ruby-openid 1.0

data/examples/consumer.rb

@@ -0,0 +1,285 @@
+#!/usr/bin/env ruby
+require "cgi"
+require "uri"
+require "pathname"
+
+require "webrick"
+include WEBrick
+
+require "openid/consumer"
+require "openid/filestore"
+require "openid/util"
+
+################ start config ##########################
+# use your desired store implementation here
+store_dir = Pathname.new(Dir.pwd).join("openid-store")
+store = OpenID::FilesystemStore.new(store_dir)
+
+$host = "localhost"
+$port = 2000
+################ end config ############################
+
+if $port.nil?
+  $base_url = "http://#{$host}/"
+else
+  $base_url = "http://#{$host}:#{$port}/"
+end
+
+# NOTE: Please note that a Hash is not a valid session storage type, it is just
+# used here to get something that works.  In a production environment this
+# should be an object representing the CURRENT USER's session, NOT a global
+# hash.  Every user visiting this running consumer.rb will write into this
+# same hash.
+$session = {}
+
+$trust_root = $base_url
+$consumer = OpenID::Consumer.new($session, store)
+
+server = HTTPServer.new(:Port=>$port)
+class SimpleServlet < HTTPServlet::AbstractServlet
+
+  def do_GET(req, res)
+    @req = req
+    @res = res
+
+    begin
+      case req.path
+      when "", "/", "/start"
+        self.render
+      when "/begin"
+        self.do_begin
+      when "/complete"
+        self.do_complete
+      when '/policy'
+        self.do_policy
+      else
+        self.redirect(self.build_url("/"))
+      end
+    ensure
+      @req = nil
+      @res = nil
+    end
+  end 
+
+  def do_begin
+    # First make sure the user entered something
+    openid_url = @req.query.fetch("openid_url", "")
+    if openid_url.empty?
+      self.render("Enter an identity URL to verify",
+                  css_class="error", form_contents=openid_url)
+      return HTTPStatus::Success
+    end    
+
+    # Then ask the openid library to begin the authorization
+    request = $consumer.begin(openid_url)
+   
+    # If the URL was unusable (either because of network conditions,
+    # a server error, or that the response returned was not an OpenID
+    # identity page), the library will return HTTP_FAILURE or PARSE_ERROR.
+    # Let the user know that the URL is unusable.
+    case request.status
+    when OpenID::FAILURE
+      self.render("Unable to find openid server for <q>#{openid_url}</q>",
+                  css_class="error", form_contents=openid_url)
+      return HTTPStatus::Success
+
+    when OpenID::SUCCESS
+      # The URL was a valid identity URL. Now we just need to send a redirect
+      # to the server using the redirect_url the library created for us.
+
+      # check to see if we want to make an SREG request. Generally this will
+      # not take the form of a checkbox, but will be part of your site policy.
+      # For example, you may perform an sreg request if the user appears
+      # to be new to the site.  The checkbox is here for convenience of
+      # testing.
+      do_sreg = @req.query.fetch('sreg', nil)
+
+      if do_sreg and request.uses_extension?('http://openid.net/sreg/1.0')
+        policy_url = self.build_url('/policy')
+        request.add_extension_arg('sreg','policy_url', policy_url)
+        request.add_extension_arg('sreg','required','email,nickname')
+        request.add_extension_arg('sreg','optional','fullname,dob,gender,postcode,country')
+      end
+
+      if do_sreg
+        extra = {'did_sreg' => 'true'}
+      else
+        extra = {}
+      end
+
+      return_to = self.build_url("/complete", extra)
+
+      # build the redirect
+      redirect_url = request.redirect_url($trust_root, return_to)
+
+      # send redirect to the server
+      self.redirect(redirect_url)
+    else
+      # Should never get here
+      raise "Not Reached"
+    end    
+  end
+
+  # handle the redirect from the OpenID server
+  def do_complete
+    # Ask the library to check the response that the server sent
+    # us.  Status is a code indicating the response type. info is
+    # either nil or a string containing more information about
+    # the return type.
+    response = $consumer.complete(@req.query)
+    
+    css_class = "error"
+   
+    did_sreg = @req.query.fetch('did_sreg', nil)
+    sreg_checked = did_sreg ? 'checked="checked"' : ''
+    
+    if response.status == OpenID::FAILURE
+      # In the case of failure, if info is non-nil, it is the
+      # URL that we were verifying. We include it in the error
+      # message to help the user figure out what happened.
+      if response.identity_url
+        message = "Verification of #{response.identity_url} failed"
+      else
+        message = 'Verification failed.'
+      end
+
+      # add on the failure message for a little debug info
+      message += ' '+response.msg.to_s
+
+    elsif response.status == OpenID::SUCCESS
+      # Success means that the transaction completed without
+      # error. If info is nil, it means that the user cancelled
+      # the verification.
+      css_class = "alert"
+
+      message = "You have successfully verified #{response.identity_url} as your identity."
+
+      # get the signed extension sreg arguments
+      sreg = response.extension_response('sreg')
+      if sreg.length > 0
+        message += "<hr/> With simple registration fields:<br/>"
+        sreg.keys.sort.each {|k| message += "<br/><b>#{k}</b>: #{sreg[k]}"}
+      elsif did_sreg
+        message += "<hr/> But the server does not support simple registration."
+      end
+    
+    elsif response.status == OpenID::CANCEL
+      message = "Verification cancelled."
+
+    else
+      message = "Unknown response status: #{response.status}"
+
+    end
+    self.render(message, css_class, response.identity_url, sreg_checked)
+  end
+  
+  def do_policy
+    @res.body = <<END
+<html>
+<head></head>
+<body>
+<h3>Ruby Consumer Simple Registration Policy</h3>
+<p>This consumer makes a simple registration request for the following fields:<br/><br/>
+<b>Required:</b> email, nickname<br/>
+<b>Optional:</b> fullname, dob, gender, postcode, country<br/><br/>
+Nothing is actually done with the data provided, it simply exists to illustrate the simple registration protocol.
+</p>
+</body>
+</html>
+
+END
+  end
+
+  # build a URL relative to the server base URL, with the given query
+  # parameters added.
+  def build_url(action, query=nil)
+    url = URI.parse($base_url).merge(action).to_s
+    url = OpenID::Util.append_args(url, query) unless query.nil?
+    return url
+  end
+   
+  def redirect(url)
+    @res.set_redirect(HTTPStatus::TemporaryRedirect, url)
+  end
+
+  def render(message=nil, css_class="alert", form_contents="", checked="")
+    @res.body = self.page_header
+    unless message.nil?
+      @res.body << "<div class=\"#{css_class}\">#{message}</div>"
+    end
+    @res.body << self.page_footer(form_contents, checked)
+  end
+
+  def page_header(title="Ruby OpenID WEBrick example")
+    header = <<END_OF_STRING
+<html>
+  <head><title>#{title}</title></head>
+  <style type="text/css">
+      * {
+        font-family: verdana,sans-serif;
+      }
+      body {
+        width: 50em;
+        margin: 1em;
+      }
+      div {
+        padding: .5em;
+      }
+      table {
+        margin: none;
+        padding: none;
+      }
+      .alert {
+        border: 1px solid #e7dc2b;
+        background: #fff888;
+      }
+      .error {
+        border: 1px solid #ff0000;
+        background: #ffaaaa;
+      }
+      #verify-form {
+        border: 1px solid #777777;
+        background: #dddddd;
+        margin-top: 1em;
+        padding-bottom: 0em;
+      }
+  </style>
+  <body>
+    <h1>#{title}</h1>
+    <p>
+      This example consumer uses the <a href="http://openidenabled.com/openid/libraries/ruby">Ruby OpenID</a> library
+      on a WEBrick platform.  The example just verifies that the URL that
+      you enter is your identity URL.
+    </p>
+END_OF_STRING
+  end
+
+
+  def page_footer(form_contents="", checked="")
+    form_contents = "" if form_contents == "/"    
+    footer = <<END_OF_STRING
+    <div id="verify-form">
+      <form method="get" action="#{self.build_url("/begin")}">
+        Identity&nbsp;URL:
+      <input type="text" name="openid_url" value="#{form_contents}" />
+        <input type="submit" value="Verify" />
+        <input type="checkbox" id="sregbox" name="sreg" #{checked} />
+        <label for="sregbox">with simple registration</label>
+        <a href="http://www.openidenabled.com/openid/simple-registration-extension" target="_blank">?</a>
+      </form>
+    </div>
+  </body>
+</html>
+END_OF_STRING
+  end
+
+
+
+end
+
+# Bootstrap the example
+server.mount("/", SimpleServlet)
+trap("INT") {server.shutdown}
+print "\nVisit http://#{$host}:#{$port}/ in your browser.\n\n"
+server.start
+

data/examples/openid-store/associations/http-localhost_3A3000_2Fserver-EMQbAy3NnHVzA.s0u5KAcplKGzo

@@ -0,0 +1,6 @@
+version: 2
+handle: {HMAC-SHA1}{4462794a}{fcagVg==}
+secret: GIQrSk+6Upv9EYB6A9EJ1P8jcLY=
+issued: 1147304267
+lifetime: 120960
+assoc_type: HMAC-SHA1

data/examples/openid-store/auth_key

@@ -0,0 +1 @@
+_eK��2�X,�|RG+

data/examples/rails_active_record_store/README

@@ -0,0 +1,59 @@
+=Example SQL store using ActiveRecord 
+
+A store is required by an OpenID server and optionally by the consumer to
+store associations, nonces, and auth key information across requests and
+threads. This directory contains code useful in implementing an
+ActiveRecord based store as an alternative to using the standard
+OpenID::FilesystemOpenIDStore in Ruby on Rails applications.
+
+==Setting up your database
+
+You'll need to add three tables to your databases. There are two
+different ways to do this outlined below.
+
+===Starting from scratch
+
+This directory contains three SQL schema files with the proper SQL for
+adding the necessary OpenID tables in SQLite, MySQL, and Postgresql.
+See the schema.type.sql files for more information.
+
+===Upgrading with a rails migration script
+
+Rails has built-in database migration functionality.  If you are trying
+to add OpenID support into your existing rails application, then
+you'll probably want to use the enclosed migration script,
+XX_add_openidstore.rb.  Put this file in rails app's db/migrate
+directory and replace the XX with the next migration number.  If there
+aren't migrations, the number will be 0.
+
+==The OpenID Models
+
+From the models dir, copy openid_association.rb, openid_nonce.rb, and
+openid_setting.rb into the app/models dir of your rails app.
+
+==The OpenIDStoreHelper
+
+You'll probably have controller for handling openid operations in your
+application (see the other examples).  The control flow of the store
+is handled in a helper.  Look at OpenidHelper in openid_helper.rb,
+which implements the OpenID::OpenIDStore interface.
+
+Copy the openid_helper.rb into your app/helpers and then include the
+OpenidHelper module in your openid controller.  When instantiating
+your OpenIDServer or OpenIDConsumer instance, you'll simply be able to
+pass in self as the store.
+
+==Unit testing your ActiveRecord OpenID store
+
+The Ruby OpenID library comes with a generic StoreTestCase module that
+can be mixed into any store test case.  Copy openidstore_test.rb into
+your rails' app test/unit dir.  Change the line that contains "include
+OpenidHelper" to include your openid helper if it has a different
+name.
+
+You may also need to change the require at the top to get at
+storetestcase.rb.  You won't need to change it if you are using
+the openid library in the vendor directory of your rails' app.
+
+==Questions?
+Contact Brian Ellin a line at brian at janrain dot com

data/examples/rails_active_record_store/XX_add_openidstore.rb

@@ -0,0 +1,30 @@
+class AddOpenidstore < ActiveRecord::Migration
+  def self.up
+    create_table :openid_settings do |t|
+      t.column :setting, :string
+      t.column :value, :binary
+    end
+
+    create_table :openid_associations do |t|
+      # server_url is blob, because URLs could be longer
+      # than db can handle as a string
+      t.column :server_url, :binary
+      t.column :handle,     :string
+      t.column :secret,     :binary
+      t.column :issued,     :integer
+      t.column :lifetime,   :integer
+      t.column :assoc_type, :string
+    end
+
+    create_table :openid_nonces do |t|
+      t.column :nonce,   :string
+      t.column :created, :integer
+    end
+  end
+
+  def self.down
+    drop_table :openid_settings
+    drop_table :openid_associations
+    drop_table :openid_nonces
+  end
+end

data/examples/rails_active_record_store/models/openid_association.rb

@@ -0,0 +1,12 @@
+require 'openid/association'
+
+class OpenidAssociation < ActiveRecord::Base
+
+  def from_record
+    OpenID::Association.new(handle,
+                            secret,
+                            issued,
+                            lifetime,
+                            assoc_type)
+  end
+end

data/examples/rails_active_record_store/models/openid_nonce.rb

@@ -0,0 +1,3 @@
+class OpenidNonce < ActiveRecord::Base
+end
+

data/examples/rails_active_record_store/models/openid_setting.rb

@@ -0,0 +1,2 @@
+class OpenidSetting < ActiveRecord::Base
+end

data/examples/rails_active_record_store/openid_helper.rb

@@ -0,0 +1,91 @@
+require 'openid/association'
+
+module OpenidHelper
+
+  def get_auth_key
+    setting = OpenidSetting.find :first, :conditions => "setting = 'auth_key'"
+    if setting.nil?
+      auth_key = OpenID::Util.random_string(20)
+      setting = OpenidSetting.create :setting => 'auth_key', :value => auth_key
+    end
+    setting.value
+  end
+
+  def store_association(server_url, assoc)
+    remove_association(server_url, assoc.handle)    
+    OpenidAssociation.create(:server_url => server_url,
+                             :handle => assoc.handle,
+                             :secret => assoc.secret,
+                             :issued => assoc.issued,
+                             :lifetime => assoc.lifetime,
+                             :assoc_type => assoc.assoc_type)
+  end
+
+  def get_association(server_url, handle=nil)
+    
+    unless handle.nil?
+      assocs = OpenidAssociation.find(:all, :conditions => ["server_url = ? AND handle = ?", server_url, handle])
+    else
+      assocs = OpenidAssociation.find(:all, :conditions => ["server_url = ?", server_url])
+    end
+
+    return nil if assocs.nil?
+    
+    assocs.reverse!
+
+    assocs.each do |assoc|
+      a = assoc.from_record    
+      if a.expired?
+        assoc.destroy
+      else
+        return a
+      end
+    end
+
+    return nil
+  end
+
+  def remove_association(server_url, handle)
+    assoc = OpenidAssociation.find(:first, :conditions => ["server_url = ? AND handle = ?", server_url, handle])
+    unless assoc.nil?
+      assoc.destroy
+      return true
+      end
+    return false
+  end
+
+  def store_nonce(nonce)
+    use_nonce(nonce)
+    OpenidNonce.create :nonce => nonce, :created => Time.now.to_i
+  end
+
+  def use_nonce(nonce)
+    nonce = OpenidNonce.find(:first, :conditions => ["nonce = ?", nonce])
+    return false if nonce.nil?
+    
+    age = Time.now.to_i - nonce.created    
+    nonce.destroy
+
+    return false if age > (6*60*60) # max nonce age of 6 hours
+    return true
+  end
+
+  def dumb?
+    return false
+  end
+
+  # not part of the api, but useful
+  def gc
+    now = Time.now.to_i
+
+    # remove old nonces
+    nonces = OpenidNonce.find(:all)
+    nonces.each {|n| n.destroy if now - n.created > (6*60*60)} unless nonces.nil?
+
+    # remove expired assocs
+    assocs = OpenidAssociation.find(:all)
+    assocs.each { |a| a.destroy if a.from_record.expired? } unless assocs.nil?
+  end
+
+
+end