ruby-openid 1.0

data/examples/rails_openid_login_generator/templates/user.rb

@@ -0,0 +1,14 @@
+
+# this model expects a certain database layout and its based on the name/login pattern. 
+class User < ActiveRecord::Base
+
+  def self.get(openid_url)
+    find_first(["openid_url = ?", openid_url])
+  end  
+  
+
+  protected
+  
+  validates_uniqueness_of :openid_url, :on => :create
+  validates_presence_of :openid_url
+end

data/examples/rails_openid_login_generator/templates/view_login.rhtml

@@ -0,0 +1,15 @@
+<%%= start_form_tag :action=> "login" %>
+
+<div title="Account login" id="loginform" class="form">
+    <h3>Please login</h3>
+    
+    <label for="user_login">Login:</label><br/>
+    <input type="text" name="openid_url" id="openid_url" size="30" value="<%= @login %>"/><br/>
+
+    <br/>
+    <input type="submit" name="login" value="Login &#187;" class="primary" />
+
+</div>
+
+<%%= end_form_tag %>
+

data/examples/rails_openid_login_generator/templates/view_logout.rhtml

@@ -0,0 +1,10 @@
+
+<div class="memo">
+    <h3>Logoff</h3>
+
+    <p>You are now logged out of the system...</p>
+      
+    <%%= link_to "&#171; login", :action=>"login"%>  
+      
+</div>
+

data/examples/rails_openid_login_generator/templates/view_welcome.rhtml

@@ -0,0 +1,9 @@
+
+<div class="memo">
+    <h3>Welcome</h3>
+
+    <p>You are now logged into the system...</p>
+      
+    <%%= link_to "&#171; logout", :action=>"logout"%>  
+      
+</div>

data/examples/rails_server/README

@@ -0,0 +1,153 @@
+== Welcome to Rails
+
+Rails is a web-application and persistence framework that includes everything
+needed to create database-backed web-applications according to the
+Model-View-Control pattern of separation. This pattern splits the view (also
+called the presentation) into "dumb" templates that are primarily responsible
+for inserting pre-built data in between HTML tags. The model contains the
+"smart" domain objects (such as Account, Product, Person, Post) that holds all
+the business logic and knows how to persist themselves to a database. The
+controller handles the incoming requests (such as Save New Account, Update
+Product, Show Post) by manipulating the model and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in 
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails.  You can read more about Action Pack in 
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting started
+
+1. Run the WEBrick servlet: <tt>ruby script/server</tt> (run with --help for options)
+   ...or if you have lighttpd installed: <tt>ruby script/lighttpd</tt> (it's faster)
+2. Go to http://localhost:3000/ and get "Congratulations, you've put Ruby on Rails!"
+3. Follow the guidelines on the "Congratulations, you've put Ruby on Rails!" screen
+
+
+== Example for Apache conf
+
+  <VirtualHost *:80>
+    ServerName rails
+    DocumentRoot /path/application/public/
+    ErrorLog /path/application/log/server.log
+  
+    <Directory /path/application/public/>
+      Options ExecCGI FollowSymLinks
+      AllowOverride all
+      Allow from all
+      Order allow,deny
+    </Directory>
+  </VirtualHost>
+
+NOTE: Be sure that CGIs can be executed in that directory as well. So ExecCGI
+should be on and ".cgi" should respond. All requests from 127.0.0.1 go
+through CGI, so no Apache restart is necessary for changes. All other requests
+go through FCGI (or mod_ruby), which requires a restart to show changes.
+
+
+== Debugging Rails
+
+Have "tail -f" commands running on both the server.log, production.log, and
+test.log files. Rails will automatically display debugging and runtime
+information to these files. Debugging info will also be shown in the browser
+on requests from 127.0.0.1.
+
+
+== Breakpoints
+
+Breakpoint support is available through the script/breakpointer client. This
+means that you can break out of execution at any point in the code, investigate
+and change the model, AND then resume execution! Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.find_all
+      breakpoint "Breaking out from the list"
+    end
+  end
+  
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the breakpointer window. Here you can do things like:
+
+Executing breakpoint "Breaking out from the list" at .../webrick_server.rb:16 in 'breakpoint'
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8 @attributes={\"title\"=>nil, \"body\"=>nil, \"id\"=>\"1\"}>, 
+       #<Post:0x14a6620 @attributes={\"title\"=>\"Rails you know!\", \"body\"=>\"Only ten..\", \"id\"=>\"2\"}>]"
+  >> @posts.first.title = "hello from a breakpoint"
+  => "hello from a breakpoint"
+
+...and even better is that you can examine how your runtime objects actually work:
+
+  >> f = @posts.first 
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you press CTRL-D
+
+
+== Console
+
+You can interact with the domain model by starting the console through script/console. 
+Here you'll have all parts of the application configured, just like it is when the
+application is running. You can inspect domain models, change values, and save to the
+database. Starting the script without arguments will launch it in the development environment.
+Passing an argument will specify a different environment, like <tt>console production</tt>.
+
+
+== Description of contents
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/controllers
+  Holds controllers that should be named like weblog_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb.
+  Most models will descend from ActiveRecord::Base.
+  
+app/views
+  Holds the template files for the view that should be named like
+  weblog/index.rhtml for the WeblogController#index action. All views use eRuby
+  syntax. This directory can also be used to keep stylesheets, images, and so on
+  that can be symlinked to public.
+  
+app/helpers
+  Holds view helpers that should be named like weblog_helper.rb.
+
+config
+  Configuration files for the Rails environment, the routing map, the database, and other dependencies.
+
+components
+  Self-contained mini-applications that can bundle together controllers, models, and views.
+
+lib
+  Application specific libraries. Basically, any kind of custom code that doesn't
+  belong under controllers, models, or helpers. This directory is in the load path.
+    
+public
+  The directory available for the web server. Contains subdirectories for images, stylesheets,
+  and javascripts. Also contains the dispatchers and the default HTML files.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins subdirectory.
+  This directory is in the load path.

data/examples/rails_server/Rakefile

@@ -0,0 +1,10 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/switchtower.rake, and they will automatically be available to Rake.
+
+require(File.join(File.dirname(__FILE__), 'config', 'boot'))
+
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+require 'tasks/rails'

data/examples/rails_server/app/controllers/application.rb

@@ -0,0 +1,4 @@
+# Filters added to this controller will be run for all controllers in the application.
+# Likewise, all the methods added will be available for all controllers.
+class ApplicationController < ActionController::Base
+end

data/examples/rails_server/app/controllers/login_controller.rb

@@ -0,0 +1,35 @@
+# Controller for handling the login, logout process for "users" of our
+# little server.  Users have no password.  This is just an example.
+
+class LoginController < ApplicationController
+
+  layout 'server'
+
+  def index
+    # just show the login page
+  end
+
+  def submit
+    user = @params[:username]
+
+    # if we get a user, log them in by putting their username in
+    # the session hash.
+    unless user.nil?
+      session[:username] = user unless user.nil?
+      session[:approvals] = []
+      flash[:notice] = "Your OpenID URL is <b>http://localhost:3000/user/#{user}</b><br/><br/>Proceed to step 2 below."
+    else
+      flash[:error] = "Sorry, couldn't log you in. Try again."
+    end
+    
+    redirect_to :action => 'index'
+  end
+
+  def logout
+    # delete the username from the session hash
+    session[:username] = nil
+    session[:approvals] = nil
+    redirect_to :action => 'index'
+  end
+
+end

data/examples/rails_server/app/controllers/server_controller.rb

@@ -0,0 +1,185 @@
+require 'pathname'
+
+require 'openid/filestore'
+require 'openid/server'
+
+class ServerController < ApplicationController
+
+  include ServerHelper
+  include OpenID::Server
+  layout nil
+  
+  def index
+    begin
+      request = server.decode_request(@params)
+    rescue ProtocolError => e
+      # invalid openid request, so just display a page with an error message
+      render_text e.to_s
+      return
+    end
+      
+    # no openid.mode was given
+    unless request
+      render_text "This is an OpenID server endpoint."
+      return
+    end
+    
+    if request.kind_of?(CheckIDRequest)
+
+      if self.is_authorized(request.identity_url, request.trust_root)
+        response = request.answer(true)
+        
+        # add the sreg response if requested
+        self.add_sreg(request, response)
+
+      elsif request.immediate
+        server_url = url_for :action => 'index'
+        response = request.answer(false, server_url)
+        
+      else
+        @session[:last_request] = request
+        @request = request
+        flash[:notice] = "Do you trust this site with your identity?"
+        render :template => 'server/decide', :layout => 'server'
+        return
+      end
+
+    else
+      response = server.handle_request(request)
+    end
+  
+    self.render_response(response)
+  end
+
+  def user_page
+    # Yadis content-negotiation: we want to return the xrds if asked for.
+    accept = request.env['HTTP_ACCEPT']
+    
+    # This is not technically correct, and should eventually be updated
+    # to do real Accept header parsing and logic.  Though I expect it will work
+    # 99% of the time.
+    if accept and accept.include?('application/xrds+xml')
+      render_xrds
+      return
+    end
+
+    # content negotiation failed, so just render the user page    
+    xrds_url = url_for(:controller=>'user',:action=>@params[:username])+'/xrds'
+    identity_page = <<EOS
+<html><head>
+<meta http-equiv="X-XRDS-Location" content="#{xrds_url}" />
+<link rel="openid.server" href="#{url_for :action => 'index'}" />
+</head><body><p>OpenID identity page for #{@params[:username]}</p>
+</body></html>
+EOS
+
+    # Also add the Yadis location header, so that they don't have
+    # to parse the html unless absolutely necessary.
+    response.headers['X-XRDS-Location'] = xrds_url
+    render_text identity_page
+  end
+
+  def xrds
+    render_xrds
+  end
+
+  def decision
+    request = @session[:last_request]
+    @session[:last_request] = nil
+
+    if @params[:yes].nil?
+      redirect_to request.cancel_url
+      return
+    else
+      session[:approvals] << request.trust_root
+      response = request.answer(true)
+      self.add_sreg(request, response)
+      return self.render_response(response)
+    end
+  end
+
+  protected
+
+  def server
+    if @server.nil?
+      dir = Pathname.new(RAILS_ROOT).join('db').join('openid-store')
+      store = OpenID::FilesystemStore.new(dir)
+      @server = Server.new(store)
+    end
+    return @server
+  end
+
+  def approved(trust_root)
+    return false if session[:approvals].nil?
+    return session[:approvals].member?(trust_root)
+  end
+
+  def is_authorized(identity_url, trust_root)
+    return (session[:username] and (identity_url == url_for_user) and self.approved(trust_root))
+  end
+
+  def render_xrds
+    yadis = <<EOS
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+    xmlns:xrds="xri://$xrds"
+    xmlns:openid="http://openid.net/xmlns/1.0"
+    xmlns="xri://$xrd*($v*2.0)">
+  <XRD>
+    <Service priority="1">
+      <Type>http://openid.net/signon/1.0</Type>
+      <Type>http://openid.net/sreg/1.0</Type>
+      <URI>#{url_for(:controller => 'server')}</URI>
+    </Service>
+  </XRD>
+</xrds:XRDS>
+EOS
+
+    response.headers['content-type'] = 'application/xrds+xml'
+    render_text yadis
+  end  
+
+  def add_sreg(request, response)
+    # Your code should examine request.query
+    # for openid.sreg.required, openid.sreg.optional, and
+    # openid.sreg.policy_url, and generate add fields to your response
+    # accordingly. For this example, we'll just see if there are any
+    # sreg args and add some sreg data to the response.  Take note,
+    # that this does not actually respect the sreg query, it just sends
+    # back some fake sreg data.  Your implemetation should be better! :)
+
+    required = request.query['openid.sreg.required']
+    optional = request.query['openid.sreg.optional']
+    policy_url = request.query['openid.sreg.policy_url']
+
+    if required or optional or policy_url
+      # this should be taken out of the user's profile,
+      # but since we don't have one lets just make up some data.
+      # Also, the user should be able to approve the transfer
+      # and modify each field if she likes.
+      sreg_fields = {
+        'email' => 'mayor@example.com',
+        'nickname' => 'Mayor McCheese'
+      }    
+      response.add_fields('sreg', sreg_fields)
+    end
+
+  end
+
+  def render_response(response)    
+    web_response = server.encode_response(response)
+
+    case web_response.code
+    when HTTP_OK
+      render_text web_response.body, :status => 200           
+
+    when HTTP_REDIRECT
+      redirect_to web_response.redirect_url
+
+    else
+      render_text web_response.body, :status => 400
+    end   
+  end
+
+
+end