ruby-openid 1.1.4 → 2.0.1

data/lib/openid/filestore.rb

@@ -1,315 +0,0 @@
-require 'fileutils'
-require 'pathname'
-require 'tempfile'
-
-require 'openid/util'
-require 'openid/stores'
-require 'openid/association'
-
-module OpenID
-
-  # Filesystem-based store for OpenID associations and nonces.
-  #
-  # Methods of this object may raise SystemCallError if filestystem
-  # related errors are encountered.
-  class FilesystemStore < Store
-  
-    @@FILENAME_ALLOWED = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-".split("")
-  
-    # Create a FilesystemStore instance, putting all data in +directory+.
-    def initialize(directory)
-      p_dir = Pathname.new(directory)
-      @nonce_dir = p_dir.join('nonces')
-      @association_dir = p_dir.join('associations')
-      @temp_dir = p_dir.join('temp')
-      @auth_key_name = p_dir.join('auth_key')
-      @max_nonce_age = 6 * 60 * 60
-      
-      self.ensure_dir(@nonce_dir)
-      self.ensure_dir(@association_dir)
-      self.ensure_dir(@temp_dir)
-      self.ensure_dir(File.dirname(@auth_key_name))
-    end
-
-    # Read the auth key from the auth key file. Returns nil if there
-    # is currently no auth key.
-    def read_auth_key
-      f = nil
-      begin
-        f = File.open(@auth_key_name)      
-      rescue Errno::ENOENT
-        return nil
-      else
-        return f.read
-      ensure
-        f.close unless f.nil?      
-      end
-    end
-
-    # Generate a new random auth key and safely store it in the location
-    # specified by @auth_key_name
-    def create_auth_key
-      auth_key = OpenID::Util.random_string(@@AUTH_KEY_LEN)
-      f, tmp = mktemp
-      begin
-        begin
-          f.write(auth_key)
-          f.fsync
-        ensure
-          f.close
-        end
-        begin
-          begin
-            File.link(tmp, @auth_key_name)
-          rescue NotImplementedError # no link under windows
-            File.rename(tmp, @auth_key_name)
-          end
-        rescue Errno::EEXIST
-          raise if read_auth_key.nil?
-        end      
-      ensure
-        self.remove_if_present(tmp)
-      end
-
-      auth_key
-    end
-    
-    # Retrieve the auth key from the file specified by
-    # @auth_key_file, creating it if it does not exist
-    def get_auth_key
-      auth_key = read_auth_key
-      if auth_key.nil?
-        auth_key = create_auth_key
-      end
-      
-      if auth_key.length != @@AUTH_KEY_LEN
-        raise StandardError.new("Bad auth key - wrong length")
-      end
-      
-      auth_key
-    end
-
-    # Create a unique filename for a given server url and handle. The
-    # filename that is returned will contain the domain name from the
-    # server URL for ease of human inspection of the data dir.
-    def get_association_filename(server_url, handle)      
-      filename = self.filename_from_url(server_url)
-      filename += '-' + safe64(handle)
-      @association_dir.join(filename)
-    end
-
-    # Store an association in the assoc directory
-    def store_association(server_url, association)
-      assoc_s = OpenID::Association.serialize(association)
-      filename = get_association_filename(server_url, association.handle)
-      f, tmp = mktemp
-    
-      begin
-        begin
-          f.write(assoc_s)
-          f.fsync
-        ensure
-          f.close
-        end
-        
-        begin
-          File.rename(tmp, filename)
-        rescue Errno::EEXIST
-        
-          begin
-            File.unlink(filename)
-          rescue Errno::ENOENT
-            # do nothing
-          end
-          
-          File.rename(tmp, filename)
-        end
-        
-      rescue
-        self.remove_if_present(tmp)
-        raise
-      end
-    end
-    
-    # Retrieve an association
-    def get_association(server_url, handle=nil)
-      unless handle.nil?
-        filename = get_association_filename(server_url, handle)
-        return _get_association(filename)
-      end
-      
-      # search though existing files looking for a match
-      prefix = filename_from_url(server_url)
-      assoc_filenames = Dir.entries(@association_dir)
-      assoc_filenames = assoc_filenames.find_all { |f| f.index(prefix) == 0 }
-      
-      assocs = assoc_filenames.collect do |f|
-        _get_association(@association_dir.join(f))
-      end
-
-      assocs = assocs.find_all { |a| not a.nil? }
-      assocs = assocs.sort_by { |a| a.issued }
-      
-      return nil if assocs.empty?
-      return assocs[-1]
-    end
-
-    def _get_association(filename)
-      begin
-        assoc_file = File.open(filename, "r")
-      rescue Errno::ENOENT
-        return nil
-      else
-        begin
-          assoc_s = assoc_file.read
-        ensure
-          assoc_file.close
-        end
-        
-        begin
-          association = OpenID::Association.deserialize(assoc_s)      
-        rescue
-          self.remove_if_present(filename)
-          return nil
-        end
-
-        # clean up expired associations
-        if association.expires_in == 0
-          self.remove_if_present(filename)
-          return nil
-        else
-          return association
-        end
-      end
-    end
-
-    # Remove an association if it exists, otherwise do nothing.
-    def remove_association(server_url, handle)
-      assoc = get_association(server_url, handle)
-      
-      if assoc.nil?
-        return false
-      else
-        filename = get_association_filename(server_url, handle)
-        return self.remove_if_present(filename)
-      end
-    end
-
-    # Mark this nonce as present    
-    def store_nonce(nonce)
-      filename = @nonce_dir.join(nonce)
-      File.open(filename, "w").close
-    end
-
-    # Return whether this nonce is present.  As a side-effect, mark it 
-    # as no longer present.
-    def use_nonce(nonce)
-      filename = @nonce_dir.join(nonce)
-      begin
-        st = File.stat(filename)
-      rescue Errno::ENOENT
-        return false
-      else
-        begin
-          File.unlink(filename)
-        rescue Errno::ENOENT
-          return false
-        end      
-        nonce_age = Time.now.to_f - st.mtime.to_f
-        nonce_age <= @max_nonce_age
-      end
-    end
-
-    # Garbage collection routine.  Clean up old associations and nonces.
-    def clean
-      nonces = Dir[@nonce_dir.join("*")]
-      now = Time.now
-      
-      nonces.each do |nonce|
-        filename = nonce_dir.join(nonce)
-        begin
-          st = File.stat(filename)
-        rescue Errno::ENOENT
-          next
-        else
-          nonce_age = now - st.mtime
-          self.remove_if_present(filename) if nonce_age > @max_nonce_age
-        end
-      end
-
-      association_filenames = Dir[@association_dir.join("*")]
-      association_filenames.each do |af|
-        begin
-          f = File.open(af, 'r')
-        rescue Errno::ENOENT
-          next
-        else
-          begin
-            assoc_s = f.read
-          ensure
-            f.close
-          end
-          begin
-            association = OpenID::Association.deserialize(assoc_s)
-          rescue "VersionError"
-            self.remove_if_present(af)
-            next
-          else
-            self.remove_if_present(af) if association.expires_in == 0          
-          end
-        end
-      end
-    end
-
-    protected
-
-    # Create a temporary file and return the File object and filename.    
-    def mktemp
-      f = Tempfile.new('tmp', @temp_dir)
-      [f, f.path]
-    end
-
-    # create a safe filename from a url
-    def filename_from_url(url)
-      filename = []
-      url.sub('://','-').split("").each do |c|
-        if @@FILENAME_ALLOWED.index(c)
-          filename << c
-        else
-          filename << sprintf("_%02X", c[0])
-        end    
-      end
-      filename.join("")
-    end
-
-    def safe64(s)
-      s = OpenID::Util.sha1(s)
-      s = OpenID::Util.to_base64(s)
-      s.gsub!('+', '_')
-      s.gsub!('/', '.')
-      s.gsub!('=', '')
-      return s
-    end
-
-    # remove file if present in filesystem
-    def remove_if_present(filename)
-      begin
-        File.unlink(filename)
-      rescue Errno::ENOENT
-        return false
-      end
-      return true
-    end
-  
-    # ensure that a path exists
-
-    def ensure_dir(dir_name)
-      FileUtils::mkdir_p(dir_name)
-    end
-    
-  end
-
-end
-
-
-

data/lib/openid/parse.rb

@@ -1,23 +0,0 @@
-require "openid/htmltokenizer"
-
-def parse_link_attrs(data)
-  parser = HTMLTokenizer.new(data)
-  in_head = false
-  begin
-    while el = parser.getTag("head", "link", "body")
-      if el.tag_name == "head"
-        in_head = true
-      elsif el.tag_name == "link"
-        continue unless in_head
-        yield el.attr_hash
-      elsif el.tag_name == "body"
-        return
-      end
-    end
-  rescue
-    return
-  end  
-end
-
-            
-            

data/lib/openid/service.rb

@@ -1,147 +0,0 @@
- require 'rexml/document'
-
-begin
-  require 'yadis'
-rescue LoadError
-  require 'rubygems'
-  require_gem 'ruby-yadis'
-end
-
-module OpenID
-
-  # OpenIDService is an object representation of an OpenID server,
-  # and the services it provides.  It contains a useful information such
-  # as the server URL, and information about the OpenID identity bound
-  # to the server.  OpenIDService object should be produced using the
-  # OpenIDService.from_service class method with a Yadis Service object.
-  # See the ruby Yadis library for more information:
-  #
-  # http://www.openidenabled.com/yadis/libraries/ruby
-  #
-  # Unless you choose to do your own discovery and interface with
-  # OpenIDConsumer through the OpenIDConsumer.begin_without_discovery
-  # method, you won't need to ever use this object directly.  It is used
-  # internally by the OpenIDConsumer object.
-  class OpenIDServiceEndpoint < ServiceEndpoint
-    
-    @@namespace = {
-      'xrdsns' => 'xri://$xrds',
-      'xrdns' => 'xri://$xrd*($v*2.0)',
-      'openidns' => 'http://openid.net/xmlns/1.0'
-    }
-    attr_accessor :service_types, :uri, :yadis_url, :delegate_url, :xrds_uri, :canonical_id
-
-    # Class method to produce OpenIDService objects. Call with a Yadis Service
-    # object.  Will return nil if the Service object does not represent an
-    # an OpenID server.
-    def OpenIDServiceEndpoint.from_endpoint(service, versions=nil)
-      return nil unless OpenIDServiceEndpoint.is_type?(service, versions)
-
-      s = new
-      s.service_types = service.service_types
-      s.uri = service.uri
-      s.yadis_url = service.yadis.uri if service.yadis
-      s.xrds_uri = service.yadis.xrds_uri if service.yadis
-      s.canonical_id = service.canonical_id
-
-      s.delegate_url = nil
-      REXML::XPath.each(service.element, 'openidns:Delegate',
-                        @@namespace) do |e|
-        s.delegate_url = e.text.strip
-      end
-
-      return s
-    end
-
-    # Class method to determine if a Yadis service object is an OpenID server.
-    # +versions+ is a list of Strings representing the versions of the OpenID
-    # protocol you support.  Only service that match one of the versions will
-    # return a value that evaluates to true.  If no +versions+ list is
-    # specified, all versions will be accepted.
-    def OpenIDServiceEndpoint.is_type?(service, versions=nil)
-      # escape the period in the version numbers
-      versions.collect! {|v| v.gsub('.', '\.')} if versions
-      
-      base_url = 'http://openid\.net/signon/'
-      base_url += '(' + versions.join('|') + '){1}' if versions
-      
-      service.service_types.each do |st|
-        return true if st.match(base_url)
-      end
-
-      return false
-    end
-
-    # Alias for +supports?+
-    def uses_extension?(extension_url)
-      return supports?(extension_url)
-    end
-    
-    # Same as uses_extension? Checks to see if the provided URL is
-    # in the list of service types. Example that checks for support
-    # of the simple registratino protocol:
-    #
-    #   service.supports?('http://openid.net/sreg/1.0')
-    #
-    def supports?(url)
-      return @service_types.member?(url)
-    end
-
-    # Returns the OpenID delegate URL.  This is the URL on the OpenID server,
-    # For example if example.com delegates to example-server.com/user, then
-    # this will return example-server.com/user
-    def delegate
-      @delegate_url or self.consumer_id
-    end
-
-    # Returns the OpenID server endpoint URL.
-    def server_url
-      @uri
-    end
-    
-    # Returns user's URL which resides on the OpenID server.  For
-    # example if http://example.com/ delegates to http://example.myopenid.com/,
-    # then http://example.myopenid.com/ will be returned by this method.
-    def server_id
-      self.delegate
-    end
-
-    # The URL the user entered to authenticate.  For example, if
-    # http://example.com/ delegates to http://example.myopenid.com/, this
-    # method will return http://example.com/
-    def consumer_id
-      @yadis_url
-    end
-
-    def canonical_id
-      @canonical_id or self.consumer_id
-    end
-  end
-
-
-  # Used for providing an OpenIDService like object
-  # to the OpenID library for 1.X link rel discovery.
-  # See the documentation for OpenID::OpenIDService for more information
-  # on what this object does.
-  class FakeOpenIDServiceEndpoint < OpenIDServiceEndpoint
-    
-    def initialize(consumer_id, server_id, server_url)
-      @uri = server_url
-      @delegate = server_id
-      @yadis_url = consumer_id     
-      @service_types = ['http://openid.net/signon/1.0']
-      @yadis = nil
-      @xrds_uri = nil
-    end
-
-    def delegate
-      @delegate
-    end
-
-    def supports?(url)
-      false
-    end
-
-  end
-
-end

data/lib/openid/stores.rb

@@ -1,178 +0,0 @@
-require "openid/util"
-
-module OpenID
-
-  # Interface for the abstract Store
-  class Store
-
-    @@AUTH_KEY_LEN = 20
-
-    # Put a Association object into storage
-    def store_association(server_url, association)
-      raise NotImplementedError
-    end
-
-    # Returns a Association object from storage that matches
-    # the server_url.  Returns nil if no such association is found or if
-    # the one matching association is expired. (Is allowed to GC expired
-    # associations when found.)
-    def get_association(server_url, handle=nil)
-      raise NotImplementedError
-    end
-
-    # If there is a matching association, remove it from the store and
-    # return true, otherwise return false.
-    def remove_association(server_url, handle)
-      raise NotImplementedError
-    end
-
-    # Stores a nonce (which is passed in as a string).
-    def store_nonce(nonce)
-      raise NotImplementedError
-    end
-
-    # If the nonce is in the store, remove it and return true. Otherwise
-    # return false.
-    def use_nonce(nonce)
-      raise NotImplementedError
-    end
-
-    # Returns a 20-byte auth key used to sign the tokens, to ensure
-    # that they haven't been tampered with in transit. It must return
-    # the same key every time it is called.   
-    def get_auth_key
-      raise NotImplementedError
-    end
-
-    # Method return true if the store is dumb-mode-style store.
-    def dumb?
-      false
-    end
-
-  end
-
-
-  class DumbStore < Store
-    
-    def initialize(secret_phrase)
-      require "digest/sha1"
-      @auth_key = Digest::SHA1.hexdigest(secret_phrase)
-    end
-
-    def store_association(server_url, assoc)
-      nil
-    end
-
-    def get_association(server_url, handle=nil)
-      nil
-    end
-  
-    def remove_association(server_url, handle)
-      false
-    end
-
-    def store_nonce(nonce)
-      nil
-    end
-
-    def use_nonce(nonce)
-      true
-    end
-
-    def get_auth_key
-      @auth_key
-    end
-
-    def dumb?
-      true
-    end
-
-  end
-
-  class ServerAssocs
-    def initialize
-      @assocs = {}
-    end
-
-    def set(assoc)
-      @assocs[assoc.handle] = assoc
-    end
-
-    def get(handle)
-      @assocs[handle]
-    end
-
-    def remove(handle)
-      return @assocs.delete(handle)
-    end
-
-    def best
-      best = nil
-      @assocs.each do |k, assoc|
-        if best.nil? or best.issued < assoc.issued
-          best = assoc
-        end
-      end
-      return best
-    end
-  end
-
-  # An in-memory implementation of Store.  This class is mainly used
-  # for testing, though it may be useful for long-running single process apps.
-  #
-  # You should probably be looking at OpenID::FilesystemStore
-  class MemoryStore < Store
-
-    def initialize
-      @server_assocs = {}
-      @nonces = {}
-      @auth_key = OpenID::Util.random_string(@@AUTH_KEY_LEN)
-    end
-
-    def dumb?
-      false
-    end
-
-    def store_association(server_url, assoc)
-      assocs = _get_server_assocs(server_url)
-      assocs.set(self.deepcopy(assoc))
-    end
-    
-    def get_association(server_url, handle=nil)
-      assocs = _get_server_assocs(server_url)
-      return assocs.best if handle.nil?
-      return assocs.get(handle)
-    end
-    
-    def remove_association(server_url, handle)
-      assocs = _get_server_assocs(server_url)
-      return assocs.remove(handle)
-    end
-
-    def use_nonce(nonce)
-      return true if @nonces.delete(nonce)
-      return false
-    end
-
-    def store_nonce(nonce)
-      @nonces[nonce] = true
-    end
-
-    def get_auth_key
-      @auth_key
-    end
-
-    def _get_server_assocs(server_url)
-      unless @server_assocs.has_key?(server_url)
-        @server_assocs[server_url] = ServerAssocs.new
-      end
-      return @server_assocs[server_url]
-    end
-
-    def deepcopy(o)
-      Marshal.load(Marshal.dump(o))
-    end
-
-  end
-
-end

data/test/assoc.rb

@@ -1,38 +0,0 @@
-require 'test/unit'
-require 'openid/association'
-
-class AssociationTestCase < Test::Unit::TestCase
-
-  def _get_assoc
-    issued = Time.now.to_i
-    lifetime = 600
-    OpenID::Association.new('handle', 'secret', issued, lifetime, 'HMAC-SHA1')
-  end
-
-  def test_assoc
-    assoc = _get_assoc
-    s = OpenID::Association.serialize(assoc)
-    assert_equal(assoc, OpenID::Association.deserialize(s))    
-  end
-
-  def test_sign
-    assoc = _get_assoc
-
-    h = {
-      'openid.a' => 'b',
-      'openid.c' => 'd',
-    }
-
-    assoc.add_signature(['a','c'], h)
-    assert_not_nil(h['openid.signed'])
-    assert_not_nil(h['openid.sig'])
-    assert_equal(h['openid.signed'], 'a,c')
-    
-    sig = OpenID::Util.to_base64( \
-           OpenID::Util.hmac_sha1(assoc.secret, "a:b\nc:d\n"))
-
-    assert_equal(h['openid.sig'], sig)
-  end
-
-end
-