sinatra-browserid 0.1

data/README.md

@@ -0,0 +1,59 @@
+Sinatra plugin that allows authentication against [BrowserID](https://browserid.org/). BrowserID lets you verify the email identity of a user.
+
+To learn more, see how it works [from a users perspective](https://browserid.org/about) and [from a developers perspective](https://github.com/mozilla/browserid/wiki/How-to-Use-BrowserID-on-Your-Site).
+
+Note that BrowserID logins are not done from within a form on your site -- you provide a login button, and that will start up the BrowserID login flow (either via a pop-up or an in-browser widget).
+
+How to get started:
+
+```ruby
+require 'sinatra/base'
+require 'sinatra/browserid'
+
+module MyApp < Sinatra::Base
+    register Sinatra::BrowserID
+
+    set :browserid_login_button, :orange
+    set :sessions, true
+
+    get '/'
+        if authorized?
+            "Welcome, #{authorized_email}"
+        else
+            render_login_button
+        end
+    end
+
+    get '/secure'
+        authorize!                 # require a user be logged in
+
+        email = authorized_email   # browserid email
+        ...
+    end
+
+    get '/logout'
+        logout!
+
+        redirect '/'
+    end
+end
+```
+
+See the rdoc for more details on the helper functions.  For a functioning
+example app, run <tt>rackup -p $PORT</tt> in the example directory.
+
+Available sinatra settings:
+
+* <tt>:browserid_login_button</tt>: set to a color (:orange, :red, :blue,
+  :green, :grey) or an image URL
+* <tt>:browserid_server</tt>: If you're using an alternate auth provider
+  other than https://browserid.org
+* <tt>:browserid_login_url</tt>: URL users get redirected to when the
+  <tt>authorize!</tt> helper is called and a user is not logged in
+
+
+Still TODO:
+
+* better error handling
+* local assertion verification (eliminate callback)
+

data/example/app.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+
+$: << File.join(File.dirname(__FILE__), "..", "lib")
+
+require "sinatra/base"
+require "sinatra/browserid"
+
+class TestApp < Sinatra::Base
+  register Sinatra::BrowserID
+
+  set :sessions, true
+
+  get '/' do
+    erb :index
+  end
+
+  get '/logout' do
+    logout!
+
+    redirect '/'
+  end
+
+  get '/confidential' do
+    authorize!
+
+    "Hey #{authorized_email}, you're authorized!"
+  end
+end

data/example/config.ru

@@ -0,0 +1,2 @@
+require "./app"
+run TestApp

data/example/views/index.erb

@@ -0,0 +1,21 @@
+<html>
+<head>
+</head>
+<body>
+
+<h1>Test App</h1>
+
+<p>
+<% if authorized? %>
+Hello, <%= authorized_email %> <a href="/logout">(logout)</a>
+<% else %>
+<%= render_login_button %>
+<% end %>
+</p>
+
+<p>
+see a <a href="/confidential">page that requires a login</a>.
+</p>
+
+</body>
+</html>

data/lib/sinatra/browserid.rb

@@ -0,0 +1,138 @@
+#!/usr/bin/env ruby
+
+require "json"
+require "net/https"
+require "sinatra/base"
+
+# This module provides an interface to verify a users email address
+# with browserid.org.
+module Sinatra
+  module BrowserID
+
+    module Helpers
+      # Returns true if the current user has logged in and presented
+      # a valid assertion.
+      def authorized?
+        ! session[:browserid_email].nil?
+      end
+
+      # If the current user is not logged in, redirects to a login
+      # page. Override the login page by setting the Sinatra
+      # option <tt>:browserid_login_url</tt>.
+      def authorize!
+        session[:authorize_redirect_url] = request.url
+        login_url = settings.browserid_login_url
+        redirect login_url unless authorized?
+      end
+
+      # Logs out the current user.
+      def logout!
+        session[:browserid_email] = nil
+      end
+
+      # Returns the BrowserID verified email address, or nil if the
+      # user is not logged in.
+      def authorized_email
+        session[:browserid_email]
+      end
+
+      # Returns the HTML to render the BrowserID login button.
+      # Optionally takes a URL parameter for where the user should
+      # be redirected to after the assert POST back.  You can
+      # customize the button image by setting the Sinatra option
+      # <tt>:browserid_login_button</tt> to a color (:orange,
+      # :red, :blue, :green, :grey) or an actual URL.
+      def render_login_button(redirect_url = nil)
+        case settings.browserid_login_button
+        when :orange, :red, :blue, :green, :grey
+          button_url = "#{settings.browserid_url}/i/sign_in_" \
+                       "#{settings.browserid_login_button.to_s}.png"
+        else
+          button_url = settings.browserid_login_button
+        end
+
+        if session[:authorize_redirect_url]
+          redirect_url = session[:authorize_redirect_url]
+          session[:authorize_redirect_url] = nil
+        end
+        redirect_url ||= request.url
+
+        template = ERB.new(Templates::LOGIN_BUTTON)
+        template.result(binding)
+      end
+    end # module Helpers
+
+    def self.registered(app)
+      app.helpers BrowserID::Helpers
+
+      app.set :browserid_url, "https://browserid.org"
+      app.set :browserid_login_button, :red
+      app.set :browserid_login_url, "/_browserid_login"
+
+      app.get '/_browserid_login' do
+        # TODO(petef): render a page that initiates login without
+        # waiting for a user click.
+        render_login_button
+      end
+
+      app.post '/_browserid_assert' do
+        # TODO(petef): do verification locally, without a callback
+        audience = request.host_with_port
+        http = Net::HTTP.new("browserid.org", 443)
+        http.use_ssl = true
+        data = {
+          "assertion" => params[:assertion],
+          "audience" => audience,
+        }
+        data_str = data.collect { |k, v| "#{k}=#{v}" }.join("&")
+        res, body = http.post("/verify", data_str)
+
+        # TODO: check res is a 200
+        verify = JSON.parse(body) || nil
+        if verify.nil?
+          # JSON parsing error
+          return
+        end
+
+        if verify["status"] != "okay"
+          $stderr.puts "status was not OK. #{verify.inspect}"
+          return
+        end
+
+        session[:browserid_email] = verify["email"]
+        session[:browserid_expires] = verify["expires"].to_f / 1000
+
+        redirect params[:redirect] || "/"
+      end
+    end # def self.registered
+
+    module Templates
+      LOGIN_BUTTON = %q{
+<script src="<%= settings.browserid_url %>/include.js" type="text/javascript"></script>
+<script type="text/javascript">
+function _browserid_login() {
+navigator.id.getVerifiedEmail(function(assertion) {
+    if (assertion) {
+        document.forms._browserid_assert.assertion.value = assertion;
+        document.forms._browserid_assert.submit();
+    } else {
+        // TODO: handle failure case?
+    }
+});
+}
+</script>
+
+<form name="_browserid_assert" action="/_browserid_assert" method="post">
+<input type="hidden" name="redirect" value="<%= redirect_url %>">
+<input type="hidden" name="assertion" value="">
+</form>
+
+<a href="#"><img src="<%= button_url %>" id="browserid_login_button" border=0 onClick="_browserid_login()" /></a>
+      }
+    end
+  end # module BrowserID
+
+  register BrowserID
+end # module Sinatra
+
+  #set :sessions, true

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification 
+name: sinatra-browserid
+version: !ruby/object:Gem::Version 
+  hash: 9
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  version: "0.1"
+platform: ruby
+authors: 
+- Pete Fritchman
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-10-21 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: sinatra
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 19
+        segments: 
+        - 1
+        - 1
+        - 0
+        version: 1.1.0
+  type: :runtime
+  version_requirements: *id001
+description: 
+email: 
+- petef@databits.net
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- README.md
+- lib/sinatra/browserid.rb
+- example/app.rb
+- example/config.ru
+- example/views/index.erb
+has_rdoc: true
+homepage: https://github.com/fetep/sinatra-browserid
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --inline-source
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Sinatra extension for user authentication with browserid.org
+test_files: []
+