ruby-openid 2.1.2 → 2.1.4

data/CHANGELOG

@@ -1,78 +1,11 @@
-Fri Jun 27 15:39:14 PDT 2008  Kevin Turner <kevin@janrain.com>
-  tagged 2.1.2
+Fri Dec 19 11:50:10 PST 2008  cygnus@janrain.com
+  tagged 2.1.4
 
-Fri Jun 27 15:38:05 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * update version to 2.1.2
+Fri Dec 19 11:48:25 PST 2008  cygnus@janrain.com
+  * Version: 2.1.4
 
-Fri Jun 27 15:01:35 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * util: remove call to srand
-  
-  From the Ruby FAQ:
-  
-  9.2 How do random number seeds work?
-  
-  It depends. In Ruby versions prior to 1.5.2, the random number generator had
-  (by default) a constant seed, and so would produce the same series of numbers
-  each time a program was run. If you needed less deterministic behaviors, you
-  called srand to set up a less predictable seed.
-  
-  Newer Rubys (Rubies?) have a different behavior. If rand is called without a
-  prior call to srand, Ruby will generate its own random(ish) seed. Successive
-  runs of a program that does not use srand will generate different sequences of
-  random numbers. To get the old, predictable, behavior (perhaps for testing),
-  call srand with a constant seed. 
+Fri Dec 19 11:42:47 PST 2008  cygnus@janrain.com
+  * Normalize XRIs when doing discovery in accordance with the OpenID 2 spec
 
-Fri Jun 27 13:34:43 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * LICENSE: htmltokenizer is (c) 2004 Ben Giddings
-
-Fri Jun 27 13:32:09 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * Yadis.html_yadis_location: catch HTMLTokenizerError
-
-Fri Jun 27 13:24:13 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * htmltokenizer: define HTMLTokenizerError to raise
-
-Fri Jun 27 13:18:38 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * htmltokenizer: Don't raise OpenIDError from htmltokenizer (it's not in the OpenID module namespace) #255
-
-Wed Jun 25 17:31:26 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * OpenID::Server::CheckIDRequest.answer: document return type
-
-Wed Jun 25 17:06:35 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * TrustRoot.check_sanity: don't fail if the trust root is not parseable
-
-Wed Jun 25 16:31:30 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * Message.from_http_response: accept 206 code
-
-Wed Jun 25 14:14:05 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * move OpenID::VERSION definition in openid.rb, for #256
-
-Wed Jun 25 13:55:18 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * Add admin/gettlds.py to ease updating of TLD list in trust root validation
-
-Wed Jun 25 13:50:22 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * TrustRoot.TOP_LEVEL_DOMAINS: updated
-
-Fri Jun 13 14:18:04 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * xrds.rb: fix stray colon
-
-Fri Jun 13 13:41:58 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * Yadis::get_canonical_id: case-insensitive comparison
-  
-  Porting a patch from =wil:
-  
-  1. There should only be a single CanonicalID in each XRD (in the latest XRI
-  resolution spec), so I made it use the first CID found instead of the last.
-  
-  2. Use case-insensitive comparison when comparing CanonicalIDs.
-
-Wed Jun 11 15:24:12 PDT 2008  Kevin Turner <kevin@janrain.com>
-  * Accept response code 206 from fetcher results.  Fixes #260
-
-Wed Jun 11 11:27:25 PDT 2008  cygnus@janrain.com
-  * admin/fixperms: Fix stale entries
-
-Wed Jun 11 11:08:11 PDT 2008  cygnus@janrain.com
-  * Add test cases for trust roots with non-ASCII characters in path or hostname
-
-Fri Jun  6 15:50:12 PDT 2008  cygnus@janrain.com
-  tagged 2.1.1
+Tue Dec 16 13:14:07 PST 2008  cygnus@janrain.com
+  tagged 2.1.3

data/lib/openid.rb

@@ -13,7 +13,7 @@
 # permissions and limitations under the License.
 
 module OpenID
-  VERSION = "2.1.2"
+  VERSION = "2.1.4"
 end
 
 require "openid/consumer"

data/lib/openid/consumer.rb

@@ -369,7 +369,8 @@ module OpenID
       if message.is_openid1
         return complete_invalid(message, nil)
       else
-        return SetupNeededResponse.new(last_requested_endpoint, nil)
+        setup_url = message.get_arg(OPENID2_NS, 'user_setup_url')
+        return SetupNeededResponse.new(last_requested_endpoint, setup_url)
       end
     end
 

data/lib/openid/consumer/discovery.rb

@@ -288,6 +288,13 @@ module OpenID
     return local_id
   end
 
+  def self.normalize_xri(xri)
+    # Normalize an XRI, stripping its scheme if present
+    m = /^xri:\/\/(.*)/.match(xri)
+    xri = m[1] if m
+    return xri
+  end
+
   def self.normalize_url(url)
     # Normalize a URL, converting normalization failures to
     # DiscoveryFailure
@@ -411,6 +418,7 @@ module OpenID
 
   def self.discover_xri(iname)
     endpoints = []
+    iname = self.normalize_xri(iname)
 
     begin
       canonical_id, services = Yadis::XRI::ProxyResolver.new().query(

data/lib/openid/fetchers.rb

@@ -187,7 +187,6 @@ module OpenID
 
       headers ||= {}
       headers['User-agent'] ||= USER_AGENT
-      headers['Range'] ||= "0-#{MAX_RESPONSE_KB*1024}"
 
       begin
         conn = make_connection(url)

data/lib/openid/server.rb

@@ -445,12 +445,12 @@ module OpenID
       # Raises #MalformedReturnURL when the +return_to+ URL is not
       # a URL.
       def initialize(identity, return_to, op_endpoint, trust_root=nil,
-                     immediate=false, assoc_handle=nil)
+                     immediate=false, assoc_handle=nil, claimed_id=nil)
         @assoc_handle = assoc_handle
         @identity = identity
-        @claimed_id = identity
+        @claimed_id = (claimed_id or identity)
         @return_to = return_to
-        @trust_root = trust_root or return_to
+        @trust_root = (trust_root or return_to)
         @op_endpoint = op_endpoint
         @message = nil
 
@@ -756,7 +756,7 @@ module OpenID
             # immediate=false.
             setup_request = self.class.new(@identity, @return_to,
                                            @op_endpoint, @trust_root, false,
-                                           @assoc_handle)
+                                           @assoc_handle, @claimed_id)
             setup_request.message = Message.new(@message.get_openid_namespace)
             setup_url = setup_request.encode_to_url(server_url)
             response.fields.set_arg(OPENID_NS, 'user_setup_url', setup_url)

data/lib/openid/yadis/parsehtml.rb

@@ -32,7 +32,8 @@ module OpenID
           return nil if el.tag_name == 'html'
 
           if el.tag_name == 'meta' and (equiv = el.attr_hash['http-equiv'])
-            if ['x-xrds-location','x-yadis-location'].member?(equiv.downcase)
+            if ['x-xrds-location','x-yadis-location'].member?(equiv.downcase) &&
+                el.attr_hash.member?('content')
               return CGI::unescapeHTML(el.attr_hash['content'])
             end
           end

data/test/data/test_discover/malformed_meta_tag.html

@@ -0,0 +1,19 @@
+<html>
+<head>
+<title />
+
+<link rel="openid.server"
+	href="http://www.myopenid.com/server" />
+<link rel="openid.delegate"
+	href="http://user.myopenid.com/" />
+<link rel="openid2.local_id"
+	href="http://user.myopenid.com/" />
+<link rel="openid2.provider"
+	href="http://www.myopenid.com/server" />
+<meta http-equiv="X-XRDS-Location"
+	http://www.myopenid.com/xrds?username=user.myopenid.com" />
+
+</head>
+<body>
+</body>
+</html>

data/test/test_discover.rb

@@ -273,6 +273,33 @@ module OpenID
                     false)
     end
 
+    def test_malformed_meta_tag
+      @id_url = "http://user.myopenid.com/"
+
+      services = _discover(
+                           'text/html',
+                           read_data_file('test_discover/malformed_meta_tag.html', false),
+                           2)
+
+      _checkService(
+                    services[0],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    @id_url,
+                    nil,
+                    ['2.0'],
+                    false)
+
+      _checkService(
+                    services[1],
+                    "http://www.myopenid.com/server",
+                    @id_url,
+                    @id_url,
+                    nil,
+                    ['1.1'],
+                    false)
+    end
+
     def test_html1
       services = _discover('text/html',
                            read_data_file('test_discover/openid.html', false),
@@ -544,6 +571,28 @@ module OpenID
                     '=smoker')
     end
 
+    def test_xri_normalize
+      user_xri, services = OpenID.discover_xri('xri://=smoker')
+
+      _checkService(services[0],
+                    "http://www.myopenid.com/server",
+                    Yadis::XRI.make_xri("=!1000"),
+                    'http://smoker.myopenid.com/',
+                    Yadis::XRI.make_xri("=!1000"),
+                    ['1.0'],
+                    true,
+                    '=smoker')
+
+      _checkService(services[1],
+                    "http://www.livejournal.com/openid/server.bml",
+                    Yadis::XRI.make_xri("=!1000"),
+                    'http://frank.livejournal.com/',
+                    Yadis::XRI.make_xri("=!1000"),
+                    ['1.0'],
+                    true,
+                    '=smoker')
+    end
+
     def test_xriNoCanonicalID
       silence_logging {
         user_xri, services = OpenID.discover_xri('=smoker*bad')

data/test/test_idres.rb

@@ -605,7 +605,9 @@ module OpenID
           expected_endpoint.local_id = nil
           expected_endpoint.claimed_id = claimed_id
   
-          hacked_discover = Proc.new { ['unused', [expected_endpoint]] }
+          hacked_discover = Proc.new {
+            |_claimed_id| ['unused', [expected_endpoint]]
+          }
           idres = IdResHandler.new(resp_mesg, nil, nil, @endpoint)
           assert_log_matches('Performing discovery') {
             OpenID.with_method_overridden(:discover, hacked_discover) {
@@ -661,7 +663,7 @@ module OpenID
                                  'identity' => 'sour grapes',
                                  'claimed_id' => 'monkeysoft',
                                  'op_endpoint' => 'Phone Home'}) do |idres|
-              idres.instance_def(:discover_and_verify) do
+              idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
                 @endpoint = endpoint
               end
             end
@@ -684,7 +686,7 @@ module OpenID
                                  'claimed_id' => 'monkeysoft',
                                  'op_endpoint' => 'Green Cheese'}) do |idres|
                         idres.extend(InstanceDefExtension)
-              idres.instance_def(:discover_and_verify) do
+              idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
                 @endpoint = endpoint
               end
             end
@@ -768,7 +770,7 @@ module OpenID
             assert_raises(verified_error) {
               call_verify_modify({'ns' => OPENID1_NS,
                                    'identity' => @endpoint.local_id}) { |idres|
-                idres.instance_def(:discover_and_verify) do
+                idres.instance_def(:discover_and_verify) do |claimed_id, endpoints|
                   raise verified_error
                 end
               }

data/test/test_server.rb

@@ -1421,6 +1421,7 @@ module OpenID
       @request.message = Message.new(OPENID1_NS)
       @request.mode = 'checkid_immediate'
       @request.immediate = true
+      @request.claimed_id = 'http://claimed-id.test/'
       server_url = "http://setup-url.unittest/"
       # crappiting setup_url, you dirty my interface with your presence!
       answer = @request.answer(false, server_url)
@@ -1428,8 +1429,11 @@ module OpenID
       assert_equal(2, answer.fields.to_post_args.length, answer.fields)
       assert_equal(OPENID1_NS, answer.fields.get_openid_namespace)
       assert_equal('id_res', answer.fields.get_arg(OPENID_NS, 'mode'))
-      assert(answer.fields.get_arg(
-                                   OPENID_NS, 'user_setup_url', '').starts_with?(server_url))
+
+      usu = answer.fields.get_arg(OPENID_NS, 'user_setup_url', '')
+      assert(usu.starts_with?(server_url))
+      expected_substr = 'openid.claimed_id=http%3A%2F%2Fclaimed-id.test%2F'
+      assert(!usu.index(expected_substr).nil?, usu)
     end
 
     def test_answerSetupDeny

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.9.0
 specification_version: 1
 name: ruby-openid
 version: !ruby/object:Gem::Version 
-  version: 2.1.2
-date: 2008-06-27 00:00:00 -07:00
+  version: 2.1.4
+date: 2008-12-19 00:00:00 -08:00
 summary: A library for consuming and serving OpenID identities.
 require_paths: 
 - lib
@@ -256,6 +256,7 @@ files:
 - test/data/test_discover/yadis_idp.xml
 - test/data/test_discover/yadis_idp_delegate.xml
 - test/data/test_discover/yadis_no_delegate.xml
+- test/data/test_discover/malformed_meta_tag.html
 - NOTICE
 - CHANGELOG
 - README