ruby-openid 1.0

data/examples/rails_active_record_store/openidstore_test.rb

@@ -0,0 +1,15 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+# ugly way to get at StoreTestCase module
+require File.dirname(__FILE__) + '/../../vendor/openid/test/storetestcase'
+
+class OpenidTest < Test::Unit::TestCase
+
+  include OpenidHelper
+  include StoreTestCase
+
+  def setup
+    @store = self
+  end
+  
+end

data/examples/rails_active_record_store/schema.mysql.sql

@@ -0,0 +1,22 @@
+CREATE TABLE openid_associations (
+  `id` int(11) DEFAULT NULL auto_increment PRIMARY KEY,
+  `server_url` blob,
+  `handle` varchar(255),
+  `secret` blob,
+  `issued` int(11),
+  `lifetime` int(11),
+  `assoc_type` varchar(255)
+) ENGINE=InnoDB;
+
+CREATE TABLE openid_nonces (
+  `id` int(11) DEFAULT NULL auto_increment PRIMARY KEY,
+  `nonce` varchar(255),
+  `created` int(11)
+) ENGINE=InnoDB;
+
+CREATE TABLE openid_settings (
+  `id` int(11) DEFAULT NULL auto_increment PRIMARY KEY,
+  `setting` varchar(255),
+  `value` blob
+) ENGINE=InnoDB;
+

data/examples/rails_active_record_store/schema.postgresql.sql

@@ -0,0 +1,21 @@
+CREATE TABLE openid_associations (
+  "id" serial primary key,
+  "server_url" bytea,
+  "handle" character varying(255),
+  "secret" bytea,
+  "issued" integer,
+  "lifetime" integer,
+  "assoc_type" character varying(255)
+);
+
+CREATE TABLE openid_nonces (
+  "id" serial primary key,
+  "nonce" character varying(255),
+  "created" integer
+);
+
+CREATE TABLE openid_settings (
+  "id" serial primary key,
+  "setting" character varying(255),
+  "value" bytea
+);

data/examples/rails_active_record_store/schema.sqlite.sql

@@ -0,0 +1,21 @@
+CREATE TABLE openid_associations (
+  "id" INTEGER PRIMARY KEY NOT NULL,
+  "server_url" blob,
+  "handle" varchar(255),
+  "secret" blob,
+  "issued" integer,
+  "lifetime" integer,
+  "assoc_type" varchar(255)
+);
+
+CREATE TABLE openid_nonces (
+  "id" INTEGER PRIMARY KEY NOT NULL,
+  "nonce" varchar(255),
+  "created" integer
+);
+
+CREATE TABLE openid_settings (
+  "id" INTEGER PRIMARY KEY NOT NULL,
+  "setting" varchar(255),
+  "value" blob
+);

data/examples/rails_openid_login_generator/USAGE

@@ -0,0 +1,23 @@
+NAME
+     openid_login - creates a functional openid login system
+
+SYNOPSIS
+     openid_login [Controller name]
+     
+     Good names are Account Myaccount Security
+
+DESCRIPTION
+     This generator creates a general purpose login system.
+
+     Included:
+      - a User model which stores OpenID authenticated users
+      - a Controller with login, welcome and logoff actions
+      - a mixin which lets you easily add advanced authentication 
+        features to your abstract base controller
+
+            
+EXAMPLE
+      ./script/generate openid_login Account
+
+     This will generate an Account controller with login and logout methods. 
+     The model is always called User 

data/examples/rails_openid_login_generator/openid_login_generator.rb

@@ -0,0 +1,36 @@
+class OpenidLoginGenerator < Rails::Generator::NamedBase
+  def manifest
+    record do |m|
+      
+      # Login module, controller class, functional test, and helper.
+      m.template "openid_login_system.rb", "lib/openid_login_system.rb"
+      m.template "controller.rb", File.join("app/controllers", class_path, "#{file_name}_controller.rb")
+      m.template "controller_test.rb", File.join("test/functional", class_path, "#{file_name}_controller_test.rb")
+      m.template "helper.rb", File.join("app/helpers", class_path, "#{file_name}_helper.rb")
+
+      # Model class, unit test, fixtures, and example schema.
+      m.template "user.rb", "app/models/user.rb"
+      m.template "user_test.rb", "test/unit/user_test.rb"
+      m.template "users.yml", "test/fixtures/users.yml"
+
+      # Layout and stylesheet.
+      m.template "scaffold:layout.rhtml", "app/views/layouts/scaffold.rhtml"
+      m.template "scaffold:style.css", "public/stylesheets/scaffold.css"
+
+      # Views. 
+      m.directory File.join("app/views", class_path, file_name)
+      login_views.each do |action|
+        m.template "view_#{action}.rhtml",
+          File.join("app/views", class_path, file_name, "#{action}.rhtml")
+      end
+
+      m.template "README", "README_LOGIN"
+    end
+  end
+
+  attr_accessor :controller_class_name
+  
+  def login_views
+    %w(welcome login logout)
+  end
+end

data/examples/rails_openid_login_generator/templates/README

@@ -0,0 +1,116 @@
+== About
+
+This is a port of the standard LoginGenerator to use OpenID for
+authentication.  It is distributed with the Ruby OpenID library.
+
+Read more at:
+* http://openidenabled.com
+* http://openidenabled.com/openid/libraries/ruby
+* http://openid.net
+
+== Installation
+
+If you are reading this, then you have installed the openid_login
+system, but there are still a few things you have to do
+manually. First open your app/controllers/application.rb and add
+
+  require_dependency "openid_login_system"
+
+to the top of the file and include the login system with
+
+  include OpenidLoginSystem 
+
+The beginning of your ApplicationController.
+It should look something like this : 
+
+  require_dependency "openid_login_system"
+
+  class ApplicationController < ActionController::Base
+    include OpenidLoginSystem
+    model :user
+
+After you have done the modifications the the AbstractController you can import
+the user model into the database. This model is meant as an example and you
+should extend it. 
+
+The model :user is required when you are hitting problems to the degree of
+"Session could not be restored becuase not all items in it are known"
+
+== Requirements
+
+You need a database table corresponding to the User model. 
+
+  mysql syntax:
+  CREATE TABLE users (
+    id int(11) NOT NULL auto_increment,
+    openid_url varchar(256) default NULL,
+    PRIMARY KEY  (id)
+  );
+�
+  postgres :
+  CREATE TABLE "users" (
+  �"id" SERIAL NOT NULL UNIQUE,
+  �"openid_url" VARCHAR(256),
+  �PRIMARY KEY("id")
+  ) WITH OIDS;
+
+  sqlite:
+  CREATE TABLE 'users' (
+    'id' INTEGER PRIMARY KEY NOT NULL,
+    'openid_url' VARCHAR(256) DEFAULT NULL
+  );
+
+Of course your user model can have any amount of extra fields. This is just a
+starting point
+
+== How to use it 
+
+Now you can go around and happily add "before_filter :login_required" to the
+controllers which you would like to protect. 
+
+After integrating the login system with your rails application
+navigate to your new controller's login method. There you may login
+which will create a new User object if you've never logged in
+before. After you are done you should have a look at your DB, and
+you'll see the record for your User with the openid_url you entered.
+
+
+== Tips & Tricks
+
+How do I...
+
+  ... access the user who is currently logged in
+
+  A: You can get the user id from the session using @session[:user_id]
+     Example: 
+	
+	@session[:user_id] 
+
+       To get the User object:
+
+	user = User.find(@session[:user_id])
+
+      	The OpenidController also has a find_user method
+     	which will return the User object of the logged in user, or nil
+	if no user is logged in.
+	
+
+  ... restrict access to only a few methods? 
+  
+  A: Use before_filters build in scoping. 
+     Example: 
+       before_filter :login_required, :only => [:myaccount, :changepassword]
+       before_filter :login_required, :except => [:index]
+     
+  ... check if a user is logged-in in my views?
+  
+  A: @session[:user_id] will tell you. Here is an example helper which you can use to make this more pretty:
+     Example: 
+       def user?
+         !@session[:user_id].nil?
+       end
+
+
+
+
+

data/examples/rails_openid_login_generator/templates/controller.rb

@@ -0,0 +1,116 @@
+require "pathname"
+require "cgi"
+
+require "openid/filestore"
+require "openid/consumer"
+
+class <%= class_name %>Controller < ApplicationController
+  layout  'scaffold'
+  
+  # process the login request, disover the openid server, and
+  # then redirect.
+  def login
+    openid_url = @params[:openid_url]
+
+    if @request.post?
+      request = consumer.begin(openid_url)
+
+      p 'XXX', request
+
+      case request.status
+      when OpenID::SUCCESS
+        return_to = url_for(:action=> 'complete')
+        trust_root = url_for(:controller=>'')
+
+        url = request.redirect_url(trust_root, return_to)
+        p 'REDIRECTURL', url
+
+        redirect_to(url)
+
+        p 'REDIRECT SENT', @session
+        return
+
+      when OpenID::FAILURE
+        escaped_url = CGI::escape(openid_url)
+        flash[:notice] = "Could not find OpenID server for #{escaped_url}"
+        
+      else
+        flash[:notice] = "An unknown error occured."
+
+      end      
+    end    
+
+    p 'Done'
+
+  end
+
+  # handle the openid server response
+  def complete
+    token = @params[:token]
+    
+    response = consumer.complete(@params)
+    
+    case response.status
+    when OpenID::SUCCESS
+
+      @user = User.get(response.identity_url)
+      
+      # create user object if one does not exist
+      if @user.nil?
+        @user = User.new(:openid_url => response.identity_url)
+        @user.save
+      end
+
+      # storing both the openid_url and user id in the session for for quick
+      # access to both bits of information.  Change as needed.
+      @session[:user_id] = @user.id
+
+      flash[:notice] = "Logged in as #{CGI::escape(response.identity_url)}"
+       
+      redirect_to :action => "welcome"
+      return
+
+    when OpenID::FAILURE
+      if response.identity_url
+        flash[:notice] = "Verification of #{CGI::escape(response.identity_url)} failed."
+
+      else
+        flash[:notice] = 'Verification failed.'
+      end
+
+    when OpenID::CANCEL
+      flash[:notice] = 'Verification cancelled.'
+
+    else
+      flash[:notice] = 'Unknown response from OpenID server.'
+    end
+  
+    redirect_to :action => 'login'
+  end
+  
+  def logout
+    @session[:user_id] = nil
+  end
+    
+  def welcome
+  end
+
+  private
+
+  # Get the OpenID::Consumer object.
+  def consumer
+    # create the OpenID store for storing associations and nonces,
+    # putting it in your app's db directory
+    store_dir = Pathname.new(RAILS_ROOT).join('db').join('openid-store')
+    store = OpenID::FilesystemStore.new(store_dir)
+
+    return OpenID::Consumer.new(@session, store)
+  end
+
+  # get the logged in user object
+  def find_user
+    return nil if session[:user_id].nil?
+    User.find(session[:user_id])
+  end
+  
+end

data/examples/rails_openid_login_generator/templates/helper.rb

@@ -0,0 +1,2 @@
+module <%= class_name %>Helper
+end

data/examples/rails_openid_login_generator/templates/openid_login_system.rb

@@ -0,0 +1,87 @@
+require_dependency "user"
+
+module OpenidLoginSystem 
+  
+  protected
+  
+  # overwrite this if you want to restrict access to only a few actions
+  # or if you want to check if the user has the correct rights  
+  # example:
+  #
+  #  # only allow nonbobs
+  #  def authorize?(user)
+  #    user.login != "bob"
+  #  end
+  def authorize?(user)
+     true
+  end
+  
+  # overwrite this method if you only want to protect certain actions of the controller
+  # example:
+  # 
+  #  # don't protect the login and the about method
+  #  def protect?(action)
+  #    if ['action', 'about'].include?(action)
+  #       return false
+  #    else
+  #       return true
+  #    end
+  #  end
+  def protect?(action)
+    true
+  end
+   
+  # login_required filter. add 
+  #
+  #   before_filter :login_required
+  #
+  # if the controller should be under any rights management. 
+  # for finer access control you can overwrite
+  #   
+  #   def authorize?(user)
+  # 
+  def login_required
+    
+    if not protect?(action_name)
+      return true  
+    end
+
+    if @session[:user_id] and authorize?(User.find(@session[:user_id]))
+      return true
+    end
+
+    # store current location so that we can 
+    # come back after the user logged in
+    store_location
+  
+    # call overwriteable reaction to unauthorized access
+    access_denied
+    return false 
+  end
+
+  # overwrite if you want to have special behavior in case the user is not authorized
+  # to access the current operation. 
+  # the default action is to redirect to the login screen
+  # example use :
+  # a popup window might just close itself for instance
+  def access_denied
+    redirect_to :controller=>"/<%= file_name %>", :action =>"login"
+  end  
+  
+  # store current uri in  the session.
+  # we can return to this location by calling return_location
+  def store_location
+    @session[:return_to] = @request.request_uri
+  end
+
+  # move to the last store_location call or to the passed default one
+  def redirect_back_or_default(default)
+    if @session[:return_to].nil?
+      redirect_to default
+    else
+      redirect_to_url @session[:return_to]
+      @session[:return_to] = nil
+    end
+  end
+
+end