rango 0.0.6 → 0.1.pre

data/stubs/project/content/spec/spec_helper.rb

@@ -1,26 +1,15 @@
-# encoding: utf-8
+require_relative "../init"
 
-# NOTE: we don't have to require spec, webrat,
-# rack/test or whatever, it's bundler job to do it
+require "spec"
+require "webrat"
+require "rack/test"
+require "rango/testing"
 
-# load test environment include dependencies
-RANGO_ENV = "test"
-require_relative "../init.rb"
+Rango::Testing.load_rackup
 
-# load config.ru
-Rango::Utils.load_rackup
-
-# webrat
-Webrat.configure do |config|
-  config.mode = :rack
-end
-
-# rspec
 Spec::Runner.configure do |config|
   config.include Rack::Test::Methods
-  config.include Webrat::Matchers
 
-  # for rack-test
   def app
     Project.router
   end

data/stubs/project/content/templates/base.html.haml.rbt

@@ -1,16 +1,29 @@
 !!! 1.0 Strict
 %html{html_attrs("en")}
   %head
-    %title= block(:title)
+    %title= block("title")
     %meta{"http-equiv" => "content-type", content: "text/html; charset=utf-8"}
     %meta{"http-equiv" => "content-language", content: "en-us"}
-    %meta{name: "description", content: block(:description, "")}
-    %meta{name: "keywords", content: block(:keywords, "")}
-    %meta{name: "author", content: "<%= ENV["USER"] %>"}
-    = javascripts *block(:javascripts, Array.new)
-    = stylesheets *block(:stylesheets, Array.new)
-    = block(:head)
+    %meta{name: "description", content: block("description", "")}
+    %meta{name: "keywords", content: block("keywords", "")}
+    %meta{name: "author", content: "AUTHOR"}
+    / = pupu :blueprint, plugins: ["fancy-type"]
+    / = pupu :flash
+    / = pupu :autocompleter, type: "request"
+    / = pupu :mootools#, more: true
+    = javascripts *block("javascripts", Array.new)
+    = stylesheets *block("stylesheets", Array.new)
+    = block "head"
   %body
     .container
-      %h1!= block(:title)
-      != block(:content)
+      %h1 Title
+      %h2.alt subtitle
+      %hr
+      %div.span-16
+        %div.span-14.last= block "content"
+        %h3 Menu
+        %ul
+          %li= link_to "Why Rango?", "/why-rango"
+      %div.span-8
+      %hr
+        == &copy; #{copyright(2009)} AUTHOR, created by <a href="http://101ideas.cz">101Ideas.cz</a>, graphics by <a href="http://josefrichter.com">JosefRichter.com</a>.

data/stubs/project/postprocess.rb

@@ -8,15 +8,9 @@ require "simple-templater/hooks/postprocess/git_repository"
 
 if RubyExts::Platform.unix?
 	sh "chmod +x init.rb"
-  sh "chmod +x config.ru"
+	sh "chmod +x config.ru"
 end
 
 hook do |generator, context|
   generator.after(Hooks::GitRepository)
-  # TODO: this is probably not the best way how to do it
-  args = Array.new
-  args.push("--orm=#{context[:orm]}") if context[:orm]
-  args.push("--models=#{context[:models].join(",")}") unless context[:models].empty?
-  args.push("--controllers=#{context[:controllers].join(",")}") unless context[:controllers].empty?
-  sh "rango create app #{context[:name]} #{args.join(" ")}"
 end

data/stubs/project/setup.rb

@@ -4,12 +4,9 @@
 # You can update context hash and register hooks. Don't forget to use merge! instead of merge, because you are
 # manipulating with one object, rather than returning new one.
 
-# rango create app blog --models=post,tag --controllers=posts,tags --router=usher|rack-router|rack-mount --template-engine=erubis
+# rango create app blog --models=post,tag --controllers=posts,tags
 hook do |generator, context|
   models  = context[:models] || Array.new
   controllers = context[:controllers] || Array.new
   context.merge!(models: models, controllers: controllers)
-  context[:orm] = "datamapper" unless context[:orm]
-  context[:router] = "usher" unless context[:router]
-  context[:template_engine] = "haml" unless context[:template_engine]
 end

data/vendor/cli/Rakefile

@@ -32,21 +32,6 @@ task :gem do
   sh "gem build cli.gemspec"
 end
 
-namespace :gem do
-  task :prerelease do
-    require_relative "lib/cli"
-    gemspec = Dir["*.gemspec"].first
-    content = File.read(gemspec)
-    prename = "#{gemspec.split(".").first}.pre.gemspec"
-    version = CLI::VERSION.sub(/^(\d+)\.(\d+)\.\d+$/) { "#$1.#{$1.to_i + 1}" }
-    File.open(prename, "w") do |file|
-      file.puts(content.gsub(/(\w+::VERSION)/, "'#{version}.pre'"))
-    end
-    sh "gem build #{prename}"
-    rm prename
-  end
-end
-
 desc "Release new version of cli"
 task release: ["release:tag", "release:gemcutter"]
 
@@ -61,13 +46,10 @@ namespace :release do
   end
 
   desc "Push gem to Gemcutter"
-  task :gemcutter do
+  task :gemcutter => :gem do
     puts "Pushing to Gemcutter ..."
     sh "gem push #{Dir["*.gem"].last}"
   end
-
-  desc "Create and push prerelease gem"
-  task :pre => ["gem:prerelease", :gemcutter]
 end
 
 desc "Run specs"

data/vendor/media-path/Rakefile

@@ -32,21 +32,6 @@ task :gem do
   sh "gem build media-path.gemspec"
 end
 
-namespace :gem do
-  task :prerelease do
-    require_relative "lib/media-path"
-    gemspec = Dir["*.gemspec"].first
-    content = File.read(gemspec)
-    prename = "#{gemspec.split(".").first}.pre.gemspec"
-    version = MediaPath::VERSION.sub(/^(\d+)\.(\d+)\.\d+$/) { "#$1.#{$1.to_i + 1}" }
-    File.open(prename, "w") do |file|
-      file.puts(content.gsub(/(\w+::VERSION)/, "'#{version}.pre'"))
-    end
-    sh "gem build #{prename}"
-    rm prename
-  end
-end
-
 desc "Release new version of media-path"
 task release: ["release:tag", "release:gemcutter"]
 
@@ -61,13 +46,10 @@ namespace :release do
   end
 
   desc "Push gem to Gemcutter"
-  task :gemcutter do
+  task :gemcutter => :gem do
     puts "Pushing to Gemcutter ..."
     sh "gem push #{Dir["*.gem"].last}"
   end
-
-  desc "Create and push prerelease gem"
-  task :pre => ["gem:prerelease", :gemcutter]
 end
 
 desc "Run specs"

data/vendor/rack/Rakefile

@@ -86,7 +86,7 @@ end
 
 desc "Run all the fast tests"
 task :test do
-  sh "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS'] || '-t "^(?!Rack::Handler|Rack::Adapter|Rack::Session::Memcache)"'}"
+  sh "specrb -Ilib:test -w #{ENV['TEST'] || '-a'} #{ENV['TESTOPTS'] || '-t "^(?!Rack::Handler|Rack::Adapter|Rack::Session::Memcache|Rack::Auth::OpenID)"'}"
 end
 
 desc "Run all the tests"
@@ -135,6 +135,7 @@ Also see http://rack.rubyforge.org.
       s.add_development_dependency 'fcgi'
       s.add_development_dependency 'memcache-client'
       s.add_development_dependency 'mongrel'
+      s.add_development_dependency 'ruby-openid', '~> 2.0.0'
       s.add_development_dependency 'thin'
     end
 

data/vendor/rack/lib/rack.rb

@@ -59,6 +59,7 @@ module Rack
     autoload :Basic, "rack/auth/basic"
     autoload :AbstractRequest, "rack/auth/abstract/request"
     autoload :AbstractHandler, "rack/auth/abstract/handler"
+    autoload :OpenID, "rack/auth/openid"
     module Digest
       autoload :MD5, "rack/auth/digest/md5"
       autoload :Nonce, "rack/auth/digest/nonce"

data/vendor/rack/lib/rack/auth/openid.rb

@@ -0,0 +1,487 @@
+# AUTHOR: Scytrin dai Kinthra <scytrin@gmail.com>; blink#ruby-lang@irc.freenode.net
+
+gem 'ruby-openid', '~> 2' if defined? Gem
+require 'rack/request'
+require 'rack/utils'
+require 'rack/auth/abstract/handler'
+
+require 'uri'
+require 'openid'
+require 'openid/extension'
+require 'openid/store/memory'
+
+module Rack
+  class Request
+    def openid_request
+      @env['rack.auth.openid.request']
+    end
+
+    def openid_response
+      @env['rack.auth.openid.response']
+    end
+  end
+
+  module Auth
+
+    # Rack::Auth::OpenID provides a simple method for setting up an OpenID
+    # Consumer. It requires the ruby-openid library from janrain to operate,
+    # as well as a rack method of session management.
+    #
+    # The ruby-openid home page is at http://openidenabled.com/ruby-openid/.
+    #
+    # The OpenID specifications can be found at
+    # http://openid.net/specs/openid-authentication-1_1.html
+    # and
+    # http://openid.net/specs/openid-authentication-2_0.html. Documentation
+    # for published OpenID extensions and related topics can be found at
+    # http://openid.net/developers/specs/.
+    #
+    # It is recommended to read through the OpenID spec, as well as
+    # ruby-openid's documentation, to understand what exactly goes on. However
+    # a setup as simple as the presented examples is enough to provide
+    # Consumer functionality.
+    #
+    # This library strongly intends to utilize the OpenID 2.0 features of the
+    # ruby-openid library, which provides OpenID 1.0 compatiblity.
+    #
+    # NOTE: Due to the amount of data that this library stores in the
+    # session, Rack::Session::Cookie may fault.
+    #
+    # == Examples
+    #
+    #   simple_oid = OpenID.new('http://mysite.com/')
+    #
+    #   return_oid = OpenID.new('http://mysite.com/', {
+    #     :return_to => 'http://mysite.com/openid'
+    #   })
+    #
+    #   complex_oid = OpenID.new('http://mysite.com/',
+    #     :immediate => true,
+    #     :extensions => {
+    #       ::OpenID::SReg => [['email'],['nickname']]
+    #     }
+    #   )
+    #
+    # = Advanced
+    #
+    # Most of the functionality of this library is encapsulated such that
+    # expansion and overriding functions isn't difficult nor tricky.
+    # Alternately, to avoid opening up singleton objects or subclassing, a
+    # wrapper rack middleware can be composed to act upon Auth::OpenID's
+    # responses. See #check and #finish for locations of pertinent data.
+    #
+    # == Responses
+    #
+    # To change the responses that Auth::OpenID returns, override the methods
+    # #redirect, #bad_request, #unauthorized, #access_denied, and
+    # #foreign_server_failure.
+    #
+    # Additionally #confirm_post_params is used when the URI would exceed
+    # length limits on a GET request when doing the initial verification
+    # request.
+    #
+    # == Processing
+    #
+    # To change methods of processing completed transactions, override the
+    # methods #success, #setup_needed, #cancel, and #failure. Please ensure
+    # the returned object is a rack compatible response.
+    #
+    # The first argument is an OpenID::Response, the second is a
+    # Rack::Request of the current request, the last is the hash used in
+    # ruby-openid handling, which can be found manually at
+    # env['rack.session'][:openid].
+    #
+    # This is useful if you wanted to expand the processing done, such as
+    # setting up user accounts.
+    #
+    #   oid_app = Rack::Auth::OpenID.new realm, :return_to => return_to
+    #   def oid_app.success oid, request, session
+    #     user = Models::User[oid.identity_url]
+    #     user ||= Models::User.create_from_openid oid
+    #     request['rack.session'][:user] = user.id
+    #     redirect MyApp.site_home
+    #   end
+    #
+    #   site_map['/openid'] = oid_app
+    #   map = Rack::URLMap.new site_map
+    #   ...
+
+    class OpenID
+      # Raised if an incompatible session is being used.
+      class NoSession < RuntimeError; end
+      # Raised if an extension not matching specifications is provided.
+      class BadExtension < RuntimeError; end
+      # Possible statuses returned from consumer responses. See definitions
+      # in the ruby-openid library.
+      ValidStatus = [
+        ::OpenID::Consumer::SUCCESS,
+        ::OpenID::Consumer::FAILURE,
+        ::OpenID::Consumer::CANCEL,
+        ::OpenID::Consumer::SETUP_NEEDED
+      ]
+
+      # The first argument is the realm, identifying the site they are trusting
+      # with their identity. This is required, also treated as the trust_root
+      # in OpenID 1.x exchanges.
+      #
+      # The lits of acceptable options include :return_to, :session_key,
+      # :openid_param, :store, :immediate, :extensions.
+      #
+      # <tt>:return_to</tt> defines the url to return to after the client
+      # authenticates with the openid service provider. This url should point
+      # to where Rack::Auth::OpenID is mounted. If unprovided, the url of
+      # the current request is used.
+      #
+      # <tt>:session_key</tt> defines the key to the session hash in the env.
+      # The default is 'rack.session'.
+      #
+      # <tt>:openid_param</tt> defines at what key in the request parameters to
+      # find the identifier to resolve. As per the 2.0 spec, the default is
+      # 'openid_identifier'.
+      #
+      # <tt>:store</tt> defined what OpenID Store to use for persistant
+      # information. By default a Store::Memory is used.
+      #
+      # <tt>:immediate</tt> as true will make initial requests to be of an
+      # immediate type. This is false by default. See OpenID specification
+      # documentation.
+      #
+      # <tt>:extensions</tt> should be a hash of openid extension
+      # implementations. The key should be the extension module, the value
+      # should be an array of arguments for extension::Request.new().
+      # The hash is iterated over and passed to #add_extension for processing.
+      # Please see #add_extension for further documentation.
+
+      def initialize(realm, options={})
+        realm = URI(realm)
+        raise ArgumentError, "Invalid realm: #{realm}" \
+          unless realm.absolute? \
+          and realm.fragment.nil? \
+          and realm.scheme =~ /^https?$/ \
+          and realm.host =~ /^(\*\.)?#{URI::REGEXP::PATTERN::URIC_NO_SLASH}+/
+        realm.path = '/' if realm.path.empty?
+        @realm = realm.to_s
+
+        if ruri = options[:return_to]
+          ruri = URI(ruri)
+          raise ArgumentError, "Invalid return_to: #{ruri}" \
+            unless ruri.absolute? \
+            and ruri.scheme =~ /^https?$/ \
+            and ruri.fragment.nil?
+          raise ArgumentError, "return_to #{ruri} not within realm #{realm}" \
+            unless self.within_realm?(ruri)
+          @return_to = ruri.to_s
+        end
+
+        @session_key  = options[:session_key]   || 'rack.session'
+        @openid_param = options[:openid_param]  || 'openid_identifier'
+        @store        = options[:store]         || ::OpenID::Store::Memory.new
+        @immediate    = !!options[:immediate]
+
+        @extensions   = {}
+        if extensions = options[:extensions]
+          extensions.each do |ext, args|
+            add_extension(ext, *args)
+          end
+        end
+
+        # Undocumented, semi-experimental
+        @anonymous    = !!options[:anonymous]
+      end
+
+      attr_reader :realm, :return_to, :session_key, :openid_param, :store,
+        :immediate, :extensions
+
+      # Sets up and uses session data at <tt>:openid</tt> within the session.
+      # Errors in this setup will raise a NoSession exception.
+      #
+      # If the parameter 'openid.mode' is set, which implies a followup from
+      # the openid server, processing is passed to #finish and the result is
+      # returned. However, if there is no appropriate openid information in the
+      # session, a 400 error is returned.
+      #
+      # If the parameter specified by <tt>options[:openid_param]</tt> is
+      # present, processing is passed to #check and the result is returned.
+      #
+      # If neither of these conditions are met, #bad_request is called.
+
+      def call(env)
+        env['rack.auth.openid'] = self
+        env_session = env[@session_key]
+        unless env_session and env_session.is_a?(Hash)
+          raise NoSession, 'No compatible session.'
+        end
+        # let us work in our own namespace...
+        session = (env_session[:openid] ||= {})
+        unless session and session.is_a?(Hash)
+          raise NoSession, 'Incompatible openid session.'
+        end
+
+        request = Rack::Request.new(env)
+        consumer = ::OpenID::Consumer.new(session, @store)
+
+        if mode = request.GET['openid.mode']
+          finish(consumer, session, request)
+        elsif request.GET[@openid_param]
+          check(consumer, session, request)
+        else
+          bad_request
+        end
+      end
+
+      # As the first part of OpenID consumer action, #check retrieves the data
+      # required for completion.
+      #
+      # If all parameters fit within the max length of a URI, a 303 redirect
+      # will be returned. Otherwise #confirm_post_params will be called.
+      #
+      # Any messages from OpenID's request are logged to env['rack.errors']
+      #
+      # <tt>env['rack.auth.openid.request']</tt> is the openid checkid request
+      # instance.
+      #
+      # <tt>session[:openid_param]</tt> is set to the openid identifier
+      # provided by the user.
+      #
+      # <tt>session[:return_to]</tt> is set to the return_to uri given to the
+      # identity provider.
+
+      def check(consumer, session, req)
+        oid = consumer.begin(req.GET[@openid_param], @anonymous)
+        req.env['rack.auth.openid.request'] = oid
+        req.env['rack.errors'].puts(oid.message)
+        p oid if $DEBUG
+
+        ## Extension support
+        extensions.each do |ext,args|
+          oid.add_extension(ext::Request.new(*args))
+        end
+
+        session[:openid_param] = req.GET[openid_param]
+        return_to_uri = return_to ? return_to : req.url
+        session[:return_to] = return_to_uri
+        immediate = session.key?(:setup_needed) ? false : immediate
+
+        if oid.send_redirect?(realm, return_to_uri, immediate)
+          redirect(oid.redirect_url(realm, return_to_uri, immediate))
+        else
+          confirm_post_params(oid, realm, return_to_uri, immediate)
+        end
+      rescue ::OpenID::DiscoveryFailure => e
+        # thrown from inside OpenID::Consumer#begin by yadis stuff
+        req.env['rack.errors'].puts( [e.message, *e.backtrace]*"\n" )
+        return foreign_server_failure
+      end
+
+      # This is the final portion of authentication.
+      # If successful, a redirect to the realm is be returned.
+      # Data gathered from extensions are stored in session[:openid] with the
+      # extension's namespace uri as the key.
+      #
+      # Any messages from OpenID's response are logged to env['rack.errors']
+      #
+      # <tt>env['rack.auth.openid.response']</tt> will contain the openid
+      # response.
+
+      def finish(consumer, session, req)
+        oid = consumer.complete(req.GET, req.url)
+        req.env['rack.auth.openid.response'] = oid
+        req.env['rack.errors'].puts(oid.message)
+        p oid if $DEBUG
+
+        if ValidStatus.include?(oid.status)
+          __send__(oid.status, oid, req, session)
+        else
+          invalid_status(oid, req, session)
+        end
+      end
+
+      # The first argument should be the main extension module.
+      # The extension module should contain the constants:
+      # * class Request, should have OpenID::Extension as an ancestor
+      # * class Response, should have OpenID::Extension as an ancestor
+      # * string NS_URI, which defining the namespace of the extension
+      #
+      # All trailing arguments will be passed to extension::Request.new in
+      # #check.
+      # The openid response will be passed to
+      # extension::Response#from_success_response, oid#get_extension_args will
+      # be called on the result to attain the gathered data.
+      #
+      # This method returns the key at which the response data will be found in
+      # the session, which is the namespace uri by default.
+
+      def add_extension(ext, *args)
+        raise BadExtension unless valid_extension?(ext)
+        extensions[ext] = args
+        return ext::NS_URI
+      end
+
+      # Checks the validitity, in the context of usage, of a submitted
+      # extension.
+
+      def valid_extension?(ext)
+        if not %w[NS_URI Request Response].all?{|c| ext.const_defined?(c) }
+          raise ArgumentError, 'Extension is missing constants.'
+        elsif not ext::Response.respond_to?(:from_success_response)
+          raise ArgumentError, 'Response is missing required method.'
+        end
+        return true
+      rescue
+        return false
+      end
+
+      # Checks the provided uri to ensure it'd be considered within the realm.
+      # is currently not compatible with wildcard realms.
+
+      def within_realm? uri
+        uri = URI.parse(uri.to_s)
+        realm = URI.parse(self.realm)
+        return false unless uri.absolute?
+        return false unless uri.path[0, realm.path.size] == realm.path
+        return false unless uri.host == realm.host or realm.host[/^\*\./]
+        # for wildcard support, is awkward with URI limitations
+        realm_match = Regexp.escape(realm.host).
+          sub(/^\*\./,"^#{URI::REGEXP::PATTERN::URIC_NO_SLASH}+.")+'$'
+        return false unless uri.host.match(realm_match)
+        return true
+      end
+
+      alias_method :include?, :within_realm?
+
+      protected
+
+      # Returns an html form page for posting to an Identity Provider if the
+      # GET request would exceed the upper URI length limit.
+
+      def confirm_post_params(oid, realm, return_to, immediate)
+        response = Rack::Response.new '<html>'+
+          '<head><title>Confirm...</title></head>'+
+          '<body>'+oid.form_markup(realm, return_to, immediate)+'</body>'+
+          '</html>'
+        response.finish
+      end
+
+      # Returns a 303 redirect with the destination of that provided by the
+      # argument.
+
+      def redirect(uri)
+        [ 303, {'Content-Type'=>'text/plain', 'Content-Length'=>'0',
+          'Location' => uri},
+          [] ]
+      end
+
+      # Returns an empty 400 response.
+
+      def bad_request
+        [ 400, {'Content-Type'=>'text/plain', 'Content-Length'=>'0'},
+          [''] ]
+      end
+
+      # Returns a basic unauthorized 401 response.
+
+      def unauthorized
+        [ 401, {'Content-Type' => 'text/plain', 'Content-Length' => '13'},
+          ['Unauthorized.'] ]
+      end
+
+      # Returns a basic access denied 403 response.
+
+      def access_denied
+        [ 403, {'Content-Type' => 'text/plain', 'Content-Length' => '14'},
+          ['Access denied.'] ]
+      end
+
+      # Returns a 503 response to be used if communication with the remote
+      # OpenID server fails.
+
+      def foreign_server_failure
+        [ 503, {'Content-Type'=>'text/plain', 'Content-Length' => '23'},
+          ['Foreign server failure.'] ]
+      end
+
+      private
+
+      # Called to complete processing on a successful transaction.
+      # Within the openid session, :openid_identity and :openid_identifier are
+      # set to the user friendly and the standard representation of the
+      # validated identity. All other data in the openid session is cleared.
+
+      def success(oid, request, session)
+        session.clear
+        session[:openid_identity]   = oid.display_identifier
+        session[:openid_identifier] = oid.identity_url
+        extensions.keys.each do |ext|
+          label     = ext.name[/[^:]+$/].downcase
+          response  = ext::Response.from_success_response(oid)
+          session[label] = response.data
+        end
+        redirect(realm)
+      end
+
+      # Called if the Identity Provider indicates further setup by the user is
+      # required.
+      # The identifier is retrived from the openid session at :openid_param.
+      # And :setup_needed is set to true to prevent looping.
+
+      def setup_needed(oid, request, session)
+        identifier = session[:openid_param]
+        session[:setup_needed] = true
+        redirect(req.script_name + '?' + openid_param + '=' + identifier)
+      end
+
+      # Called if the user indicates they wish to cancel identification.
+      # Data within openid session is cleared.
+
+      def cancel(oid, request, session)
+        session.clear
+        access_denied
+      end
+
+      # Called if the Identity Provider indicates the user is unable to confirm
+      # their identity. Data within the openid session is left alone, in case
+      # of swarm auth attacks.
+
+      def failure(oid, request, session)
+        unauthorized
+      end
+
+      # To be called if there is no method for handling the OpenID response
+      # status.
+
+      def invalid_status(oid, request, session)
+        msg = 'Invalid status returned by the OpenID authorization reponse.'
+        [ 500,
+          {'Content-Type'=>'text/plain','Content-Length'=>msg.length.to_s},
+          [msg] ]
+      end
+    end
+
+    # A class developed out of the request to use OpenID as an authentication
+    # middleware. The request will be sent to the OpenID instance unless the
+    # block evaluates to true. For example in rackup, you can use it as such:
+    #
+    #   use Rack::Session::Pool
+    #   use Rack::Auth::OpenIDAuth, realm, openid_options do |env|
+    #     env['rack.session'][:authkey] == a_string
+    #   end
+    #   run RackApp
+    #
+    # Or simply:
+    #
+    #   app = Rack::Auth::OpenIDAuth.new app, realm, openid_options, &auth
+
+    class OpenIDAuth < Rack::Auth::AbstractHandler
+      attr_reader :oid
+      def initialize(app, realm, options={}, &auth)
+        @oid = OpenID.new(realm, options)
+        super(app, &auth)
+      end
+
+      def call(env)
+        to = @authenticator.call(env) ? @app : @oid
+        to.call(env)
+      end
+    end
+  end
+end