ruby-openid2 3.0.0

data/lib/openid/message.rb

@@ -0,0 +1,555 @@
+require_relative "util"
+require_relative "kvform"
+
+module OpenID
+  IDENTIFIER_SELECT = "http://specs.openid.net/auth/2.0/identifier_select"
+
+  # URI for Simple Registration extension, the only commonly deployed
+  # OpenID 1.x extension, and so a special case.
+  SREG_URI = "http://openid.net/sreg/1.0"
+
+  # The OpenID 1.x namespace URIs
+  OPENID1_NS = "http://openid.net/signon/1.0"
+  OPENID11_NS = "http://openid.net/signon/1.1"
+  OPENID1_NAMESPACES = [OPENID1_NS, OPENID11_NS]
+
+  # The OpenID 2.0 namespace URI
+  OPENID2_NS = "http://specs.openid.net/auth/2.0"
+
+  # The namespace consisting of pairs with keys that are prefixed with
+  # "openid." but not in another namespace.
+  NULL_NAMESPACE = :null_namespace
+
+  # The null namespace, when it is an allowed OpenID namespace
+  OPENID_NS = :openid_namespace
+
+  # The top-level namespace, excluding all pairs with keys that start
+  # with "openid."
+  BARE_NS = :bare_namespace
+
+  # Limit, in bytes, of identity provider and return_to URLs,
+  # including response payload.  See OpenID 1.1 specification,
+  # Appendix D.
+  OPENID1_URL_LIMIT = 2047
+
+  # All OpenID protocol fields.  Used to check namespace aliases.
+  OPENID_PROTOCOL_FIELDS = %w[
+    ns
+    mode
+    error
+    return_to
+    contact
+    reference
+    signed
+    assoc_type
+    session_type
+    dh_modulus
+    dh_gen
+    dh_consumer_public
+    claimed_id
+    identity
+    realm
+    invalidate_handle
+    op_endpoint
+    response_nonce
+    sig
+    assoc_handle
+    trust_root
+    openid
+  ]
+
+  # Sentinel used for Message implementation to indicate that getArg
+  # should raise an exception instead of returning a default.
+  NO_DEFAULT = :no_default
+
+  # Raised if the generic OpenID namespace is accessed when there
+  # is no OpenID namespace set for this message.
+  class UndefinedOpenIDNamespace < Exception; end
+
+  # Raised when an alias or namespace URI has already been registered.
+  class NamespaceAliasRegistrationError < Exception; end
+
+  # Raised if openid.ns is not a recognized value.
+  # See Message class variable @@allowed_openid_namespaces
+  class InvalidOpenIDNamespace < Exception; end
+
+  class Message
+    attr_reader :namespaces
+
+    # Raised when key lookup fails
+    class KeyNotFound < IndexError; end
+
+    # Namespace / alias registration map.  See
+    # register_namespace_alias.
+    @@registered_aliases = {}
+
+    # Registers a (namespace URI, alias) mapping in a global namespace
+    # alias map.  Raises NamespaceAliasRegistrationError if either the
+    # namespace URI or alias has already been registered with a
+    # different value.  This function is required if you want to use a
+    # namespace with an OpenID 1 message.
+    def self.register_namespace_alias(namespace_uri, alias_)
+      return if @@registered_aliases[alias_] == namespace_uri
+
+      if @@registered_aliases.values.include?(namespace_uri)
+        raise NamespaceAliasRegistrationError,
+          'Namespace uri #{namespace_uri} already registered'
+      end
+
+      if @@registered_aliases.member?(alias_)
+        raise NamespaceAliasRegistrationError,
+          'Alias #{alias_} already registered'
+      end
+
+      @@registered_aliases[alias_] = namespace_uri
+    end
+
+    @@allowed_openid_namespaces = [OPENID1_NS, OPENID2_NS, OPENID11_NS]
+
+    # Raises InvalidNamespaceError if you try to instantiate a Message
+    # with a namespace not in the above allowed list
+    def initialize(openid_namespace = nil)
+      @args = {}
+      @namespaces = NamespaceMap.new
+      if openid_namespace
+        implicit = OPENID1_NAMESPACES.member?(openid_namespace)
+        set_openid_namespace(openid_namespace, implicit)
+      else
+        @openid_ns_uri = nil
+      end
+    end
+
+    # Construct a Message containing a set of POST arguments.
+    # Raises InvalidNamespaceError if you try to instantiate a Message
+    # with a namespace not in the above allowed list
+    def self.from_post_args(args)
+      m = Message.new
+      openid_args = {}
+      args.each do |key, value|
+        if value.is_a?(Array)
+          raise ArgumentError, "Query dict must have one value for each key, " +
+            "not lists of values.  Query is #{args.inspect}"
+        end
+
+        prefix, rest = key.split(".", 2)
+
+        if prefix != "openid" or rest.nil?
+          m.set_arg(BARE_NS, key, value)
+        else
+          openid_args[rest] = value
+        end
+      end
+
+      m._from_openid_args(openid_args)
+      m
+    end
+
+    # Construct a Message from a parsed KVForm message.
+    # Raises InvalidNamespaceError if you try to instantiate a Message
+    # with a namespace not in the above allowed list
+    def self.from_openid_args(openid_args)
+      m = Message.new
+      m._from_openid_args(openid_args)
+      m
+    end
+
+    # Raises InvalidNamespaceError if you try to instantiate a Message
+    # with a namespace not in the above allowed list
+    def _from_openid_args(openid_args)
+      ns_args = []
+
+      # resolve namespaces
+      openid_args.each do |rest, value|
+        ns_alias, ns_key = rest.split(".", 2)
+        if ns_key.nil?
+          ns_alias = NULL_NAMESPACE
+          ns_key = rest
+        end
+
+        if ns_alias == "ns"
+          @namespaces.add_alias(value, ns_key)
+        elsif ns_alias == NULL_NAMESPACE and ns_key == "ns"
+          set_openid_namespace(value, false)
+        else
+          ns_args << [ns_alias, ns_key, value]
+        end
+      end
+
+      # implicitly set an OpenID 1 namespace
+      set_openid_namespace(OPENID1_NS, true) unless get_openid_namespace
+
+      # put the pairs into the appropriate namespaces
+      ns_args.each do |ns_alias, ns_key, value|
+        ns_uri = @namespaces.get_namespace_uri(ns_alias)
+        unless ns_uri
+          ns_uri = _get_default_namespace(ns_alias)
+          if ns_uri
+            @namespaces.add_alias(ns_uri, ns_alias, true)
+          else
+            ns_uri = get_openid_namespace
+            ns_key = "#{ns_alias}.#{ns_key}"
+          end
+        end
+        set_arg(ns_uri, ns_key, value)
+      end
+    end
+
+    def _get_default_namespace(mystery_alias)
+      # only try to map an alias to a default if it's an
+      # OpenID 1.x namespace
+      @@registered_aliases[mystery_alias] if is_openid1
+    end
+
+    def set_openid_namespace(openid_ns_uri, implicit)
+      unless @@allowed_openid_namespaces.include?(openid_ns_uri)
+        raise InvalidOpenIDNamespace, "Invalid null namespace: #{openid_ns_uri}"
+      end
+
+      @namespaces.add_alias(openid_ns_uri, NULL_NAMESPACE, implicit)
+      @openid_ns_uri = openid_ns_uri
+    end
+
+    def get_openid_namespace
+      @openid_ns_uri
+    end
+
+    def is_openid1
+      OPENID1_NAMESPACES.member?(@openid_ns_uri)
+    end
+
+    def is_openid2
+      @openid_ns_uri == OPENID2_NS
+    end
+
+    # Create a message from a KVForm string
+    def self.from_kvform(kvform_string)
+      Message.from_openid_args(Util.kv_to_dict(kvform_string))
+    end
+
+    def copy
+      Marshal.load(Marshal.dump(self))
+    end
+
+    # Return all arguments with "openid." in from of namespaced arguments.
+    def to_post_args
+      args = {}
+
+      # add namespace defs to the output
+      @namespaces.each do |ns_uri, ns_alias|
+        next if @namespaces.implicit?(ns_uri)
+
+        ns_key = if ns_alias == NULL_NAMESPACE
+          "openid.ns"
+        else
+          "openid.ns." + ns_alias
+        end
+        args[ns_key] = ns_uri
+      end
+
+      @args.each do |k, value|
+        ns_uri, ns_key = k
+        key = get_key(ns_uri, ns_key)
+        args[key] = value
+      end
+
+      args
+    end
+
+    # Return all namespaced arguments, failing if any non-namespaced arguments
+    # exist.
+    def to_args
+      post_args = to_post_args
+      kvargs = {}
+      post_args.each do |k, v|
+        if !k.start_with?("openid.")
+          raise ArgumentError,
+            "This message can only be encoded as a POST, because it contains arguments that are not prefixed with 'openid.'"
+        else
+          kvargs[k[7..-1]] = v
+        end
+      end
+      kvargs
+    end
+
+    # Generate HTML form markup that contains the values in this
+    # message, to be HTTP POSTed as x-www-form-urlencoded UTF-8.
+    def to_form_markup(action_url, form_tag_attrs = nil, submit_text = "Continue")
+      form_tag_attr_map = {}
+
+      if form_tag_attrs
+        form_tag_attrs.each do |name, attr|
+          form_tag_attr_map[name] = attr
+        end
+      end
+
+      form_tag_attr_map["action"] = action_url
+      form_tag_attr_map["method"] = "post"
+      form_tag_attr_map["accept-charset"] = "UTF-8"
+      form_tag_attr_map["enctype"] = "application/x-www-form-urlencoded"
+
+      markup = "<form "
+
+      form_tag_attr_map.each do |k, v|
+        markup += " #{k}=\"#{v}\""
+      end
+
+      markup += ">\n"
+
+      to_post_args.each do |k, v|
+        markup += "<input type='hidden' name='#{k}' value='#{OpenID::Util.html_encode(v)}' />\n"
+      end
+      markup += "<input type='submit' value='#{submit_text}' />\n"
+      markup += "\n</form>"
+      markup
+    end
+
+    # Generate a GET URL with the paramters in this message attacked as
+    # query parameters.
+    def to_url(base_url)
+      Util.append_args(base_url, to_post_args)
+    end
+
+    # Generate a KVForm string that contains the parameters in this message.
+    # This will fail is the message contains arguments outside of the
+    # "openid." prefix.
+    def to_kvform
+      Util.dict_to_kv(to_args)
+    end
+
+    # Generate an x-www-urlencoded string.
+    def to_url_encoded
+      args = to_post_args.map.sort
+      Util.urlencode(args)
+    end
+
+    # Convert an input value into the internally used values of this obejct.
+    def _fix_ns(namespace)
+      if namespace == OPENID_NS
+        raise UndefinedOpenIDNamespace, "OpenID namespace not set" unless @openid_ns_uri
+
+        namespace = @openid_ns_uri
+
+      end
+
+      return namespace if namespace == BARE_NS
+
+      unless namespace.is_a?(String)
+        raise ArgumentError, "Namespace must be BARE_NS, OPENID_NS or " \
+          "a string. Got #{namespace.inspect}"
+      end
+
+      if namespace.index(":").nil?
+        msg = "OpenID 2.0 namespace identifiers SHOULD be URIs. " \
+          "Got #{namespace.inspect}"
+        Util.log(msg)
+
+        if namespace == "sreg"
+          msg = "Using #{SREG_URI} instead of \"sreg\" as namespace"
+          Util.log(msg)
+          return SREG_URI
+        end
+      end
+
+      namespace
+    end
+
+    def has_key?(namespace, ns_key)
+      namespace = _fix_ns(namespace)
+      @args.member?([namespace, ns_key])
+    end
+
+    # Get the key for a particular namespaced argument
+    def get_key(namespace, ns_key)
+      namespace = _fix_ns(namespace)
+      return ns_key if namespace == BARE_NS
+
+      ns_alias = @namespaces.get_alias(namespace)
+
+      # no alias is defined, so no key can exist
+      return if ns_alias.nil?
+
+      tail = if ns_alias == NULL_NAMESPACE
+        ns_key
+      else
+        "#{ns_alias}.#{ns_key}"
+      end
+
+      "openid." + tail
+    end
+
+    # Get a value for a namespaced key.
+    def get_arg(namespace, key, default = nil)
+      namespace = _fix_ns(namespace)
+      @args.fetch([namespace, key]) do
+        raise KeyNotFound, "<#{namespace}>#{key} not in this message" if default == NO_DEFAULT
+
+        default
+      end
+    end
+
+    # Get the arguments that are defined for this namespace URI.
+    def get_args(namespace)
+      namespace = _fix_ns(namespace)
+      args = {}
+      @args.each do |k, v|
+        pair_ns, ns_key = k
+        args[ns_key] = v if pair_ns == namespace
+      end
+      args
+    end
+
+    # Set multiple key/value pairs in one call.
+    def update_args(namespace, updates)
+      namespace = _fix_ns(namespace)
+      updates.each { |k, v| set_arg(namespace, k, v) }
+    end
+
+    # Set a single argument in this namespace
+    def set_arg(namespace, key, value)
+      namespace = _fix_ns(namespace)
+      @args[[namespace, key].freeze] = value
+      @namespaces.add(namespace) if namespace != BARE_NS
+    end
+
+    # Remove a single argument from this namespace.
+    def del_arg(namespace, key)
+      namespace = _fix_ns(namespace)
+      _key = [namespace, key]
+      @args.delete(_key)
+    end
+
+    def ==(other)
+      other.is_a?(self.class) && @args == other.instance_eval { @args }
+    end
+
+    def get_aliased_arg(aliased_key, default = nil)
+      return get_openid_namespace if aliased_key == "ns"
+
+      ns_alias, key = aliased_key.split(".", 2)
+      if ns_alias == "ns"
+        uri = @namespaces.get_namespace_uri(key)
+        return (uri.nil? ? default : uri) unless uri.nil? and default == NO_DEFAULT
+
+        raise KeyNotFound, "Namespace #{key} not defined when looking " \
+          "for #{aliased_key}"
+
+      end
+
+      if key.nil?
+        key = aliased_key
+        ns = nil
+      else
+        ns = @namespaces.get_namespace_uri(ns_alias)
+      end
+
+      if ns.nil?
+        key = aliased_key
+        ns = get_openid_namespace
+      end
+
+      get_arg(ns, key, default)
+    end
+  end
+
+  # Maintains a bidirectional map between namespace URIs and aliases.
+  class NamespaceMap
+    def initialize
+      @alias_to_namespace = {}
+      @namespace_to_alias = {}
+      @implicit_namespaces = []
+    end
+
+    def get_alias(namespace_uri)
+      @namespace_to_alias[namespace_uri]
+    end
+
+    def get_namespace_uri(namespace_alias)
+      @alias_to_namespace[namespace_alias]
+    end
+
+    # Add an alias from this namespace URI to the alias.
+    def add_alias(namespace_uri, desired_alias, implicit = false)
+      # Check that desired_alias is not an openid protocol field as
+      # per the spec.
+      Util.truthy_assert(
+        !OPENID_PROTOCOL_FIELDS.include?(desired_alias),
+        "#{desired_alias} is not an allowed namespace alias",
+      )
+
+      # check that there is not a namespace already defined for the
+      # desired alias
+      current_namespace_uri = @alias_to_namespace.fetch(desired_alias, nil)
+      if current_namespace_uri and current_namespace_uri != namespace_uri
+        raise IndexError,
+          "Cannot map #{namespace_uri} to alias #{desired_alias}. #{current_namespace_uri} is already mapped to alias #{desired_alias}"
+      end
+
+      # Check that desired_alias does not contain a period as per the
+      # spec.
+      if desired_alias.is_a?(String)
+        Util.truthy_assert(
+          desired_alias.index(".").nil?,
+          "#{desired_alias} must not contain a dot",
+        )
+      end
+
+      # check that there is not already a (different) alias for this
+      # namespace URI.
+      _alias = @namespace_to_alias[namespace_uri]
+      if _alias and _alias != desired_alias
+        raise IndexError,
+          "Cannot map #{namespace_uri} to alias #{desired_alias}. It is already mapped to alias #{_alias}"
+      end
+
+      @alias_to_namespace[desired_alias] = namespace_uri
+      @namespace_to_alias[namespace_uri] = desired_alias
+      @implicit_namespaces << namespace_uri if implicit
+      desired_alias
+    end
+
+    # Add this namespace URI to the mapping, without caring what alias
+    # it ends up with.
+    def add(namespace_uri)
+      # see if this namepace is already mapped to an alias
+      _alias = @namespace_to_alias[namespace_uri]
+      return _alias if _alias
+
+      # Fall back to generating a numberical alias
+      i = 0
+      while true
+        _alias = "ext" + i.to_s
+        begin
+          add_alias(namespace_uri, _alias)
+        rescue IndexError
+          i += 1
+        else
+          return _alias
+        end
+      end
+
+      raise StandardError, "Unreachable"
+    end
+
+    def member?(namespace_uri)
+      @namespace_to_alias.has_key?(namespace_uri)
+    end
+
+    def each(&block)
+      @namespace_to_alias.each(&block)
+    end
+
+    def namespace_uris
+      # Return an iterator over the namespace URIs
+      @namespace_to_alias.keys
+    end
+
+    def implicit?(namespace_uri)
+      @implicit_namespaces.member?(namespace_uri)
+    end
+
+    def aliases
+      # Return an iterator over the aliases
+      @alias_to_namespace.keys
+    end
+  end
+end

data/lib/openid/protocolerror.rb

@@ -0,0 +1,7 @@
+require_relative "util"
+
+module OpenID
+  # An error in the OpenID protocol
+  class ProtocolError < OpenIDError
+  end
+end