ruby-openid2 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (59) hide show
  1. checksums.yaml +7 -0
  2. checksums.yaml.gz.sig +0 -0
  3. data/CHANGELOG.md +136 -0
  4. data/CODE_OF_CONDUCT.md +84 -0
  5. data/CONTRIBUTING.md +54 -0
  6. data/LICENSE.txt +210 -0
  7. data/README.md +81 -0
  8. data/SECURITY.md +15 -0
  9. data/lib/hmac/hmac.rb +110 -0
  10. data/lib/hmac/sha1.rb +11 -0
  11. data/lib/hmac/sha2.rb +25 -0
  12. data/lib/openid/association.rb +246 -0
  13. data/lib/openid/consumer/associationmanager.rb +354 -0
  14. data/lib/openid/consumer/checkid_request.rb +179 -0
  15. data/lib/openid/consumer/discovery.rb +516 -0
  16. data/lib/openid/consumer/discovery_manager.rb +144 -0
  17. data/lib/openid/consumer/html_parse.rb +142 -0
  18. data/lib/openid/consumer/idres.rb +513 -0
  19. data/lib/openid/consumer/responses.rb +147 -0
  20. data/lib/openid/consumer/session.rb +36 -0
  21. data/lib/openid/consumer.rb +406 -0
  22. data/lib/openid/cryptutil.rb +112 -0
  23. data/lib/openid/dh.rb +84 -0
  24. data/lib/openid/extension.rb +38 -0
  25. data/lib/openid/extensions/ax.rb +552 -0
  26. data/lib/openid/extensions/oauth.rb +88 -0
  27. data/lib/openid/extensions/pape.rb +170 -0
  28. data/lib/openid/extensions/sreg.rb +268 -0
  29. data/lib/openid/extensions/ui.rb +49 -0
  30. data/lib/openid/fetchers.rb +277 -0
  31. data/lib/openid/kvform.rb +113 -0
  32. data/lib/openid/kvpost.rb +62 -0
  33. data/lib/openid/message.rb +555 -0
  34. data/lib/openid/protocolerror.rb +7 -0
  35. data/lib/openid/server.rb +1571 -0
  36. data/lib/openid/store/filesystem.rb +260 -0
  37. data/lib/openid/store/interface.rb +73 -0
  38. data/lib/openid/store/memcache.rb +109 -0
  39. data/lib/openid/store/memory.rb +79 -0
  40. data/lib/openid/store/nonce.rb +72 -0
  41. data/lib/openid/trustroot.rb +597 -0
  42. data/lib/openid/urinorm.rb +72 -0
  43. data/lib/openid/util.rb +119 -0
  44. data/lib/openid/version.rb +5 -0
  45. data/lib/openid/yadis/accept.rb +141 -0
  46. data/lib/openid/yadis/constants.rb +16 -0
  47. data/lib/openid/yadis/discovery.rb +151 -0
  48. data/lib/openid/yadis/filters.rb +192 -0
  49. data/lib/openid/yadis/htmltokenizer.rb +290 -0
  50. data/lib/openid/yadis/parsehtml.rb +50 -0
  51. data/lib/openid/yadis/services.rb +44 -0
  52. data/lib/openid/yadis/xrds.rb +160 -0
  53. data/lib/openid/yadis/xri.rb +86 -0
  54. data/lib/openid/yadis/xrires.rb +87 -0
  55. data/lib/openid.rb +27 -0
  56. data/lib/ruby-openid.rb +1 -0
  57. data.tar.gz.sig +0 -0
  58. metadata +331 -0
  59. metadata.gz.sig +0 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: d1b4baf425d4fe41c0b015cf81518bf9943bfc0b956f8d3f835fd1c8031b88ea
4
+ data.tar.gz: 2ed337bb5291d6c46f0a2848e134c57021322fdb2c658b7aefde00e7e9ba75b4
5
+ SHA512:
6
+ metadata.gz: cf1a0c2883d04778deed40fcf4a8c873f900c07fb6d9afe09cf95fa1a46535eb0b62c441b84560b4c7204a74b2813ade6405bdc29da8a57a6e5e08f2c0ca4124
7
+ data.tar.gz: 85679091690838c2eb8954a5380e30b38ff6bf70a61bf7ac961aff67f673610f08e6c14258db760fc5fc21ff6554d487a85f3147abe7f11a50e09c9b153836a5
checksums.yaml.gz.sig ADDED
Binary file
data/CHANGELOG.md ADDED
@@ -0,0 +1,136 @@
1
+ # Changelog
2
+ All notable changes to this project will be documented in this file.
3
+
4
+ Since version 3.0.0, the format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
5
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
+
7
+ ## [Unreleased]
8
+ ### Added
9
+ ### Changed
10
+ ### Fixed
11
+ ### Removed
12
+
13
+ ## 3.0.0
14
+ 3831 relevant lines, 3510 lines covered and 321 lines missed. ( 91.62% )
15
+ 1228 total branches, 1070 branches covered and 158 branches missed. ( 87.13% )
16
+ ### Fixed
17
+ - Compatibility with Ruby 2.7+
18
+ ### Removed
19
+ - Support for Ruby < 2.7
20
+
21
+ ## 2.9.2
22
+
23
+ * Perform all checks before verifying endpoints.
24
+ [#126](https://github.com/openid/ruby-openid/pull/126)
25
+
26
+ ## 2.9.1
27
+
28
+ * Updated CHANGELOG.md
29
+
30
+ ## 2.9.0
31
+
32
+ * Remove deprecated `autorequire` from gemspec.
33
+ [#123](https://github.com/openid/ruby-openid/pull/123)
34
+ * Rescue from `Yadis::XRI::XRIHTTPError` on discovery.
35
+ [#106](https://github.com/openid/ruby-openid/pull/106)
36
+ * Avoid SSRF for claimed_id request.
37
+ [#121](https://github.com/openid/ruby-openid/pull/121)
38
+ * Updated documentation.
39
+ [#115](https://github.com/openid/ruby-openid/pull/115), [#116](https://github.com/openid/ruby-openid/pull/116), [#117](https://github.com/openid/ruby-openid/pull/117), [#118](https://github.com/openid/ruby-openid/pull/118)
40
+ * Reduce warnings output in test runs.
41
+ [#119](https://github.com/openid/ruby-openid/pull/119)
42
+ * Drop deprecated option from gemspec.
43
+ [#120](https://github.com/openid/ruby-openid/pull/120)
44
+ * Remove circular require.
45
+ [#113](https://github.com/openid/ruby-openid/pull/113)
46
+ * Updated Travis CI config with Ruby 2.6
47
+ [#114](https://github.com/openid/ruby-openid/pull/114)
48
+ * Simplify Bundler require; remove need for extra `:require`.
49
+ [#112](https://github.com/openid/ruby-openid/pull/112)
50
+
51
+ ## 2.8.0
52
+
53
+ * Fix `admin/mkassoc` script.
54
+ See https://github.com/openid/ruby-openid/pull/103
55
+ * Allow specifying timeout for `OpenID::StandardFetcher` in environment variables.
56
+ See https://github.com/openid/ruby-openid/pull/109
57
+ * Fixed some documentation.
58
+ See https://github.com/openid/ruby-openid/pull/111
59
+ * Fixed example server.
60
+ See https://github.com/openid/ruby-openid/pull/91
61
+ * Fixed tests.
62
+ See https://github.com/openid/ruby-openid/pull/86
63
+ * Misc. changes to the CI setup.
64
+ See
65
+ - https://github.com/openid/ruby-openid/pull/110
66
+ - https://github.com/openid/ruby-openid/pull/108
67
+ - https://github.com/openid/ruby-openid/pull/107
68
+
69
+ ## 2.7.0
70
+
71
+ * Use RFC 2396 compatible URI parser for trustroot - 7c84ec9ced3ccbdad575e02dbfa81e53b52f909e
72
+ See https://github.com/openid/ruby-openid/pull/85
73
+ * Use HMAC from OpenSSL rather than Digest - ce2e30d7ff3308f17ef7d8c19d6f4752f76c9c40
74
+ See https://github.com/openid/ruby-openid/pull/84
75
+ * Check if OpenSSL is loaded - 751e55820d958ee781f5abb466a576d83ddde6fd
76
+
77
+ ## 2.6.0
78
+
79
+ * More safely build filenames - 1c4a90630b183e7572b8ab5f2e3a3e0c0fecd2c7
80
+ See https://github.com/openid/ruby-openid/pull/80
81
+ * The session serializer of Rails4.1 is json - b44a1eb511dec3be25a07930121bc80cacec0f1c
82
+ * Handle boolean value to fix signature issue - d65076269b77754da7db6e4b189edeeb9201600d
83
+ See https://github.com/openid/ruby-openid/pull/76
84
+
85
+ ## 2.5.0
86
+
87
+ * Revert json serialization - 8dc60e553369df2300ebb4b83a29618aff643c2c
88
+ See https://github.com/openid/ruby-openid/pull/73
89
+
90
+ ## 2.4.0
91
+
92
+ * Allow expecting a parameter to be nil during return_to verification - 708e992ab3e6c26d478283fc11faa6a0a74bfec0
93
+ * Serialize to objects that can be stored as json - db1d8f7b171a333dec4e861fe0fa53ac1d98b188
94
+ * Fixed missing XRDS HTTP header in sample provider - dc15fa07fd59fdcf46d659cce34c6ef7a6768fde
95
+
96
+ ## 2.3.0
97
+
98
+ * Deprecated Ruby 1.8 support - 0694bebc83de0313cfef73a5d0ffd9a293ae71a0
99
+ * Fixed encoding errors in test suite - 7ac8e3978f9c733bd5ee8d6b742b515b5427ded2
100
+ * Be aware when using Hash or Array as default value for unknown Hash keys - #58
101
+ * Stop overwriting String#starts_with? and String#ends_with? if defined - #55
102
+ * Ignore Associations For OpenID2 (Google's Security Bug Fix) - #53
103
+ * Change "oauth" to "ui" in variable name in the UI extension - #52
104
+ * Eliminating runtime warnings - #50 #56
105
+ * Upgrade example Rails provider/consumer app to Rails 3 - #49
106
+
107
+ ## 2.2.3
108
+
109
+ * Fixed 'invalid byte sequence in UTF-8' error in parse_link_attrs - 0f46921a97677b83b106366c805063105c5e9f20
110
+ * Fixed license information in gemspec - f032e949e1ca9078ab7508d9629398ca2c36980a
111
+ * Update starts/ends_with? to handle nil prefix - beee5e8d1dc24ad55725cfcc720eefba6bdbd279
112
+
113
+ ## 2.2.2
114
+
115
+ * Limit fetching file size & disable XML entity expansion - be2bab5c21f04735045e071411b349afb790078f
116
+
117
+ Avoid DoS attack to RPs using large XRDS / too many XML entity expansion in XRDS.
118
+
119
+ ## 2.2.1
120
+
121
+ * Make bundle exec rake work - 2100f281172427d1557ebe76afbd24072a22d04f
122
+ * State license in gemspec for automated tools / rubygems.org page - 2d5c3cd8f2476b28d60609822120c79d71919b7b
123
+ * Use default-external encoding instead of ascii for badly encoded pages - a68d2591ac350459c874da10108e6ff5a8c08750
124
+ * Colorize output and reveal tests that never ran - 4b0143f0a3b10060d5f52346954219bba3375039
125
+
126
+ ## 2.2.0
127
+
128
+ * Bundler compatibility and bundler gem tasks - 72d551945f9577bf5d0e516c673c648791b0e795
129
+ * register_namespace_alias for AX message - aeaf050d21aeb681a220758f1cc61b9086f73152
130
+ * Fixed JRuby (1.9 mode) incompatibilty - 40baed6cf7326025058a131c2b76047345618539
131
+ * Added UI extension support - a276a63d68639e985c1f327cf817489ccc5f9a17
132
+ * Add attr_reader for setup_url on SetupNeededResponse - 75a7e98005542ede6db3fc7f1fc551e0a2ca044a
133
+ * Encode form inputs - c9e9b5b52f8a23df3159c2387b6330d5df40f35b
134
+ * Fixed cleanup AR associations whose expiry is past, not upcoming - 2265179a6d5c8b51ccc741180db46b618dd3caf9
135
+ * Fixed issue with Memcache store and Dalli - ef84bf73da9c99c67b0632252bf0349e2360cbc7
136
+ * Improvements to ActiveRecordStore's gc rake task - 847e19bf60a6b8163c1e0d2e96dbd805c64e2880
@@ -0,0 +1,84 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
6
+
7
+ We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
8
+
9
+ ## Our Standards
10
+
11
+ Examples of behavior that contributes to a positive environment for our community include:
12
+
13
+ * Demonstrating empathy and kindness toward other people
14
+ * Being respectful of differing opinions, viewpoints, and experiences
15
+ * Giving and gracefully accepting constructive feedback
16
+ * Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
17
+ * Focusing on what is best not just for us as individuals, but for the overall community
18
+
19
+ Examples of unacceptable behavior include:
20
+
21
+ * The use of sexualized language or imagery, and sexual attention or
22
+ advances of any kind
23
+ * Trolling, insulting or derogatory comments, and personal or political attacks
24
+ * Public or private harassment
25
+ * Publishing others' private information, such as a physical or email
26
+ address, without their explicit permission
27
+ * Other conduct which could reasonably be considered inappropriate in a
28
+ professional setting
29
+
30
+ ## Enforcement Responsibilities
31
+
32
+ Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
33
+
34
+ Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
35
+
36
+ ## Scope
37
+
38
+ This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
39
+
40
+ ## Enforcement
41
+
42
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at peter.boling@gmail.com. All complaints will be reviewed and investigated promptly and fairly.
43
+
44
+ All community leaders are obligated to respect the privacy and security of the reporter of any incident.
45
+
46
+ ## Enforcement Guidelines
47
+
48
+ Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
49
+
50
+ ### 1. Correction
51
+
52
+ **Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
53
+
54
+ **Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
55
+
56
+ ### 2. Warning
57
+
58
+ **Community Impact**: A violation through a single incident or series of actions.
59
+
60
+ **Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
61
+
62
+ ### 3. Temporary Ban
63
+
64
+ **Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
65
+
66
+ **Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
67
+
68
+ ### 4. Permanent Ban
69
+
70
+ **Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
71
+
72
+ **Consequence**: A permanent ban from any sort of public interaction within the community.
73
+
74
+ ## Attribution
75
+
76
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0,
77
+ available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
78
+
79
+ Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder](https://github.com/mozilla/diversity).
80
+
81
+ [homepage]: https://www.contributor-covenant.org
82
+
83
+ For answers to common questions about this code of conduct, see the FAQ at
84
+ https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,54 @@
1
+ ## Contributing
2
+
3
+ Bug reports and pull requests are welcome on GitHub at [https://github.com/VitalConnectInc/ruby-openid2][🚎src-main]
4
+ . This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
5
+ the [code of conduct][🤝conduct].
6
+
7
+ To submit a patch, please fork the project and create a patch with tests.
8
+ Once you're happy with it send a pull request.
9
+
10
+ ## Release
11
+
12
+ ### One-time, Per-developer, Setup
13
+
14
+ **IMPORTANT**: Your public key for signing gems will need to be picked up by the line in the
15
+ `gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there),
16
+ in order to sign the new release.
17
+ See: [RubyGems Security Guide][🔒️rubygems-security-guide]
18
+
19
+ ### To release a new version:
20
+
21
+ 1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
22
+ 2. Update the version number in `version.rb`
23
+ 3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
24
+ 4. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
25
+ 5. Run `git push` to trigger the final CI pipeline before release, & merge PRs
26
+ a. NOTE: Remember to [check the build][🧪build]!
27
+ 6. Run `git checkout main`
28
+ 7. Run `git pull origin main` to ensure you will release the latest trunk code.
29
+ 8. Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use same timestamp, and generate same checksums
30
+ a. Run `export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH`
31
+ b. If the echo above has no output, then it didn't work.
32
+ c. Note that you'll need the `zsh/datetime` module, if running `zsh`.
33
+ d. In `bash` you can use `date +%s` instead, i.e. `export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
34
+ 9. Run `bundle exec rake build`
35
+ 10. Run [`bin/checksums`][🔒️rubygems-checksums-pr] to create SHA-256 and SHA-512 checksums
36
+ a. Checksums will be committed automatically by the script, but not pushed
37
+ 11. Run `bundle exec rake release` which will create a git tag for the version,
38
+ push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
39
+
40
+ ## Contributors
41
+
42
+ [![Contributors][🖐contributors-img]][🖐contributors]
43
+
44
+ Made with [contributors-img][🖐contrib-rocks].
45
+
46
+ [🧪build]: https://github.com/VitalConnectInc/ruby-openid2/actions
47
+ [🤝conduct]: https://github.com/VitalConnectInc/ruby-openid2/blob/main/CODE_OF_CONDUCT.md
48
+ [🖐contrib-rocks]: https://contrib.rocks
49
+ [🖐contributors]: https://github.com/VitalConnectInc/ruby-openid2/graphs/contributors
50
+ [🖐contributors-img]: https://contrib.rocks/image?repo=VitalConnectInc/ruby-openid2
51
+ [💎rubygems]: https://rubygems.org
52
+ [🔒️rubygems-security-guide]: https://guides.rubygems.org/security/#building-gems
53
+ [🔒️rubygems-checksums-pr]: https://github.com/rubygems/guides/pull/325
54
+ [🚎src-main]: https://github.com/VitalConnectInc/ruby-openid2
data/LICENSE.txt ADDED
@@ -0,0 +1,210 @@
1
+ The code in lib/hmac/ is Copyright 2001 by Daiki Ueno, and distributed under
2
+ the terms of the Ruby license. See http://www.ruby-lang.org/en/LICENSE.txt
3
+
4
+ lib/openid/yadis/htmltokenizer.rb is Copyright 2004 by Ben Giddings and
5
+ distributed under the terms of the Ruby license.
6
+
7
+ The remainder of this package is Copyright 2006-2008 by JanRain, Inc. and
8
+ distributed under the terms of license below:
9
+
10
+ Apache License
11
+ Version 2.0, January 2004
12
+ http://www.apache.org/licenses/
13
+
14
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
15
+
16
+ 1. Definitions.
17
+
18
+ "License" shall mean the terms and conditions for use, reproduction,
19
+ and distribution as defined by Sections 1 through 9 of this document.
20
+
21
+ "Licensor" shall mean the copyright owner or entity authorized by
22
+ the copyright owner that is granting the License.
23
+
24
+ "Legal Entity" shall mean the union of the acting entity and all
25
+ other entities that control, are controlled by, or are under common
26
+ control with that entity. For the purposes of this definition,
27
+ "control" means (i) the power, direct or indirect, to cause the
28
+ direction or management of such entity, whether by contract or
29
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
30
+ outstanding shares, or (iii) beneficial ownership of such entity.
31
+
32
+ "You" (or "Your") shall mean an individual or Legal Entity
33
+ exercising permissions granted by this License.
34
+
35
+ "Source" form shall mean the preferred form for making modifications,
36
+ including but not limited to software source code, documentation
37
+ source, and configuration files.
38
+
39
+ "Object" form shall mean any form resulting from mechanical
40
+ transformation or translation of a Source form, including but
41
+ not limited to compiled object code, generated documentation,
42
+ and conversions to other media types.
43
+
44
+ "Work" shall mean the work of authorship, whether in Source or
45
+ Object form, made available under the License, as indicated by a
46
+ copyright notice that is included in or attached to the work
47
+ (an example is provided in the Appendix below).
48
+
49
+ "Derivative Works" shall mean any work, whether in Source or Object
50
+ form, that is based on (or derived from) the Work and for which the
51
+ editorial revisions, annotations, elaborations, or other modifications
52
+ represent, as a whole, an original work of authorship. For the purposes
53
+ of this License, Derivative Works shall not include works that remain
54
+ separable from, or merely link (or bind by name) to the interfaces of,
55
+ the Work and Derivative Works thereof.
56
+
57
+ "Contribution" shall mean any work of authorship, including
58
+ the original version of the Work and any modifications or additions
59
+ to that Work or Derivative Works thereof, that is intentionally
60
+ submitted to Licensor for inclusion in the Work by the copyright owner
61
+ or by an individual or Legal Entity authorized to submit on behalf of
62
+ the copyright owner. For the purposes of this definition, "submitted"
63
+ means any form of electronic, verbal, or written communication sent
64
+ to the Licensor or its representatives, including but not limited to
65
+ communication on electronic mailing lists, source code control systems,
66
+ and issue tracking systems that are managed by, or on behalf of, the
67
+ Licensor for the purpose of discussing and improving the Work, but
68
+ excluding communication that is conspicuously marked or otherwise
69
+ designated in writing by the copyright owner as "Not a Contribution."
70
+
71
+ "Contributor" shall mean Licensor and any individual or Legal Entity
72
+ on behalf of whom a Contribution has been received by Licensor and
73
+ subsequently incorporated within the Work.
74
+
75
+ 2. Grant of Copyright License. Subject to the terms and conditions of
76
+ this License, each Contributor hereby grants to You a perpetual,
77
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
78
+ copyright license to reproduce, prepare Derivative Works of,
79
+ publicly display, publicly perform, sublicense, and distribute the
80
+ Work and such Derivative Works in Source or Object form.
81
+
82
+ 3. Grant of Patent License. Subject to the terms and conditions of
83
+ this License, each Contributor hereby grants to You a perpetual,
84
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
85
+ (except as stated in this section) patent license to make, have made,
86
+ use, offer to sell, sell, import, and otherwise transfer the Work,
87
+ where such license applies only to those patent claims licensable
88
+ by such Contributor that are necessarily infringed by their
89
+ Contribution(s) alone or by combination of their Contribution(s)
90
+ with the Work to which such Contribution(s) was submitted. If You
91
+ institute patent litigation against any entity (including a
92
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
93
+ or a Contribution incorporated within the Work constitutes direct
94
+ or contributory patent infringement, then any patent licenses
95
+ granted to You under this License for that Work shall terminate
96
+ as of the date such litigation is filed.
97
+
98
+ 4. Redistribution. You may reproduce and distribute copies of the
99
+ Work or Derivative Works thereof in any medium, with or without
100
+ modifications, and in Source or Object form, provided that You
101
+ meet the following conditions:
102
+
103
+ (a) You must give any other recipients of the Work or
104
+ Derivative Works a copy of this License; and
105
+
106
+ (b) You must cause any modified files to carry prominent notices
107
+ stating that You changed the files; and
108
+
109
+ (c) You must retain, in the Source form of any Derivative Works
110
+ that You distribute, all copyright, patent, trademark, and
111
+ attribution notices from the Source form of the Work,
112
+ excluding those notices that do not pertain to any part of
113
+ the Derivative Works; and
114
+
115
+ (d) If the Work includes a "NOTICE" text file as part of its
116
+ distribution, then any Derivative Works that You distribute must
117
+ include a readable copy of the attribution notices contained
118
+ within such NOTICE file, excluding those notices that do not
119
+ pertain to any part of the Derivative Works, in at least one
120
+ of the following places: within a NOTICE text file distributed
121
+ as part of the Derivative Works; within the Source form or
122
+ documentation, if provided along with the Derivative Works; or,
123
+ within a display generated by the Derivative Works, if and
124
+ wherever such third-party notices normally appear. The contents
125
+ of the NOTICE file are for informational purposes only and
126
+ do not modify the License. You may add Your own attribution
127
+ notices within Derivative Works that You distribute, alongside
128
+ or as an addendum to the NOTICE text from the Work, provided
129
+ that such additional attribution notices cannot be construed
130
+ as modifying the License.
131
+
132
+ You may add Your own copyright statement to Your modifications and
133
+ may provide additional or different license terms and conditions
134
+ for use, reproduction, or distribution of Your modifications, or
135
+ for any such Derivative Works as a whole, provided Your use,
136
+ reproduction, and distribution of the Work otherwise complies with
137
+ the conditions stated in this License.
138
+
139
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
140
+ any Contribution intentionally submitted for inclusion in the Work
141
+ by You to the Licensor shall be under the terms and conditions of
142
+ this License, without any additional terms or conditions.
143
+ Notwithstanding the above, nothing herein shall supersede or modify
144
+ the terms of any separate license agreement you may have executed
145
+ with Licensor regarding such Contributions.
146
+
147
+ 6. Trademarks. This License does not grant permission to use the trade
148
+ names, trademarks, service marks, or product names of the Licensor,
149
+ except as required for reasonable and customary use in describing the
150
+ origin of the Work and reproducing the content of the NOTICE file.
151
+
152
+ 7. Disclaimer of Warranty. Unless required by applicable law or
153
+ agreed to in writing, Licensor provides the Work (and each
154
+ Contributor provides its Contributions) on an "AS IS" BASIS,
155
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
156
+ implied, including, without limitation, any warranties or conditions
157
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
158
+ PARTICULAR PURPOSE. You are solely responsible for determining the
159
+ appropriateness of using or redistributing the Work and assume any
160
+ risks associated with Your exercise of permissions under this License.
161
+
162
+ 8. Limitation of Liability. In no event and under no legal theory,
163
+ whether in tort (including negligence), contract, or otherwise,
164
+ unless required by applicable law (such as deliberate and grossly
165
+ negligent acts) or agreed to in writing, shall any Contributor be
166
+ liable to You for damages, including any direct, indirect, special,
167
+ incidental, or consequential damages of any character arising as a
168
+ result of this License or out of the use or inability to use the
169
+ Work (including but not limited to damages for loss of goodwill,
170
+ work stoppage, computer failure or malfunction, or any and all
171
+ other commercial damages or losses), even if such Contributor
172
+ has been advised of the possibility of such damages.
173
+
174
+ 9. Accepting Warranty or Additional Liability. While redistributing
175
+ the Work or Derivative Works thereof, You may choose to offer,
176
+ and charge a fee for, acceptance of support, warranty, indemnity,
177
+ or other liability obligations and/or rights consistent with this
178
+ License. However, in accepting such obligations, You may act only
179
+ on Your own behalf and on Your sole responsibility, not on behalf
180
+ of any other Contributor, and only if You agree to indemnify,
181
+ defend, and hold each Contributor harmless for any liability
182
+ incurred by, or claims asserted against, such Contributor by reason
183
+ of your accepting any such warranty or additional liability.
184
+
185
+ END OF TERMS AND CONDITIONS
186
+
187
+ APPENDIX: How to apply the Apache License to your work.
188
+
189
+ To apply the Apache License to your work, attach the following
190
+ boilerplate notice, with the fields enclosed by brackets "[]"
191
+ replaced with your own identifying information. (Don't include
192
+ the brackets!) The text should be enclosed in the appropriate
193
+ comment syntax for the file format. We also recommend that a
194
+ file or class name and description of purpose be included on the
195
+ same "printed page" as the copyright notice for easier
196
+ identification within third-party archives.
197
+
198
+ Copyright [yyyy] [name of copyright owner]
199
+
200
+ Licensed under the Apache License, Version 2.0 (the "License");
201
+ you may not use this file except in compliance with the License.
202
+ You may obtain a copy of the License at
203
+
204
+ http://www.apache.org/licenses/LICENSE-2.0
205
+
206
+ Unless required by applicable law or agreed to in writing, software
207
+ distributed under the License is distributed on an "AS IS" BASIS,
208
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
209
+ See the License for the specific language governing permissions and
210
+ limitations under the License.
data/README.md ADDED
@@ -0,0 +1,81 @@
1
+ # Ruby OpenID
2
+
3
+ A Ruby library for verifying and serving OpenID identities.
4
+
5
+ [![Build Status](https://secure.travis-ci.org/openid/ruby-openid.svg)](http://travis-ci.org/openid/ruby-openid)
6
+
7
+ ## Features
8
+
9
+ * Easy to use API for verifying OpenID identites - OpenID::Consumer
10
+ * Support for serving OpenID identites - OpenID::Server
11
+ * Does not depend on underlying web framework
12
+ * Supports multiple storage mechanisms (Filesystem, ActiveRecord, Memory)
13
+ * Example code to help you get started, including:
14
+ * Ruby on Rails based consumer and server
15
+ * OpenIDLoginGenerator for quickly getting creating a rails app that uses
16
+ OpenID for authentication
17
+ * ActiveRecordOpenIDStore plugin
18
+ * Comprehensive test suite
19
+ * Supports both OpenID 1 and OpenID 2 transparently
20
+
21
+ ## Installing
22
+
23
+ Before running the examples or writing your own code you'll need to install
24
+ the library. See the INSTALL file or use rubygems:
25
+
26
+ gem install ruby-openid
27
+
28
+ Check the installation:
29
+
30
+ $ irb
31
+ irb> require 'rubygems'
32
+ => false
33
+ irb> gem 'ruby-openid'
34
+ => true
35
+
36
+ The library is known to work with Ruby 1.9.2 and above on Unix, Max OS X and Win32.
37
+
38
+ ## Getting Started
39
+
40
+ The best way to start is to look at the rails_openid example.
41
+ You can run it with:
42
+
43
+ cd examples/rails_openid
44
+ script/server
45
+
46
+ If you are writing an OpenID Relying Party, a good place to start is:
47
+ `examples/rails_openid/app/controllers/consumer_controller.rb`
48
+
49
+ And if you are writing an OpenID provider:
50
+ `examples/rails_openid/app/controllers/server_controller.rb`
51
+
52
+ The library code is quite well documented, so don't be squeamish, and
53
+ look at the library itself if there's anything you don't understand in
54
+ the examples.
55
+
56
+ ## Homepage
57
+
58
+ * GitHub repository: [openid/ruby-openid](http://github.com/openid/ruby-openid)
59
+ * Homepage: [OpenID.net](http://openid.net/)
60
+
61
+ ## Community
62
+
63
+ Discussion regarding the Ruby OpenID library and other JanRain OpenID
64
+ libraries takes place on the [OpenID mailing list](http://openid.net/developers/dev-mailing-lists/).
65
+
66
+ Please join this list to discuss, ask implementation questions, report
67
+ bugs, etc. Also check out the openid channel on the freenode IRC
68
+ network.
69
+
70
+ If you have a bugfix or feature you'd like to contribute, don't
71
+ hesitate to send it to us: [How to contribute](http://openidenabled.com/contribute/).
72
+
73
+ ## Author
74
+
75
+ Copyright 2006-2012, JanRain, Inc.
76
+
77
+ Contact openid@janrain.com.
78
+
79
+ ## License
80
+
81
+ Apache Software License. For more information see the LICENSE file.
data/SECURITY.md ADDED
@@ -0,0 +1,15 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ | Version | Supported |
6
+ |---------|-----------|
7
+ | 3.x | ✅ |
8
+ | 2.x | ❌ |
9
+ | 1.x | ❌ |
10
+
11
+ ## Reporting a Vulnerability
12
+
13
+ Peter Boling is the primary maintainer of this gem. Please find a way
14
+ to [contact him directly](https://railsbling.com/contact) to report the issue. Include as much relevant information as
15
+ possible.