ruby-openid 1.0.2 → 1.1.1

data/lib/openid/server.rb

@@ -362,7 +362,7 @@ module OpenID
           raise MalformedReturnURL.new(query, return_to)
         end
 
-        if trust_root and not OpenID::TrustRoot.parse(return_to)
+        if trust_root and not OpenID::TrustRoot.parse(trust_root)
           raise MalformedTrustRoot.new(query, trust_root)
         end
        

data/lib/openid/service.rb

@@ -29,7 +29,7 @@ module OpenID
       'xrdns' => 'xri://$xrd*($v*2.0)',
       'openidns' => 'http://openid.net/xmlns/1.0'
     }
-    attr_accessor :service_types, :uri, :yadis_url, :delegate_url
+    attr_accessor :service_types, :uri, :yadis_url, :delegate_url, :xrds_uri, :canonical_id
 
     # Class method to produce OpenIDService objects. Call with a Yadis Service
     # object.  Will return nil if the Service object does not represent an
@@ -40,7 +40,9 @@ module OpenID
       s = new
       s.service_types = service.service_types
       s.uri = service.uri
-      s.yadis_url = service.yadis.uri
+      s.yadis_url = service.yadis.uri if service.yadis
+      s.xrds_uri = service.yadis.xrds_uri if service.yadis
+      s.canonical_id = service.canonical_id
 
       s.delegate_url = nil
       REXML::XPath.each(service.element, 'openidns:Delegate',
@@ -110,6 +112,10 @@ module OpenID
     def consumer_id
       @yadis_url
     end
+
+    def canonical_id
+      @canonical_id or self.consumer_id
+    end
   end
 
 
@@ -125,6 +131,7 @@ module OpenID
       @yadis_url = consumer_id     
       @service_types = ['http://openid.net/signon/1.0']
       @yadis = nil
+      @xrds_uri = nil
     end
 
     def delegate

data/lib/openid/stores.rb~

@@ -0,0 +1,178 @@
+require "openid/util"
+
+module OpenID
+
+  # Interface for the abstract Store
+  class Store
+
+    @@AUTH_KEY_LEN = 20
+
+    # Put a Association object into storace
+    def store_association(association)
+      raise NotImplementedError
+    end
+
+    # Returns a Association object from storage that matches
+    # the server_url.  Returns nil if no such association is found or if
+    # the one matching association is expired. (Is allowed to GC expired
+    # associations when found.)
+    def get_association(server_url)
+      raise NotImplementedError
+    end
+
+    # If there is a matching association, remove it from the store and
+    # return true, otherwise return false.
+    def removeAssociation(server_url, handle)
+      raise NotImplementedError
+    end
+
+    # Stores a nonce (which is passed in as a string).
+    def store_nonce(nonce)
+      raise NotImplementedError
+    end
+
+    # If the nonce is in the store, remove it and return true. Otherwise
+    # return false.
+    def use_nonce(nonce)
+      raise NotImplementedError
+    end
+
+    # Returns a 20-byte auth key used to sign the tokens, to ensure
+    # that they haven't been tampered with in transit. It must return
+    # the same key every time it is called.   
+    def get_auth_key
+      raise NotImplementedError
+    end
+
+    # Method return true if the store is dumb-mode-style store.
+    def dumb?
+      false
+    end
+
+  end
+
+
+  class DumbStore < Store
+    
+    def initialize(secret_phrase)
+      require "digest/sha1"
+      @auth_key = Digest::SHA1.hexdigest(secret_phrase)
+    end
+
+    def store_association(assoc)
+      nil
+    end
+
+    def get_association(server_url)
+      nil
+    end
+  
+    def remove_association(server_url, handle)
+      false
+    end
+
+    def store_nonce(nonce)
+      nil
+    end
+
+    def use_nonce(nonce)
+      true
+    end
+
+    def get_auth_key
+      @auth_key
+    end
+
+    def dumb?
+      true
+    end
+
+  end
+
+  class ServerAssocs
+    def initialize
+      @assocs = {}
+    end
+
+    def set(assoc)
+      @assocs[assoc.handle] = assoc
+    end
+
+    def get(handle)
+      @assocs[handle]
+    end
+
+    def remove(handle)
+      return @assocs.delete(handle)
+    end
+
+    def best
+      best = nil
+      @assocs.each do |k, assoc|
+        if best.nil? or best.issued < assoc.issued
+          best = assoc
+        end
+      end
+      return best
+    end
+  end
+
+  # An in-memory implementation of Store.  This class is mainly used
+  # for testing, though it may be useful for long-running single process apps.
+  #
+  # You should probably be looking at OpenID::FilesystemStore
+  class MemoryStore < Store
+
+    def initialize
+      @server_assocs = {}
+      @nonces = {}
+      @auth_key = OpenID::Util.random_string(@@AUTH_KEY_LEN)
+    end
+
+    def dumb?
+      false
+    end
+
+    def store_association(server_url, assoc)
+      assocs = _get_server_assocs(server_url)
+      assocs.set(self.deepcopy(assoc))
+    end
+    
+    def get_association(server_url, handle=nil)
+      assocs = _get_server_assocs(server_url)
+      return assocs.best if handle.nil?
+      return assocs.get(handle)
+    end
+    
+    def remove_association(server_url, handle)
+      assocs = _get_server_assocs(server_url)
+      return assocs.remove(handle)
+    end
+
+    def use_nonce(nonce)
+      return true if @nonces.delete(nonce)
+      return false
+    end
+
+    def store_nonce(nonce)
+      @nonces[nonce] = true
+    end
+
+    def get_auth_key
+      @auth_key
+    end
+
+    def _get_server_assocs(server_url)
+      unless @server_assocs.has_key?(server_url)
+        @server_assocs[server_url] = ServerAssocs.new
+      end
+      return @server_assocs[server_url]
+    end
+
+    def deepcopy(o)
+      Marshal.load(Marshal.dump(o))
+    end
+
+  end
+
+end

data/lib/openid/trustroot.rb

@@ -63,19 +63,32 @@ module OpenID
       return true if @host == 'localhost'
       
       host_parts = @host.split('.')
-      return false unless TOP_LEVEL_DOMAINS.member?(host_parts[-1])
+      # a note: ruby string split does not put an empty string
+      # at the end of the list if the split element is last.  for example,
+      # 'foo.com.'.split('.') => ['foo','com'].  Mentioned because the python
+      # code differs here.
       
-      # wacky heurestic for extracting a sane tld
-      host = []
-      if host_parts[-1].length == 2 and host_parts.length > 1
-        if host_parts[-2].length <= 3
-          host = host_parts[0...-2]
+      return false if host_parts.length == 0
+
+      # no adjacent dots
+      return false if host_parts.member?('')
+
+      # last part must be a tld
+      tld = host_parts[-1]
+      return false unless TOP_LEVEL_DOMAINS.member?(tld)
+
+      return false if host_parts.length == 1
+
+      if @wildcard
+        if tld.length == 2 and host_parts[-2].length <= 3
+          # It's a 2-letter tld with a short second to last segment
+          # so there needs to be more than two segments specified 
+          # (e.g. *.co.uk is insane)
+          return host_parts.length > 2
         end
-      elsif host_parts[-1].length == 3
-        host = host_parts[0...-1]
       end
-      
-      return (host.length > 0)
+
+      return true
     end
     
     def validate_url(url)

data/lib/openid/urinorm.rb

@@ -0,0 +1,72 @@
+require 'uri'
+
+UNRESERVED = [false]*256
+('A'[0]..'Z'[0]).each {|i| UNRESERVED[i] = true}
+('a'[0]..'z'[0]).each {|i| UNRESERVED[i] = true}
+('0'[0]..'9'[0]).each {|i| UNRESERVED[i] = true}
+%W(- . _ ~).each {|i| UNRESERVED[i[0]] = true}
+
+module OpenID
+
+  module Util
+    
+    def Util._remove_dot_segments(path)
+      result_segments = []
+
+      while path.length > 0
+        if path.starts_with?('../')
+          path = path[3..-1]
+        elsif path.starts_with?('./')
+          path = path[2..-1]
+        elsif path.starts_with?('/./')
+          path = path[2..-1]
+        elsif path == '/.'
+          path = '/'
+        elsif path.starts_with?('/../')
+          path = path[3..-1]
+          result_segments.pop if result_segments.length > 0
+        elsif path == '/..'
+          path = '/'
+          result_segments.pop if result_segments.length > 0
+        elsif path == '..' or path == '.'
+          path = ''
+        else
+          i = 0
+          i = 1 if path[0].chr == '/'
+          i = path.index('/', i)
+          i = path.length if i.nil?
+          result_segments << path[0...i]
+          path = path[i..-1]
+        end
+      end
+      
+      return result_segments.join('')
+    end
+
+    def Util.urinorm(uri)
+      uri = URI.parse(uri)
+      
+      raise URI::InvalidURIError.new('no scheme') unless uri.scheme
+      uri.scheme = uri.scheme.downcase
+      unless ['http','https'].member?(uri.scheme)
+        raise URI::InvalidURIError.new('Not an HTTP or HTTPS URI')
+      end
+
+      raise URI::InvalidURIError.new('no host') unless uri.host
+      uri.host = uri.host.downcase
+
+      uri.path = _remove_dot_segments(uri.path)
+      uri.path = '/' if uri.path.length == 0
+      
+      uri = uri.normalize.to_s
+      uri = uri.gsub(/%[0-9a-zA-Z]{2}/) {
+        i = $&[1..2].upcase.to_i(16)
+        UNRESERVED[i] ? i.chr : $&.upcase
+      }
+
+      return uri
+    end
+
+  end
+
+end

data/lib/openid/util.rb

@@ -4,6 +4,8 @@ require "digest/sha1"
 require "hmac-sha1"
 require "uri"
 
+require "openid/urinorm"
+
 srand(Time.now.to_f)
 
 class Object
@@ -254,11 +256,9 @@ module OpenID
       end
 
       begin
-        parsed = URI.parse(url)
+        return Util.urinorm(url)
       rescue URI::InvalidURIError
         return nil
-      else
-        return parsed.normalize.to_s
       end
     end
 

data/test/consumer.rb

@@ -243,12 +243,7 @@ class TestIdRes < Test::Unit::TestCase
       'openid.user_setup_url' => setup_url
     }
 
-    # this isn't really necessary, but we'll make sure the token
-    # generation and extraction stuff works
-    token = consumer.gen_token(consumer_id, server_id, server_url)
-    consumer_id, server_id, server_url = consumer.split_token(token)
     nonce = consumer.create_nonce
-
     ret = consumer.do_id_res(nonce, consumer_id, server_id, server_url, query)
 
     assert_equal(OpenID::SETUP_NEEDED, ret.status)
@@ -278,9 +273,6 @@ class TestCheckAuth < Test::Unit::TestCase
     @server_url = "http://server.com/url"
     @consumer_id = "consu"
     @nonce = @consumer.create_nonce
-    @token = @consumer.gen_token(@consumer_id,
-                                 @server_id,
-                                 @server_url)
     @setup_url = "http://example.com/setup-here"
   end
 

data/test/data/urinorm.txt

@@ -0,0 +1,79 @@
+Already normal form
+http://example.com/
+http://example.com/
+
+Add a trailing slash
+http://example.com
+http://example.com/
+
+Remove an empty port segment
+http://example.com:/
+http://example.com/
+
+Remove a default port segment
+http://example.com:80/
+http://example.com/
+
+Capitalization in host names
+http://wWw.exaMPLE.COm/
+http://www.example.com/
+
+Capitalization in scheme names
+htTP://example.com/
+http://example.com/
+
+Capitalization in percent-escaped reserved characters
+http://example.com/foo%2cbar
+http://example.com/foo%2Cbar
+
+Unescape percent-encoded unreserved characters
+http://example.com/foo%2Dbar%2dbaz
+http://example.com/foo-bar-baz
+
+remove_dot_segments example 1
+http://example.com/a/b/c/./../../g
+http://example.com/a/g
+
+remove_dot_segments example 2
+http://example.com/mid/content=5/../6
+http://example.com/mid/6
+
+remove_dot_segments: single-dot
+http://example.com/a/./b
+http://example.com/a/b
+
+remove_dot_segments: double-dot
+http://example.com/a/../b
+http://example.com/b
+
+remove_dot_segments: leading double-dot
+http://example.com/../b
+http://example.com/b
+
+remove_dot_segments: trailing single-dot
+http://example.com/a/.
+http://example.com/a/
+
+remove_dot_segments: trailing double-dot
+http://example.com/a/..
+http://example.com/
+
+remove_dot_segments: trailing single-dot-slash
+http://example.com/a/./
+http://example.com/a/
+
+remove_dot_segments: trailing double-dot-slash
+http://example.com/a/../
+http://example.com/
+
+Test of all kinds of syntax-based normalization
+hTTPS://a/./b/../b/%63/%7bfoo%7d
+https://a/b/c/%7Bfoo%7D
+
+Unsupported scheme
+ftp://example.com/
+fail
+
+Non-absolute URI
+http:/foo
+fail