ruby-openid2 3.0.0

data/lib/openid/util.rb

@@ -0,0 +1,119 @@
+require "cgi"
+require "uri"
+require "logger"
+
+# See OpenID::Consumer or OpenID::Server modules, as well as the store classes
+module OpenID
+  class AssertionError < Exception
+  end
+
+  # Exceptions that are raised by the library are subclasses of this
+  # exception type, so if you want to catch all exceptions raised by
+  # the library, you can catch OpenIDError
+  class OpenIDError < StandardError
+  end
+
+  module Util
+    BASE64_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
+      "abcdefghijklmnopqrstuvwxyz0123456789+/"
+    BASE64_RE = Regexp.compile(
+      "
+    \\A
+    ([#{BASE64_CHARS}]{4})*
+    ([#{BASE64_CHARS}]{2}==|
+     [#{BASE64_CHARS}]{3}=)?
+    \\Z",
+      Regexp::EXTENDED,
+    )
+
+    def self.truthy_assert(value, message = nil)
+      return if value
+
+      raise AssertionError, message or value
+    end
+
+    def self.to_base64(s)
+      [s].pack("m").delete("\n")
+    end
+
+    def self.from_base64(s)
+      without_newlines = s.gsub(/[\r\n]+/, "")
+      raise ArgumentError, "Malformed input: #{s.inspect}" unless BASE64_RE.match(without_newlines)
+
+      without_newlines.unpack1("m")
+    end
+
+    def self.urlencode(args)
+      a = []
+      args.each do |key, val|
+        if val.nil?
+          val = ""
+        elsif !!val == val
+          # it's boolean let's convert it to string representation
+          # or else CGI::escape won't like it
+          val = val.to_s
+        end
+
+        a << (CGI.escape(key) + "=" + CGI.escape(val))
+      end
+      a.join("&")
+    end
+
+    def self.parse_query(qs)
+      query = {}
+      CGI.parse(qs).each { |k, v| query[k] = v[0] }
+      query
+    end
+
+    def self.append_args(url, args)
+      url = url.dup
+      return url if args.length == 0
+
+      args = args.sort if args.respond_to?(:each_pair)
+
+      url << (url.include?("?") ? "&" : "?")
+      url << Util.urlencode(args)
+    end
+
+    @@logger = Logger.new(STDERR)
+    @@logger.progname = "OpenID"
+
+    def self.logger=(logger)
+      @@logger = logger
+    end
+
+    def self.logger
+      @@logger
+    end
+
+    # change the message below to do whatever you like for logging
+    def self.log(message)
+      logger.info(message)
+    end
+
+    def self.auto_submit_html(form, title = "OpenID transaction in progress")
+      "
+<html>
+<head>
+  <title>#{title}</title>
+</head>
+<body onload='document.forms[0].submit();'>
+#{form}
+<script>
+var elements = document.forms[0].elements;
+for (var i = 0; i < elements.length; i++) {
+  elements[i].style.display = \"none\";
+}
+</script>
+</body>
+</html>
+"
+    end
+
+    ESCAPE_TABLE = {"&" => "&amp;", "<" => "&lt;", ">" => "&gt;", '"' => "&quot;", "'" => "&#039;"}
+    # Modified from ERb's html_encode
+    def self.html_encode(str)
+      str.to_s.gsub(/[&<>"']/) { |s| ESCAPE_TABLE[s] }
+    end
+  end
+end

data/lib/openid/version.rb

@@ -0,0 +1,5 @@
+module OpenID
+  module Version
+    VERSION = "3.0.0"
+  end
+end

data/lib/openid/yadis/accept.rb

@@ -0,0 +1,141 @@
+module OpenID
+  module Yadis
+    # Generate an accept header value
+    #
+    # [str or (str, float)] -> str
+    def self.generate_accept_header(*elements)
+      parts = []
+      elements.each do |element|
+        if element.is_a?(String)
+          qs = "1.0"
+          mtype = element
+        else
+          mtype, q = element
+          q = q.to_f
+          raise ArgumentError.new("Invalid preference factor: #{q}") if q > 1 or q <= 0
+
+          qs = format("%0.1f", q)
+        end
+
+        parts << [qs, mtype]
+      end
+
+      parts.sort!
+      chunks = []
+      parts.each do |q, mtype|
+        chunks << if q == "1.0"
+          mtype
+        else
+          format("%s; q=%s", mtype, q)
+        end
+      end
+
+      chunks.join(", ")
+    end
+
+    def self.parse_accept_header(value)
+      # Parse an accept header, ignoring any accept-extensions
+      #
+      # returns a list of tuples containing main MIME type, MIME
+      # subtype, and quality markdown.
+      #
+      # str -> [(str, str, float)]
+      chunks = value.split(",", -1).collect { |v| v.strip }
+      accept = []
+      chunks.each do |chunk|
+        parts = chunk.split(";", -1).collect { |s| s.strip }
+
+        mtype = parts.shift
+        if mtype.index("/").nil?
+          # This is not a MIME type, so ignore the bad data
+          next
+        end
+
+        main, sub = mtype.split("/", 2)
+
+        q = nil
+        parts.each do |ext|
+          unless ext.index("=").nil?
+            k, v = ext.split("=", 2)
+            q = v.to_f if k == "q"
+          end
+        end
+
+        q = 1.0 if q.nil?
+
+        accept << [q, main, sub]
+      end
+
+      accept.sort!
+      accept.reverse!
+
+      accept.collect { |q, main, sub| [main, sub, q] }
+    end
+
+    def self.match_types(accept_types, have_types)
+      # Given the result of parsing an Accept: header, and the
+      # available MIME types, return the acceptable types with their
+      # quality markdowns.
+      #
+      # For example:
+      #
+      # >>> acceptable = parse_accept_header('text/html, text/plain; q=0.5')
+      # >>> matchTypes(acceptable, ['text/plain', 'text/html', 'image/jpeg'])
+      # [('text/html', 1.0), ('text/plain', 0.5)]
+      #
+      # Type signature: ([(str, str, float)], [str]) -> [(str, float)]
+      default = if accept_types.nil? or accept_types == []
+        # Accept all of them
+        1
+      else
+        0
+      end
+
+      match_main = {}
+      match_sub = {}
+      accept_types.each do |main, sub, q|
+        if main == "*"
+          default = [default, q].max
+          next
+        elsif sub == "*"
+          match_main[main] = [match_main.fetch(main, 0), q].max
+        else
+          match_sub[[main, sub]] = [match_sub.fetch([main, sub], 0), q].max
+        end
+      end
+
+      accepted_list = []
+      order_maintainer = 0
+      have_types.each do |mtype|
+        main, sub = mtype.split("/", 2)
+        q = if match_sub.member?([main, sub])
+          match_sub[[main, sub]]
+        else
+          match_main.fetch(main, default)
+        end
+
+        if q != 0
+          accepted_list << [1 - q, order_maintainer, q, mtype]
+          order_maintainer += 1
+        end
+      end
+
+      accepted_list.sort!
+      accepted_list.collect { |_, _, q, mtype| [mtype, q] }
+    end
+
+    def self.get_acceptable(accept_header, have_types)
+      # Parse the accept header and return a list of available types
+      # in preferred order. If a type is unacceptable, it will not be
+      # in the resulting list.
+      #
+      # This is a convenience wrapper around matchTypes and
+      # parse_accept_header
+      #
+      # (str, [str]) -> [str]
+      accepted = parse_accept_header(accept_header)
+      preferred = match_types(accepted, have_types)
+      preferred.collect { |mtype, _| mtype }
+    end
+  end
+end

data/lib/openid/yadis/constants.rb

@@ -0,0 +1,16 @@
+require_relative "accept"
+
+module OpenID
+  module Yadis
+    YADIS_HEADER_NAME = "X-XRDS-Location"
+    YADIS_CONTENT_TYPE = "application/xrds+xml"
+
+    # A value suitable for using as an accept header when performing
+    # YADIS discovery, unless the application has special requirements
+    YADIS_ACCEPT_HEADER = generate_accept_header(
+      ["text/html", 0.3],
+      ["application/xhtml+xml", 0.5],
+      [YADIS_CONTENT_TYPE, 1.0],
+    )
+  end
+end

data/lib/openid/yadis/discovery.rb

@@ -0,0 +1,151 @@
+require_relative "../util"
+require_relative "../fetchers"
+require_relative "constants"
+require_relative "parsehtml"
+
+module OpenID
+  # Raised when a error occurs in the discovery process
+  class DiscoveryFailure < OpenIDError
+    attr_accessor :identity_url, :http_response
+
+    def initialize(message, http_response)
+      super(message)
+      @identity_url = nil
+      @http_response = http_response
+    end
+  end
+
+  module Yadis
+    # Contains the result of performing Yadis discovery on a URI
+    class DiscoveryResult
+      # The result of following redirects from the request_uri
+      attr_accessor :normalize_uri
+
+      # The URI from which the response text was returned (set to
+      # nil if there was no XRDS document found)
+      attr_accessor :xrds_uri
+
+      # The content-type returned with the response_text
+      attr_accessor :content_type
+
+      # The document returned from the xrds_uri
+      attr_accessor :response_text
+
+      attr_accessor :request_uri, :normalized_uri
+
+      def initialize(request_uri)
+        # Initialize the state of the object
+        #
+        # sets all attributes to None except the request_uri
+        @request_uri = request_uri
+        @normalized_uri = nil
+        @xrds_uri = nil
+        @content_type = nil
+        @response_text = nil
+      end
+
+      # Was the Yadis protocol's indirection used?
+      def used_yadis_location?
+        @normalized_uri != @xrds_uri
+      end
+
+      # Is the response text supposed to be an XRDS document?
+      def is_xrds
+        (used_yadis_location? or
+                @content_type == YADIS_CONTENT_TYPE)
+      end
+    end
+
+    # Discover services for a given URI.
+    #
+    # uri: The identity URI as a well-formed http or https URI. The
+    # well-formedness and the protocol are not checked, but the
+    # results of this function are undefined if those properties do
+    # not hold.
+    #
+    # returns a DiscoveryResult object
+    #
+    # Raises DiscoveryFailure when the HTTP response does not have
+    # a 200 code.
+    def self.discover(uri)
+      result = DiscoveryResult.new(uri)
+      begin
+        resp = OpenID.fetch(uri, nil, {"Accept" => YADIS_ACCEPT_HEADER})
+      rescue Exception
+        raise DiscoveryFailure.new("Failed to fetch identity URL #{uri} : #{$!}", $!)
+      end
+      if resp.code != "200" and resp.code != "206"
+        raise DiscoveryFailure.new(
+          'HTTP Response status from identity URL host is not "200".' \
+            "Got status #{resp.code.inspect} for #{resp.final_url}",
+          resp,
+        )
+      end
+
+      # Note the URL after following redirects
+      result.normalized_uri = resp.final_url
+
+      # Attempt to find out where to go to discover the document or if
+      # we already have it
+      result.content_type = resp["content-type"]
+
+      result.xrds_uri = where_is_yadis?(resp)
+
+      if result.xrds_uri and result.used_yadis_location?
+        begin
+          resp = OpenID.fetch(result.xrds_uri)
+        rescue StandardError
+          raise DiscoveryFailure.new("Failed to fetch Yadis URL #{result.xrds_uri} : #{$!}", $!)
+        end
+        if resp.code != "200" and resp.code != "206"
+          exc = DiscoveryFailure.new(
+            'HTTP Response status from Yadis host is not "200". ' +
+                                 "Got status #{resp.code.inspect} for #{resp.final_url}",
+            resp,
+          )
+          exc.identity_url = result.normalized_uri
+          raise exc
+        end
+
+        result.content_type = resp["content-type"]
+      end
+
+      result.response_text = resp.body
+      result
+    end
+
+    # Given a HTTPResponse, return the location of the Yadis
+    # document.
+    #
+    # May be the URL just retrieved, another URL, or None, if I
+    # can't find any.
+    #
+    # [non-blocking]
+    def self.where_is_yadis?(resp)
+      # Attempt to find out where to go to discover the document or if
+      # we already have it
+      content_type = resp["content-type"]
+
+      # According to the spec, the content-type header must be an
+      # exact match, or else we have to look for an indirection.
+      if !content_type.nil? and !content_type.to_s.empty? and
+          content_type.split(";", 2)[0].downcase == YADIS_CONTENT_TYPE
+        return resp.final_url
+      else
+        # Try the header
+        yadis_loc = resp[YADIS_HEADER_NAME.downcase]
+
+        if yadis_loc.nil?
+          # Parse as HTML if the header is missing.
+          #
+          # XXX: do we want to do something with content-type, like
+          # have a whitelist or a blacklist (for detecting that it's
+          # HTML)?
+          yadis_loc = Yadis.html_yadis_location(resp.body)
+        end
+      end
+
+      yadis_loc
+    end
+  end
+end

data/lib/openid/yadis/filters.rb

@@ -0,0 +1,192 @@
+# This file contains functions and classes used for extracting
+# endpoint information out of a Yadis XRD file using the REXML
+# XML parser.
+
+module OpenID
+  module Yadis
+    class BasicServiceEndpoint
+      attr_reader :type_uris, :yadis_url, :uri, :service_element
+
+      # Generic endpoint object that contains parsed service
+      # information, as well as a reference to the service element
+      # from which it was generated. If there is more than one
+      # xrd:Type or xrd:URI in the xrd:Service, this object represents
+      # just one of those pairs.
+      #
+      # This object can be used as a filter, because it implements
+      # fromBasicServiceEndpoint.
+      #
+      # The simplest kind of filter you can write implements
+      # fromBasicServiceEndpoint, which takes one of these objects.
+      def initialize(yadis_url, type_uris, uri, service_element)
+        @type_uris = type_uris
+        @yadis_url = yadis_url
+        @uri = uri
+        @service_element = service_element
+      end
+
+      # Query this endpoint to see if it has any of the given type
+      # URIs. This is useful for implementing other endpoint classes
+      # that e.g. need to check for the presence of multiple
+      # versions of a single protocol.
+      def match_types(type_uris)
+        @type_uris & type_uris
+      end
+
+      # Trivial transform from a basic endpoint to itself. This
+      # method exists to allow BasicServiceEndpoint to be used as a
+      # filter.
+      #
+      # If you are subclassing this object, re-implement this function.
+      def self.from_basic_service_endpoint(endpoint)
+        endpoint
+      end
+
+      # A hack to make both this class and its instances respond to
+      # this message since Ruby doesn't support static methods.
+      def from_basic_service_endpoint(endpoint)
+        self.class.from_basic_service_endpoint(endpoint)
+      end
+    end
+
+    # Take a list of basic filters and makes a filter that
+    # transforms the basic filter into a top-level filter. This is
+    # mostly useful for the implementation of make_filter, which
+    # should only be needed for special cases or internal use by
+    # this library.
+    #
+    # This object is useful for creating simple filters for services
+    # that use one URI and are specified by one Type (we expect most
+    # Types will fit this paradigm).
+    #
+    # Creates a BasicServiceEndpoint object and apply the filter
+    # functions to it until one of them returns a value.
+    class TransformFilterMaker
+      attr_reader :filter_procs
+
+      # Initialize the filter maker's state
+      #
+      # filter_functions are the endpoint transformer
+      # Procs to apply to the basic endpoint. These are called in
+      # turn until one of them does not return nil, and the result
+      # of that transformer is returned.
+      def initialize(filter_procs)
+        @filter_procs = filter_procs
+      end
+
+      # Returns an array of endpoint objects produced by the
+      # filter procs.
+      def get_service_endpoints(yadis_url, service_element)
+        endpoints = []
+
+        # Do an expansion of the service element by xrd:Type and
+        # xrd:URI
+        Yadis.expand_service(service_element).each do |type_uris, uri, _|
+          # Create a basic endpoint object to represent this
+          # yadis_url, Service, Type, URI combination
+          endpoint = BasicServiceEndpoint.new(
+            yadis_url, type_uris, uri, service_element
+          )
+
+          e = apply_filters(endpoint)
+          endpoints << e unless e.nil?
+        end
+        endpoints
+      end
+
+      def apply_filters(endpoint)
+        # Apply filter procs to an endpoint until one of them returns
+        # non-nil.
+        @filter_procs.each do |filter_proc|
+          e = filter_proc.call(endpoint)
+          unless e.nil?
+            # Once one of the filters has returned an endpoint, do not
+            # apply any more.
+            return e
+          end
+        end
+
+        nil
+      end
+    end
+
+    class CompoundFilter
+      attr_reader :subfilters
+
+      # Create a new filter that applies a set of filters to an
+      # endpoint and collects their results.
+      def initialize(subfilters)
+        @subfilters = subfilters
+      end
+
+      # Generate all endpoint objects for all of the subfilters of
+      # this filter and return their concatenation.
+      def get_service_endpoints(yadis_url, service_element)
+        endpoints = []
+        @subfilters.each do |subfilter|
+          endpoints += subfilter.get_service_endpoints(yadis_url, service_element)
+        end
+        endpoints
+      end
+    end
+
+    # Exception raised when something is not able to be turned into a
+    # filter
+    @@filter_type_error = TypeError.new(
+      "Expected a filter, an endpoint, a callable or a list of any of these.",
+    )
+
+    # Convert a filter-convertable thing into a filter
+    #
+    # parts should be a filter, an endpoint, a callable, or a list of
+    # any of these.
+    def self.make_filter(parts)
+      # Convert the parts into a list, and pass to mk_compound_filter
+      parts = [BasicServiceEndpoint] if parts.nil?
+
+      return mk_compound_filter(parts) if parts.is_a?(Array)
+
+      mk_compound_filter([parts])
+    end
+
+    # Create a filter out of a list of filter-like things
+    #
+    # Used by make_filter
+    #
+    # parts should be a list of things that can be passed to make_filter
+    def self.mk_compound_filter(parts)
+      raise TypeError, "#{parts.inspect} is not iterable" unless parts.respond_to?(:each)
+
+      # Separate into a list of callables and a list of filter objects
+      transformers = []
+      filters = []
+      parts.each do |subfilter|
+        if !subfilter.is_a?(Array)
+          # If it's not an iterable
+          if subfilter.respond_to?(:get_service_endpoints)
+            # It's a full filter
+            filters << subfilter
+          elsif subfilter.respond_to?(:from_basic_service_endpoint)
+            # It's an endpoint object, so put its endpoint conversion
+            # attribute into the list of endpoint transformers
+            transformers << subfilter.method(:from_basic_service_endpoint)
+          elsif subfilter.respond_to?(:call)
+            # It's a proc, so add it to the list of endpoint
+            # transformers
+            transformers << subfilter
+          else
+            raise @@filter_type_error
+          end
+        else
+          filters << mk_compound_filter(subfilter)
+        end
+      end
+
+      filters << TransformFilterMaker.new(transformers) if transformers.length > 0
+
+      return filters[0] if filters.length == 1
+
+      CompoundFilter.new(filters)
+    end
+  end
+end