RubyGems - ruby-openid - Versions diffs - 1.0 - Mend

ruby-openid 1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

data/COPYING +21 -0
data/INSTALL +34 -0
data/README +67 -0
data/TODO +9 -0
data/examples/README +54 -0
data/examples/cacert.pem +7815 -0
data/examples/consumer.rb +285 -0
data/examples/openid-store/associations/http-localhost_3A3000_2Fserver-EMQbAy3NnHVzA.s0u5KAcplKGzo +6 -0
data/examples/openid-store/auth_key +1 -0
data/examples/rails_active_record_store/README +59 -0
data/examples/rails_active_record_store/XX_add_openidstore.rb +30 -0
data/examples/rails_active_record_store/models/openid_association.rb +12 -0
data/examples/rails_active_record_store/models/openid_nonce.rb +3 -0
data/examples/rails_active_record_store/models/openid_setting.rb +2 -0
data/examples/rails_active_record_store/openid_helper.rb +91 -0
data/examples/rails_active_record_store/openidstore_test.rb +15 -0
data/examples/rails_active_record_store/schema.mysql.sql +22 -0
data/examples/rails_active_record_store/schema.postgresql.sql +21 -0
data/examples/rails_active_record_store/schema.sqlite.sql +21 -0
data/examples/rails_openid_login_generator/USAGE +23 -0
data/examples/rails_openid_login_generator/openid_login_generator.rb +36 -0
data/examples/rails_openid_login_generator/templates/README +116 -0
data/examples/rails_openid_login_generator/templates/controller.rb +116 -0
data/examples/rails_openid_login_generator/templates/controller_test.rb +0 -0
data/examples/rails_openid_login_generator/templates/helper.rb +2 -0
data/examples/rails_openid_login_generator/templates/openid_login_system.rb +87 -0
data/examples/rails_openid_login_generator/templates/user.rb +14 -0
data/examples/rails_openid_login_generator/templates/user_test.rb +0 -0
data/examples/rails_openid_login_generator/templates/users.yml +0 -0
data/examples/rails_openid_login_generator/templates/view_login.rhtml +15 -0
data/examples/rails_openid_login_generator/templates/view_logout.rhtml +10 -0
data/examples/rails_openid_login_generator/templates/view_welcome.rhtml +9 -0
data/examples/rails_server/README +153 -0
data/examples/rails_server/Rakefile +10 -0
data/examples/rails_server/app/controllers/application.rb +4 -0
data/examples/rails_server/app/controllers/login_controller.rb +35 -0
data/examples/rails_server/app/controllers/server_controller.rb +185 -0
data/examples/rails_server/app/helpers/application_helper.rb +3 -0
data/examples/rails_server/app/helpers/login_helper.rb +2 -0
data/examples/rails_server/app/helpers/server_helper.rb +9 -0
data/examples/rails_server/app/views/layouts/server.rhtml +61 -0
data/examples/rails_server/app/views/login/index.rhtml +32 -0
data/examples/rails_server/app/views/server/decide.rhtml +11 -0
data/examples/rails_server/config/boot.rb +19 -0
data/examples/rails_server/config/database.yml +85 -0
data/examples/rails_server/config/environment.rb +53 -0
data/examples/rails_server/config/environments/development.rb +19 -0
data/examples/rails_server/config/environments/production.rb +19 -0
data/examples/rails_server/config/environments/test.rb +19 -0
data/examples/rails_server/config/routes.rb +23 -0
data/examples/rails_server/db/openid-store/associations/http-localhost_2F_7Cnormal-YU.tkND1J4fEZhnuAoT5Zc0yCA0 +6 -0
data/examples/rails_server/doc/README_FOR_APP +2 -0
data/examples/rails_server/log/development.log +6059 -0
data/examples/rails_server/log/production.log +0 -0
data/examples/rails_server/log/server.log +0 -0
data/examples/rails_server/log/test.log +0 -0
data/examples/rails_server/public/404.html +8 -0
data/examples/rails_server/public/500.html +8 -0
data/examples/rails_server/public/dispatch.cgi +12 -0
data/examples/rails_server/public/dispatch.fcgi +26 -0
data/examples/rails_server/public/dispatch.rb +12 -0
data/examples/rails_server/public/favicon.ico +0 -0
data/examples/rails_server/public/images/rails.png +0 -0
data/examples/rails_server/public/javascripts/controls.js +750 -0
data/examples/rails_server/public/javascripts/dragdrop.js +584 -0
data/examples/rails_server/public/javascripts/effects.js +854 -0
data/examples/rails_server/public/javascripts/prototype.js +1785 -0
data/examples/rails_server/public/robots.txt +1 -0
data/examples/rails_server/script/about +3 -0
data/examples/rails_server/script/breakpointer +3 -0
data/examples/rails_server/script/console +3 -0
data/examples/rails_server/script/destroy +3 -0
data/examples/rails_server/script/generate +3 -0
data/examples/rails_server/script/performance/benchmarker +3 -0
data/examples/rails_server/script/performance/profiler +3 -0
data/examples/rails_server/script/plugin +3 -0
data/examples/rails_server/script/process/reaper +3 -0
data/examples/rails_server/script/process/spawner +3 -0
data/examples/rails_server/script/process/spinner +3 -0
data/examples/rails_server/script/runner +3 -0
data/examples/rails_server/script/server +3 -0
data/examples/rails_server/test/functional/login_controller_test.rb +18 -0
data/examples/rails_server/test/functional/server_controller_test.rb +18 -0
data/examples/rails_server/test/test_helper.rb +28 -0
data/lib/hmac-md5.rb +11 -0
data/lib/hmac-rmd160.rb +11 -0
data/lib/hmac-sha1.rb +11 -0
data/lib/hmac-sha2.rb +25 -0
data/lib/hmac.rb +112 -0
data/lib/openid/association.rb +109 -0
data/lib/openid/consumer.rb +928 -0
data/lib/openid/dh.rb +48 -0
data/lib/openid/discovery.rb +89 -0
data/lib/openid/fetchers.rb +119 -0
data/lib/openid/filestore.rb +315 -0
data/lib/openid/htmltokenizer.rb +355 -0
data/lib/openid/parse.rb +23 -0
data/lib/openid/server.rb +951 -0
data/lib/openid/service.rb +135 -0
data/lib/openid/stores.rb +178 -0
data/lib/openid/trustroot.rb +100 -0
data/lib/openid/util.rb +273 -0
data/test/assoc.rb +38 -0
data/test/consumer.rb +384 -0
data/test/dh.rb +20 -0
data/test/extensions.rb +30 -0
data/test/linkparse.rb +305 -0
data/test/runtests.rb +11 -0
data/test/server2.rb +1053 -0
data/test/storetestcase.rb +172 -0
data/test/teststore.rb +23 -0
data/test/trustroot.rb +113 -0
data/test/util.rb +56 -0
metadata +218 -0

data/lib/openid/dh.rb ADDED Viewed

@@ -0,0 +1,48 @@
+require "openid/util"
+module OpenID
+  # Encapsulates a Diffie-Hellman key exchange.  This class is used
+  # internally by both the consumer and server objects.
+  #
+  # Read more about Diffie-Hellman on wikipedia:
+  # http://en.wikipedia.org/wiki/Diffie-Hellman
+  class DiffieHellman
+    @@DEFAULT_MOD = 155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
+    @@DEFAULT_GEN = 2
+    attr_reader :p, :g, :public
+    def DiffieHellman.from_base64(p=nil, g=nil)
+      unless p.nil?
+        p = OpenID::Util.base64_to_num(p)
+      end
+      unless g.nil?
+        g = OpenID::Util.base64_to_num(g)
+      end
+      DiffieHellman.new(p, g)
+    end
+    def initialize(p=nil, g=nil)
+      @p = p.nil? ? @@DEFAULT_MOD : p
+      @g = g.nil? ? @@DEFAULT_GEN : g
+      @private = OpenID::Util.rand(@p-2) + 1
+      @public = OpenID::Util.powermod(@g, @private, @p)
+    end
+    def get_shared_secret(composite)
+      OpenID::Util.powermod(composite, @private, @p)
+    end
+    def xor_secrect(composite, secret)
+      dh_shared = get_shared_secret(composite)
+      sha1_dh_shared = OpenID::Util.sha1( \
+                          OpenID::Util.num_to_str(dh_shared))
+      return OpenID::Util.strxor(secret, sha1_dh_shared)
+    end
+  end
+end

data/lib/openid/discovery.rb ADDED Viewed

@@ -0,0 +1,89 @@
+require "openid/util"
+require "openid/service"
+require "openid/parse"
+# try and use the yadis gem, falling back to system yadis
+begin
+  require 'rubygems'
+  require_gem 'ruby-yadis', ">=0.2.3"
+rescue LoadError
+  require "yadis"
+end
+module OpenID
+  # OpenID::Discovery encapsulates the logic for doing Yadis and OpenID 1.0
+  # style server discovery.  This class uses a session object to manage
+  # a list of tried OpenID servers for implemeting server fallback.  This is
+  # useful the case when a user's primary server(s) is not available, and
+  # will allow then to try again with one of their alternates.
+  class OpenIDDiscovery < Discovery
+    def initialize(session, url, fetcher, suffix=nil)
+      super(session, url, suffix)
+      @fetcher = fetcher
+    end
+    # Pass in a custom filter here if you like.  Otherwise you'll get all
+    # OpenID sso services. filter should produce objects or subclasses of
+    # OpenIDServiceEndpoint.
+    def discover(filter=nil)
+      unless filter
+        filter = lambda {|s| OpenIDServiceEndpoint.from_endpoint(s)}
+      end
+      begin
+        # do yadis discover, filtering out OpenID services
+        return super(filter)
+      rescue YADISParseError, YADISHTTPError
+        # Couldn't do Yadis discovery, fall back on OpenID 1.0 disco
+        status, service = self.openid_discovery(@url)
+        if status == SUCCESS
+          return [service.consumer_id, [service]]
+        end
+      end
+      return [nil, []]
+    end
+    # Perform OpenID 1.0 style link rel discovery.  No string normalization
+    # will be done on +url+.  See Util.normalize_url for information on
+    # textual URL transformations.
+    def openid_discovery(url)
+      ret = @fetcher.get(url)
+      return [HTTP_FAILURE, nil] if ret.nil?
+      consumer_id, data = ret
+      server = nil
+      delegate = nil
+      parse_link_attrs(data) do |attrs|
+        rel = attrs["rel"]
+        if rel == "openid.server" and server.nil?
+          href = attrs["href"]
+          server = href unless href.nil?
+        end
+        if rel == "openid.delegate" and delegate.nil?
+          href = attrs["href"]
+          delegate = href unless href.nil?
+        end
+      end
+      return [PARSE_ERROR, nil] if server.nil?
+      server_id = delegate.nil? ? consumer_id : delegate
+      consumer_id = OpenID::Util.normalize_url(consumer_id)
+      server_id = OpenID::Util.normalize_url(server_id)
+      server_url = OpenID::Util.normalize_url(server)
+      service = OpenID::FakeOpenIDServiceEndpoint.new(consumer_id,
+                                                      server_id,
+                                                      server_url)
+      return [SUCCESS, service]
+    end
+  end
+end

data/lib/openid/fetchers.rb ADDED Viewed

@@ -0,0 +1,119 @@
+require "uri"
+require "openid/util"
+# Try to use net/https, falling back to no SSL support if it is not available
+begin
+  require 'net/https'
+rescue LoadError
+  OpenID::Util.log('WARNING: unable no SSL support found.  Will not be able to fetch HTTPS URLs!')
+  HAS_OPENSSL = false
+  require 'net/http'
+else
+  HAS_OPENSSL = true
+end
+module OpenID
+  # Base Object used by consumer to send http messages
+  class Fetcher
+    # Fetch the content of url, following redirects, and return the
+    # final url and page data.  Return nil on failure.
+    def get(url)
+      raise NotImplementedError
+    end
+    # Post the body string to url. Return the resulting url and page data.
+    # Return nil on failure
+    def post(url, body)
+      raise NotImplementedError
+    end
+  end
+  # Implemetation of OpenID::Fetcher that uses ruby's Net::HTTP
+  class StandardFetcher < Fetcher
+    attr_accessor :ca_path
+    def initialize(read_timeout=20, open_timeout=20)
+      @read_timeout = read_timeout
+      @open_timeout = open_timeout
+      @ca_path = nil
+    end
+    def get(url)
+      resp, final_url = do_get(url)
+      if resp.nil?
+        nil
+      else
+        [final_url, resp.body]
+      end
+    end
+    def post(url, body)
+      begin
+        uri = URI.parse(url)
+        http = get_http_obj(uri)
+        resp = http.post(uri.request_uri, body,
+                         {"Content-type"=>"application/x-www-form-urlencoded"})
+      rescue
+        nil
+      else
+        [uri.to_s, resp.body]
+      end
+    end
+    protected
+    # return a Net::HTTP object ready for use
+    def get_http_obj(uri)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.read_timeout = @read_timeout
+      http.open_timeout = @open_timeout
+      if uri.scheme == 'https'
+        if HAS_OPENSSL
+          http.use_ssl = true
+          if @ca_path
+            http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+            http.ca_file = @ca_path
+          else
+            OpenID::Util.log('WARNING: making https request without verifying server certificate.')
+            http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          end
+        end
+      end
+      return http
+    end
+    # do a GET following redirects limit deep
+    def do_get(url, limit=5)
+      if limit == 0
+        return nil
+      end
+      begin
+        u = URI.parse(url)
+        http = get_http_obj(u)
+        resp = http.get(u.request_uri)
+      rescue
+        nil
+      else
+        case resp
+        when Net::HTTPSuccess then [resp, URI.parse(url).to_s]
+        when Net::HTTPRedirection then do_get(resp["location"], limit-1)
+        else
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/openid/filestore.rb ADDED Viewed

@@ -0,0 +1,315 @@
+require 'fileutils'
+require 'pathname'
+require 'tempfile'
+require 'openid/util'
+require 'openid/stores'
+require 'openid/association'
+module OpenID
+  # Filesystem-based store for OpenID associations and nonces.
+  #
+  # Methods of this object may raise SystemCallError if filestystem
+  # related errors are encountered.
+  class FilesystemStore < Store
+    @@FILENAME_ALLOWED = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-".split("")
+    # Create a FilesystemStore instance, putting all data in +directory+.
+    def initialize(directory)
+      p_dir = Pathname.new(directory)
+      @nonce_dir = p_dir.join('nonces')
+      @association_dir = p_dir.join('associations')
+      @temp_dir = p_dir.join('temp')
+      @auth_key_name = p_dir.join('auth_key')
+      @max_nonce_age = 6 * 60 * 60
+      self.ensure_dir(@nonce_dir)
+      self.ensure_dir(@association_dir)
+      self.ensure_dir(@temp_dir)
+      self.ensure_dir(File.dirname(@auth_key_name))
+    end
+    # Read the auth key from the auth key file. Returns nil if there
+    # is currently no auth key.
+    def read_auth_key
+      f = nil
+      begin
+        f = File.open(@auth_key_name)
+      rescue Errno::ENOENT
+        return nil
+      else
+        return f.read
+      ensure
+        f.close unless f.nil?
+      end
+    end
+    # Generate a new random auth key and safely store it in the location
+    # specified by @auth_key_name
+    def create_auth_key
+      auth_key = OpenID::Util.random_string(@@AUTH_KEY_LEN)
+      f, tmp = mktemp
+      begin
+        begin
+          f.write(auth_key)
+          f.fsync
+        ensure
+          f.close
+        end
+        begin
+          begin
+            File.link(tmp, @auth_key_name)
+          rescue NotImplementedError # no link under windows
+            File.rename(tmp, @auth_key_name)
+          end
+        rescue Errno::EEXIST
+          raise if read_auth_key.nil?
+        end
+      ensure
+        self.remove_if_present(tmp)
+      end
+      auth_key
+    end
+    # Retrieve the auth key from the file specified by
+    # @auth_key_file, creating it if it does not exist
+    def get_auth_key
+      auth_key = read_auth_key
+      if auth_key.nil?
+        auth_key = create_auth_key
+      end
+      if auth_key.length != @@AUTH_KEY_LEN
+        raise StandardError.new("Bad auth key - wrong length")
+      end
+      auth_key
+    end
+    # Create a unique filename for a given server url and handle. The
+    # filename that is returned will contain the domain name from the
+    # server URL for ease of human inspection of the data dir.
+    def get_association_filename(server_url, handle)
+      filename = self.filename_from_url(server_url)
+      filename += '-' + safe64(handle)
+      @association_dir.join(filename)
+    end
+    # Store an association in the assoc directory
+    def store_association(server_url, association)
+      assoc_s = OpenID::Association.serialize(association)
+      filename = get_association_filename(server_url, association.handle)
+      f, tmp = mktemp
+      begin
+        begin
+          f.write(assoc_s)
+          f.fsync
+        ensure
+          f.close
+        end
+        begin
+          File.rename(tmp, filename)
+        rescue Errno::EEXIST
+          begin
+            File.unlink(filename)
+          rescue Errno::ENOENT
+            # do nothing
+          end
+          File.rename(tmp, filename)
+        end
+      rescue
+        self.remove_if_present(tmp)
+        raise
+      end
+    end
+    # Retrieve an association
+    def get_association(server_url, handle=nil)
+      unless handle.nil?
+        filename = get_association_filename(server_url, handle)
+        return _get_association(filename)
+      end
+      # search though existing files looking for a match
+      prefix = filename_from_url(server_url)
+      assoc_filenames = Dir.entries(@association_dir)
+      assoc_filenames = assoc_filenames.find_all { |f| f.index(prefix) == 0 }
+      assocs = assoc_filenames.collect do |f|
+        _get_association(@association_dir.join(f))
+      end
+      assocs = assocs.find_all { |a| not a.nil? }
+      assocs = assocs.sort_by { |a| a.issued }
+      return nil if assocs.empty?
+      return assocs[-1]
+    end
+    def _get_association(filename)
+      begin
+        assoc_file = File.open(filename, "r")
+      rescue Errno::ENOENT
+        return nil
+      else
+        begin
+          assoc_s = assoc_file.read
+        ensure
+          assoc_file.close
+        end
+        begin
+          association = OpenID::Association.deserialize(assoc_s)
+        rescue
+          self.remove_if_present(filename)
+          return nil
+        end
+        # clean up expired associations
+        if association.expires_in == 0
+          self.remove_if_present(filename)
+          return nil
+        else
+          return association
+        end
+      end
+    end
+    # Remove an association if it exists, otherwise do nothing.
+    def remove_association(server_url, handle)
+      assoc = get_association(server_url, handle)
+      if assoc.nil?
+        return false
+      else
+        filename = get_association_filename(server_url, handle)
+        return self.remove_if_present(filename)
+      end
+    end
+    # Mark this nonce as present
+    def store_nonce(nonce)
+      filename = @nonce_dir.join(nonce)
+      File.open(filename, "w").close
+    end
+    # Return whether this nonce is present.  As a side-effect, mark it
+    # as no longer present.
+    def use_nonce(nonce)
+      filename = @nonce_dir.join(nonce)
+      begin
+        st = File.stat(filename)
+      rescue Errno::ENOENT
+        return false
+      else
+        begin
+          File.unlink(filename)
+        rescue Errno::ENOENT
+          return false
+        end
+        nonce_age = Time.now.to_f - st.mtime.to_f
+        nonce_age <= @max_nonce_age
+      end
+    end
+    # Garbage collection routine.  Clean up old associations and nonces.
+    def clean
+      nonces = Dir[@nonce_dir.join("*")]
+      now = Time.now
+      nonces.each do |nonce|
+        filename = nonce_dir.join(nonce)
+        begin
+          st = File.stat(filename)
+        rescue Errno::ENOENT
+          next
+        else
+          nonce_age = now - st.mtime
+          self.remove_if_present(filename) if nonce_age > @max_nonce_age
+        end
+      end
+      association_filenames = Dir[@association_dir.join("*")]
+      association_filenames.each do |af|
+        begin
+          f = File.open(af, 'r')
+        rescue Errno::ENOENT
+          next
+        else
+          begin
+            assoc_s = f.read
+          ensure
+            f.close
+          end
+          begin
+            association = OpenID::Association.deserialize(assoc_s)
+          rescue "VersionError"
+            self.remove_if_present(af)
+            next
+          else
+            self.remove_if_present(af) if association.expires_in == 0
+          end
+        end
+      end
+    end
+    protected
+    # Create a temporary file and return the File object and filename.
+    def mktemp
+      f = Tempfile.new('tmp', @temp_dir)
+      [f, f.path]
+    end
+    # create a safe filename from a url
+    def filename_from_url(url)
+      filename = []
+      url.sub('://','-').split("").each do |c|
+        if @@FILENAME_ALLOWED.index(c)
+          filename << c
+        else
+          filename << sprintf("_%02X", c[0])
+        end
+      end
+      filename.join("")
+    end
+    def safe64(s)
+      s = OpenID::Util.sha1(s)
+      s = OpenID::Util.to_base64(s)
+      s.gsub!('+', '_')
+      s.gsub!('/', '.')
+      s.gsub!('=', '')
+      return s
+    end
+    # remove file if present in filesystem
+    def remove_if_present(filename)
+      begin
+        File.unlink(filename)
+      rescue Errno::ENOENT
+        return false
+      end
+      return true
+    end
+    # ensure that a path exists
+    def ensure_dir(dir_name)
+      FileUtils::mkdir_p(dir_name)
+    end
+  end
+end