ruby-openid 2.1.7 → 2.1.8

data/CHANGELOG

@@ -1,35 +1,215 @@
-Wed Jul  1 15:07:23 PDT 2009  chowells@janrain.com
-  tagged 2.1.7
-  Ignore-this: 9bef91a9c9d6232961500dd4b9416c14
+Mon Jan 23 12:48:00 PST 2006  brian@janrain.com
+  * fixed bug in expiresIn.  added expired? method
 
-Wed Jul  1 14:43:24 PDT 2009  chowells@janrain.com
-  * update version to 2.1.7
-  Ignore-this: 9b158a7f5c948b1a042331bf8137e95d
+    M ./lib/openid/filestore.rb -1 +1
+    M ./lib/openid/stores.rb +4
 
-Wed Jul  1 12:23:50 PDT 2009  chowells@janrain.com
-  * Handle malformed associate responses better in negotiate association
-  Ignore-this: 13d2c5718f1f798d3e60ce9ffac9a135
+Mon Jan 23 12:46:37 PST 2006  brian@janrain.com
+  * removed deps section from INSTALL file.  deps are now included in lib because they are so small and to lower to bar of installing the library.
 
-Wed Jul  1 12:05:19 PDT 2009  chowells@janrain.com
-  * whitespace
-  Ignore-this: e4b91f8280dc1591726467448a468188
+    M ./INSTALL -9
 
-Mon Jun 29 15:19:08 PDT 2009  cygnus@janrain.com
-  * Add memcache store implementation and tests
-  Ignore-this: a8cde55ae2c28a9ba6f8c0a46436d336
+Tue Jan 17 14:45:57 PST 2006  brian@janrain.com
+  * added better handling of non-URL input
 
-Mon Jun 29 15:18:41 PDT 2009  cygnus@janrain.com
-  * Store tests: loosen get_association tests so that it is only asserting that we are not returning deleted associations rather than testing that we return a particular association
-  Ignore-this: a2514be4e99da76ca8c55a78bf10817a
+    M ./lib/openid/consumer.rb -1 +5
 
-Mon Jun 29 15:17:04 PDT 2009  cygnus@janrain.com
-  * Store tests: separate cleanup tests from other store tests
-  Ignore-this: 49ce6bc616af0deb063d8b1a9633ee0a
+Sat Jan 14 19:39:57 PST 2006  brian@janrain.com
+  * added html and hmac deps into lib since they are so small
 
-Mon Jun 29 15:15:49 PDT 2009  cygnus@janrain.com
-  * whitespace
-  Ignore-this: a69795c5131e0cf6f687ccc8dfbba61a
+    A ./lib/hmac-md5.rb
+    A ./lib/hmac-rmd160.rb
+    A ./lib/hmac-sha1.rb
+    A ./lib/hmac-sha2.rb
+    A ./lib/hmac.rb
+    A ./lib/html/
+    A ./lib/html/htmltokenizer.rb
 
-Tue Apr 21 11:42:57 PDT 2009  cygnus@janrain.com
-  tagged 2.1.6
-  Ignore-this: b97ef05fbb348ace2f86513a5de7db46
+Mon Jan 16 15:04:05 PST 2006  Josh Hoyt <josh@janrain.com>
+  * Add script that will prepare the repository for release
+
+    A ./admin/fixperms
+    A ./admin/prepare-release
+
+Mon Jan 16 14:35:27 PST 2006  Josh Hoyt <josh@janrain.com>
+  * Add custom boring file
+
+    A ./admin/darcs-ignore
+
+Mon Jan 16 14:07:13 PST 2006  Josh Hoyt <josh@janrain.com>
+  * Put the build-docs script into the admin directory
+
+     ./build-docs -> ./admin/build-docs
+    A ./admin/
+
+Mon Jan 16 14:05:47 PST 2006  Josh Hoyt <josh@janrain.com>
+  * Add script to build documentation
+
+    A ./build-docs
+
+Wed Jan  4 16:06:41 PST 2006  brian@janrain.com
+  tagged ruby-openid-0.9.2
+
+
+Wed Jan  4 16:02:32 PST 2006  brian@janrain.com
+  * added openid_login_generator rails generator to examples
+
+    A ./examples/openid_login_generator/
+    A ./examples/openid_login_generator/USAGE
+    A ./examples/openid_login_generator/openid_login_generator.rb
+    A ./examples/openid_login_generator/templates/
+    A ./examples/openid_login_generator/templates/README
+    A ./examples/openid_login_generator/templates/controller.rb
+    A ./examples/openid_login_generator/templates/helper.rb
+    A ./examples/openid_login_generator/templates/login_system.rb
+    A ./examples/openid_login_generator/templates/user.rb
+    A ./examples/openid_login_generator/templates/view_login.rhtml
+    A ./examples/openid_login_generator/templates/view_logout.rhtml
+    A ./examples/openid_login_generator/templates/view_signup.rhtml
+    A ./examples/openid_login_generator/templates/view_welcome.rhtml
+
+Wed Jan  4 16:01:12 PST 2006  brian@janrain.com
+  * updated examples README to include openid_login_generator
+
+    M ./examples/README +11
+
+Wed Jan  4 14:58:24 PST 2006  brian@janrain.com
+  * added link to ruby library from consumer.rb example
+
+    M ./examples/consumer.rb -1 +1
+
+Wed Jan  4 10:56:45 PST 2006  brian@janrain.com
+  * ensure Content-type header is present for POSTs
+
+    M ./lib/openid/fetchers.rb -1 +2
+
+Fri Dec 30 17:05:25 PST 2005  brian@janrain.com
+  tagged ruby-openid-0.9.1
+
+
+Fri Dec 30 17:03:54 PST 2005  brian@janrain.com
+  * added Ruby on Rails example consumer
+
+    M ./examples/README -1 +14
+    A ./examples/openid_rails.tar.gz
+
+Thu Dec 29 16:00:20 PST 2005  brian@janrain.com
+  tagged ruby-openid-0.9.0
+
+
+Thu Dec 29 15:43:07 PST 2005  brian@janrain.com
+  * removed docs directory. generated rdoc html will be added manually to tarballs, and not be kept in repository
+
+    R ./docs/
+    R ./docs/README
+
+Thu Dec 29 15:21:21 PST 2005  brian@janrain.com
+  * added more docs for stores
+
+    M ./TODO -2 +4
+    M ./lib/openid/filestore.rb -16 +3
+    M ./lib/openid/stores.rb -9 +1
+
+Thu Dec 29 14:58:52 PST 2005  brian@janrain.com
+  * Huge documentation patch
+
+    M ./INSTALL -12 +22
+    M ./README -1 +1
+    M ./lib/openid/consumer.rb -24 +370
+    M ./lib/openid/fetchers.rb -2 +1
+    M ./lib/openid/filestore.rb -6 +4
+    M ./lib/openid/stores.rb -2 +1
+
+Thu Dec 29 10:59:54 PST 2005  brian@janrain.com
+  * added more info and rdoc formatting to README
+
+    M ./README -10 +26
+
+Thu Dec 29 09:45:51 PST 2005  brian@janrain.com
+  * fixed bad comment
+
+    M ./examples/consumer.rb -1 +1
+
+Wed Dec 28 17:59:48 PST 2005  brian@janrain.com
+  * added platform agnositc temp dir discovery
+
+    M ./examples/consumer.rb -1 +5
+
+Wed Dec 28 17:13:21 PST 2005  brian@janrain.com
+  * moved getOpenIDParamerters to util
+
+    M ./lib/openid/consumer.rb -10 +2
+    M ./lib/openid/util.rb +8
+
+Wed Dec 28 15:47:51 PST 2005  brian@janrain.com
+  * code cleanup
+
+    M ./lib/openid/consumer.rb -5
+
+Wed Dec 28 15:29:31 PST 2005  brian@janrain.com
+  * added linkparse to test suite script
+
+    M ./test/runtests -1 +1
+
+Wed Dec 28 15:29:07 PST 2005  brian@janrain.com
+  * added link parsing tests, lots of em
+
+    A ./test/linkparse.rb
+
+Wed Dec 28 15:28:07 PST 2005  brian@janrain.com
+  * link parsing more robust: handle non-html data, and make sure link tag is in head
+
+    M ./lib/openid/parse.rb -5 +13
+
+Tue Dec 27 16:11:09 PST 2005  brian@janrain.com
+  * added more tests for openid/util
+
+    M ./test/dh.rb -2 +1
+    M ./test/runtests +1
+    A ./test/util.rb
+
+Tue Dec 27 16:10:28 PST 2005  brian@janrain.com
+  * change util methods to use all use /dev/urandom if available
+
+    M ./lib/openid/util.rb -15 +35
+
+Tue Dec 27 16:09:53 PST 2005  brian@janrain.com
+  * changed tmp pathname to something more useful
+
+    M ./examples/consumer.rb -1 +1
+
+Fri Dec 16 09:04:59 PST 2005  Josh Hoyt <josh@janrain.com>
+  * Removed (now obsolete) interface.rb
+  
+  This has been subsumed by consumer.rb
+
+    R ./lib/openid/interface.rb
+
+Thu Dec 15 18:25:04 PST 2005  brian@janrain.com
+  * initial checkin
+
+    A ./COPYING
+    A ./INSTALL
+    A ./README
+    A ./TODO
+    A ./docs/
+    A ./docs/README
+    A ./examples/
+    A ./examples/README
+    A ./examples/consumer.rb
+    A ./lib/
+    A ./lib/openid/
+    A ./lib/openid/consumer.rb
+    A ./lib/openid/dh.rb
+    A ./lib/openid/fetchers.rb
+    A ./lib/openid/filestore.rb
+    A ./lib/openid/interface.rb
+    A ./lib/openid/parse.rb
+    A ./lib/openid/stores.rb
+    A ./lib/openid/util.rb
+    A ./setup.rb
+    A ./test/
+    A ./test/assoc.rb
+    A ./test/dh.rb
+    A ./test/runtests
+    A ./test/teststore.rb

data/NOTICE

@@ -1,2 +1,2 @@
 This product includes software developed by JanRain,
-available from http://openidenabled.com/
+available from http://github.com/openid/ruby-openid

data/README

@@ -48,18 +48,17 @@ look at the library itself if there's anything you don't understand in
 the examples.
 
 ==Homepage
-http://openidenabled.com/ruby-openid/
+http://github.com/openid/ruby-openid
 
 See also:
 http://openid.net/
-http://openidenabled.com/
 
 ==Community
 Discussion regarding the Ruby OpenID library and other JanRain OpenID
 libraries takes place on the the OpenID mailing list on
-openidenabled.com.
+openid.net.
 
-http://lists.openidenabled.com/mailman/listinfo/dev
+http://openid.net/developers/dev-mailing-lists/
 
 Please join this list to discuss, ask implementation questions, report
 bugs, etc.  Also check out the openid channel on the freenode IRC

data/examples/rails_openid/app/controllers/consumer_controller.rb

@@ -46,7 +46,7 @@ class ConsumerController < ApplicationController
       oidreq.return_to_args['force_post']='x'*2048
     end
     return_to = url_for :action => 'complete', :only_path => false
-    realm = url_for :action => 'index', :only_path => false
+    realm = url_for :action => 'index', :id => nil, :only_path => false
     
     if oidreq.send_redirect?(realm, return_to, params[:immediate])
       redirect_to oidreq.redirect_url(realm, return_to, params[:immediate])

data/lib/openid.rb

@@ -13,7 +13,7 @@
 # permissions and limitations under the License.
 
 module OpenID
-  VERSION = "2.1.7"
+  VERSION = "2.1.8"
 end
 
 require "openid/consumer"

data/lib/openid/association.rb

@@ -125,7 +125,7 @@ module OpenID
         raise ProtocolError, "#{message} has no sig."
       end
       calculated_sig = get_message_signature(message)
-      return calculated_sig == message_sig
+      return CryptUtil.const_eq(calculated_sig, message_sig)
     end
 
     # Get the signature for this message
@@ -134,7 +134,7 @@ module OpenID
     end
 
     def ==(other)
-      (other.class == self.class and 
+      (other.class == self.class and
        other.handle == self.handle and
        other.secret == self.secret and
 

data/lib/openid/consumer.rb

@@ -376,7 +376,7 @@ module OpenID
 
     def complete_id_res(message, current_url)
       if message.is_openid1
-        setup_url = message.get_arg(OPENID1_NS, 'user_setup_url')
+        setup_url = message.get_arg(OPENID_NS, 'user_setup_url')
         if !setup_url.nil?
           return SetupNeededResponse.new(last_requested_endpoint, setup_url)
         end

data/lib/openid/consumer/associationmanager.rb

@@ -246,7 +246,7 @@ module OpenID
       def get_openid1_session_type(assoc_response)
         # If it's an OpenID 1 message, allow session_type to default
         # to nil (which signifies "no-encryption")
-        session_type = assoc_response.get_arg(OPENID1_NS, 'session_type')
+        session_type = assoc_response.get_arg(OPENID_NS, 'session_type')
 
         # Handle the differences between no-encryption association
         # respones in OpenID 1 and 2:

data/lib/openid/consumer/discovery.rb

@@ -421,8 +421,7 @@ module OpenID
     iname = self.normalize_xri(iname)
 
     begin
-      canonical_id, services = Yadis::XRI::ProxyResolver.new().query(
-            iname, OpenIDServiceEndpoint::OPENID_TYPE_URIS)
+      canonical_id, services = Yadis::XRI::ProxyResolver.new().query( iname )
 
       if canonical_id.nil?
         raise Yadis::XRDSError.new(sprintf('No CanonicalID found for XRI %s', iname))

data/lib/openid/consumer/html_parse.rb

@@ -18,7 +18,7 @@ module OpenID
 
     [^>]*>.*?<\/script>
 
-  /mixu 
+  /mix
 
   def OpenID.openid_unescape(s)
     s.gsub('&amp;','&').gsub('&lt;','<').gsub('&gt;','>').gsub('&quot;','"')

data/lib/openid/consumer/idres.rb

@@ -115,7 +115,7 @@ module OpenID
           require_fields = basic_fields + ['op_endpoint']
           require_sigs = basic_sig_fields +
             ['response_nonce', 'claimed_id', 'assoc_handle', 'op_endpoint']
-        when OPENID1_NS
+        when OPENID1_NS, OPENID11_NS
           require_fields = basic_fields + ['identity']
           require_sigs = basic_sig_fields
         else
@@ -276,7 +276,7 @@ module OpenID
 
       def check_nonce
         case openid_namespace
-        when OPENID1_NS
+        when OPENID1_NS, OPENID11_NS
           nonce =
             @message.get_arg(BARE_NS, Consumer.openid1_return_to_nonce_name)
 
@@ -309,7 +309,7 @@ module OpenID
       def verify_discovery_results
         begin
           case openid_namespace
-          when OPENID1_NS
+          when OPENID1_NS, OPENID11_NS
             verify_discovery_results_openid1
           when OPENID2_NS
             verify_discovery_results_openid2

data/lib/openid/consumer/responses.rb

@@ -83,7 +83,7 @@ module OpenID
       # Return the specified signed field if available, otherwise
       # return default
       def get_signed(ns_uri, ns_key, default=nil)
-        if singed?(ns_uri, ns_key)
+        if signed?(ns_uri, ns_key)
           return @message.get_arg(ns_uri, ns_key, default)
         else
           return default

data/lib/openid/cryptutil.rb

@@ -4,8 +4,15 @@ require "digest/sha2"
 begin
   require "digest/hmac"
 rescue LoadError
-  require "hmac/sha1"
-  require "hmac/sha2"
+  begin
+    # Try loading the ruby-hmac files if they exist
+    require "hmac-sha1"
+    require "hmac-sha2"
+  rescue LoadError
+    # Nothing exists use included hmac files
+    require "hmac/sha1"
+    require "hmac/sha2"
+  end
 end
 
 module OpenID
@@ -30,7 +37,7 @@ module OpenID
     end
 
     def CryptUtil.hmac_sha1(key, text)
-      if Digest.const_defined? :HMAC      
+      if Digest.const_defined? :HMAC
         Digest::HMAC.new(key,Digest::SHA1).update(text).digest
       else
         return HMAC::SHA1.digest(key, text)
@@ -42,7 +49,7 @@ module OpenID
     end
 
     def CryptUtil.hmac_sha256(key, text)
-      if Digest.const_defined? :HMAC      
+      if Digest.const_defined? :HMAC
         Digest::HMAC.new(key,Digest::SHA256).update(text).digest
       else
         return HMAC::SHA256.digest(key, text)
@@ -93,5 +100,16 @@ module OpenID
     def CryptUtil.base64_to_num(s)
       return binary_to_num(OpenID::Util.from_base64(s))
     end
+
+    def CryptUtil.const_eq(s1, s2)
+      if s1.length != s2.length
+        return false
+      end
+      result = true
+      s1.length.times do |i|
+        result &= (s1[i] == s2[i])
+      end
+      return result
+    end
   end
 end