RubyGems - ruby-openid - Versions diffs - 1.0 - Mend

ruby-openid 1.0

Potentially problematic release.

This version of ruby-openid might be problematic. Click here for more details.

Files changed (114) hide show

data/COPYING +21 -0
data/INSTALL +34 -0
data/README +67 -0
data/TODO +9 -0
data/examples/README +54 -0
data/examples/cacert.pem +7815 -0
data/examples/consumer.rb +285 -0
data/examples/openid-store/associations/http-localhost_3A3000_2Fserver-EMQbAy3NnHVzA.s0u5KAcplKGzo +6 -0
data/examples/openid-store/auth_key +1 -0
data/examples/rails_active_record_store/README +59 -0
data/examples/rails_active_record_store/XX_add_openidstore.rb +30 -0
data/examples/rails_active_record_store/models/openid_association.rb +12 -0
data/examples/rails_active_record_store/models/openid_nonce.rb +3 -0
data/examples/rails_active_record_store/models/openid_setting.rb +2 -0
data/examples/rails_active_record_store/openid_helper.rb +91 -0
data/examples/rails_active_record_store/openidstore_test.rb +15 -0
data/examples/rails_active_record_store/schema.mysql.sql +22 -0
data/examples/rails_active_record_store/schema.postgresql.sql +21 -0
data/examples/rails_active_record_store/schema.sqlite.sql +21 -0
data/examples/rails_openid_login_generator/USAGE +23 -0
data/examples/rails_openid_login_generator/openid_login_generator.rb +36 -0
data/examples/rails_openid_login_generator/templates/README +116 -0
data/examples/rails_openid_login_generator/templates/controller.rb +116 -0
data/examples/rails_openid_login_generator/templates/controller_test.rb +0 -0
data/examples/rails_openid_login_generator/templates/helper.rb +2 -0
data/examples/rails_openid_login_generator/templates/openid_login_system.rb +87 -0
data/examples/rails_openid_login_generator/templates/user.rb +14 -0
data/examples/rails_openid_login_generator/templates/user_test.rb +0 -0
data/examples/rails_openid_login_generator/templates/users.yml +0 -0
data/examples/rails_openid_login_generator/templates/view_login.rhtml +15 -0
data/examples/rails_openid_login_generator/templates/view_logout.rhtml +10 -0
data/examples/rails_openid_login_generator/templates/view_welcome.rhtml +9 -0
data/examples/rails_server/README +153 -0
data/examples/rails_server/Rakefile +10 -0
data/examples/rails_server/app/controllers/application.rb +4 -0
data/examples/rails_server/app/controllers/login_controller.rb +35 -0
data/examples/rails_server/app/controllers/server_controller.rb +185 -0
data/examples/rails_server/app/helpers/application_helper.rb +3 -0
data/examples/rails_server/app/helpers/login_helper.rb +2 -0
data/examples/rails_server/app/helpers/server_helper.rb +9 -0
data/examples/rails_server/app/views/layouts/server.rhtml +61 -0
data/examples/rails_server/app/views/login/index.rhtml +32 -0
data/examples/rails_server/app/views/server/decide.rhtml +11 -0
data/examples/rails_server/config/boot.rb +19 -0
data/examples/rails_server/config/database.yml +85 -0
data/examples/rails_server/config/environment.rb +53 -0
data/examples/rails_server/config/environments/development.rb +19 -0
data/examples/rails_server/config/environments/production.rb +19 -0
data/examples/rails_server/config/environments/test.rb +19 -0
data/examples/rails_server/config/routes.rb +23 -0
data/examples/rails_server/db/openid-store/associations/http-localhost_2F_7Cnormal-YU.tkND1J4fEZhnuAoT5Zc0yCA0 +6 -0
data/examples/rails_server/doc/README_FOR_APP +2 -0
data/examples/rails_server/log/development.log +6059 -0
data/examples/rails_server/log/production.log +0 -0
data/examples/rails_server/log/server.log +0 -0
data/examples/rails_server/log/test.log +0 -0
data/examples/rails_server/public/404.html +8 -0
data/examples/rails_server/public/500.html +8 -0
data/examples/rails_server/public/dispatch.cgi +12 -0
data/examples/rails_server/public/dispatch.fcgi +26 -0
data/examples/rails_server/public/dispatch.rb +12 -0
data/examples/rails_server/public/favicon.ico +0 -0
data/examples/rails_server/public/images/rails.png +0 -0
data/examples/rails_server/public/javascripts/controls.js +750 -0
data/examples/rails_server/public/javascripts/dragdrop.js +584 -0
data/examples/rails_server/public/javascripts/effects.js +854 -0
data/examples/rails_server/public/javascripts/prototype.js +1785 -0
data/examples/rails_server/public/robots.txt +1 -0
data/examples/rails_server/script/about +3 -0
data/examples/rails_server/script/breakpointer +3 -0
data/examples/rails_server/script/console +3 -0
data/examples/rails_server/script/destroy +3 -0
data/examples/rails_server/script/generate +3 -0
data/examples/rails_server/script/performance/benchmarker +3 -0
data/examples/rails_server/script/performance/profiler +3 -0
data/examples/rails_server/script/plugin +3 -0
data/examples/rails_server/script/process/reaper +3 -0
data/examples/rails_server/script/process/spawner +3 -0
data/examples/rails_server/script/process/spinner +3 -0
data/examples/rails_server/script/runner +3 -0
data/examples/rails_server/script/server +3 -0
data/examples/rails_server/test/functional/login_controller_test.rb +18 -0
data/examples/rails_server/test/functional/server_controller_test.rb +18 -0
data/examples/rails_server/test/test_helper.rb +28 -0
data/lib/hmac-md5.rb +11 -0
data/lib/hmac-rmd160.rb +11 -0
data/lib/hmac-sha1.rb +11 -0
data/lib/hmac-sha2.rb +25 -0
data/lib/hmac.rb +112 -0
data/lib/openid/association.rb +109 -0
data/lib/openid/consumer.rb +928 -0
data/lib/openid/dh.rb +48 -0
data/lib/openid/discovery.rb +89 -0
data/lib/openid/fetchers.rb +119 -0
data/lib/openid/filestore.rb +315 -0
data/lib/openid/htmltokenizer.rb +355 -0
data/lib/openid/parse.rb +23 -0
data/lib/openid/server.rb +951 -0
data/lib/openid/service.rb +135 -0
data/lib/openid/stores.rb +178 -0
data/lib/openid/trustroot.rb +100 -0
data/lib/openid/util.rb +273 -0
data/test/assoc.rb +38 -0
data/test/consumer.rb +384 -0
data/test/dh.rb +20 -0
data/test/extensions.rb +30 -0
data/test/linkparse.rb +305 -0
data/test/runtests.rb +11 -0
data/test/server2.rb +1053 -0
data/test/storetestcase.rb +172 -0
data/test/teststore.rb +23 -0
data/test/trustroot.rb +113 -0
data/test/util.rb +56 -0
metadata +218 -0

data/lib/openid/dh.rb ADDED Viewed

@@ -0,0 +1,48 @@
+require "openid/util"
+module OpenID
+  # Encapsulates a Diffie-Hellman key exchange.  This class is used
+  # internally by both the consumer and server objects.
+  #
+  # Read more about Diffie-Hellman on wikipedia:
+  # http://en.wikipedia.org/wiki/Diffie-Hellman
+  class DiffieHellman
+    @@DEFAULT_MOD = 155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
+    @@DEFAULT_GEN = 2
+    attr_reader :p, :g, :public
+    def DiffieHellman.from_base64(p=nil, g=nil)
+      unless p.nil?
+        p = OpenID::Util.base64_to_num(p)
+      end
+      unless g.nil?
+        g = OpenID::Util.base64_to_num(g)
+      end
+      DiffieHellman.new(p, g)
+    end
+    def initialize(p=nil, g=nil)
+      @p = p.nil? ? @@DEFAULT_MOD : p
+      @g = g.nil? ? @@DEFAULT_GEN : g
+      @private = OpenID::Util.rand(@p-2) + 1
+      @public = OpenID::Util.powermod(@g, @private, @p)
+    end
+    def get_shared_secret(composite)
+      OpenID::Util.powermod(composite, @private, @p)
+    end
+    def xor_secrect(composite, secret)
+      dh_shared = get_shared_secret(composite)
+      sha1_dh_shared = OpenID::Util.sha1( \
+                          OpenID::Util.num_to_str(dh_shared))
+      return OpenID::Util.strxor(secret, sha1_dh_shared)
+    end
+  end
+end

data/lib/openid/discovery.rb ADDED Viewed

@@ -0,0 +1,89 @@
+require "openid/util"
+require "openid/service"
+require "openid/parse"
+# try and use the yadis gem, falling back to system yadis
+begin
+  require 'rubygems'
+  require_gem 'ruby-yadis', ">=0.2.3"
+rescue LoadError
+  require "yadis"
+end
+module OpenID
+  # OpenID::Discovery encapsulates the logic for doing Yadis and OpenID 1.0
+  # style server discovery.  This class uses a session object to manage
+  # a list of tried OpenID servers for implemeting server fallback.  This is
+  # useful the case when a user's primary server(s) is not available, and
+  # will allow then to try again with one of their alternates.
+  class OpenIDDiscovery < Discovery
+    def initialize(session, url, fetcher, suffix=nil)
+      super(session, url, suffix)
+      @fetcher = fetcher
+    end
+    # Pass in a custom filter here if you like.  Otherwise you'll get all
+    # OpenID sso services. filter should produce objects or subclasses of
+    # OpenIDServiceEndpoint.
+    def discover(filter=nil)
+      unless filter
+        filter = lambda {|s| OpenIDServiceEndpoint.from_endpoint(s)}
+      end
+      begin
+        # do yadis discover, filtering out OpenID services
+        return super(filter)
+      rescue YADISParseError, YADISHTTPError
+        # Couldn't do Yadis discovery, fall back on OpenID 1.0 disco
+        status, service = self.openid_discovery(@url)
+        if status == SUCCESS
+          return [service.consumer_id, [service]]
+        end
+      end
+      return [nil, []]
+    end
+    # Perform OpenID 1.0 style link rel discovery.  No string normalization
+    # will be done on +url+.  See Util.normalize_url for information on
+    # textual URL transformations.
+    def openid_discovery(url)
+      ret = @fetcher.get(url)
+      return [HTTP_FAILURE, nil] if ret.nil?
+      consumer_id, data = ret
+      server = nil
+      delegate = nil
+      parse_link_attrs(data) do |attrs|
+        rel = attrs["rel"]
+        if rel == "openid.server" and server.nil?
+          href = attrs["href"]
+          server = href unless href.nil?
+        end
+        if rel == "openid.delegate" and delegate.nil?
+          href = attrs["href"]
+          delegate = href unless href.nil?
+        end
+      end
+      return [PARSE_ERROR, nil] if server.nil?
+      server_id = delegate.nil? ? consumer_id : delegate
+      consumer_id = OpenID::Util.normalize_url(consumer_id)
+      server_id = OpenID::Util.normalize_url(server_id)
+      server_url = OpenID::Util.normalize_url(server)
+      service = OpenID::FakeOpenIDServiceEndpoint.new(consumer_id,
+                                                      server_id,
+                                                      server_url)
+      return [SUCCESS, service]
+    end
+  end
+end

data/lib/openid/fetchers.rb ADDED Viewed

@@ -0,0 +1,119 @@
+require "uri"
+require "openid/util"
+# Try to use net/https, falling back to no SSL support if it is not available
+begin
+  require 'net/https'
+rescue LoadError
+  OpenID::Util.log('WARNING: unable no SSL support found.  Will not be able to fetch HTTPS URLs!')
+  HAS_OPENSSL = false
+  require 'net/http'
+else
+  HAS_OPENSSL = true
+end
+module OpenID
+  # Base Object used by consumer to send http messages
+  class Fetcher
+    # Fetch the content of url, following redirects, and return the
+    # final url and page data.  Return nil on failure.
+    def get(url)
+      raise NotImplementedError
+    end
+    # Post the body string to url. Return the resulting url and page data.
+    # Return nil on failure
+    def post(url, body)
+      raise NotImplementedError
+    end
+  end
+  # Implemetation of OpenID::Fetcher that uses ruby's Net::HTTP
+  class StandardFetcher < Fetcher
+    attr_accessor :ca_path
+    def initialize(read_timeout=20, open_timeout=20)
+      @read_timeout = read_timeout
+      @open_timeout = open_timeout
+      @ca_path = nil
+    end
+    def get(url)
+      resp, final_url = do_get(url)
+      if resp.nil?
+        nil
+      else
+        [final_url, resp.body]
+      end
+    end
+    def post(url, body)
+      begin
+        uri = URI.parse(url)
+        http = get_http_obj(uri)
+        resp = http.post(uri.request_uri, body,
+                         {"Content-type"=>"application/x-www-form-urlencoded"})
+      rescue
+        nil
+      else
+        [uri.to_s, resp.body]
+      end
+    end
+    protected
+    # return a Net::HTTP object ready for use
+    def get_http_obj(uri)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.read_timeout = @read_timeout
+      http.open_timeout = @open_timeout
+      if uri.scheme == 'https'
+        if HAS_OPENSSL
+          http.use_ssl = true
+          if @ca_path
+            http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+            http.ca_file = @ca_path
+          else
+            OpenID::Util.log('WARNING: making https request without verifying server certificate.')
+            http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          end
+        end
+      end
+      return http
+    end
+    # do a GET following redirects limit deep
+    def do_get(url, limit=5)
+      if limit == 0
+        return nil
+      end
+      begin
+        u = URI.parse(url)
+        http = get_http_obj(u)
+        resp = http.get(u.request_uri)
+      rescue
+        nil
+      else
+        case resp
+        when Net::HTTPSuccess then [resp, URI.parse(url).to_s]
+        when Net::HTTPRedirection then do_get(resp["location"], limit-1)
+        else
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/openid/filestore.rb ADDED Viewed

@@ -0,0 +1,315 @@
+require 'fileutils'
+require 'pathname'
+require 'tempfile'
+require 'openid/util'
+require 'openid/stores'
+require 'openid/association'
+module OpenID
+  # Filesystem-based store for OpenID associations and nonces.
+  #
+  # Methods of this object may raise SystemCallError if filestystem
+  # related errors are encountered.
+  class FilesystemStore < Store
+    @@FILENAME_ALLOWED = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-".split("")
+    # Create a FilesystemStore instance, putting all data in +directory+.
+    def initialize(directory)
+      p_dir = Pathname.new(directory)
+      @nonce_dir = p_dir.join('nonces')
+      @association_dir = p_dir.join('associations')
+      @temp_dir = p_dir.join('temp')
+      @auth_key_name = p_dir.join('auth_key')
+      @max_nonce_age = 6 * 60 * 60
+      self.ensure_dir(@nonce_dir)
+      self.ensure_dir(@association_dir)
+      self.ensure_dir(@temp_dir)
+      self.ensure_dir(File.dirname(@auth_key_name))
+    end
+    # Read the auth key from the auth key file. Returns nil if there
+    # is currently no auth key.
+    def read_auth_key
+      f = nil
+      begin
+        f = File.open(@auth_key_name)
+      rescue Errno::ENOENT
+        return nil
+      else
+        return f.read
+      ensure
+        f.close unless f.nil?
+      end
+    end
+    # Generate a new random auth key and safely store it in the location
+    # specified by @auth_key_name
+    def create_auth_key
+      auth_key = OpenID::Util.random_string(@@AUTH_KEY_LEN)
+      f, tmp = mktemp
+      begin
+        begin
+          f.write(auth_key)
+          f.fsync
+        ensure
+          f.close
+        end
+        begin
+          begin
+            File.link(tmp, @auth_key_name)
+          rescue NotImplementedError # no link under windows
+            File.rename(tmp, @auth_key_name)
+          end
+        rescue Errno::EEXIST
+          raise if read_auth_key.nil?
+        end
+      ensure
+        self.remove_if_present(tmp)
+      end
+      auth_key
+    end
+    # Retrieve the auth key from the file specified by
+    # @auth_key_file, creating it if it does not exist
+    def get_auth_key
+      auth_key = read_auth_key
+      if auth_key.nil?
+        auth_key = create_auth_key
+      end
+      if auth_key.length != @@AUTH_KEY_LEN
+        raise StandardError.new("Bad auth key - wrong length")
+      end
+      auth_key
+    end
+    # Create a unique filename for a given server url and handle. The
+    # filename that is returned will contain the domain name from the
+    # server URL for ease of human inspection of the data dir.
+    def get_association_filename(server_url, handle)
+      filename = self.filename_from_url(server_url)
+      filename += '-' + safe64(handle)
+      @association_dir.join(filename)
+    end
+    # Store an association in the assoc directory
+    def store_association(server_url, association)
+      assoc_s = OpenID::Association.serialize(association)
+      filename = get_association_filename(server_url, association.handle)
+      f, tmp = mktemp
+      begin
+        begin
+          f.write(assoc_s)
+          f.fsync
+        ensure
+          f.close
+        end
+        begin
+          File.rename(tmp, filename)
+        rescue Errno::EEXIST
+          begin
+            File.unlink(filename)
+          rescue Errno::ENOENT
+            # do nothing
+          end
+          File.rename(tmp, filename)
+        end
+      rescue
+        self.remove_if_present(tmp)
+        raise
+      end
+    end
+    # Retrieve an association
+    def get_association(server_url, handle=nil)
+      unless handle.nil?
+        filename = get_association_filename(server_url, handle)
+        return _get_association(filename)
+      end
+      # search though existing files looking for a match
+      prefix = filename_from_url(server_url)
+      assoc_filenames = Dir.entries(@association_dir)
+      assoc_filenames = assoc_filenames.find_all { |f| f.index(prefix) == 0 }
+      assocs = assoc_filenames.collect do |f|
+        _get_association(@association_dir.join(f))
+      end
+      assocs = assocs.find_all { |a| not a.nil? }
+      assocs = assocs.sort_by { |a| a.issued }
+      return nil if assocs.empty?
+      return assocs[-1]
+    end
+    def _get_association(filename)
+      begin
+        assoc_file = File.open(filename, "r")
+      rescue Errno::ENOENT
+        return nil
+      else
+        begin
+          assoc_s = assoc_file.read
+        ensure
+          assoc_file.close
+        end
+        begin
+          association = OpenID::Association.deserialize(assoc_s)
+        rescue
+          self.remove_if_present(filename)
+          return nil
+        end
+        # clean up expired associations
+        if association.expires_in == 0
+          self.remove_if_present(filename)
+          return nil
+        else
+          return association
+        end
+      end
+    end
+    # Remove an association if it exists, otherwise do nothing.
+    def remove_association(server_url, handle)
+      assoc = get_association(server_url, handle)
+      if assoc.nil?
+        return false
+      else
+        filename = get_association_filename(server_url, handle)
+        return self.remove_if_present(filename)
+      end
+    end
+    # Mark this nonce as present
+    def store_nonce(nonce)
+      filename = @nonce_dir.join(nonce)
+      File.open(filename, "w").close
+    end
+    # Return whether this nonce is present.  As a side-effect, mark it
+    # as no longer present.
+    def use_nonce(nonce)
+      filename = @nonce_dir.join(nonce)
+      begin
+        st = File.stat(filename)
+      rescue Errno::ENOENT
+        return false
+      else
+        begin
+          File.unlink(filename)
+        rescue Errno::ENOENT
+          return false
+        end
+        nonce_age = Time.now.to_f - st.mtime.to_f
+        nonce_age <= @max_nonce_age
+      end
+    end
+    # Garbage collection routine.  Clean up old associations and nonces.
+    def clean
+      nonces = Dir[@nonce_dir.join("*")]
+      now = Time.now
+      nonces.each do |nonce|
+        filename = nonce_dir.join(nonce)
+        begin
+          st = File.stat(filename)
+        rescue Errno::ENOENT
+          next
+        else
+          nonce_age = now - st.mtime
+          self.remove_if_present(filename) if nonce_age > @max_nonce_age
+        end
+      end
+      association_filenames = Dir[@association_dir.join("*")]
+      association_filenames.each do |af|
+        begin
+          f = File.open(af, 'r')
+        rescue Errno::ENOENT
+          next
+        else
+          begin
+            assoc_s = f.read
+          ensure
+            f.close
+          end
+          begin
+            association = OpenID::Association.deserialize(assoc_s)
+          rescue "VersionError"
+            self.remove_if_present(af)
+            next
+          else
+            self.remove_if_present(af) if association.expires_in == 0
+          end
+        end
+      end
+    end
+    protected
+    # Create a temporary file and return the File object and filename.
+    def mktemp
+      f = Tempfile.new('tmp', @temp_dir)
+      [f, f.path]
+    end
+    # create a safe filename from a url
+    def filename_from_url(url)
+      filename = []
+      url.sub('://','-').split("").each do |c|
+        if @@FILENAME_ALLOWED.index(c)
+          filename << c
+        else
+          filename << sprintf("_%02X", c[0])
+        end
+      end
+      filename.join("")
+    end
+    def safe64(s)
+      s = OpenID::Util.sha1(s)
+      s = OpenID::Util.to_base64(s)
+      s.gsub!('+', '_')
+      s.gsub!('/', '.')
+      s.gsub!('=', '')
+      return s
+    end
+    # remove file if present in filesystem
+    def remove_if_present(filename)
+      begin
+        File.unlink(filename)
+      rescue Errno::ENOENT
+        return false
+      end
+      return true
+    end
+    # ensure that a path exists
+    def ensure_dir(dir_name)
+      FileUtils::mkdir_p(dir_name)
+    end
+  end
+end