ruby-openid 2.1.8 → 2.2.0

data/CHANGELOG.md

@@ -0,0 +1,13 @@
+# Changelog
+
+## 2.2.0
+
+* Bundler compatibility and bundler gem tasks - 72d551945f9577bf5d0e516c673c648791b0e795
+* register_namespace_alias for AX message - aeaf050d21aeb681a220758f1cc61b9086f73152
+* Fixed JRuby (1.9 mode) incompatibilty - 40baed6cf7326025058a131c2b76047345618539
+* Added UI extension support - a276a63d68639e985c1f327cf817489ccc5f9a17
+* Add attr_reader for setup_url on SetupNeededResponse - 75a7e98005542ede6db3fc7f1fc551e0a2ca044a
+* Encode form inputs - c9e9b5b52f8a23df3159c2387b6330d5df40f35b
+* Fixed cleanup AR associations whose expiry is past, not upcoming - 2265179a6d5c8b51ccc741180db46b618dd3caf9
+* Fixed issue with Memcache store and Dalli - ef84bf73da9c99c67b0632252bf0349e2360cbc7
+* Improvements to ActiveRecordStore's gc rake task - 847e19bf60a6b8163c1e0d2e96dbd805c64e2880

data/INSTALL.md

@@ -0,0 +1,47 @@
+# Ruby OpenID Library Installation
+
+## Rubygems Installation
+
+Rubygems is a tool for installing ruby libraries and their
+dependancies. If you have rubygems installed, simply:
+
+    gem install ruby-openid
+
+## Manual Installation
+
+Unpack the archive and run setup.rb to install:
+
+    ruby setup.rb
+
+setup.rb installs the library into your system ruby. If don't want to
+add openid to you system ruby, you may instead add the `lib` directory of
+the extracted tarball to your RUBYLIB environment variable:
+
+    $ export RUBYLIB=${RUBYLIB}:/path/to/ruby-openid/lib
+
+## Testing the Installation
+
+Make sure everything installed ok:
+
+    $> irb
+    irb$> require "openid"
+    => true
+
+Or, if you installed via rubygems:
+
+    $> irb
+    irb$> require "rubygems"
+    => true
+    irb$> require_gem "ruby-openid"
+    => true
+
+## Run the test suite
+
+Go into the test directory and execute the `runtests.rb` script.
+
+## Next steps
+
+* Run `consumer.rb` in the examples directory.
+* Get started writing your own consumer using OpenID::Consumer
+* Write your own server with `OpenID::Server`
+* Use the `OpenIDLoginGenerator`! Read `example/README` for more info.

data/README.md

@@ -0,0 +1,82 @@
+# Ruby OpenID
+
+A Ruby library for verifying and serving OpenID identities.
+
+[![Build Status](https://secure.travis-ci.org/openid/ruby-openid.png)](http://travis-ci.org/openid/ruby-openid)
+
+## Features
+
+  * Easy to use API for verifying OpenID identites - OpenID::Consumer
+  * Support for serving OpenID identites - OpenID::Server
+  * Does not depend on underlying web framework
+  * Supports multiple storage mechanisms (Filesystem, ActiveRecord, Memory)
+  * Example code to help you get started, including:
+    * Ruby on Rails based consumer and server
+    * OpenIDLoginGenerator for quickly getting creating a rails app that uses
+      OpenID for authentication
+    * ActiveRecordOpenIDStore plugin
+  * Comprehensive test suite
+  * Supports both OpenID 1 and OpenID 2 transparently
+
+## Installing
+
+Before running the examples or writing your own code you'll need to install
+the library.  See the INSTALL file or use rubygems:
+
+    gem install ruby-openid
+
+Check the installation:
+
+    $ irb
+    irb> require 'rubygems'
+    => false
+    irb> gem 'ruby-openid'
+    => true
+
+The library is known to work with Ruby 1.8.4 on Unix, Max OSX and
+Win32. Examples have been tested with Rails 1 to 3.
+
+## Getting Started
+
+The best way to start is to look at the rails_openid example.
+You can run it with:
+
+    cd examples/rails_openid
+    script/server
+
+If you are writing an OpenID Relying Party, a good place to start is:
+`examples/rails_openid/app/controllers/consumer_controller.rb`
+
+And if you are writing an OpenID provider:
+`examples/rails_openid/app/controllers/server_controller.rb`
+
+The library code is quite well documented, so don't be squeamish, and
+look at the library itself if there's anything you don't understand in
+the examples.
+
+## Homepage
+
+  * [GitHub](http://github.com/openid/ruby-openid)
+  * [Website](http://openid.net/)
+
+## Community
+
+Discussion regarding the Ruby OpenID library and other JanRain OpenID
+libraries takes place on the [OpenID mailing list](http://openid.net/developers/dev-mailing-lists/).
+
+Please join this list to discuss, ask implementation questions, report
+bugs, etc. Also check out the openid channel on the freenode IRC
+network.
+
+If you have a bugfix or feature you'd like to contribute, don't
+hesitate to send it to us: [How to contribute](http://openidenabled.com/contribute/).
+
+## Author
+
+Copyright 2006-2012, JanRain, Inc.
+
+Contact openid@janrain.com or visit the [OpenID channel on pibb.com](http://pibb.com/go/openid).
+
+## License
+
+Apache Software License.  For more information see the LICENSE file.

data/{UPGRADE → UPGRADE.md}

@@ -1,125 +1,124 @@
-= Upgrading from the OpenID 1.x series library
+# Upgrading from the OpenID 1.x series library
 
-== Consumer Upgrade
+## Consumer Upgrade
 
-The flow is largely the same, however there are a number of significant 
-changes.  The consumer example is helpful to look at:
-examples/rails_openid/app/controllers/consumer_controller.rb
+The flow is largely the same, however there are a number of significant
+changes. The consumer example is helpful to look at:
+`examples/rails_openid/app/controllers/consumer_controller.rb`
 
-
-=== Stores
+### Stores
 
 You will need to require the file for the store that you are using.
 For the filesystem store, this is 'openid/stores/filesystem'
-They are also now in modules.  The filesystem store is 
-  OpenID::Store::Filesystem
+They are also now in modules. The filesystem store is
+  `OpenID::Store::Filesystem`
 The format has changed, and you should remove your old store directory.
 
-The ActiveRecord store ( examples/active_record_openid_store ) still needs
+The ActiveRecord store (`examples/active_record_openid_store`) still needs
 to be put in a plugin directory for your rails app.  There's a migration
-that needs to be run; examine the README in that directory.
+that needs to be run; examine the `README` in that directory.
 
 Also, note that the stores now can be garbage collected with the method
-  store.cleanup
-
+  `store.cleanup`
 
-=== Starting the OpenID transaction
+### Starting the OpenID transaction
 
 The OpenIDRequest object no longer has status codes.  Instead,
 consumer.begin raises an OpenID::OpenIDError if there is a problem
 initiating the transaction, so you'll want something along the lines of:
 
-  begin
-    openid_request = consumer.begin(params[:openid_identifier])
-  rescue OpenID::OpenIDError => e
-    # display error e
-    return
-  end
-  #success case
+    begin
+      openid_request = consumer.begin(params[:openid_identifier])
+    rescue OpenID::OpenIDError => e
+      # display error e
+      return
+    end
+    #success case
 
 Data regarding the OpenID server once lived in
-  openid_request.service
+  `openid_request.service`
 
 The corresponding object in the 2.0 lib can be retrieved with
-  openid_request.endpoint
+  `openid_request.endpoint`
 
 Getting the unverified identifier: Where you once had
-  openid_request.identity_url
+  `openid_request.identity_url`
 you will now want
-  openid_request.endpoint.claimed_id
+  `openid_request.endpoint.claimed_id`
 which might be different from what you get at the end of the transaction,
 since it is now possible for users to enter their server's url directly.
 
 Arguments on the return_to URL are now verified, so if you want to add
 additional arguments to the return_to url, use
-  openid_request.return_to_args['param'] = value
+  `openid_request.return_to_args['param'] = value`
 
 Generating the redirect is the same as before, but add any extensions
 first.
 
 If you need to set up an SSL certificate authority list for the fetcher,
-use the 'ca_file' attr_accessor on the OpenID::StandardFetcher.  This has
-changed from 'ca_path' in the 1.x.x series library.  That is, set
-OpenID.fetcher.ca_file = '/path/to/ca.list'
+use the 'ca_file' attr_accessor on the `OpenID::StandardFetcher`. This has
+changed from 'ca_path' in the 1.x.x series library. That is, set
+`OpenID.fetcher.ca_file = '/path/to/ca.list'`
 before calling consumer.begin.
 
-=== Requesting Simple Registration Data
+### Requesting Simple Registration Data
 
 You'll need to require the code for the extension
-  require 'openid/extensions/sreg'
+
+    require 'openid/extensions/sreg'
 
 The new code for adding an SReg request now looks like:
 
-  sreg_request = OpenID::SReg::Request.new
-  sreg_request.request_fields(['email', 'dob'], true) # required
-  sreg_request.request_fields(['nickname', 'fullname'], false) # optional
-  sreg_request.policy_url = policy_url
-  openid_request.add_extension(sreg_request)
+    sreg_request = OpenID::SReg::Request.new
+    sreg_request.request_fields(['email', 'dob'], true) # required
+    sreg_request.request_fields(['nickname', 'fullname'], false) # optional
+    sreg_request.policy_url = policy_url
+    openid_request.add_extension(sreg_request)
 
 The code for adding other extensions is similar.  Code for the Attribute
 Exchange (AX) and Provider Authentication Policy Extension (PAPE) are
 included with the library, and additional extensions can be implemented
-subclassing OpenID::Extension.
+subclassing `OpenID::Extension`.
 
-
-=== Completing the transaction
+### Completing the transaction
 
 The return_to and its arguments are verified, so you need to pass in
 the base URL and the arguments.  With Rails, the params method mashes
 together parameters from GET, POST, and the path, so you'll need to pull
 off the path "parameters" with something like
 
-  return_to = url_for(:only_path => false, 
-                      :controller => 'openid',
-                      :action => 'complete')
-  parameters = params.reject{|k,v| request.path_parameters[k] }
-  openid_response = consumer.complete(parameters, return_to)
+    return_to = url_for(:only_path => false,
+                        :controller => 'openid',
+                        :action => 'complete')
+    parameters = params.reject{|k,v| request.path_parameters[k] }
+    openid_response = consumer.complete(parameters, return_to)
 
 The response still uses the status codes, but they are now namespaced
-slightly differently, for example OpenID::Consumer::SUCCESS
+slightly differently, for example `OpenID::Consumer::SUCCESS`
 
 In the case of failure, the error message is now found in
-  openid_response.message
+  `openid_response.message`
 
 The identifier to display to the user can be found in
-  openid_response.endpoint.display_identifier
+  `openid_response.endpoint.display_identifier`
 
 The Simple Registration response can be read from the OpenID response
 with
-  sreg_response = OpenID::SReg::Response.from_success_response(openid_response)
-  nickname = sreg_response['nickname']
-  # etc.
 
+    sreg_response = OpenID::SReg::Response.from_success_response(openid_response)
+    nickname = sreg_response['nickname']
+    # etc.
 
-== Server Upgrade
+## Server Upgrade
 
 The server code is mostly the same as before, with the exception of
-extensions.  Also, you must pass in the endpoint URL to the server 
+extensions. Also, you must pass in the endpoint URL to the server
 constructor:
-  @server = OpenID::Server.new(store, server_url)
 
-I recommend looking at 
-examples/rails_openid/app/controllers/server_controller.rb
+    @server = OpenID::Server.new(store, server_url)
+
+I recommend looking at
+`examples/rails_openid/app/controllers/server_controller.rb`
 for an example of the new way of doing extensions.
 
 --

data/examples/active_record_openid_store/README

@@ -44,9 +44,11 @@ You may garbage collect unused nonces and expired associations using
 the gc instance method of ActiveRecordOpenIDStore.  Hook it up to a
 task in your app's Rakefile like so:
 
-  desc 'GC OpenID store'
+  desc 'GC OpenID store, deleting expired nonces and associations'
   task :gc_openid_store => :environment do
-    ActiveRecordOpenIDStore.new.cleanup
+    require 'openid_ar_store'
+    nonces, associations = ActiveRecordStore.new.cleanup
+    puts "Deleted #{nonces} nonces, #{associations} associations"
   end
 
 Run it by typing:

data/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb

@@ -2,7 +2,7 @@
 class AddOpenIdStoreToDb < ActiveRecord::Migration
   def self.up
     create_table "open_id_associations", :force => true do |t|
-      t.column "server_url", :binary, :null => false
+      t.column "server_url", :string, :null => false
       t.column "handle", :string, :null => false
       t.column "secret", :binary, :null => false
       t.column "issued", :integer, :null => false

data/examples/active_record_openid_store/lib/openid_ar_store.rb

@@ -51,7 +51,7 @@ class ActiveRecordStore < OpenID::Store::Interface
 
   def cleanup_associations
     now = Time.now.to_i
-    Association.delete_all(['issued + lifetime > ?',now])
+    Association.delete_all(['issued + lifetime < ?',now])
   end
 
 end

data/examples/rails_openid/app/controllers/server_controller.rb

@@ -1,16 +1,10 @@
 require 'pathname'
 
-# load the openid library, first trying rubygems
-#begin
-#  require "rubygems"
-#  require_gem "ruby-openid", ">= 1.0"
-#rescue LoadError
 require "openid"
 require "openid/consumer/discovery"
 require 'openid/extensions/sreg'
 require 'openid/extensions/pape'
 require 'openid/store/filesystem'
-#end
 
 class ServerController < ApplicationController
 

data/lib/openid.rb

@@ -13,8 +13,8 @@
 # permissions and limitations under the License.
 
 module OpenID
-  VERSION = "2.1.8"
 end
 
-require "openid/consumer"
+require 'openid/version'
+require 'openid/consumer'
 require 'openid/server'

data/lib/openid/consumer/responses.rb

@@ -139,6 +139,8 @@ module OpenID
     class SetupNeededResponse
       include Response
       STATUS = SETUP_NEEDED
+
+      attr_reader :setup_url
       def initialize(endpoint, setup_url)
         @endpoint = endpoint
         @setup_url = setup_url

data/lib/openid/dh.rb

@@ -57,7 +57,7 @@ module OpenID
       end
 
       if String.method_defined? :bytes
-        s.bytes.zip(t.bytes).map{|sb,tb| sb^tb}.pack('C*')
+        s.bytes.to_a.zip(t.bytes.to_a).map{|sb,tb| sb^tb}.pack('C*')
       else
         indices = 0...(s.length)
         chrs = indices.collect {|i| (s[i]^t[i]).chr}

data/lib/openid/extensions/ax.rb

@@ -27,6 +27,13 @@ module OpenID
       attr_accessor :ns_alias, :mode, :ns_uri
 
       NS_URI = 'http://openid.net/srv/ax/1.0'
+
+      begin
+        Message.register_namespace_alias(NS_URI, 'ax')
+      rescue NamespaceAliasRegistrationError => e
+        Util.log(e)
+      end
+
       def initialize
         @ns_alias = 'ax'
         @ns_uri = NS_URI
@@ -38,7 +45,7 @@ module OpenID
       # Raise an exception if the mode in the attribute exchange
       # arguments does not match what is expected for this class.
       def check_mode(ax_args)
-        actual_mode = ax_args['mode']
+        actual_mode = ax_args ? ax_args['mode'] : nil
         if actual_mode != @mode
           raise Error, "Expected mode #{mode.inspect}, got #{actual_mode.inspect}"
         end
@@ -110,7 +117,7 @@ module OpenID
     class FetchRequest < AXMessage
       attr_reader :requested_attributes
       attr_accessor :update_url
-      
+
       MODE = 'fetch_request'
 
       def initialize(update_url = nil)
@@ -137,7 +144,7 @@ module OpenID
         aliases = NamespaceMap.new
         required = []
         if_available = []
-        ax_args = new_args 
+        ax_args = new_args
         @requested_attributes.each{|type_uri, attribute|
           if attribute.ns_alias
             name = aliases.add_alias(type_uri, attribute.ns_alias)
@@ -296,12 +303,21 @@ module OpenID
         @data.each{|type_uri, values|
           name = aliases.add(type_uri)
           ax_args['type.'+name] = type_uri
-          ax_args['count.'+name] = values.size.to_s
+          if values.size > 1
+            ax_args['count.'+name] = values.size.to_s
 
-          values.each_with_index{|value, i|
-            key = "value.#{name}.#{i+1}"
-            ax_args[key] = value
-          }
+            values.each_with_index{|value, i|
+              key = "value.#{name}.#{i+1}"
+              ax_args[key] = value
+            }
+            # for attributes with only a single value, use a
+            # nice shortcut to only show the value w/o the count
+          else 
+            values.each do |value|
+              key = "value.#{name}"
+              ax_args[key] = value
+            end
+          end
         }
         return ax_args
       end
@@ -328,7 +344,7 @@ module OpenID
           if count_s.nil?
             value = ax_args['value.'+name]
             if value.nil?
-              raise IndexError, "Missing #{'value.'+name} in FetchResponse" 
+              raise IndexError, "Missing #{'value.'+name} in FetchResponse"
             elsif value.empty?
               values = []
             else
@@ -365,7 +381,7 @@ module OpenID
       def get(type_uri)
         @data[type_uri]
       end
-      
+
       # retrieve the list of values for this attribute
       def [](type_uri)
         @data[type_uri]
@@ -381,11 +397,17 @@ module OpenID
     # A fetch_response attribute exchange message
     class FetchResponse < KeyValueMessage
       attr_reader :update_url
+      # Use the aliases variable to manually add alias names in the response.
+      # They'll be returned to the client in the format: 
+      #   openid.ax.type.email=http://openid.net/schema/contact/internet/email
+      #   openid.ax.value.email=guy@example.com
+      attr_accessor :aliases
 
       def initialize(update_url = nil)
         super()
         @mode = 'fetch_response'
         @update_url = update_url
+        @aliases = NamespaceMap.new
       end
 
       # Serialize this object into arguments in the attribute
@@ -394,7 +416,6 @@ module OpenID
       # validated against this request, and empty responses for requested
       # fields with no data will be sent.
       def get_extension_args(request = nil)
-        aliases = NamespaceMap.new
         zero_value_types = []
 
         if request
@@ -412,28 +433,29 @@ module OpenID
             # Copy the aliases from the request so that reading
             # the response in light of the request is easier
             if attr_info.ns_alias.nil?
-              aliases.add(attr_info.type_uri)
+              @aliases.add(attr_info.type_uri)
             else
-              aliases.add_alias(attr_info.type_uri, attr_info.ns_alias)
+              @aliases.add_alias(attr_info.type_uri, attr_info.ns_alias)
             end
             values = @data[attr_info.type_uri]
             if values.empty? # @data defaults to []
               zero_value_types << attr_info
             end
+
             if attr_info.count != UNLIMITED_VALUES and attr_info.count < values.size
               raise Error, "More than the number of requested values were specified for #{attr_info.type_uri.inspect}"
             end
           }
         end
 
-        kv_args = _get_extension_kv_args(aliases)
+        kv_args = _get_extension_kv_args(@aliases)
 
         # Add the KV args into the response with the args that are
         # unique to the fetch_response
         ax_args = new_args
 
         zero_value_types.each{|attr_info|
-          name = aliases.get_alias(attr_info.type_uri)
+          name = @aliases.get_alias(attr_info.type_uri)
           kv_args['type.' + name] = attr_info.type_uri
           kv_args['count.' + name] = '0'
         }
@@ -469,26 +491,26 @@ module OpenID
 
     # A store request attribute exchange message representation
     class StoreRequest < KeyValueMessage
-      
+
       MODE = 'store_request'
-      
+
       def initialize
         super
         @mode = MODE
       end
-      
+
       # Extract a StoreRequest from an OpenID message
       # message: OpenID::Message
       # return a StoreRequest or nil if AX arguments are not present
       def self.from_openid_request(oidreq)
-        message = oidreq.message 
+        message = oidreq.message
         ax_args = message.get_args(NS_URI)
         return nil if ax_args.empty? or ax_args['mode'] != MODE
         req = new
         req.parse_extension_args(ax_args)
         req
       end
-      
+
       def get_extension_args(aliases=nil)
         ax_args = new_args
         kv_args = _get_extension_kv_args(aliases)
@@ -516,13 +538,13 @@ module OpenID
         end
         @error_message = error_message
       end
-      
+
       def self.from_success_response(success_response)
         resp = nil
         ax_args = success_response.message.get_args(NS_URI)
         resp = ax_args.key?('error') ? new(false, ax_args['error']) : new
       end
-      
+
       def succeeded?
         @mode == SUCCESS_MODE
       end