ruby-openid2 3.0.0

data/lib/openid/yadis/htmltokenizer.rb

@@ -0,0 +1,290 @@
+# = HTMLTokenizer
+#
+# Author::    Ben Giddings  (mailto:bg-rubyforge@infofiend.com)
+# Copyright:: Copyright (c) 2004 Ben Giddings
+# License::   Distributes under the same terms as Ruby
+#
+#
+# This is a partial port of the functionality behind Perl's TokeParser
+# Provided a page it progressively returns tokens from that page
+#
+# $Id: htmltokenizer.rb,v 1.7 2005/06/07 21:05:53 merc Exp $
+
+#
+# A class to tokenize HTML.
+#
+# Example:
+#
+#   page = "<HTML>
+#   <HEAD>
+#   <TITLE>This is the title</TITLE>
+#   </HEAD>
+#    <!-- Here comes the <a href=\"missing.link\">blah</a>
+#    comment body
+#     -->
+#    <BODY>
+#      <H1>This is the header</H1>
+#      <P>
+#        This is the paragraph, it contains
+#        <a href=\"link.html\">links</a>,
+#        <img src=\"blah.gif\" optional alt='images
+#        are
+#        really cool'>.  Ok, here is some more text and
+#        <A href=\"http://another.link.com/\" target=\"_blank\">another link</A>.
+#      </P>
+#    </body>
+#    </HTML>
+#    "
+#    toke = HTMLTokenizer.new(page)
+#
+#    assert("<h1>" == toke.getTag("h1", "h2", "h3").to_s.downcase)
+#    assert(HTMLTag.new("<a href=\"link.html\">") == toke.getTag("IMG", "A"))
+#    assert("links" == toke.getTrimmedText)
+#    assert(toke.getTag("IMG", "A").attr_hash['optional'])
+#    assert("_blank" == toke.getTag("IMG", "A").attr_hash['target'])
+#
+class HTMLTokenizer
+  @@version = 1.0
+
+  # Get version of HTMLTokenizer lib
+  def self.version
+    @@version
+  end
+
+  attr_reader :page
+
+  # Create a new tokenizer, based on the content, used as a string.
+  def initialize(content)
+    @page = content.to_s
+    @cur_pos = 0
+  end
+
+  # Reset the parser, setting the current position back at the stop
+  def reset
+    @cur_pos = 0
+  end
+
+  # Look at the next token, but don't actually grab it
+  def peekNextToken
+    return if @cur_pos == @page.length
+
+    if "<" == @page[@cur_pos]
+      # Next token is a tag of some kind
+      if "!--" == @page[(@cur_pos + 1), 3]
+        # Token is a comment
+        tag_end = @page.index("-->", (@cur_pos + 1))
+        raise HTMLTokenizerError, "No end found to started comment:\n#{@page[@cur_pos, 80]}" if tag_end.nil?
+
+        # p @page[@cur_pos .. (tag_end+2)]
+        HTMLComment.new(@page[@cur_pos..(tag_end + 2)])
+      else
+        # Token is a html tag
+        tag_end = @page.index(">", (@cur_pos + 1))
+        raise HTMLTokenizerError, "No end found to started tag:\n#{@page[@cur_pos, 80]}" if tag_end.nil?
+
+        # p @page[@cur_pos .. tag_end]
+        HTMLTag.new(@page[@cur_pos..tag_end])
+      end
+    else
+      # Next token is text
+      text_end = @page.index("<", @cur_pos)
+      text_end = text_end.nil? ? -1 : (text_end - 1)
+      # p @page[@cur_pos .. text_end]
+      HTMLText.new(@page[@cur_pos..text_end])
+    end
+  end
+
+  # Get the next token, returns an instance of
+  # * HTMLText
+  # * HTMLToken
+  # * HTMLTag
+  def getNextToken
+    token = peekNextToken
+    if token
+      # @page = @page[token.raw.length .. -1]
+      # @page.slice!(0, token.raw.length)
+      @cur_pos += token.raw.length
+    end
+    # p token
+    # print token.raw
+    token
+  end
+
+  # Get a tag from the specified set of desired tags.
+  # For example:
+  # <tt>foo =  toke.getTag("h1", "h2", "h3")</tt>
+  # Will return the next header tag encountered.
+  def getTag(*sought_tags)
+    sought_tags.collect! { |elm| elm.downcase }
+
+    while (tag = getNextToken)
+      if tag.is_a?(HTMLTag) and
+          (0 == sought_tags.length or sought_tags.include?(tag.tag_name))
+        break
+      end
+    end
+    tag
+  end
+
+  # Get all the text between the current position and the next tag
+  # (if specified) or a specific later tag
+  def getText(until_tag = nil)
+    if until_tag.nil?
+      if "<" == @page[@cur_pos]
+        # Next token is a tag, not text
+        ""
+      else
+        # Next token is text
+        getNextToken.text
+      end
+    else
+      ret_str = ""
+
+      while (tag = peekNextToken)
+        break if tag.is_a?(HTMLTag) and tag.tag_name == until_tag
+
+        ret_str << (tag.text + " ") if "" != tag.text
+        getNextToken
+      end
+
+      ret_str
+    end
+  end
+
+  # Like getText, but squeeze all whitespace, getting rid of
+  # leading and trailing whitespace, and squeezing multiple
+  # spaces into a single space.
+  def getTrimmedText(until_tag = nil)
+    getText(until_tag).strip.gsub(/\s+/m, " ")
+  end
+end
+
+class HTMLTokenizerError < Exception
+end
+
+# The parent class for all three types of HTML tokens
+class HTMLToken
+  attr_accessor :raw
+
+  # Initialize the token based on the raw text
+  def initialize(text)
+    @raw = text
+  end
+
+  # By default, return exactly the string used to create the text
+  def to_s
+    raw
+  end
+
+  # By default tokens have no text representation
+  def text
+    ""
+  end
+
+  def trimmed_text
+    text.strip.gsub(/\s+/m, " ")
+  end
+
+  # Compare to another based on the raw source
+  def ==(other)
+    raw == other.to_s
+  end
+end
+
+# Class representing text that isn't inside a tag
+class HTMLText < HTMLToken
+  def text
+    raw
+  end
+end
+
+# Class representing an HTML comment
+class HTMLComment < HTMLToken
+  attr_accessor :contents
+
+  def initialize(text)
+    super
+    temp_arr = text.scan(/^<!--\s*(.*?)\s*-->$/m)
+    raise HTMLTokenizerError, "Text passed to HTMLComment.initialize is not a comment" if temp_arr[0].nil?
+
+    @contents = temp_arr[0][0]
+  end
+end
+
+# Class representing an HTML tag
+class HTMLTag < HTMLToken
+  attr_reader :end_tag, :tag_name
+
+  def initialize(text)
+    super
+    if "<" != text[0] or ">" != text[-1]
+      raise HTMLTokenizerError, "Text passed to HTMLComment.initialize is not a comment"
+    end
+
+    @attr_hash = {}
+    @raw = text
+
+    tag_name = text.scan(/[\w:-]+/)[0]
+    raise HTMLTokenizerError, "Error, tag is nil: #{tag_name}" if tag_name.nil?
+
+    if "/" == text[1]
+      # It's an end tag
+      @end_tag = true
+      @tag_name = "/" + tag_name.downcase
+    else
+      @end_tag = false
+      @tag_name = tag_name.downcase
+    end
+
+    @hashed = false
+  end
+
+  # Retrieve a hash of all the tag's attributes.
+  # Lazily done, so that if you don't look at a tag's attributes
+  # things go quicker
+  def attr_hash
+    # Lazy initialize == don't build the hash until it's needed
+    unless @hashed
+      unless @end_tag
+        # Get the attributes
+        attr_arr = @raw.scan(%r{<[\w:-]+\s+(.*?)/?>}m)[0]
+        if attr_arr.is_a?(Array)
+          # Attributes found, parse them
+          attrs = attr_arr[0]
+          attr_arr = attrs.scan(/\s*([\w:-]+)(?:\s*=\s*("[^"]*"|'[^']*'|([^"'>][^\s>]*)))?/m)
+          # clean up the array by:
+          # * setting all nil elements to true
+          # * removing enclosing quotes
+          attr_arr.each do |item|
+            val = if item[1].nil?
+              item[0]
+            elsif '"'[0] == item[1][0] or "'"[0] == item[1][0]
+              item[1][1..-2]
+            else
+              item[1]
+            end
+            @attr_hash[item[0].downcase] = val
+          end
+        end
+      end
+      @hashed = true
+    end
+
+    # p self
+
+    @attr_hash
+  end
+
+  # Get the 'alt' text for a tag, if it exists, or an empty string otherwise
+  def text
+    unless end_tag
+      case tag_name
+      when "img"
+        return attr_hash["alt"] unless attr_hash["alt"].nil?
+      when "applet"
+        return attr_hash["alt"] unless attr_hash["alt"].nil?
+      end
+    end
+    ""
+  end
+end

data/lib/openid/yadis/parsehtml.rb

@@ -0,0 +1,50 @@
+# stdlib
+require "cgi"
+
+# This library
+require_relative "htmltokenizer"
+
+module OpenID
+  module Yadis
+    def self.html_yadis_location(html)
+      parser = HTMLTokenizer.new(html)
+
+      # to keep track of whether or not we are in the head element
+      in_head = false
+
+      begin
+        while el = parser.getTag(
+          "head",
+          "/head",
+          "meta",
+          "body",
+          "/body",
+          "html",
+          "script",
+        )
+
+          # we are leaving head or have reached body, so we bail
+          return if ["/head", "body", "/body"].member?(el.tag_name)
+
+          if el.tag_name == "head" && !(el.to_s[-2] == "/")
+            in_head = true # tag ends with a /: a short tag
+          end
+          next unless in_head
+
+          if el.tag_name == "script" && !(el.to_s[-2] == "/")
+            parser.getTag("/script") # tag ends with a /: a short tag
+          end
+
+          return if el.tag_name == "html"
+
+          next unless el.tag_name == "meta" and (equiv = el.attr_hash["http-equiv"])
+          if %w[x-xrds-location x-yadis-location].member?(equiv.downcase) &&
+              el.attr_hash.member?("content")
+            return CGI.unescapeHTML(el.attr_hash["content"])
+          end
+        end
+      rescue HTMLTokenizerError # just stop parsing if there's an error
+      end
+    end
+  end
+end

data/lib/openid/yadis/services.rb

@@ -0,0 +1,44 @@
+require_relative "filters"
+require_relative "discovery"
+require_relative "xrds"
+
+module OpenID
+  module Yadis
+    def self.get_service_endpoints(input_url, flt = nil)
+      # Perform the Yadis protocol on the input URL and return an
+      # iterable of resulting endpoint objects.
+      #
+      # @param flt: A filter object or something that is convertable
+      # to a filter object (using mkFilter) that will be used to
+      # generate endpoint objects. This defaults to generating
+      # BasicEndpoint objects.
+      result = Yadis.discover(input_url)
+      begin
+        endpoints = Yadis.apply_filter(
+          result.normalized_uri,
+          result.response_text,
+          flt,
+        )
+      rescue XRDSError => e
+        raise DiscoveryFailure.new(e.to_s, nil)
+      end
+
+      [result.normalized_uri, endpoints]
+    end
+
+    def self.apply_filter(normalized_uri, xrd_data, flt = nil)
+      # Generate an iterable of endpoint objects given this input data,
+      # presumably from the result of performing the Yadis protocol.
+
+      flt = Yadis.make_filter(flt)
+      et = Yadis.parseXRDS(xrd_data)
+
+      endpoints = []
+      each_service(et) do |service_element|
+        endpoints += flt.get_service_endpoints(normalized_uri, service_element)
+      end
+
+      endpoints
+    end
+  end
+end

data/lib/openid/yadis/xrds.rb

@@ -0,0 +1,160 @@
+require "rexml/document"
+require "rexml/element"
+require "rexml/xpath"
+
+require_relative "xri"
+
+module OpenID
+  module Yadis
+    XRD_NS_2_0 = "xri://$xrd*($v*2.0)"
+    XRDS_NS = "xri://$xrds"
+
+    XRDS_NAMESPACES = {
+      "xrds" => XRDS_NS,
+      "xrd" => XRD_NS_2_0,
+    }
+
+    class XRDSError < StandardError; end
+
+    # Raised when there's an assertion in the XRDS that it does not
+    # have the authority to make.
+    class XRDSFraud < XRDSError
+    end
+
+    def self.get_canonical_id(iname, xrd_tree)
+      # Return the CanonicalID from this XRDS document.
+      #
+      # @param iname: the XRI being resolved.
+      # @type iname: unicode
+      #
+      # @param xrd_tree: The XRDS output from the resolver.
+      #
+      # @returns: The XRI CanonicalID or None.
+      # @returntype: unicode or None
+
+      xrd_list = []
+      REXML::XPath.match(xrd_tree.root, "/xrds:XRDS/xrd:XRD", XRDS_NAMESPACES).each do |el|
+        xrd_list << el
+      end
+
+      xrd_list.reverse!
+
+      cid_elements = []
+
+      unless xrd_list.empty?
+        xrd_list[0].elements.each do |e|
+          next unless e.respond_to?(:name)
+
+          cid_elements << e if e.name == "CanonicalID"
+        end
+      end
+
+      cid_element = cid_elements[0]
+
+      return unless cid_element
+
+      canonical_id = XRI.make_xri(cid_element.text)
+
+      child_id = canonical_id.downcase
+
+      xrd_list[1..-1].each do |xrd|
+        parent_sought = child_id[0...child_id.rindex("!")]
+
+        parent = XRI.make_xri(xrd.elements["CanonicalID"].text)
+
+        if parent_sought != parent.downcase
+          raise XRDSFraud.new(format(
+            "%s can not come from %s",
+            parent_sought,
+            parent,
+          ))
+        end
+
+        child_id = parent_sought
+      end
+
+      root = XRI.root_authority(iname)
+      unless XRI.provider_is_authoritative(root, child_id)
+        raise XRDSFraud.new(format("%s can not come from root %s", child_id, root))
+      end
+
+      canonical_id
+    end
+
+    class XRDSError < StandardError
+    end
+
+    def self.parseXRDS(text)
+      disable_entity_expansion do
+        raise XRDSError.new("Not an XRDS document.") if text.nil?
+
+        begin
+          d = REXML::Document.new(text)
+        rescue RuntimeError
+          raise XRDSError.new("Not an XRDS document. Failed to parse XML.")
+        end
+
+        return d if is_xrds?(d)
+
+        raise XRDSError.new("Not an XRDS document.")
+      end
+    end
+
+    def self.disable_entity_expansion
+      _previous_ = REXML::Document.entity_expansion_limit
+      REXML::Document.entity_expansion_limit = 0
+      yield
+    ensure
+      REXML::Document.entity_expansion_limit = _previous_
+    end
+
+    def self.is_xrds?(xrds_tree)
+      xrds_root = xrds_tree.root
+      (!xrds_root.nil? and
+        xrds_root.name == "XRDS" and
+        xrds_root.namespace == XRDS_NS)
+    end
+
+    def self.get_yadis_xrd(xrds_tree)
+      REXML::XPath.each(
+        xrds_tree.root,
+        "/xrds:XRDS/xrd:XRD[last()]",
+        XRDS_NAMESPACES,
+      ) do |el|
+        return el
+      end
+      raise XRDSError.new("No XRD element found.")
+    end
+
+    # aka iterServices in Python
+    def self.each_service(xrds_tree, &block)
+      xrd = get_yadis_xrd(xrds_tree)
+      xrd.each_element("Service", &block)
+    end
+
+    def self.services(xrds_tree)
+      s = []
+      each_service(xrds_tree) do |service|
+        s << service
+      end
+      s
+    end
+
+    def self.expand_service(service_element)
+      es = service_element.elements
+      uris = es.each("URI") { |u| }
+      uris = prio_sort(uris)
+      types = es.each("Type/text()")
+      # REXML::Text objects are not strings.
+      types = types.collect { |t| t.to_s }
+      uris.collect { |uri| [types, uri.text, service_element] }
+    end
+
+    # Sort a list of elements that have priority attributes.
+    def self.prio_sort(elements)
+      elements.sort do |a, b|
+        a.attribute("priority").to_s.to_i <=> b.attribute("priority").to_s.to_i
+      end
+    end
+  end
+end

data/lib/openid/yadis/xri.rb

@@ -0,0 +1,86 @@
+require_relative "../fetchers"
+
+module OpenID
+  module Yadis
+    module XRI
+      # The '(' is for cross-reference authorities, and hopefully has a
+      # matching ')' somewhere.
+      XRI_AUTHORITIES = ["!", "=", "@", "+", "$", "("]
+
+      def self.identifier_scheme(identifier)
+        if !identifier.nil? and
+            identifier.length > 0 and
+            (identifier.match("^xri://") or
+             XRI_AUTHORITIES.member?(identifier[0].chr))
+          :xri
+        else
+          :uri
+        end
+      end
+
+      # Transform an XRI reference to an IRI reference.  Note this is
+      # not not idempotent, so do not apply this to an identifier more
+      # than once.  XRI Syntax section 2.3.1
+      def self.to_iri_normal(xri)
+        iri = xri.dup
+        iri.insert(0, "xri://") unless iri.match?("^xri://")
+        escape_for_iri(iri)
+      end
+
+      # Note this is not not idempotent, so do not apply this more than
+      # once.  XRI Syntax section 2.3.2
+      def self.escape_for_iri(xri)
+        esc = xri.dup
+        # encode all %
+        esc.gsub!("%", "%25")
+        esc.gsub!(/\((.*?)\)/) do |xref_match|
+          xref_match.gsub(%r{[/?\#]}) do |char_match|
+            CGI.escape(char_match)
+          end
+        end
+        esc
+      end
+
+      # Transform an XRI reference to a URI reference.  Note this is not
+      # not idempotent, so do not apply this to an identifier more than
+      # once.  XRI Syntax section 2.3.1
+      def self.to_uri_normal(xri)
+        iri_to_uri(to_iri_normal(xri))
+      end
+
+      # RFC 3987 section 3.1
+      def self.iri_to_uri(iri)
+        iri.dup
+        # for char in ucschar or iprivate
+        # convert each char to %HH%HH%HH (as many %HH as octets)
+      end
+
+      def self.provider_is_authoritative(provider_id, canonical_id)
+        lastbang = canonical_id.rindex("!")
+        return false unless lastbang
+
+        parent = canonical_id[0...lastbang]
+        parent == provider_id
+      end
+
+      def self.root_authority(xri)
+        xri = xri[6..-1] if xri.index("xri://") == 0
+        authority = xri.split("/", 2)[0]
+        root = if authority[0].chr == "("
+          authority[0...authority.index(")") + 1]
+        elsif XRI_AUTHORITIES.member?(authority[0].chr)
+          authority[0].chr
+        else
+          authority.split(/[!*]/)[0]
+        end
+
+        make_xri(root)
+      end
+
+      def self.make_xri(xri)
+        xri = "xri://" + xri if xri.index("xri://") != 0
+        xri
+      end
+    end
+  end
+end