ruby-openid 1.0.2 → 1.1.1

data/examples/consumer.rb

@@ -3,7 +3,6 @@ require "cgi"
 require "uri"
 require "pathname"
 
-
 require "webrick"
 include WEBrick
 
@@ -69,6 +68,7 @@ class SimpleServlet < HTTPServlet::AbstractServlet
   def do_begin
     # First make sure the user entered something
     openid_url = @req.query.fetch("openid_url", "")
+
     if openid_url.empty?
       self.render("Enter an identity URL to verify",
                   css_class="error", form_contents=openid_url)
@@ -116,7 +116,7 @@ class SimpleServlet < HTTPServlet::AbstractServlet
 
       # build the redirect
       redirect_url = request.redirect_url($trust_root, return_to)
-
+      
       # send redirect to the server
       self.redirect(redirect_url)
     else

data/examples/consumerd.rb

@@ -0,0 +1,290 @@
+#!/usr/bin/env ruby
+require "cgi"
+require "uri"
+require "pathname"
+
+require "webrick"
+include WEBrick
+
+# load the openid library, first trying rubygems
+begin
+  require "openid"
+rescue LoadError
+  require "rubygems"
+  require_gem "ruby-openid", ">= 1.0"
+end
+
+################ start config ##########################
+# use your desired store implementation here
+#store_dir = Pathname.new(Dir.pwd).join("openid-store")
+#store = OpenID::FilesystemStore.new(store_dir)
+store = OpenID::DumbStore.new('areg')
+
+$host = "localhost"
+$port = 2000
+################ end config ############################
+
+if $port.nil?
+  $base_url = "http://#{$host}/"
+else
+  $base_url = "http://#{$host}:#{$port}/"
+end
+
+# NOTE: Please note that a Hash is not a valid session storage type, it is just
+# used here to get something that works.  In a production environment this
+# should be an object representing the CURRENT USER's session, NOT a global
+# hash.  Every user visiting this running consumer.rb will write into this
+# same hash.
+$session = {}
+
+$trust_root = $base_url
+$consumer = OpenID::Consumer.new($session, store)
+
+server = HTTPServer.new(:Port=>$port)
+class SimpleServlet < HTTPServlet::AbstractServlet
+
+  def do_GET(req, res)
+    @req = req
+    @res = res
+
+    begin
+      case req.path
+      when "", "/", "/start"
+        self.render
+      when "/begin"
+        self.do_begin
+      when "/complete"
+        self.do_complete
+      when '/policy'
+        self.do_policy
+      else
+        self.redirect(self.build_url("/"))
+      end
+    ensure
+      @req = nil
+      @res = nil
+    end
+  end 
+
+  def do_begin
+    # First make sure the user entered something
+    openid_url = @req.query.fetch("openid_url", "")
+    if openid_url.empty?
+      self.render("Enter an identity URL to verify",
+                  css_class="error", form_contents=openid_url)
+      return HTTPStatus::Success
+    end    
+
+    # Then ask the openid library to begin the authorization
+    request = $consumer.begin(openid_url)
+   
+    # If the URL was unusable (either because of network conditions,
+    # a server error, or that the response returned was not an OpenID
+    # identity page), the library will return HTTP_FAILURE or PARSE_ERROR.
+    # Let the user know that the URL is unusable.
+    case request.status
+    when OpenID::FAILURE
+      self.render("Unable to find openid server for <q>#{openid_url}</q>",
+                  css_class="error", form_contents=openid_url)
+      return HTTPStatus::Success
+
+    when OpenID::SUCCESS
+      # The URL was a valid identity URL. Now we just need to send a redirect
+      # to the server using the redirect_url the library created for us.
+
+      # check to see if we want to make an SREG request. Generally this will
+      # not take the form of a checkbox, but will be part of your site policy.
+      # For example, you may perform an sreg request if the user appears
+      # to be new to the site.  The checkbox is here for convenience of
+      # testing.
+      do_sreg = @req.query.fetch('sreg', nil)
+
+      if do_sreg and request.uses_extension?('http://openid.net/sreg/1.0')
+        policy_url = self.build_url('/policy')
+        request.add_extension_arg('sreg','policy_url', policy_url)
+        request.add_extension_arg('sreg','required','email,nickname')
+        request.add_extension_arg('sreg','optional','fullname,dob,gender,postcode,country')
+      end
+
+      if do_sreg
+        extra = {'did_sreg' => 'true'}
+      else
+        extra = {}
+      end
+
+      return_to = self.build_url("/complete", extra)
+
+      # build the redirect
+      redirect_url = request.redirect_url($trust_root, return_to)
+
+      # send redirect to the server
+      self.redirect(redirect_url)
+    else
+      # Should never get here
+      raise "Not Reached"
+    end    
+  end
+
+  # handle the redirect from the OpenID server
+  def do_complete
+    # Ask the library to check the response that the server sent
+    # us.  Status is a code indicating the response type. info is
+    # either nil or a string containing more information about
+    # the return type.
+    response = $consumer.complete(@req.query)
+    
+    css_class = "error"
+   
+    did_sreg = @req.query.fetch('did_sreg', nil)
+    sreg_checked = did_sreg ? 'checked="checked"' : ''
+    
+    if response.status == OpenID::FAILURE
+      # In the case of failure, if info is non-nil, it is the
+      # URL that we were verifying. We include it in the error
+      # message to help the user figure out what happened.
+      if response.identity_url
+        message = "Verification of #{response.identity_url} failed"
+      else
+        message = 'Verification failed.'
+      end
+
+      # add on the failure message for a little debug info
+      message += ' '+response.msg.to_s
+
+    elsif response.status == OpenID::SUCCESS
+      # Success means that the transaction completed without
+      # error. If info is nil, it means that the user cancelled
+      # the verification.
+      css_class = "alert"
+
+      message = "You have successfully verified #{response.identity_url} as your identity."
+
+      # get the signed extension sreg arguments
+      sreg = response.extension_response('sreg')
+      if sreg.length > 0
+        message += "<hr/> With simple registration fields:<br/>"
+        sreg.keys.sort.each {|k| message += "<br/><b>#{k}</b>: #{sreg[k]}"}
+      elsif did_sreg
+        message += "<hr/> But the server does not support simple registration."
+      end
+    
+    elsif response.status == OpenID::CANCEL
+      message = "Verification cancelled."
+
+    else
+      message = "Unknown response status: #{response.status}"
+
+    end
+    self.render(message, css_class, response.identity_url, sreg_checked)
+  end
+  
+  def do_policy
+    @res.body = <<END
+<html>
+<head></head>
+<body>
+<h3>Ruby Consumer Simple Registration Policy</h3>
+<p>This consumer makes a simple registration request for the following fields:<br/><br/>
+<b>Required:</b> email, nickname<br/>
+<b>Optional:</b> fullname, dob, gender, postcode, country<br/><br/>
+Nothing is actually done with the data provided, it simply exists to illustrate the simple registration protocol.
+</p>
+</body>
+</html>
+
+END
+  end
+
+  # build a URL relative to the server base URL, with the given query
+  # parameters added.
+  def build_url(action, query=nil)
+    url = URI.parse($base_url).merge(action).to_s
+    url = OpenID::Util.append_args(url, query) unless query.nil?
+    return url
+  end
+   
+  def redirect(url)
+    @res.set_redirect(HTTPStatus::TemporaryRedirect, url)
+  end
+
+  def render(message=nil, css_class="alert", form_contents="", checked="")
+    @res.body = self.page_header
+    unless message.nil?
+      @res.body << "<div class=\"#{css_class}\">#{message}</div>"
+    end
+    @res.body << self.page_footer(form_contents, checked)
+  end
+
+  def page_header(title="Ruby OpenID WEBrick example")
+    header = <<END_OF_STRING
+<html>
+  <head><title>#{title}</title></head>
+  <style type="text/css">
+      * {
+        font-family: verdana,sans-serif;
+      }
+      body {
+        width: 50em;
+        margin: 1em;
+      }
+      div {
+        padding: .5em;
+      }
+      table {
+        margin: none;
+        padding: none;
+      }
+      .alert {
+        border: 1px solid #e7dc2b;
+        background: #fff888;
+      }
+      .error {
+        border: 1px solid #ff0000;
+        background: #ffaaaa;
+      }
+      #verify-form {
+        border: 1px solid #777777;
+        background: #dddddd;
+        margin-top: 1em;
+        padding-bottom: 0em;
+      }
+  </style>
+  <body>
+    <h1>#{title}</h1>
+    <p>
+      This example consumer uses the <a href="http://openidenabled.com/openid/libraries/ruby">Ruby OpenID</a> library
+      on a WEBrick platform.  The example just verifies that the URL that
+      you enter is your identity URL.
+    </p>
+END_OF_STRING
+  end
+
+
+  def page_footer(form_contents="", checked="")
+    form_contents = "" if form_contents == "/"    
+    footer = <<END_OF_STRING
+    <div id="verify-form">
+      <form method="get" action="#{self.build_url("/begin")}">
+        Identity&nbsp;URL:
+      <input type="text" name="openid_url" value="#{form_contents}" />
+        <input type="submit" value="Verify" />
+        <input type="checkbox" id="sregbox" name="sreg" #{checked} />
+        <label for="sregbox">with simple registration</label>
+        <a href="http://www.openidenabled.com/openid/simple-registration-extension" target="_blank">?</a>
+      </form>
+    </div>
+  </body>
+</html>
+END_OF_STRING
+  end
+
+
+
+end
+
+# Bootstrap the example
+server.mount("/", SimpleServlet)
+trap("INT") {server.shutdown}
+print "\nVisit http://#{$host}:#{$port}/ in your browser.\n\n"
+server.start
+

data/examples/openid-store/associations/http-localhost_3A3000_2Fserver-LQl7HUNueJIJcpPoAGiHEHNdJMc

@@ -0,0 +1,6 @@
+version: 2
+handle: {HMAC-SHA1}{4471fc64}{p5qlgA==}
+secret: wDw+/+4MFdm9Y86/MKfxpyn6Ato=
+issued: 1148320868
+lifetime: 120960
+assoc_type: HMAC-SHA1

data/examples/openid-store/associations/http-www.myopenid.com_2Fserver-ZFp96P4qV1FjqgGt2rtZBvRJWic

@@ -0,0 +1,6 @@
+version: 2
+handle: {HMAC-SHA1}{44637c57}{YcwFSQ==}
+secret: N2o4OrdrEhtke+lcpAOwOQaffGU=
+issued: 1147370327
+lifetime: 1209599
+assoc_type: HMAC-SHA1

data/examples/openid-store/auth_key

@@ -0,0 +1 @@
+_eK��2�X,�|RG+

data/examples/rails_openid_login_generator/templates/controller.rb

@@ -62,7 +62,7 @@ class <%= class_name %>Controller < ApplicationController
 
       flash[:notice] = "Logged in as #{CGI::escape(response.identity_url)}"
        
-      redirect_to :action => "welcome"
+      redirect_back_or_default :action => "welcome"
       return
 
     when OpenID::FAILURE

data/examples/rails_server/app/controllers/login_controller.rb~

@@ -0,0 +1,35 @@
+# Controller for handling the login, logout process for "users" of our
+# little server.  Users have no password.  This is just an example.
+
+class LoginController < ApplicationController
+
+  layout 'server'
+
+  def index
+    # just show the login page
+  end
+
+  def submit
+    user = @params[:username]
+
+    # if we get a user, log them in by putting their username in
+    # the session hash.
+    unless user.nil?
+      session[:username] = user unless user.nil?
+      session[:approvals] = []
+      flash[:notice] = "Your OpenID URL is <b>http://localhost:3000/user/#{user}</b><br/><br/>Proceed to step 2 below."
+    else
+      flash[:error] = "Sorry, couldn't log you in. Try again."
+    end
+    
+    redirect_to :action => 'index'
+  end
+
+  def logout
+    # delete the username from the session hash
+    session[:username] = nil
+    session[:approvals] = nil
+    redirect_to :action => 'index'
+  end
+
+end

data/examples/rails_server/app/controllers/server_controller.rb~

@@ -0,0 +1,190 @@
+require 'pathname'
+
+# load the openid library, first trying rubygems
+begin
+  require "rubygems"
+  require_gem "ruby-openid", ">= 1.0"
+rescue LoadError
+  require "openid"
+end
+
+class ServerController < ApplicationController
+
+  include ServerHelper
+  include OpenID::Server
+  layout nil
+  
+  def index
+    begin
+      request = server.decode_request(@params)
+    rescue ProtocolError => e
+      # invalid openid request, so just display a page with an error message
+      render_text e.to_s
+      return
+    end
+      
+    # no openid.mode was given
+    unless request
+      render_text "This is an OpenID server endpoint."
+      return
+    end
+    
+    if request.kind_of?(CheckIDRequest)
+
+      if self.is_authorized(request.identity_url, request.trust_root)
+        response = request.answer(true)
+        
+        # add the sreg response if requested
+        self.add_sreg(request, response)
+
+      elsif request.immediate
+        server_url = url_for :action => 'index'
+        response = request.answer(false, server_url)
+        
+      else
+        @session[:last_request] = request
+        @request = request
+        flash[:notice] = "Do you trust this site with your identity?"
+        render :template => 'server/decide', :layout => 'server'
+        return
+      end
+
+    else
+      response = server.handle_request(request)
+    end
+  
+    self.render_response(response)
+  end
+
+  def user_page
+    # Yadis content-negotiation: we want to return the xrds if asked for.
+    accept = request.env['HTTP_ACCEPT']
+    
+    # This is not technically correct, and should eventually be updated
+    # to do real Accept header parsing and logic.  Though I expect it will work
+    # 99% of the time.
+    if accept and accept.include?('application/xrds+xml')
+      render_xrds
+      return
+    end
+
+    # content negotiation failed, so just render the user page    
+    xrds_url = url_for(:controller=>'user',:action=>@params[:username])+'/xrds'
+    identity_page = <<EOS
+<html><head>
+<meta http-equiv="X-XRDS-Location" content="#{xrds_url}" />
+<link rel="openid.server" href="#{url_for :action => 'index'}" />
+</head><body><p>OpenID identity page for #{@params[:username]}</p>
+</body></html>
+EOS
+
+    # Also add the Yadis location header, so that they don't have
+    # to parse the html unless absolutely necessary.
+    response.headers['X-XRDS-Location'] = xrds_url
+    render_text identity_page
+  end
+
+  def xrds
+    render_xrds
+  end
+
+  def decision
+    request = @session[:last_request]
+    @session[:last_request] = nil
+
+    if @params[:yes].nil?
+      redirect_to request.cancel_url
+      return
+    else
+      session[:approvals] << request.trust_root
+      response = request.answer(true)
+      self.add_sreg(request, response)
+      return self.render_response(response)
+    end
+  end
+
+  protected
+
+  def server
+    if @server.nil?
+      dir = Pathname.new(RAILS_ROOT).join('db').join('openid-store')
+      store = OpenID::FilesystemStore.new(dir)
+      @server = Server.new(store)
+    end
+    return @server
+  end
+
+  def approved(trust_root)
+    return false if session[:approvals].nil?
+    return session[:approvals].member?(trust_root)
+  end
+
+  def is_authorized(identity_url, trust_root)
+    return (session[:username] and (identity_url == url_for_user) and self.approved(trust_root))
+  end
+
+  def render_xrds
+    yadis = <<EOS
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+    xmlns:xrds="xri://$xrds"
+    xmlns:openid="http://openid.net/xmlns/1.0"
+    xmlns="xri://$xrd*($v*2.0)">
+  <XRD>
+    <Service priority="1">
+      <Type>http://openid.net/signon/1.0</Type>
+      <Type>http://openid.net/sreg/1.0</Type>
+      <URI>#{url_for(:controller => 'server')}</URI>
+    </Service>
+  </XRD>
+</xrds:XRDS>
+EOS
+
+    response.headers['content-type'] = 'application/xrds+xml'
+    render_text yadis
+  end  
+
+  def add_sreg(request, response)
+    # Your code should examine request.query
+    # for openid.sreg.required, openid.sreg.optional, and
+    # openid.sreg.policy_url, and generate add fields to your response
+    # accordingly. For this example, we'll just see if there are any
+    # sreg args and add some sreg data to the response.  Take note,
+    # that this does not actually respect the sreg query, it just sends
+    # back some fake sreg data.  Your implemetation should be better! :)
+
+    required = request.query['openid.sreg.required']
+    optional = request.query['openid.sreg.optional']
+    policy_url = request.query['openid.sreg.policy_url']
+
+    if required or optional or policy_url
+      # this should be taken out of the user's profile,
+      # but since we don't have one lets just make up some data.
+      # Also, the user should be able to approve the transfer
+      # and modify each field if she likes.
+      sreg_fields = {
+        'email' => 'mayor@example.com',
+        'nickname' => 'Mayor McCheese'
+      }    
+      response.add_fields('sreg', sreg_fields)
+    end
+
+  end
+
+  def render_response(response)    
+    web_response = server.encode_response(response)
+
+    case web_response.code
+    when HTTP_OK
+      render_text web_response.body, :status => 200           
+
+    when HTTP_REDIRECT
+      redirect_to web_response.redirect_url
+
+    else
+      render_text web_response.body, :status => 400
+    end   
+  end
+
+
+end