ruby-openid 1.1.4 → 2.0.1

data/lib/openid/extensions/sreg.rb

@@ -0,0 +1,275 @@
+require 'openid/extension'
+require 'openid/util'
+require 'openid/message'
+
+module OpenID
+  module SReg
+    DATA_FIELDS = {
+      'fullname'=>'Full Name',
+      'nickname'=>'Nickname',
+      'dob'=>'Date of Birth',
+      'email'=>'E-mail Address',
+      'gender'=>'Gender',
+      'postcode'=>'Postal Code',
+      'country'=>'Country',
+      'language'=>'Language',
+      'timezone'=>'Time Zone',
+    }
+
+    NS_URI_1_0 = 'http://openid.net/sreg/1.0'
+    NS_URI_1_1 = 'http://openid.net/extensions/sreg/1.1'
+    NS_URI = NS_URI_1_1
+
+    begin
+      Message.register_namespace_alias(NS_URI_1_1, 'sreg')
+    rescue NamespaceAliasRegistrationError => e
+      Util.log(e)
+    end
+
+    # raise ArgumentError if fieldname is not in the defined sreg fields
+    def OpenID.check_sreg_field_name(fieldname)
+      unless DATA_FIELDS.member? fieldname
+        raise ArgumentError, "#{fieldname} is not a defined simple registration field"
+      end
+    end
+
+    # Does the given endpoint advertise support for simple registration?
+    def OpenID.supports_sreg?(endpoint)
+      endpoint.uses_extension(NS_URI_1_1) || endpoint.uses_extension(NS_URI_1_0)
+    end
+
+    # Extract the simple registration namespace URI from the given
+    # OpenID message. Handles OpenID 1 and 2, as well as both sreg
+    # namespace URIs found in the wild, as well as missing namespace
+    # definitions (for OpenID 1)
+    def OpenID.get_sreg_ns(message)
+      [NS_URI_1_1, NS_URI_1_0].each{|ns|
+        if message.namespaces.get_alias(ns)
+          return ns
+        end
+      }
+      # try to add an alias, since we didn't find one
+      ns = NS_URI_1_1
+      begin
+        message.namespaces.add_alias(ns, 'sreg')
+      rescue IndexError
+        raise NamespaceError
+      end
+      return ns
+    end
+
+    # The simple registration namespace was not found and could not
+    # be created using the expected name (there's another extension
+    # using the name 'sreg')
+    #
+    # This is not <em>illegal</em>, for OpenID 2, although it probably
+    # indicates a problem, since it's not expected that other extensions
+    # will re-use the alias that is in use for OpenID 1.
+    #
+    # If this is an OpenID 1 request, then there is no recourse. This
+    # should not happen unless some code has modified the namespaces for
+    # the message that is being processed.
+    class NamespaceError < ArgumentError
+    end
+
+    # An object to hold the state of a simple registration request.
+    class Request < Extension
+      attr_reader :optional, :required, :ns_uri
+      attr_accessor :policy_url
+      def initialize(required = nil, optional = nil, policy_url = nil, ns_uri = NS_URI)
+        super()
+
+        @policy_url = policy_url
+        @ns_uri = ns_uri
+        @ns_alias = 'sreg'
+        @required = []
+        @optional = []
+
+        if required
+          request_fields(required, true, true)
+        end
+        if optional
+          request_fields(optional, false, true)
+        end
+      end
+
+      # Create a simple registration request that contains the
+      # fields that were requested in the OpenID request with the
+      # given arguments
+      # Takes an OpenID::CheckIDRequest, returns an OpenID::Sreg::Request
+      # return nil if the extension was not requested.
+      def self.from_openid_request(request)
+        # Since we're going to mess with namespace URI mapping, don't
+        # mutate the object that was passed in.
+        message = request.message.copy
+        ns_uri = OpenID::get_sreg_ns(message)
+        args = message.get_args(ns_uri)
+        return nil if args == {}
+        req = new(nil,nil,nil,ns_uri)
+        req.parse_extension_args(args)
+        return req
+      end
+
+      # Parse the unqualified simple registration request
+      # parameters and add them to this object.
+      #
+      # This method is essentially the inverse of
+      # getExtensionArgs. This method restores the serialized simple
+      # registration request fields.
+      #
+      # If you are extracting arguments from a standard OpenID
+      # checkid_* request, you probably want to use fromOpenIDRequest,
+      # which will extract the sreg namespace and arguments from the
+      # OpenID request. This method is intended for cases where the
+      # OpenID server needs more control over how the arguments are
+      # parsed than that method provides.
+      def parse_extension_args(args, strict = false)
+        required_items = args['required']
+        unless required_items.nil? or required_items.empty?
+          required_items.split(',').each{|field_name|
+            begin
+              request_field(field_name, true, strict)
+            rescue ArgumentError
+              raise if strict
+            end
+          }
+        end
+
+        optional_items = args['optional']
+        unless optional_items.nil? or optional_items.empty?
+          optional_items.split(',').each{|field_name|
+            begin
+              request_field(field_name, false, strict)
+            rescue ArgumentError
+              raise if strict
+            end
+          }
+        end
+        @policy_url = args['policy_url']
+      end
+
+      # A list of all of the simple registration fields that were
+      # requested, whether they were required or optional.
+      def all_requested_fields
+        @required + @optional
+      end
+
+      # Have any simple registration fields been requested?
+      def were_fields_requested?
+        !all_requested_fields.empty?
+      end
+
+      # Request the specified field from the OpenID user
+      # field_name: the unqualified simple registration field name
+      # required: whether the given field should be presented
+      #        to the user as being a required to successfully complete
+      #        the request
+      # strict: whether to raise an exception when a field is
+      #        added to a request more than once
+      # Raises ArgumentError if the field_name is not a simple registration
+      # field, or if strict is set and a field is added more than once
+      def request_field(field_name, required=false, strict=false)
+        OpenID::check_sreg_field_name(field_name)
+
+        if strict
+          if (@required + @optional).member? field_name
+            raise ArgumentError, 'That field has already been requested'
+          end
+        else
+          return if @required.member? field_name
+          if @optional.member? field_name
+            if required
+              @optional.delete field_name
+            else
+              return
+            end
+          end
+        end
+        if required
+          @required << field_name
+        else
+          @optional << field_name
+        end
+      end
+
+      # Add the given list of fields to the request.
+      def request_fields(field_names, required = false, strict = false)
+        raise ArgumentError unless field_names[0].is_a?(String)
+        field_names.each{|fn|request_field(fn, required, strict)}
+      end
+
+      # Get a hash of unqualified simple registration arguments
+      # representing this request.
+      # This method is essentially the inverse of parse_extension_args.
+      # This method serializes the simple registration request fields.
+      def get_extension_args
+        args = {}
+        args['required'] = @required.join(',') unless @required.empty?
+        args['optional'] = @optional.join(',') unless @optional.empty?
+        args['policy_url'] = @policy_url unless @policy_url.nil?
+        return args
+      end
+
+      def member?(field_name)
+        all_requested_fields.member?(field_name)
+      end
+
+    end
+
+    # Represents the data returned in a simple registration response
+    # inside of an OpenID id_res response. This object will be
+    # created by the OpenID server, added to the id_res response
+    # object, and then extracted from the id_res message by the Consumer.
+    class Response < Extension
+      attr_reader :ns_uri, :data
+
+      def initialize(data = {}, ns_uri=NS_URI)
+        @ns_alias = 'sreg'
+        @data = data
+        @ns_uri = ns_uri
+      end
+
+      # Take a Request and a hash of simple registration
+      # values and create a Response object containing that data.
+      def self.extract_response(request, data)
+        arf = request.all_requested_fields
+        resp_data = data.reject{|k,v| !arf.member?(k) || v.nil? }
+        new(resp_data, request.ns_uri)
+      end
+
+      # Create an Response object from an
+      # OpenID::Consumer::SuccessResponse from consumer.complete
+      # If you set the signed_only parameter to false, unsigned data from
+      # the id_res message from the server will be processed.
+      def self.from_success_response(success_response, signed_only = true)
+        ns_uri = OpenID::get_sreg_ns(success_response.message)
+        if signed_only
+          args = success_response.get_signed_ns(ns_uri)
+        else
+          args = success_response.message.get_args(ns_uri)
+        end
+        args.reject!{|k,v| !DATA_FIELDS.member?(k) }
+        new(args, ns_uri)
+      end
+
+      # Get the fields to put in the simple registration namespace
+      # when adding them to an id_res message.
+      def get_extension_args
+        return @data
+      end
+
+      # Read-only hashlike interface.
+      # Raises an exception if the field name is bad
+      def [](field_name)
+        OpenID::check_sreg_field_name(field_name)
+        data[field_name]
+      end
+
+      def empty?
+        @data.empty?
+      end
+      # XXX is there more to a hashlike interface I should add?
+    end
+  end
+end
+

data/lib/openid/extras.rb

@@ -0,0 +1,11 @@
+class String
+  def starts_with?(other)
+    head = self[0, other.length]
+    head == other
+  end
+
+  def ends_with?(other)
+    tail = self[-1 * other.length, other.length]
+    tail == other
+  end
+end

data/lib/openid/fetchers.rb

@@ -1,20 +1,15 @@
-require "uri"
-require "openid/util"
+require 'net/http'
+require 'openid'
+require 'openid/util'
 
-# Try to use net/https, falling back to no SSL support if it is not available
 begin
   require 'net/https'
 rescue LoadError
-  OpenID::Util.log('WARNING: no SSL support found.  Will not be able to fetch HTTPS URLs!')
-  HAS_OPENSSL = false
-  require 'net/http'  
-else
-  HAS_OPENSSL = true
+  OpenID::Util.log('WARNING: no SSL support found.  Will not be able ' +
+                   'to fetch HTTPS URLs!')
+  require 'net/http'
 end
 
-# Not all versions of Ruby 1.8.4 have the version of post_connection_check
-# that properly handles wildcard hostnames.  This version of
-# post_connection_check is copied from post April 2006 release of 1.8.4.
 module Net
   class HTTP
     def post_connection_check(hostname)
@@ -47,114 +42,158 @@ module Net
 end
 
 module OpenID
+  # Our HTTPResponse class extends Net::HTTPResponse with an additional
+  # method, final_url.
+  class HTTPResponse
+    attr_accessor :final_url
 
-  # Base Object used by consumer to send http messages
-  class Fetcher
+    attr_accessor :_response
 
-    # Fetch the content of url, following redirects, and return the
-    # final url and page data.  Return nil on failure.    
-    def get(url)
-      raise NotImplementedError
+    def self._from_net_response(response, final_url, headers=nil)
+      me = self.new
+      me._response = response
+      me.final_url = final_url
+      return me
     end
-    
-    # Post the body string to url. Return the resulting url and page data.
-    # Return nil on failure    
-    def post(url, body)
-      raise NotImplementedError
+
+    def method_missing(method, *args)
+      @_response.send(method, *args)
+    end
+
+    def body=(s)
+      @_response.instance_variable_set('@body', s)
+      # XXX Hack to work around ruby's HTTP library behavior.  @body
+      # is only returned if it has been read from the response
+      # object's socket, but since we're not using a socket in this
+      # case, we need to set the @read flag to true to avoid a bug in
+      # Net::HTTPResponse.stream_check when @socket is nil.
+      @_response.instance_variable_set('@read', true)
     end
-    
   end
-  
-  # Implemetation of OpenID::Fetcher that uses ruby's Net::HTTP
-  class StandardFetcher < Fetcher
-    
-    attr_accessor :ca_path
-
-    def initialize(read_timeout=20, open_timeout=20)
-      @read_timeout = read_timeout
-      @open_timeout = open_timeout
-      @ca_path = nil
+
+  class FetchingError < OpenIDError
+  end
+
+  class HTTPRedirectLimitReached < FetchingError
+  end
+
+  class SSLFetchingError < FetchingError
+  end
+
+  @fetcher = nil
+
+  def self.fetch(url, body=nil, headers=nil,
+                 redirect_limit=StandardFetcher::REDIRECT_LIMIT)
+    return fetcher.fetch(url, body, headers, redirect_limit)
+  end
+
+  def self.fetcher
+    if @fetcher.nil?
+      @fetcher = StandardFetcher.new
     end
-    
-    def get(url)    
-      resp, final_url = do_get(url)
-      if resp.nil?
-        nil
-      else
-        [final_url, resp.body]
-      end
+
+    return @fetcher
+  end
+
+  def self.fetcher=(fetcher)
+    @fetcher = fetcher
+  end
+
+  class StandardFetcher
+
+    USER_AGENT = "ruby-openid/#{OpenID::VERSION} (#{PLATFORM})"
+
+    REDIRECT_LIMIT = 5
+
+    attr_accessor :ca_file
+
+    def initialize
+      @ca_file = nil
     end
-  
-    def post(url, body)
-      begin
-        uri = URI.parse(url)
-        http = get_http_obj(uri)
-        resp = http.post(uri.request_uri, body,
-                         {"Content-type"=>"application/x-www-form-urlencoded"})
-      rescue
-        nil
+
+    def supports_ssl?(conn)
+      return conn.respond_to?(:use_ssl=)
+    end
+
+    def make_http(uri)
+      Net::HTTP.new(uri.host, uri.port)
+    end
+
+    def set_verified(conn, verify)
+      if verify
+        conn.verify_mode = OpenSSL::SSL::VERIFY_PEER
       else
-        [uri.to_s, resp.body]
+        conn.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
     end
 
-    protected
-    
-    # return a Net::HTTP object ready for use    
-    def get_http_obj(uri)
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.read_timeout = @read_timeout
-      http.open_timeout = @open_timeout
+    def make_connection(uri)
+      conn = make_http(uri)
+
+      if !conn.is_a?(Net::HTTP)
+        raise RuntimeError, sprintf("Expected Net::HTTP object from make_http; got %s",
+                                    conn.class)
+      end
 
       if uri.scheme == 'https'
+        if supports_ssl?(conn)
 
-        if HAS_OPENSSL
-          http.use_ssl = true
+          conn.use_ssl = true
 
-          if @ca_path
-            http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-            http.ca_file = @ca_path
+          if @ca_file
+            set_verified(conn, true)
+            conn.ca_file = @ca_file
           else
-            OpenID::Util.log('WARNING: making https request without verifying server certificate.')
-            http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+            Util.log("WARNING: making https request to #{uri} without verifying " +
+                     "server certificate; no CA path was specified.")
+            set_verified(conn, false)
           end
-          
+        else
+          raise RuntimeError, "SSL support not found; cannot fetch #{uri}"
         end
-
       end
 
-      return http
+      return conn
     end
-    
-    # do a GET following redirects limit deep
-    
-    def do_get(url, limit=5)
-      if limit == 0
-        return nil
-      end
+
+    def fetch(url, body=nil, headers=nil, redirect_limit=REDIRECT_LIMIT)
+      unparsed_url = url.dup
+      url = URI::parse(url)
+
+      headers ||= {}
+      headers['User-agent'] ||= USER_AGENT
+
+      conn = make_connection(url)
+      response = nil
+
       begin
-        u = URI.parse(url)
-        http = get_http_obj(u)
-        http.start {
-          if HAS_OPENSSL and u.is_a?(URI::HTTPS) and @ca_path
-            # do the post_connection_check, which verifies that
-            # the host matches the cert
-            http.post_connection_check(u.host)
+        response = conn.start {
+          # Check the certificate against the URL's hostname
+          if supports_ssl?(conn) and conn.use_ssl?
+            conn.post_connection_check(url.host)
+          end
+
+          if body.nil?
+            conn.request_get(url.request_uri, headers)
+          else
+            headers["Content-type"] ||= "application/x-www-form-urlencoded"
+            conn.request_post(url.request_uri, body, headers)
           end
         }
-        resp = http.get(u.request_uri)
-      rescue
-        nil
-      else
-        case resp
-        when Net::HTTPSuccess then [resp, URI.parse(url).to_s]
-        when Net::HTTPRedirection then do_get(resp["location"], limit-1)
-        else
-          nil
+      rescue OpenSSL::SSL::SSLError => why
+        raise SSLFetchingError, "Error connecting to SSL URL #{url}: #{why}"
+      end
+
+      case response
+      when Net::HTTPRedirection
+        if redirect_limit <= 0
+          raise HTTPRedirectLimitReached.new(
+            "Too many redirects, not fetching #{response['location']}")
         end
+        return fetch(response['location'], body, headers, redirect_limit - 1)
+      else
+        return HTTPResponse._from_net_response(response, unparsed_url)
       end
     end
-    
   end
-  
 end

data/lib/openid/kvform.rb

@@ -0,0 +1,133 @@
+
+module OpenID
+
+  module Util
+
+    def Util.seq_to_kv(seq, strict=false)
+      # Represent a sequence of pairs of strings as newline-terminated
+      # key:value pairs. The pairs are generated in the order given.
+      #
+      # @param seq: The pairs
+      #
+      # returns a string representation of the sequence
+      err = lambda { |msg|
+        msg = "seq_to_kv warning: #{msg}: #{seq.inspect}"
+        if strict
+          raise ArgumentError, msg
+        else
+          Util.log(msg)
+        end
+      }
+
+      lines = []
+      seq.each { |k, v|
+        if !k.is_a?(String)
+          err.call("Converting key to string: #{k.inspect}")
+          k = k.to_s
+        end
+
+        if !k.index("\n").nil?
+          raise ArgumentError, "Invalid input for seq_to_kv: key contains newline: #{k.inspect}"
+        end
+
+        if !k.index(":").nil?
+          raise ArgumentError, "Invalid input for seq_to_kv: key contains colon: #{k.inspect}"
+        end
+
+        if k.strip() != k
+          err.call("Key has whitespace at beginning or end: #{k.inspect}")
+        end
+
+        if !v.is_a?(String)
+          err.call("Converting value to string: #{v.inspect}")
+          v = v.to_s
+        end
+
+        if !v.index("\n").nil?
+          raise ArgumentError, "Invalid input for seq_to_kv: value contains newline: #{v.inspect}"
+        end
+
+        if v.strip() != v
+          err.call("Value has whitespace at beginning or end: #{v.inspect}")
+        end
+
+        lines << k + ":" + v + "\n"
+      }
+
+      return lines.join("")
+    end
+
+    def Util.kv_to_seq(data, strict=false)
+      # After one parse, seq_to_kv and kv_to_seq are inverses, with no
+      # warnings:
+      #
+      # seq = kv_to_seq(s)
+      # seq_to_kv(kv_to_seq(seq)) == seq
+      err = lambda { |msg|
+        msg = "kv_to_seq warning: #{msg}: #{data.inspect}"
+        if strict
+          raise ArgumentError, msg
+        else
+          Util.log(msg)
+        end
+      }
+
+      lines = data.split("\n")
+      if data.length == 0
+        return []
+      end
+
+      if data[-1].chr != "\n"
+        err.call("Does not end in a newline")
+        # We don't expect the last element of lines to be an empty
+        # string because split() doesn't behave that way.
+      end
+
+      pairs = []
+      line_num = 0
+      lines.each { |line|
+        line_num += 1
+
+        # Ignore blank lines
+        if line.strip() == ""
+          next
+        end
+
+        pair = line.split(':', 2)
+        if pair.length == 2
+          k, v = pair
+          k_s = k.strip()
+          if k_s != k
+            msg = "In line #{line_num}, ignoring leading or trailing whitespace in key #{k.inspect}"
+            err.call(msg)
+          end
+
+          if k_s.length == 0
+            err.call("In line #{line_num}, got empty key")
+          end
+
+          v_s = v.strip()
+          if v_s != v
+            msg = "In line #{line_num}, ignoring leading or trailing whitespace in value #{v.inspect}"
+            err.call(msg)
+          end
+
+          pairs << [k_s, v_s]
+        else
+          err.call("Line #{line_num} does not contain a colon")
+        end
+      }
+
+      return pairs
+    end
+
+    def Util.dict_to_kv(d)
+      return seq_to_kv(d.entries.sort)
+    end
+
+    def Util.kv_to_dict(s)
+      seq = kv_to_seq(s)
+      return Hash[*seq.flatten]
+    end
+  end
+end