ruby-openid 1.1.4 → 2.0.1

data/INSTALL

@@ -1,14 +1,5 @@
 = Ruby OpenID Library Installation
 
-== Dependencies
-
-This library depends on the Ruby Yadis library available at:
-
-http://www.openidenabled.com/yadis/libraries/ruby/about/
-
-Please make sure you have the Yadis library installed, or use
-rubygems for installation
-
 == Rubygems Installation
 
 Rubygems is a tool for installing ruby libraries and their

data/README

@@ -8,18 +8,18 @@ A Ruby library for verifying and serving OpenID identities.
 * Does not depend on underlying web framework
 * Supports multiple storage mechanisms (Filesystem, ActiveRecord, Memory)
 * Example code to help you get started, including:
-  * WEBrick based consumer
-  * Ruby on rails based server
+  * Ruby on Rails based consumer and server
   * OpenIDLoginGenerator for quickly getting creating a rails app that uses
     OpenID for authentication
   * ActiveRecordOpenIDStore plugin
 * Comprehensive test suite
+* Supports both OpenID 1 and OpenID 2 transparently
 
 ==Installing
 Before running the examples or writing your own code you'll need to install
 the library.  See the INSTALL file or use rubygems:
 
-  gem intall ruby-openid
+  gem install ruby-openid
   
 Check the installation:
   
@@ -29,48 +29,47 @@ Check the installation:
   => true
 
 The library is known to work with Ruby 1.8.4 on Unix, Max OSX and
-Win32.  Examples were tested with Rails 1.1.
-
+Win32.  Examples have been tested with Rails 1.1 and 1.2, and 2.0.
 
 ==Getting Started with OpenID::Consumer
-OpenID::Consumer is the place to start if you'd like to support
-OpenID authentication on your website.  The examples contains
+OpenID::Consumer is the place to start if you'd like to support OpenID
+authentication on your website.  The examples directory contains
 several working examples to help you get started, and the
-OpenID::Consumer class is well documented.
+OpenID::Consumer class is well-documented.
 
-Also, check out the OpenIDLoginGenerator!  Read examples/README for more info.
+Also, check out the OpenIDLoginGenerator!  Read examples/README for
+more info.
 
 ==Serving OpenID with OpenID::Server
-The examples directory contains fully functional OpenID server that
+The examples directory contains a fully-functional OpenID server that
 uses the Ruby on Rails framework.  Start by reading about the
 OpenID::Server interface documentation and looking at the example.
 
 
 ==Homepage
-http://www.openidenabled.com/openid/libraries/ruby
+http://openidenabled.com/ruby-openid/
 
 See also:
 http://openid.net/
-http://www.openidenabled.com/
+http://openidenabled.com/
 
 ==Community
-Discussion regarding the Ruby OpenID library and other JanRain OpenID libraries
-takes place on the the OpenID mailing list on openidenabled.com.
+Discussion regarding the Ruby OpenID library and other JanRain OpenID
+libraries takes place on the the OpenID mailing list on
+openidenabled.com.
 
 http://lists.openidenabled.com/mailman/listinfo/dev
 
 Please join this list to discuss, ask implementation questions, report
-bugs, etc.  Also check out the openid channel on the freenode IRC network.
+bugs, etc.  Also check out the openid channel on the freenode IRC
+network.
 
 ==Author
-Copyright 2006, JanRain, Inc.
-Contact Brian Ellin: brian -at- janrain -dot- com
+Copyright 2006-2007, JanRain, Inc.
+
+Contact openid@janrain.com or visit the OpenID channel on pibb.com:
 
+http://pibb.com/go/openid
 
 ==License
 Apache Software License.  For more information see the LICENSE file.
-
-
-
-
-

data/UPGRADE

@@ -0,0 +1,117 @@
+== Upgrading from the OpenID 1.x series library
+
+= Consumer Upgrade
+
+The flow is largely the same, however there are a number of significant 
+changes.  The consumer example is helpful to look at:
+examples/ruby_openid/app/controllers/consumer_controller.rb
+
++ Stores
+
+You will need to require the file for the store that you are using.
+For the filesystem store, this is 'openid/stores/filesystem'
+They are also now in modules.  The filesystem store is 
+  OpenID::Store::Filesystem
+The format has changed, and you should remove your old store directory.
+
+The ActiveRecord store ( examples/active_record_openid_store ) still needs
+to be put in a plugin directory for your rails app.  There's a migration
+that needs to be run; examine the README in that directory.
+
+Also, note that the stores now can be garbage collected with the method
+  store.cleanup
+
+
++ Starting the OpenID transaction
+
+The OpenIDRequest object no longer has status codes.  Instead,
+consumer.begin raises an OpenID::OpenIDError if there is a problem
+initiating the transaction, so you'll want something along the lines of:
+
+  begin
+    openid_request = consumer.begin(params[:openid_identifier])
+  rescue OpenID::OpenIDError => e
+    # display error e
+    return
+  end
+  #success case
+
+Data regarding the OpenID server once lived in
+  openid_request.service
+
+The corresponding object in the 2.0 lib can be retrieved with
+  openid_request.endpoint
+
+Getting the unverified identifier: Where you once had
+  openid_request.identity_url
+you will now want
+  openid_request.endpoint.claimed_id
+which might be different from what you get at the end of the transaction,
+since it is now possible for users to enter their server's url directly.
+
+Arguments on the return_to URL are now verified, so if you want to add
+additional arguments to the return_to url, use
+  openid_request.return_to_args['param'] = value
+
+Generating the redirect is the same as before, but add any extensions
+first.
+
++ Requesting Simple Registration Data
+
+You'll need to require the code for the extension
+  require 'openid/extensions/sreg'
+
+The new code for adding an SReg request now looks like:
+
+  sreg_request = OpenID::SReg::Request.new
+  sreg_request.request_fields(['email', 'dob'], true) # required
+  sreg_request.request_fields(['nickname', 'fullname'], false) # optional
+  sreg_request.policy_url = policy_url
+  openid_request.add_extension(sreg_request)
+
+The code for adding other extensions is similar.  Code for the Attribute
+Exchange (AX) and Provider Authentication Policy Extension (PAPE) are
+included with the library, and additional extensions can be implemented
+subclassing OpenID::Extension.
+
++ Completing the transaction
+
+The return_to and its arguments are verified, so you need to pass in
+the base URL and the arguments.  With Rails, the params method mashes
+together parameters from GET, POST, and the path, so you'll need to pull
+off the path "parameters" with something like
+
+  return_to = url_for(:only_path => false, 
+                      :controller => 'openid',
+                      :action => 'complete')
+  parameters = params.reject{|k,v| request.path_parameters[k] }
+  openid_response = consumer.complete(parameters, return_to)
+
+The response still uses the status codes, but they are now namespaced
+slightly differently, for example OpenID::Consumer::SUCCESS
+
+In the case of failure, the error message is now found in
+  openid_response.message
+
+The identifier to display to the user can be found in
+  openid_response.endpoint.display_identifier
+
+The Simple Registration response can be read from the OpenID response
+with
+  sreg_response = OpenID::SReg::Response.from_success_response(openid_response)
+  nickname = sreg_response['nickname']
+  # etc.
+
+== Server Upgrade
+The server code is mostly the same as before, with the exception of
+extensions.  Also, you must pass in the endpoint URL to the server 
+constructor:
+  @server = OpenID::Server.new(store, server_url)
+
+I recommend looking at 
+examples/rails_openid/app/controllers/server_controller.rb
+for an example of the new way of doing extensions.
+
+--
+Dag Arneson, JanRain Inc.
+Please direct questions to openid@janrain.com

data/admin/runtests.rb

@@ -0,0 +1,36 @@
+#!/usr/bin/ruby
+
+require "logger"
+require "stringio"
+require "pathname"
+
+require 'test/unit/collector/dir'
+require 'test/unit/ui/console/testrunner'
+
+def main
+  old_verbose = $VERBOSE
+  $VERBOSE = true
+
+  tests_dir = Pathname.new(__FILE__).dirname.dirname.join('test')
+
+  # Collect tests from everything named test_*.rb.
+  c = Test::Unit::Collector::Dir.new
+
+  if c.respond_to?(:base=)
+    # In order to supress warnings from ruby 1.8.6 about accessing
+    # undefined member
+    c.base = tests_dir
+    suite = c.collect
+  else
+    # Because base is not defined in ruby < 1.8.6
+    suite = c.collect(tests_dir)
+  end
+
+
+  result = Test::Unit::UI::Console::TestRunner.run(suite)
+  result.passed?
+ensure
+  $VERBOSE = old_verbose
+end
+
+exit(main)

data/examples/README

@@ -3,22 +3,14 @@ OpenID library.  Make sure you have properly installed the library
 before running the examples.  These examples are a great place to
 start in integrating OpenID into your application.
 
-==consumer.rb
-consumer.rb runs a simple web server (WEBrick) and will
-verify OpenID identities.  To test this out you'll need a valid
-OpenID URL and to run:
+==Rails example
 
- ruby consumer.rb
+The rails_openid contains a fully functional OpenID server and relying
+party, and acts as a starting point for implementing your own
+production rails server.  You'll need the latest version of Ruby on
+Rails installed, and then:
 
-Point your browser at http://localhost:2000/ and follow the instructions.
-
-==Rails server example
-
-The rails_server contains a fully functions OpenID server, and acts as
-a starting point for implementing your own production rails server.
-You'll need the latest version of Ruby on Rails installed, and then:
-
- cd rails_server
+ cd rails_openid
  ./script/server
 
 Open a web browser to http://localhost:3000/ and follow the instructions.
@@ -35,7 +27,10 @@ http://wiki.rubyonrails.com/rails/pages/LoginGenerator
 
 ===Running the generator
 
-* Copy the contents of rails_openid_login_generator into ~/.rails/generators/openid_login (or symlink: ln -s examples/rails_openid_login_generator ~/.rails/generators/openid_login)
+* Copy the contents of rails_openid_login_generator into 
+ ~/.rails/generators/openid_login 
+ (or symlink: ln -s examples/rails_openid_login_generator 
+                    ~/.rails/generators/openid_login)
 * run script/generate openid_login openid
 
 You will now have an openid_controller.rb in app/controllers. You'll
@@ -46,9 +41,6 @@ README_LOGIN in you rails root directory.
 ==Rails ActiveRecord OpenIDStore plugin
 
 For various reasons you may want or need to deploy your ruby openid
-consumer/server using an SQL based store.  The
-active_record_openid_store is a plugin that makes using an SQL based
-store simple.  Follow the README inside the plugin's dir for usage.
-
-
-
+consumer/server using an SQL based store.  The active_record_openid_store 
+is a plugin that makes using an SQL based store simple.  Follow the
+README inside the plugin's dir for usage.

data/examples/active_record_openid_store/README

@@ -7,7 +7,7 @@ machines, they must must all have access to the same OpenID store
 data, so the FilesystemStore won't do.
 
 This directory contains a plugin for connecting your
-OpenID enabled rails app to an ActiveRecord based OpenID::Store.
+OpenID enabled rails app to an ActiveRecord based OpenID store.
 
 ==Install
 
@@ -32,6 +32,11 @@ this:
 
 5) That's it! All your OpenID state will now be stored in the database.
 
+==Upgrade
+
+If you are upgrading from the 1.x ActiveRecord store, replace your old
+RAILS_ROOT/vendor/plugins/active_record_openid_store/ directory with
+the new one and run the migration XXX_upgrade_open_id_store.rb.
 
 ==What about garbage collection? 
 
@@ -41,7 +46,7 @@ task in your app's Rakefile like so:
 
   desc 'GC OpenID store'
   task :gc_openid_store => :environment do
-    ActiveRecordOpenIDStore.new.gc
+    ActiveRecordOpenIDStore.new.cleanup
   end
 
 Run it by typing:
@@ -50,4 +55,4 @@ Run it by typing:
 
 
 ==Questions?
-Contact Brian Ellin: brian at janrain dot com
+Contact Dag Arneson: dag at janrain dot com

data/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb

@@ -1,3 +1,4 @@
+# Use this migration to create the tables for the ActiveRecord store
 class AddOpenIdStoreToDb < ActiveRecord::Migration
   def self.up
     create_table "open_id_associations", :force => true do |t|
@@ -10,19 +11,14 @@ class AddOpenIdStoreToDb < ActiveRecord::Migration
     end
 
     create_table "open_id_nonces", :force => true do |t|
-      t.column "nonce", :string
-      t.column "created", :integer
-    end
-
-    create_table "open_id_settings", :force => true do |t|
-      t.column "setting", :string
-      t.column "value", :binary
+      t.column :server_url, :string, :null => false
+      t.column :timestamp, :integer, :null => false
+      t.column :salt, :string, :null => false
     end
   end
 
   def self.down
     drop_table "open_id_associations"
     drop_table "open_id_nonces"
-    drop_table "open_id_settings"
   end
 end

data/examples/active_record_openid_store/XXX_upgrade_open_id_store.rb

@@ -0,0 +1,26 @@
+# Use this migration to upgrade the old 1.1 ActiveRecord store schema
+# to the new 2.0 schema.
+class UpgradeOpenIDStore < ActiveRecord::Migration
+  def self.up
+    drop_table "open_id_settings"
+    drop_table "open_id_nonces"
+    create_table "open_id_nonces", :force => true do |t|
+      t.column :server_url, :string, :null => false
+      t.column :timestamp, :integer, :null => false
+      t.column :salt, :string, :null => false
+    end
+  end
+
+  def self.down
+    drop_table "open_id_nonces"
+    create_table "open_id_nonces", :force => true do |t|
+      t.column "nonce", :string
+      t.column "created", :integer
+    end
+
+    create_table "open_id_settings", :force => true do |t|
+      t.column "setting", :string
+      t.column "value", :binary
+    end
+  end
+end

data/examples/active_record_openid_store/lib/association.rb

@@ -1,3 +1,5 @@
+require 'openid/association'
+
 class Association < ActiveRecord::Base
   set_table_name 'open_id_associations'
   def from_record

data/examples/active_record_openid_store/lib/openid_ar_store.rb

@@ -1,17 +1,9 @@
 require 'association'
 require 'nonce'
-require 'open_id_setting'
-
-class ActiveRecordOpenIDStore < OpenID::Store
-  def get_auth_key
-    setting = OpenIdSetting.find_by_setting 'auth_key'
-    if setting.nil?
-      auth_key = OpenID::Util.random_string(20)
-      setting = OpenIdSetting.create :setting => 'auth_key', :value => auth_key
-    end
-    setting.value
-  end
+require 'openid/store/interface'
 
+# not in OpenID module to avoid namespace conflict
+class ActiveRecordStore < OpenID::Store::Interface
   def store_association(server_url, assoc)
     remove_association(server_url, assoc.handle)    
     Association.create(:server_url => server_url,
@@ -23,13 +15,15 @@ class ActiveRecordOpenIDStore < OpenID::Store
   end
 
   def get_association(server_url, handle=nil)
-    assocs = handle.blank? ? 
-    Association.find_all_by_server_url(server_url) :
-      Association.find_all_by_server_url_and_handle(server_url, handle)
-    
+    assocs = if handle.blank?
+        Association.find_all_by_server_url(server_url)
+      else
+        Association.find_all_by_server_url_and_handle(server_url, handle)
+      end
+
     assocs.reverse.each do |assoc|
       a = assoc.from_record    
-      if a.expired?
+      if a.expires_in == 0
         assoc.destroy
       else
         return a
@@ -40,43 +34,24 @@ class ActiveRecordOpenIDStore < OpenID::Store
   end
   
   def remove_association(server_url, handle)
-    assoc = Association.find_by_server_url_and_handle(server_url, handle)
-    unless assoc.nil?
-      assoc.destroy
-      return true
-    end
-    false
-  end
-  
-  def store_nonce(nonce)
-    use_nonce(nonce)
-    Nonce.create :nonce => nonce, :created => Time.now.to_i
+    Association.delete_all(['server_url = ? AND handle = ?', server_url, handle]) > 0
   end
   
-  def use_nonce(nonce)
-    nonce = Nonce.find_by_nonce(nonce)
-    return false if nonce.nil?
-    
-    age = Time.now.to_i - nonce.created
-    nonce.destroy
-
-    age < 6.hours # max nonce age of 6 hours
+  def use_nonce(server_url, timestamp, salt)
+    return false if Nonce.find_by_server_url_and_timestamp_and_salt(server_url, timestamp, salt)
+    return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
+    Nonce.create(:server_url => server_url, :timestamp => timestamp, :salt => salt)
+    return true
   end
   
-  def dumb?
-    false
+  def cleanup_nonces
+    now = Time.now.to_i
+    Nonce.delete_all(["timestamp > ? OR timestamp < ?", now + OpenID::Nonce.skew, now - OpenID::Nonce.skew])
   end
 
-  # not part of the api, but useful
-  def gc
+  def cleanup_associations
     now = Time.now.to_i
-
-    # remove old nonces
-    nonces = Nonce.find(:all)
-    nonces.each {|n| n.destroy if now - n.created > 6.hours} unless nonces.nil?
-    
-    # remove expired assocs
-    assocs = Association.find(:all)
-    assocs.each { |a| a.destroy if a.from_record.expired? } unless assocs.nil?
+    Association.delete_all(['issued + lifetime > ?',now])
   end
+
 end