ruby-openid 1.1.4 → 2.0.1

data/lib/openid/util.rb

@@ -1,147 +1,52 @@
 require "base64"
 require "cgi"
-require "digest/sha1"
-require "hmac-sha1"
 require "uri"
+require "logger"
 
-require "openid/urinorm"
+require "openid/extras"
 
 srand(Time.now.to_f)
 
-class Object
-
-  def instance_variable_hash
-    h = {}
-    self.instance_variables.each { |k| h[k] = self.instance_variable_get(k) }
-    return h
+# See OpenID::Consumer or OpenID::Server modules, as well as the store classes
+module OpenID
+  class AssertionError < Exception
   end
 
-end
-
-class String
+  VERSION = "2.0.1"
 
-  def starts_with?(other)
-    other = other.to_str
-    head = self[0, other.length]
-    head == other
+  # Exceptions that are raised by the library are subclasses of this
+  # exception type, so if you want to catch all exceptions raised by
+  # the library, you can catch OpenIDError
+  class OpenIDError < StandardError
   end
 
-end
-
-
-module OpenID
-
-  # Code returned when either the of the
-  # OpenID::OpenIDConsumer.begin_auth or OpenID::OpenIDConsumer.complete_auth
-  # methods return successfully.
-  SUCCESS = 'success'
-
-  # Code OpenID::OpenIDConsumer.complete_auth
-  # returns when the value it received indicated an invalid login.
-  FAILURE = 'failure'
-
-  # Code returned by OpenIDConsumer.complete_auth when the user
-  # cancels the operation from the server.
-  CANCEL = 'cancel'
-
-  # Code returned by OpenID::OpenIDConsumer.complete_auth when the
-  # OpenIDConsumer instance is in immediate mode and ther server sends back a
-  # URL for the user to login with.
-  SETUP_NEEDED = 'setup needed'  
-
-  # Code returned by OpenID::OpenIDConsumer.begin_auth when it is unable
-  # to fetch the URL given by the user.
-  HTTP_FAILURE = 'http failure'
-
-  # Code returned by OpenID::OpenIDConsumer.begin_auth when the page fetched
-  # from the OpenID URL doesn't contain the necessary link tags to function
-  # as an identity page.
-  PARSE_ERROR = 'parse error'
-
   module Util
 
-    HAS_URANDOM = File.chardev? '/dev/urandom'
-
-    def Util.get_openid_params(query)
-      params = {}
-      query.each do |k,v|
-        params[k] = v if k.index("openid.") == 0
+    BASE64_CHARS = ('ABCDEFGHIJKLMNOPQRSTUVWXYZ' \
+                    'abcdefghijklmnopqrstuvwxyz0123456789+/')
+    BASE64_RE = Regexp.compile("
+    \\A
+    ([#{BASE64_CHARS}]{4})*
+    ([#{BASE64_CHARS}]{2}==|
+     [#{BASE64_CHARS}]{3}=)?
+    \\Z", Regexp::EXTENDED)
+
+    def Util.assert(value, message=nil)
+      if not value
+        raise AssertionError, message or value
       end
-      params
     end
 
-    def Util.hmac_sha1(key, text)
-      HMAC::SHA1.digest(key, text)
-    end
-
-    def Util.sha1(s)
-      Digest::SHA1.digest(s)
-    end
-   
     def Util.to_base64(s)
       Base64.encode64(s).gsub("\n", "")
     end
 
     def Util.from_base64(s)
-      Base64.decode64(s)
-    end
- 
-    def Util.kvform(hash)
-      form = ""
-      hash.each do |k,v|
-        form << "#{k}:#{v}\n"
-      end
-      form
-    end
-
-    def Util.parsekv(s)
-      s.strip!
-      form = {}
-      s.split("\n").each do |line|
-        pair = line.split(":", 2)
-        if pair.length == 2
-          k, v = pair
-          form[k.strip] = v.strip
-        end
-      end
-      form
-    end
-
-    def Util.num_to_str(n)
-      bits = n.to_s(2)
-      prepend = (8 - bits.length % 8)
-      bits = ('0' * prepend) + bits
-      [bits].pack('B*')
-    end
-
-    def Util.str_to_num(s)
-      # taken from openid-ruby 0.0.1
-      s = "\000" * (4 - (s.length % 4)) + s
-      num = 0
-      s.unpack('N*').each do |x|
-        num <<= 32
-        num |= x
-      end
-      num    
-    end
-
-    def Util.num_to_base64(l)
-      return to_base64(num_to_str(l))
-    end
-
-    def Util.base64_to_num(s)
-      return str_to_num(from_base64(s))
-    end
-
-    def Util.random_string(length, chars=nil)
-      s = ""
-
-      unless chars.nil?
-        length.times { s << chars[Util.rand(chars.length)] }
-      else
-        length.times { s << Util.rand(256).chr }
+      without_newlines = s.gsub(/[\r\n]+/, '')
+      if !BASE64_RE.match(without_newlines)
+        raise ArgumentError, "Malformed input: #{s.inspect}"
       end
-      s
+      Base64.decode64(without_newlines)
     end
 
     def Util.urlencode(args)
@@ -152,123 +57,40 @@ module OpenID
       end
       a.join("&")
     end
-    
+
     def Util.parse_query(qs)
       query = {}
       CGI::parse(qs).each {|k,v| query[k] = v[0]}
       return query
     end
-    
+
     def Util.append_args(url, args)
       url = url.dup
-      url if args.length == 0
-      url << (url.include?("?") ? "&" : "?")
-      url << Util.urlencode(args)
-    end
-    
-    def Util.strxor(s1, s2)
-      raise ArgumentError if s1.length != s2.length
-      length = [s1.length, s2.length].min - 1
-      a = (0..length).collect {|i| (s1[i]^s2[i]).chr}
-      a.join("")
-    end
-    
-    # Sign the given fields from the reply with the specified key.
-    # Return [signed, sig]
-    def Util.sign_reply(reply, key, signed_fields, prefix="openid.")
-      token = []
-      signed_fields.each do |sf|
-        token << [sf+":"+reply[prefix+sf].to_s+"\n"]
-      end
-      text = token.join("")
-      signed = Util.to_base64(Util.hmac_sha1(key, text))
-      return [signed_fields.join(","), signed]
-    end
+      return url if args.length == 0
 
-    # This code is taken from this post[http://blade.nagaokaut.ac.jp/cgi-bin/scat.\rb/ruby/ruby-talk/19098]
-    # by Eric Lee Green.
-    # This implementation is much faster than x ** n % q
-    def Util.powermod(x, n, q)
-      counter=0
-      n_p=n
-      y_p=1
-      z_p=x
-      while n_p != 0
-        if n_p[0]==1
-          y_p=(y_p*z_p) % q
-        end
-        n_p = n_p >> 1
-        z_p = (z_p * z_p) % q
-        counter += 1
+      if args.respond_to?('each_pair')
+        args = args.sort
       end
-      return y_p
-    end
-
-    # Generate a random number less than max.  Uses urandom if available.
-    def Util.rand(max)
-      unless Util::HAS_URANDOM
-        return Kernel::rand(max)
-      end
-
-      start = 0
-      stop = max
-      step = 1
-      r = ((stop-start)/step).to_i
 
-      # figure out how many bytes we need
-      rbytes = Util::num_to_str(r)
-      nbytes = rbytes.length
-      nbytes -= 1 if rbytes[0].chr == "\000"
-            
-      bytes = "\000" + Util::get_random_bytes(nbytes)
-      n = Util::str_to_num(bytes)
-      
-      return start + (n % r) * step
-    end
-
-    # change the message below to do whatever you like for logging
-    def Util.log(message)
-      STDERR.puts('OpenID Log: ' + message)
+      url << (url.include?("?") ? "&" : "?")
+      url << Util.urlencode(args)
     end
 
+    @@logger = Logger.new(STDERR)
+    @@logger.progname = "OpenID"
 
-    def Util.get_random_bytes(n)
-      bytes = ""
-
-      if Util::HAS_URANDOM
-        f = File.open("/dev/urandom")
-        while n != 0
-          _bytes = f.read(n)
-          n -= _bytes.length
-          bytes << _bytes
-        end
-      else
-        bytes = Util.random_string(n)
-      end
-
-      return bytes
+    def Util.logger=(logger)
+      @@logger = logger
     end
 
-    def Util.normalize_url(url)
-      url = url.strip
-
-      unless url.starts_with?('http://') or url.starts_with?('https://')
-        url = 'http://' + url
-      end
-
-      begin
-        return Util.urinorm(url)
-      rescue URI::InvalidURIError
-        return nil
-      end
+    def Util.logger
+      @@logger
     end
 
-    def Util.urls_equal?(url1, url2)
-      url1 = Util.normalize_url(url1)
-      return false if url1.nil?
-      return url1 == Util.normalize_url(url2)
+    # change the message below to do whatever you like for logging
+    def Util.log(message)
+      logger.info(message)
     end
-
   end
 
 end

data/lib/openid/yadis/accept.rb

@@ -0,0 +1,148 @@
+module OpenID
+
+  module Yadis
+
+    # Generate an accept header value
+    #
+    # [str or (str, float)] -> str
+    def self.generate_accept_header(*elements)
+      parts = []
+      elements.each { |element|
+        if element.is_a?(String)
+          qs = "1.0"
+          mtype = element
+        else
+          mtype, q = element
+          q = q.to_f
+          if q > 1 or q <= 0
+            raise ArgumentError.new("Invalid preference factor: #{q}")
+          end
+          qs = sprintf("%0.1f", q)
+        end
+
+        parts << [qs, mtype]
+      }
+
+      parts.sort!
+      chunks = []
+      parts.each { |q, mtype|
+        if q == '1.0'
+          chunks << mtype
+        else
+          chunks << sprintf("%s; q=%s", mtype, q)
+        end
+      }
+
+      return chunks.join(', ')
+    end
+
+    def self.parse_accept_header(value)
+      # Parse an accept header, ignoring any accept-extensions
+      #
+      # returns a list of tuples containing main MIME type, MIME
+      # subtype, and quality markdown.
+      #
+      # str -> [(str, str, float)]
+      chunks = value.split(',', -1).collect { |v| v.strip }
+      accept = []
+      chunks.each { |chunk|
+        parts = chunk.split(";", -1).collect { |s| s.strip }
+
+        mtype = parts.shift
+        if mtype.index('/').nil?
+          # This is not a MIME type, so ignore the bad data
+          next
+        end
+
+        main, sub = mtype.split('/', 2)
+
+        q = nil
+        parts.each { |ext|
+          if !ext.index('=').nil?
+            k, v = ext.split('=', 2)
+            if k == 'q'
+              q = v.to_f
+            end
+          end
+        }
+
+        q = 1.0 if q.nil?
+
+        accept << [q, main, sub]
+      }
+
+      accept.sort!
+      accept.reverse!
+
+      return accept.collect { |q, main, sub| [main, sub, q] }
+    end
+
+    def self.match_types(accept_types, have_types)
+      # Given the result of parsing an Accept: header, and the
+      # available MIME types, return the acceptable types with their
+      # quality markdowns.
+      #
+      # For example:
+      #
+      # >>> acceptable = parse_accept_header('text/html, text/plain; q=0.5')
+      # >>> matchTypes(acceptable, ['text/plain', 'text/html', 'image/jpeg'])
+      # [('text/html', 1.0), ('text/plain', 0.5)]
+      #
+      # Type signature: ([(str, str, float)], [str]) -> [(str, float)]
+      if accept_types.nil? or accept_types == []
+        # Accept all of them
+        default = 1
+      else
+        default = 0
+      end
+
+      match_main = {}
+      match_sub = {}
+      accept_types.each { |main, sub, q|
+        if main == '*'
+          default = [default, q].max
+          next
+        elsif sub == '*'
+          match_main[main] = [match_main.fetch(main, 0), q].max
+        else
+          match_sub[[main, sub]] = [match_sub.fetch([main, sub], 0), q].max
+        end
+      }
+
+      accepted_list = []
+      order_maintainer = 0
+      have_types.each { |mtype|
+        main, sub = mtype.split('/', 2)
+        if match_sub.member?([main, sub])
+          q = match_sub[[main, sub]]
+        else
+          q = match_main.fetch(main, default)
+        end
+
+        if q != 0
+          accepted_list << [1 - q, order_maintainer, q, mtype]
+          order_maintainer += 1
+        end
+      }
+
+      accepted_list.sort!
+      return accepted_list.collect { |_, _, q, mtype| [mtype, q] }
+    end
+
+    def self.get_acceptable(accept_header, have_types)
+      # Parse the accept header and return a list of available types
+      # in preferred order. If a type is unacceptable, it will not be
+      # in the resulting list.
+      #
+      # This is a convenience wrapper around matchTypes and
+      # parse_accept_header
+      #
+      # (str, [str]) -> [str]
+      accepted = self.parse_accept_header(accept_header)
+      preferred = self.match_types(accepted, have_types)
+      return preferred.collect { |mtype, _| mtype }
+    end
+
+  end
+
+end

data/lib/openid/yadis/constants.rb

@@ -0,0 +1,21 @@
+
+require 'openid/yadis/accept'
+
+module OpenID
+
+  module Yadis
+
+    YADIS_HEADER_NAME = 'X-XRDS-Location'
+    YADIS_CONTENT_TYPE = 'application/xrds+xml'
+
+    # A value suitable for using as an accept header when performing
+    # YADIS discovery, unless the application has special requirements
+    YADIS_ACCEPT_HEADER = generate_accept_header(
+                                                 ['text/html', 0.3],
+                                                 ['application/xhtml+xml', 0.5],
+                                                 [YADIS_CONTENT_TYPE, 1.0]
+                                                 )
+
+  end
+
+end

data/lib/openid/yadis/discovery.rb

@@ -0,0 +1,153 @@
+
+require 'openid/util'
+require 'openid/fetchers'
+require 'openid/yadis/constants'
+require 'openid/yadis/parsehtml'
+
+module OpenID
+
+  # Raised when a error occurs in the discovery process
+  class DiscoveryFailure < OpenIDError
+    attr_accessor :identity_url, :http_response
+
+    def initialize(message, http_response)
+      super(message)
+      @identity_url = nil
+      @http_response = http_response
+    end
+  end
+
+  module Yadis
+
+    # Contains the result of performing Yadis discovery on a URI
+    class DiscoveryResult
+
+      # The result of following redirects from the request_uri
+      attr_accessor :normalize_uri
+
+      # The URI from which the response text was returned (set to
+      # nil if there was no XRDS document found)
+      attr_accessor :xrds_uri
+
+      # The content-type returned with the response_text
+      attr_accessor :content_type
+
+      # The document returned from the xrds_uri
+      attr_accessor :response_text
+
+      attr_accessor :request_uri, :normalized_uri
+
+      def initialize(request_uri)
+        # Initialize the state of the object
+        #
+        # sets all attributes to None except the request_uri
+        @request_uri = request_uri
+        @normalized_uri = nil
+        @xrds_uri = nil
+        @content_type = nil
+        @response_text = nil
+      end
+
+      # Was the Yadis protocol's indirection used?
+      def used_yadis_location?
+        return @normalized_uri != @xrds_uri
+      end
+
+      # Is the response text supposed to be an XRDS document?
+      def is_xrds
+        return (used_yadis_location?() or
+                @content_type == YADIS_CONTENT_TYPE)
+      end
+    end
+
+    # Discover services for a given URI.
+    #
+    # uri: The identity URI as a well-formed http or https URI. The
+    # well-formedness and the protocol are not checked, but the
+    # results of this function are undefined if those properties do
+    # not hold.
+    #
+    # returns a DiscoveryResult object
+    #
+    # Raises DiscoveryFailure when the HTTP response does not have
+    # a 200 code.
+    def self.discover(uri)
+      result = DiscoveryResult.new(uri)
+      begin
+        resp = OpenID.fetch(uri, nil, {'Accept' => YADIS_ACCEPT_HEADER})
+      rescue Exception
+        raise DiscoveryFailure.new("Failed to fetch identity URL.",$!)
+      end
+      if resp.code != "200"
+        raise DiscoveryFailure.new(
+                "HTTP Response status from identity URL host is not \"200\""\
+                ". Got status #{resp.code.inspect}", resp)
+      end
+
+      # Note the URL after following redirects
+      result.normalized_uri = resp.final_url
+
+      # Attempt to find out where to go to discover the document or if
+      # we already have it
+      result.content_type = resp['content-type']
+
+      result.xrds_uri = self.where_is_yadis?(resp)
+
+      if result.xrds_uri and result.used_yadis_location?
+        begin
+          resp = OpenID.fetch(result.xrds_uri)
+        rescue
+          raise DiscoveryFailure.new("Failed to fetch Yadis URL.", $!)
+        end
+        if resp.code != "200"
+            exc = DiscoveryFailure.new(
+                    "HTTP Response status from Yadis host is not \"200\". " +
+                    "Got status #{resp.code.inspect}", resp)
+            exc.identity_url = result.normalized_uri
+            raise exc
+        end
+
+        result.content_type = resp['content-type']
+      end
+
+      result.response_text = resp.body
+      return result
+    end
+
+    # Given a HTTPResponse, return the location of the Yadis
+    # document.
+    #
+    # May be the URL just retrieved, another URL, or None, if I
+    # can't find any.
+    #
+    # [non-blocking]
+    def self.where_is_yadis?(resp)
+      # Attempt to find out where to go to discover the document or if
+      # we already have it
+      content_type = resp['content-type']
+
+      # According to the spec, the content-type header must be an
+      # exact match, or else we have to look for an indirection.
+      if (!content_type.nil? and
+          content_type.split(';', 2)[0].downcase == YADIS_CONTENT_TYPE)
+        return resp.final_url
+      else
+        # Try the header
+        yadis_loc = resp[YADIS_HEADER_NAME.downcase]
+
+        if yadis_loc.nil?
+          # Parse as HTML if the header is missing.
+          #
+          # XXX: do we want to do something with content-type, like
+          # have a whitelist or a blacklist (for detecting that it's
+          # HTML)?
+          yadis_loc = Yadis.html_yadis_location(resp.body)
+        end
+      end
+
+      return yadis_loc
+    end
+
+  end
+
+end