gsub(/#{AUTHENTICATE_REGEXP}\s+/, '')
+        str.split(', ').each { |pair|
+          key, *value = pair.split('=')
+          value = value.join('=')
+          value.gsub!(/^\"/, '').gsub!(/\"$/, "")
+          value = value.split(',')
+          params[key] = value.length > 1 ? value : value.first
+        }
+      end
+      params
+    end
+
+    #class TimeoutResponse #:nodoc:
+      #include ::OpenID::Consumer::Response
+      #STATUS = :failure
+    #end
+
+    #class MissingResponse #:nodoc:
+      #include ::OpenID::Consumer::Response
+      #STATUS = :missing
+    #end
+
+    # :stopdoc:
+
+    HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS)
+
+    RESPONSE = "rack.webmoney.response"
+    AUTHENTICATE_HEADER = "WWW-Authenticate"
+    AUTHENTICATE_REGEXP = /^Webmoney/
+
+    URL_FIELD_SELECTOR = lambda { |field| field.to_s =~ %r{^https://} }
+
+    attr_reader :credentials, :mode
+
+    # :startdoc:
+
+    # Initialize middleware with application
+    #
+    #   use Rack::Webmoney, :credentials => {:site_holder_wmid => 'your_site_holder_wmid', :site_rid => 'your_site_rid'}, :mode => Rails.env
+    #
+    def initialize(app, opts ={})
+      @app = app
+      @credentials = opts[:credentials]
+      @mode = opts[:mode]
+    end
+
+    # Standard Rack +call+ dispatch that accepts an +env+ and
+    # returns a <tt>[status, header, body]</tt> response.
+    def call(env)
+      req = Rack::Request.new(env)
+      if req.params["WmLogin_WMID"]
+        complete_authentication(env)
+      end
+
+      status, headers, body = @app.call(env)
+
+      qs = headers[AUTHENTICATE_HEADER]
+      if status.to_i == 401 && qs && qs.match(AUTHENTICATE_REGEXP)
+        begin_authentication(env, qs)
+      else
+        [status, headers, body]
+      end
+    end
+
+    private
+      def begin_authentication(env, qs)
+        req = Rack::Request.new(env)
+        params = self.class.parse_header(qs)
+        session = env["rack.session"]
+
+        raise RuntimeError, "Rack::Webmoney requires a session" unless session
+
+        redirect_to "https://login.wmtransfer.com/GateKeeper.aspx?RID=#{credentials[:site_rid]}"
+      end
+
+      def complete_authentication(env)
+        req = Rack::Request.new(env)
+        session = env["rack.session"]
+
+        unless session
+          raise RuntimeError, "Rack::Webmoney requires a session"
+        end
+
+        wminfo =
+          { :ticket      => req.params["WmLogin_Ticket"],
+            :url_id      => req.params["WmLogin_UrlID"],
+            :expires     => req.params["WmLogin_Expires"],
+            :auth_type   => req.params["WmLogin_AuthType"],
+            :last_access => req.params["WmLogin_LastAccess"],
+            :created     => req.params["WmLogin_Created"],
+            :wmid        => req.params["WmLogin_WMID"],
+            :user_ip     => req.params["WmLogin_UserAddress"] }
+
+        # work around for local development
+        ip_to_check = %w(development test).include?(mode) ? wminfo[:user_ip] : req.ip
+
+        check_req_params = {
+          :SiteHolderWMID => credentials[:site_holder_wmid],
+          :wmId           => wminfo[:wmid],
+          :ticket         => wminfo[:ticket],
+          :urlId          => wminfo[:url_id],
+          :authType       => wminfo[:auth_type],
+          :userAddress    => ip_to_check
+        }
+
+        begin
+          soap_client = Savon::Client.new "https://login.wmtransfer.com"
+          response = soap_client.authorize! do |soap| # (!) disable WSDL
+            soap.namespace = "https://login.wmtransfer.com/ws/Security.asmx?WSDL"
+            soap.body = check_req_params
+          end.to_hash['authorizeResult'].to_i
+        rescue Exception => msg
+          response = -2
+        end
+
+        status = case response
+        when 0   then :successful
+        when -2  then :server_not_available
+        when -1  then :internal_error
+        when 1   then :invalid_arguments
+        when 2   then :ticket_invalid
+        when 3   then :ticket_expired
+        when 4   then :user_not_found
+        when 5   then :holder_not_found
+        when 6   then :website_not_found
+        when 7   then :url_not_found
+        when 8   then :settings_not_found
+        when 9   then :invalid_password
+        when 10  then :not_trusted
+        when 11  then :pwd_access_blocked
+        when 12  then :user_blocked
+        when 201 then :ip_differs
+        else
+          "Unknown response code(#{response})"
+        end
+
+        env[RESPONSE] = Response.new(status, wminfo)
+
+        req.params['authenticity_token'] = session['_csrf_token']
+      end
+
+      def redirect_to(url)
+        [303, {"Content-Type" => "text/html", "Location" => url}, []]
+      end
+
+      def logger
+        @logger ||= Rails.logger if defined?(Rails)
+      end
+  end
+end

data/rack-webmoney.gemspec

@@ -0,0 +1,49 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{rack-webmoney}
+  s.version = "0.0.2"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Anton Orel", "Alexander Orel"]
+  s.date = %q{2010-09-01}
+  s.description = %q{Rack webmoney authentication}
+  s.email = ["eagle.anton@gmail.com", "eagle.alex@gmail.com"]
+  s.extra_rdoc_files = [
+    "README.rdoc"
+  ]
+  s.files = [
+    ".gitignore",
+     "Gemfile",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "lib/rack/webmoney.rb",
+     "rack-webmoney.gemspec"
+  ]
+  s.homepage = %q{http://github.com/SkyEagle/rack-webmoney}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Rack Webmoney authentication}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rack>, [">= 1.2.1"])
+      s.add_runtime_dependency(%q<savon>, [">= 0.7.9"])
+    else
+      s.add_dependency(%q<rack>, [">= 1.2.1"])
+      s.add_dependency(%q<savon>, [">= 0.7.9"])
+    end
+  else
+    s.add_dependency(%q<rack>, [">= 1.2.1"])
+    s.add_dependency(%q<savon>, [">= 0.7.9"])
+  end
+end
+

metadata

@@ -0,0 +1,102 @@
+--- !ruby/object:Gem::Specification 
+name: rack-webmoney
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 2
+  version: 0.0.2
+platform: ruby
+authors: 
+- Anton Orel
+- Alexander Orel
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-09-01 00:00:00 +04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rack
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 2
+        - 1
+        version: 1.2.1
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: savon
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        - 7
+        - 9
+        version: 0.7.9
+  type: :runtime
+  version_requirements: *id002
+description: Rack webmoney authentication
+email: 
+- eagle.anton@gmail.com
+- eagle.alex@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+files: 
+- .gitignore
+- Gemfile
+- README.rdoc
+- Rakefile
+- VERSION
+- lib/rack/webmoney.rb
+- rack-webmoney.gemspec
+has_rdoc: true
+homepage: http://github.com/SkyEagle/rack-webmoney
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Rack Webmoney authentication
+test_files: []
+