rots 1.0.0

data/lib/rots/server_app.rb

@@ -0,0 +1,167 @@
+# stdlib
+require "fileutils"
+
+# external libraries
+require "openid"
+require "openid/extension"
+require "openid/extensions/sreg"
+require "openid/store/filesystem"
+require "openid/util"
+require "rack/request"
+require "rack/utils"
+
+module Rots
+  class ServerApp
+    attr_accessor :request,
+      :openid_request,
+      :response,
+      :openid_response,
+      :server
+
+    def initialize(config, server_options)
+      @server_options = server_options
+      @sreg_fields = config["sreg"]
+    end
+
+    def call(env)
+      on_openid_request(env) do
+        if !is_checkid_request?
+          @openid_response = @server.handle_request(@openid_request)
+          reply_consumer
+        elsif is_checkid_immediate?
+          process_immediate_checkid_request
+        else
+          process_checkid_request
+        end
+      end
+    end
+
+    protected
+
+    def on_openid_request(env)
+      create_wrappers(env)
+      if @openid_request.nil?
+        [
+          200,
+          {Rack::CONTENT_TYPE => "text/html"},
+          ["<html><body><h1>ROTS => This is an OpenID endpoint</h1></body></html>"],
+        ]
+      else
+        yield
+      end
+    end
+
+    def create_wrappers(env)
+      @request = Rack::Request.new(env)
+      @server = OpenID::Server::Server.new(storage, op_endpoint)
+      @openid_request = @server.decode_request(@request.params)
+      @openid_sreg_request = OpenID::SReg::Request.from_openid_request(@openid_request) unless @openid_request.nil?
+    end
+
+    def is_checkid_request?
+      @openid_request.is_a?(OpenID::Server::CheckIDRequest)
+    end
+
+    def is_checkid_immediate?
+      @openid_request && @openid_request.immediate
+    end
+
+    def process_immediate_checkid_request
+      if checkid_immediate_is_valid?
+        return_successful_openid_response
+      else
+        return_setup_needed_openid_response
+      end
+    end
+
+    def process_checkid_request
+      if checkid_request_is_valid?
+        return_successful_openid_response
+      else
+        return_cancel_openid_response
+      end
+    end
+
+    def checkid_request_is_valid?
+      @request.params["openid.success"] == "true"
+    end
+
+    def checkid_immediate_is_valid?
+      @request.params["openid.success"] == "true"
+    end
+
+    def return_successful_openid_response
+      @openid_response = @openid_request.answer(true)
+      process_sreg_extension
+      # TODO: Add support for SREG extension
+      @server.signatory.sign(@openid_response) if @openid_response.needs_signing
+      reply_consumer
+    end
+
+    def process_sreg_extension
+      return if @openid_sreg_request.nil?
+      response = OpenID::SReg::Response.extract_response(@openid_sreg_request, @sreg_fields)
+      @openid_response.add_extension(response)
+    end
+
+    def return_cancel_openid_response
+      redirect(@openid_request.cancel_url)
+    end
+
+    def return_setup_needed_openid_response
+      setup_needed_args = @request.params.merge("openid.mode" => "setup_needed", "user_setup_url" => "")
+      url = OpenID::Util.append_args(@openid_request.return_to, setup_needed_args)
+      redirect(url)
+    end
+
+    def reply_consumer
+      web_response = @server.encode_response(@openid_response)
+      case web_response.code
+      when OpenID::Server::HTTP_OK
+        success(web_response.body)
+      when OpenID::Server::HTTP_REDIRECT
+        redirect(web_response.headers["location"])
+      else
+        bad_request
+      end
+    end
+
+    def redirect(uri)
+      [
+        303,
+        {
+          Rack::CONTENT_LENGTH => "0",
+          Rack::CONTENT_TYPE => "text/plain",
+          "Location" => uri,
+        },
+        [],
+      ]
+    end
+
+    def bad_request
+      [
+        400,
+        {Rack::CONTENT_TYPE => "text/plain", Rack::CONTENT_LENGTH => "0"},
+        [],
+      ]
+    end
+
+    def storage
+      # create the folder if it doesn't exist
+      FileUtils.mkdir_p(@server_options[:storage]) unless File.exist?(@server_options[:storage])
+      OpenID::Store::Filesystem.new(@server_options[:storage])
+    end
+
+    def success(text = "")
+      Rack::Response.new(text).finish
+    end
+
+    def op_endpoint
+      if @request.url =~ /(.*\?openid.success=true)/
+        $1
+      elsif @request.url =~ /([^?]*)/
+        $1
+      end
+    end
+  end
+end

data/lib/rots/test/rack_test_helpers.rb

@@ -0,0 +1,21 @@
+module Rots
+  module Test
+    module RackTestHelpers
+      def mock_openid_request(app, *args)
+        env = Rack::MockRequest.env_for(*args)
+        @response = Rack::MockResponse.new(*app.call(env))
+      end
+
+      def follow_openid_redirect!(app)
+        assert(@response)
+        assert_equal(303, @response.status)
+
+        env = Rack::MockRequest.env_for(@response.headers["Location"])
+        _status, headers, _body = Rots::Mocks::RotsServer.new.call(env)
+
+        uri = URI(headers["Location"])
+        mock_openid_request(app, "#{uri.path}?#{uri.query}")
+      end
+    end
+  end
+end

data/lib/rots/test/request_helper.rb

@@ -0,0 +1,78 @@
+require "rack/utils"
+
+module Rots
+  module Test
+    module RequestHelper
+      def openid_request(openid_request_uri)
+        openid_response = Net::HTTP.get_response(URI.parse(openid_request_uri))
+        openid_response_uri = URI(openid_response["Location"])
+        openid_response_qs = Rack::Utils.parse_query(openid_response_uri.query)
+
+        {
+          url: openid_response_uri.to_s,
+          query_params: openid_response_qs,
+        }
+      end
+
+      def checkid_setup(request, params = {}, with_associate = true)
+        assoc_handle = make_association(request) if with_associate
+        send_checkid(request, :setup, params, assoc_handle)
+      end
+
+      def checkid_immediate(request, params = {}, with_associate = true)
+        assoc_handle = make_association(request) if with_associate
+        send_checkid(request, :immediate, params, assoc_handle)
+      end
+
+      def openid_params(response)
+        uri = URI(response.headers["Location"])
+        Rack::Utils.parse_query(uri.query)
+      end
+
+      protected
+
+      def send_checkid(request, mode, params = {}, assoc_handle = nil)
+        params = send(:"checkid_#{mode}_params", params)
+        params.merge("openid.assoc_handle" => assoc_handle) if assoc_handle
+        qs = "/?" + Rack::Utils.build_query(params)
+        request.get(qs)
+      end
+
+      def make_association(request)
+        associate_qs = Rack::Utils.build_query(associate_params)
+        response = request.post("/", input: associate_qs)
+        parse_assoc_handle_from(response)
+      end
+
+      def parse_assoc_handle_from(response)
+        response.body.split("\n")[0].match(/^assoc_handle:(.*)$/).captures[0]
+      end
+
+      def checkid_setup_params(params = {})
+        {
+          "openid.ns" => "http://specs.openid.net/auth/2.0",
+          "openid.mode" => "checkid_setup",
+          "openid.claimed_id" => "john.doe",
+          "openid.identity" => "john.doe",
+          "openid.return_to" => "http://www.google.com",
+          # need to specify the openid_handle by hand
+        }.merge!(params)
+      end
+
+      def checkid_immediate_params(params = {})
+        checkid_setup_params({"openid.mode" => "checkid_immediate"}.merge!(params))
+      end
+
+      def associate_params
+        {
+          "openid.ns" => "http://specs.openid.net/auth/2.0",
+          "openid.mode" => "associate",
+          "openid.session_type" => "DH-SHA1",
+          "openid.assoc_type" => "HMAC-SHA1",
+          "openid.dh_consumer_public" =>
+            "U672/RsDUNxAFFAXA+ShVh5LMD2CRdsoqdqhDCPUzfCNy2f44uTWuid/MZuGfJmiVA7QmxqM3GSb8EVq3SGK8eGEwwyzUtatqHidx72rfwAav5AUrZTnwSPQJyiCFrKNGmNhXdRJzcfzSkgaC3hVz2kpADzEevIExG6agns1sYY=",
+        }
+      end
+    end
+  end
+end

data/lib/rots/test.rb

@@ -0,0 +1,2 @@
+require_relative "test/rack_test_helpers"
+require_relative "test/request_helper"

data/lib/rots/version.rb

@@ -0,0 +1,5 @@
+module Rots
+  module Version
+    VERSION = "1.0.0"
+  end
+end

data/lib/rots.rb

@@ -0,0 +1,27 @@
+# stdlib in Ruby < 3, gem after
+require "net/http"
+
+# External Libraries
+require "date"
+require "openssl"
+require "optparse"
+require "rack"
+require "rackup"
+require "openid" # ruby-openid2
+require "stringio"
+require "webrick"
+require "yaml"
+require "psych"
+
+# This library
+require_relative "rots/version"
+require_relative "rots/server_app"
+require_relative "rots/identity_page_app"
+
+# Namespace for this gem
+module Rots
+end
+
+Rots::Version.class_eval do
+  extend VersionGem::Basic
+end

data.tar.gz.sig

@@ -0,0 +1,5 @@
+������%P{ޱ��3܅`�/\���z��%͐z��4r��-��`�Z�a�nՑm,���c�Z~mC:ϚB�u��m3�ȟ�	���f�,O��
+������>��r�ُ;K�
+�v5�=�תEj��w'U}����f��*7�*�䰍����5���*��e�m~6��<V��"�0	(�'��b���D9,{�4�eV	� �qd���9%@2buwˤ�F��L<�!~���KG����ض�l��N�u��i�?�K_��
+}P?K�F��~[��tz��֫)K����Jz�uƪ��Y-]�Lݛ������M`��9�a*(�2���3Kw�6\q�#-��*&��&��&��
+#�fy��+?&~'�$FL]�.~��5��%��