ruby-openid 2.1.6 → 2.1.7

data/CHANGELOG

@@ -1,15 +1,35 @@
-Tue Apr 21 11:42:57 PDT 2009  cygnus@janrain.com
-  tagged 2.1.6
-  Ignore-this: b97ef05fbb348ace2f86513a5de7db46
+Wed Jul  1 15:07:23 PDT 2009  chowells@janrain.com
+  tagged 2.1.7
+  Ignore-this: 9bef91a9c9d6232961500dd4b9416c14
+
+Wed Jul  1 14:43:24 PDT 2009  chowells@janrain.com
+  * update version to 2.1.7
+  Ignore-this: 9b158a7f5c948b1a042331bf8137e95d
+
+Wed Jul  1 12:23:50 PDT 2009  chowells@janrain.com
+  * Handle malformed associate responses better in negotiate association
+  Ignore-this: 13d2c5718f1f798d3e60ce9ffac9a135
+
+Wed Jul  1 12:05:19 PDT 2009  chowells@janrain.com
+  * whitespace
+  Ignore-this: e4b91f8280dc1591726467448a468188
 
-Tue Apr 21 11:42:54 PDT 2009  cygnus@janrain.com
-  * Set version to 2.1.6
-  Ignore-this: 992c07fd2dca61765d11f90167008ebd
+Mon Jun 29 15:19:08 PDT 2009  cygnus@janrain.com
+  * Add memcache store implementation and tests
+  Ignore-this: a8cde55ae2c28a9ba6f8c0a46436d336
 
-Mon Apr 20 12:57:11 PDT 2009  cygnus@janrain.com
-  * Consumer: require that op_endpoint be signed in id_res responses
-  Ignore-this: a0fbd71a105194bac2624f7cff8a3e7a
+Mon Jun 29 15:18:41 PDT 2009  cygnus@janrain.com
+  * Store tests: loosen get_association tests so that it is only asserting that we are not returning deleted associations rather than testing that we return a particular association
+  Ignore-this: a2514be4e99da76ca8c55a78bf10817a
 
-Fri Apr 17 11:05:55 PDT 2009  cygnus@janrain.com
-  tagged 2.1.5
-  Ignore-this: 5f2efd8e91589c54cb0833b6379b9cfa
+Mon Jun 29 15:17:04 PDT 2009  cygnus@janrain.com
+  * Store tests: separate cleanup tests from other store tests
+  Ignore-this: 49ce6bc616af0deb063d8b1a9633ee0a
+
+Mon Jun 29 15:15:49 PDT 2009  cygnus@janrain.com
+  * whitespace
+  Ignore-this: a69795c5131e0cf6f687ccc8dfbba61a
+
+Tue Apr 21 11:42:57 PDT 2009  cygnus@janrain.com
+  tagged 2.1.6
+  Ignore-this: b97ef05fbb348ace2f86513a5de7db46

data/admin/runtests.rb

@@ -7,6 +7,16 @@ require "pathname"
 require 'test/unit/collector/dir'
 require 'test/unit/ui/console/testrunner'
 
+begin
+  require 'rubygems'
+  require 'memcache'
+rescue LoadError
+else
+  if ENV['TESTING_MEMCACHE']
+    TESTING_MEMCACHE = MemCache.new(ENV['TESTING_MEMCACHE'])
+  end
+end
+
 def main
   old_verbose = $VERBOSE
   $VERBOSE = true
@@ -26,7 +36,6 @@ def main
     suite = c.collect(tests_dir)
   end
 
-
   result = Test::Unit::UI::Console::TestRunner.run(suite)
   result.passed?
 ensure

data/lib/openid.rb

@@ -13,7 +13,7 @@
 # permissions and limitations under the License.
 
 module OpenID
-  VERSION = "2.1.6"
+  VERSION = "2.1.7"
 end
 
 require "openid/consumer"

data/lib/openid/consumer/associationmanager.rb

@@ -143,6 +143,10 @@ module OpenID
               return nil
             end
           end
+        rescue InvalidOpenIDNamespace
+          Util.log("Server #{@server_url} returned a malformed association " \
+                   "response.  Falling back to check_id mode for this request.")
+          return nil
         end
       end
 

data/lib/openid/store/memcache.rb

@@ -0,0 +1,107 @@
+require 'openid/util'
+require 'openid/store/interface'
+require 'openid/store/nonce'
+require 'time'
+
+module OpenID
+  module Store
+    class Memcache < Interface
+      attr_accessor :key_prefix
+
+      def initialize(cache_client, key_prefix='openid-store:')
+        @cache_client = cache_client
+        self.key_prefix = key_prefix
+      end
+
+      # Put a Association object into storage.
+      # When implementing a store, don't assume that there are any limitations
+      # on the character set of the server_url.  In particular, expect to see
+      # unescaped non-url-safe characters in the server_url field.
+      def store_association(server_url, association)
+        serialized = serialize(association)
+        [nil, association.handle].each do |handle|
+          key = assoc_key(server_url, handle)
+          @cache_client.set(key, serialized, expiry(association.lifetime))
+        end
+      end
+
+      # Returns a Association object from storage that matches
+      # the server_url.  Returns nil if no such association is found or if
+      # the one matching association is expired. (Is allowed to GC expired
+      # associations when found.)
+      def get_association(server_url, handle=nil)
+        serialized = @cache_client.get(assoc_key(server_url, handle))
+        if serialized
+          return deserialize(serialized)
+        else
+          return nil
+        end
+      end
+
+      # If there is a matching association, remove it from the store and
+      # return true, otherwise return false.
+      def remove_association(server_url, handle)
+        deleted = delete(assoc_key(server_url, handle))
+        server_assoc = get_association(server_url)
+        if server_assoc && server_assoc.handle == handle
+          deleted = delete(assoc_key(server_url)) | deleted
+        end
+        return deleted
+      end
+
+      # Return true if the nonce has not been used before, and store it
+      # for a while to make sure someone doesn't try to use the same value
+      # again.  Return false if the nonce has already been used or if the
+      # timestamp is not current.
+      # You can use OpenID::Store::Nonce::SKEW for your timestamp window.
+      # server_url: URL of the server from which the nonce originated
+      # timestamp: time the nonce was created in seconds since unix epoch
+      # salt: A random string that makes two nonces issued by a server in
+      #       the same second unique
+      def use_nonce(server_url, timestamp, salt)
+        return false if (timestamp - Time.now.to_i).abs > Nonce.skew
+        ts = timestamp.to_s # base 10 seconds since epoch
+        nonce_key = key_prefix + 'N' + server_url + '|' + ts + '|' + salt
+        result = @cache_client.add(nonce_key, '', expiry(Nonce.skew + 5))
+        return !!(result =~ /^STORED/)
+      end
+
+      def assoc_key(server_url, assoc_handle=nil)
+        key = key_prefix + 'A' + server_url
+        if assoc_handle
+          key += '|' + assoc_handle
+        end
+        return key
+      end
+
+      def cleanup_nonces
+      end
+
+      def cleanup
+      end
+
+      def cleanup_associations
+      end
+
+      protected
+
+      def delete(key)
+        result = @cache_client.delete(key)
+        return !!(result =~ /^DELETED/)
+      end
+
+      def serialize(assoc)
+        Marshal.dump(assoc)
+      end
+
+      def deserialize(assoc_str)
+        Marshal.load(assoc_str)
+      end
+
+      # Convert a lifetime in seconds into a memcache expiry value
+      def expiry(t)
+        Time.now.to_i + t
+      end
+    end
+  end
+end

data/test/test_associationmanager.rb

@@ -314,9 +314,9 @@ module OpenID
     # in an unsupported-type response is absent.
     def test_empty_assoc_type
       msg = mk_message({'error' => 'Unsupported type',
-                              'error_code' => 'unsupported-type',
-                              'session_type' => 'new-session-type',
-                            })
+                         'error_code' => 'unsupported-type',
+                         'session_type' => 'new-session-type',
+                       })
 
       assert_log_matches('Unsupported association type',
                          "Server #{@server_url} responded with unsupported "\
@@ -331,9 +331,9 @@ module OpenID
     # in an unsupported-type response is absent.
     def test_empty_session_type
       msg = mk_message({'error' => 'Unsupported type',
-                              'error_code' => 'unsupported-type',
-                              'assoc_type' => 'new-assoc-type',
-                            })
+                         'error_code' => 'unsupported-type',
+                         'assoc_type' => 'new-assoc-type',
+                       })
 
       assert_log_matches('Unsupported association type',
                          "Server #{@server_url} responded with unsupported "\
@@ -352,10 +352,10 @@ module OpenID
         @allowed_types = [['assoc_bogus', 'session_bogus']]
       }
       msg = mk_message({'error' => 'Unsupported type',
-                              'error_code' => 'unsupported-type',
-                              'assoc_type' => 'not-allowed',
-                              'session_type' => 'not-allowed',
-                            })
+                         'error_code' => 'unsupported-type',
+                         'assoc_type' => 'not-allowed',
+                         'session_type' => 'not-allowed',
+                       })
 
       assert_log_matches('Unsupported association type',
                          'Server sent unsupported session/association type:') {
@@ -367,10 +367,10 @@ module OpenID
     # retry to get an association with the new preferred type.
     def test_unsupported_with_retry
       msg = mk_message({'error' => 'Unsupported type',
-                              'error_code' => 'unsupported-type',
-                              'assoc_type' => 'HMAC-SHA1',
-                              'session_type' => 'DH-SHA1',
-                            })
+                         'error_code' => 'unsupported-type',
+                         'assoc_type' => 'HMAC-SHA1',
+                         'session_type' => 'DH-SHA1',
+                       })
 
       assoc = Association.new('handle', 'secret', Time.now, 10000, 'HMAC-SHA1')
 
@@ -383,10 +383,10 @@ module OpenID
     # retry, but the retry fails and nil is returned instead.
     def test_unsupported_with_retry_and_fail
       msg = mk_message({'error' => 'Unsupported type',
-                              'error_code' => 'unsupported-type',
-                              'assoc_type' => 'HMAC-SHA1',
-                              'session_type' => 'DH-SHA1',
-                            })
+                         'error_code' => 'unsupported-type',
+                         'assoc_type' => 'HMAC-SHA1',
+                         'session_type' => 'DH-SHA1',
+                       })
 
       assert_log_matches('Unsupported association type',
                          "Server #{@server_url} refused") {

data/test/test_stores.rb

@@ -1,6 +1,7 @@
 require 'test/unit'
 require 'openid/store/interface'
 require 'openid/store/filesystem'
+require 'openid/store/memcache'
 require 'openid/store/memory'
 require 'openid/util'
 require 'openid/store/nonce'
@@ -11,7 +12,7 @@ module OpenID
     module StoreTestCase
       @@allowed_handle = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'
       @@allowed_nonce = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
-      
+
       def _gen_nonce
         OpenID::CryptUtil.random_string(8, @@allowed_nonce)
       end
@@ -28,9 +29,9 @@ module OpenID
         secret = _gen_secret(20)
         handle = _gen_handle(128)
         OpenID::Association.new(handle, secret, Time.now + issued, lifetime,
-                                'HMAC-SHA1') 
+                                'HMAC-SHA1')
       end
-      
+
       def _check_retrieve(url, handle=nil, expected=nil)
         ret_assoc = @store.get_association(url, handle)
 
@@ -49,7 +50,6 @@ module OpenID
       end
 
       def test_store
-        server_url = "http://www.myopenid.com/openid"
         assoc = _gen_assoc(issued=0)
 
         # Make sure that a missing association returns no result
@@ -117,7 +117,11 @@ module OpenID
         _check_remove(server_url, assoc2.handle, false)
         _check_remove(server_url, assoc3.handle, true)
 
-        _check_retrieve(server_url, nil, assoc)
+        ret_assoc = @store.get_association(server_url, nil)
+        unexpected = [assoc2.handle, assoc3.handle]
+        assert(ret_assoc.nil? || !unexpected.member?(ret_assoc.handle),
+               ret_assoc)
+
         _check_retrieve(server_url, assoc.handle, assoc)
         _check_retrieve(server_url, assoc2.handle, nil)
         _check_retrieve(server_url, assoc3.handle, nil)
@@ -134,7 +138,9 @@ module OpenID
         _check_remove(server_url, assoc2.handle, false)
         _check_remove(server_url, assoc.handle, false)
         _check_remove(server_url, assoc3.handle, false)
+      end
 
+      def test_assoc_cleanup
         assocValid1 = _gen_assoc(-3600, 7200)
         assocValid2 = _gen_assoc(-5)
         assocExpired1 = _gen_assoc(-7200, 3600)
@@ -156,21 +162,26 @@ module OpenID
         assert_equal(expected, actual, msg)
       end
 
+      def server_url
+        "http://www.myopenid.com/openid"
+      end
+
       def test_nonce
-        server_url = "http://www.myopenid.com/openid"
         [server_url, ''].each{|url|
           nonce1 = Nonce::mk_nonce
 
-          _check_use_nonce(nonce1, true, url, "#{url}: nonce allowed by default") 
-          _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed twice") 
+          _check_use_nonce(nonce1, true, url, "#{url}: nonce allowed by default")
+          _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed twice")
           _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed third time")
-          
+
           # old nonces shouldn't pass
           old_nonce = Nonce::mk_nonce(3600)
           _check_use_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed")
 
         }
+      end
 
+      def test_nonce_cleanup
         now = Time.now.to_i
         old_nonce1 = Nonce::mk_nonce(now - 20000)
         old_nonce2 = Nonce::mk_nonce(now - 10000)
@@ -187,7 +198,6 @@ module OpenID
         ts, salt = Nonce::split_nonce(recent_nonce)
         assert(@store.use_nonce(server_url, ts, salt), "recent_nonce")
 
-        
         Nonce.skew = 1000
         cleaned = @store.cleanup_nonces
         assert_equal(2, cleaned, "Cleaned #{cleaned} nonces")
@@ -204,7 +214,7 @@ module OpenID
 
       end
     end
-    
+
     class FileStoreTestCase < Test::Unit::TestCase
       include StoreTestCase
 
@@ -220,50 +230,69 @@ module OpenID
 
     class MemoryStoreTestCase < Test::Unit::TestCase
       include StoreTestCase
-      
+
       def setup
         @store = Memory.new
       end
     end
 
+    begin
+      ::TESTING_MEMCACHE
+    rescue NameError
+    else
+      class MemcacheStoreTestCase < Test::Unit::TestCase
+        include StoreTestCase
+        def setup
+          store_uniq = OpenID::CryptUtil.random_string(6, "0123456789")
+          store_namespace = "openid-store-#{store_uniq}:"
+          @store = Memcache.new(::TESTING_MEMCACHE, store_namespace)
+        end
+
+        def test_nonce_cleanup
+        end
+
+        def test_assoc_cleanup
+        end
+      end
+    end
+
     class AbstractStoreTestCase < Test::Unit::TestCase
       def test_abstract_class
         # the abstract made concrete
         abc = Interface.new()
         server_url = "http://server.com/"
         association = OpenID::Association.new("foo", "bar", Time.now, Time.now + 10, "dummy")
-        
-        assert_raise(NotImplementedError) { 
+
+        assert_raise(NotImplementedError) {
           abc.store_association(server_url, association)
         }
 
-        assert_raise(NotImplementedError) { 
+        assert_raise(NotImplementedError) {
           abc.get_association(server_url)
         }
 
-        assert_raise(NotImplementedError) { 
+        assert_raise(NotImplementedError) {
           abc.remove_association(server_url, association.handle)
         }
 
-        assert_raise(NotImplementedError) { 
+        assert_raise(NotImplementedError) {
           abc.use_nonce(server_url, Time.now.to_i, "foo")
         }
 
-        assert_raise(NotImplementedError) { 
+        assert_raise(NotImplementedError) {
           abc.cleanup_nonces()
         }
 
-        assert_raise(NotImplementedError) { 
+        assert_raise(NotImplementedError) {
           abc.cleanup_associations()
         }
 
-        assert_raise(NotImplementedError) { 
+        assert_raise(NotImplementedError) {
           abc.cleanup()
         }
-        
+
       end
 
     end
   end
 end
-

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.9.0
 specification_version: 1
 name: ruby-openid
 version: !ruby/object:Gem::Version 
-  version: 2.1.6
-date: 2009-04-21 00:00:00 -07:00
+  version: 2.1.7
+date: 2009-07-01 00:00:00 -07:00
 summary: A library for consuming and serving OpenID identities.
 require_paths: 
 - lib
@@ -168,6 +168,7 @@ files:
 - lib/openid/store/interface.rb
 - lib/openid/store/nonce.rb
 - lib/openid/store/memory.rb
+- lib/openid/store/memcache.rb
 - lib/openid/extensions/sreg.rb
 - lib/openid/extensions/ax.rb
 - lib/openid/extensions/pape.rb