tfe-authlogic_openid 0.1.0

data/lib/authlogic_openid/session.rb

@@ -0,0 +1,125 @@
+module AuthlogicOpenid
+  # This module is responsible for adding all of the OpenID goodness to the Authlogic::Session::Base class.
+  module Session
+    # Add a simple openid_identifier attribute and some validations for the field.
+    def self.included(klass)
+      klass.class_eval do
+        extend Config
+        include Methods
+      end
+    end
+    
+    module Config
+      # What method should we call to find a record by the openid_identifier?
+      # This is useful if you want to store multiple openid_identifiers for a single record.
+      # You could do something like:
+      #
+      #   class User < ActiveRecord::Base
+      #     def self.find_by_openid_identifier(identifier)
+      #       user.first(:conditions => {:openid_identifiers => {:identifier => identifier}})
+      #     end
+      #   end
+      #
+      # Obviously the above depends on what you are calling your assocition, etc. But you get the point.
+      #
+      # * <tt>Default:</tt> :find_by_openid_identifier
+      # * <tt>Accepts:</tt> Symbol
+      def find_by_openid_identifier_method(value = nil)
+        rw_config(:find_by_openid_identifier_method, value, :find_by_openid_identifier)
+      end
+      alias_method :find_by_openid_identifier_method=, :find_by_openid_identifier_method
+      
+      # Add this in your Session object to Auto Register a new user using openid via sreg
+      def auto_register(value=true)
+        auto_register_value(value)
+      end
+      
+      def auto_register_value(value=nil)
+        rw_config(:auto_register,value,false)
+      end
+      
+      alias_method :auto_register=,:auto_register
+    end
+    
+    module Methods
+      def self.included(klass)
+        klass.class_eval do
+          attr_reader :openid_identifier
+          validate :validate_openid_error
+          validate :validate_by_openid, :if => :authenticating_with_openid?
+        end
+      end
+      
+      # Hooks into credentials so that you can pass an :openid_identifier key.
+      def credentials=(value)
+        super
+        values = value.is_a?(Array) ? value : [value]
+        hash = values.first.is_a?(Hash) ? values.first.with_indifferent_access : nil
+        self.openid_identifier = hash[:openid_identifier] if !hash.nil? && hash.key?(:openid_identifier)
+      end
+      
+      def openid_identifier=(value)
+        @openid_identifier = value.blank? ? nil : OpenIdAuthentication.normalize_identifier(value)
+        @openid_error = nil
+      rescue OpenIdAuthentication::InvalidOpenId => e
+        @openid_identifier = nil
+        @openid_error = e.message
+      end
+      
+      # Cleaers out the block if we are authenticating with OpenID, so that we can redirect without a DoubleRender
+      # error.
+      def save(&block)
+        block = nil if !openid_identifier.blank?
+        super(&block)
+      end
+      
+      private
+        def authenticating_with_openid?
+          attempted_record.nil? && errors.empty? && (!openid_identifier.blank? || (controller.params[:open_id_complete] && controller.params[:for_session]))
+        end
+        
+        def find_by_openid_identifier_method
+          self.class.find_by_openid_identifier_method
+        end
+
+        def find_by_openid_identifier_method
+          self.class.find_by_openid_identifier_method
+        end
+        
+        def auto_register?
+          self.class.auto_register_value
+        end
+        
+        def validate_by_openid
+          self.remember_me = controller.params[:remember_me] == "true" if controller.params.key?(:remember_me)
+          self.attempted_record = klass.send(find_by_openid_identifier_method, openid_identifier)
+          if !attempted_record
+            if auto_register?
+              self.attempted_record = klass.new :openid_identifier=>openid_identifier
+              attempted_record.save do |result|
+                if result
+                  true
+                else
+                  false
+                end
+              end
+            else
+              errors.add(:openid_identifier, "did not match any users in our database, have you set up your account to use OpenID?")
+            end
+            return
+          end
+          controller.send(:authenticate_with_open_id, openid_identifier, :return_to => controller.url_for(:for_session => "1", :remember_me => remember_me?)) do |result, openid_identifier|
+            if result.unsuccessful?
+              errors.add_to_base(result.message)
+              return
+            end
+            
+          end
+        end
+        
+        def validate_openid_error
+          errors.add(:openid_identifier, @openid_error) if @openid_error
+        end
+    end
+  end
+end

data/lib/authlogic_openid/version.rb

@@ -0,0 +1,51 @@
+module AuthlogicOpenid
+  # A class for describing the current version of a library. The version
+  # consists of three parts: the +major+ number, the +minor+ number, and the
+  # +tiny+ (or +patch+) number.
+  class Version
+    include Comparable
+  
+    # A convenience method for instantiating a new Version instance with the
+    # given +major+, +minor+, and +tiny+ components.
+    def self.[](major, minor, tiny)
+      new(major, minor, tiny)
+    end
+
+    attr_reader :major, :minor, :tiny
+
+    # Create a new Version object with the given components.
+    def initialize(major, minor, tiny)
+      @major, @minor, @tiny = major, minor, tiny
+    end
+
+    # Compare this version to the given +version+ object.
+    def <=>(version)
+      to_i <=> version.to_i
+    end
+
+    # Converts this version object to a string, where each of the three
+    # version components are joined by the '.' character. E.g., 2.0.0.
+    def to_s
+      @to_s ||= [@major, @minor, @tiny].join(".")
+    end
+
+    # Converts this version to a canonical integer that may be compared
+    # against other version objects.
+    def to_i
+      @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
+    end
+    
+    def to_a
+      [@major, @minor, @tiny]
+    end
+
+    MAJOR = 1
+    MINOR = 0
+    TINY  = 5
+
+    # The current version as a Version instance
+    CURRENT = new(MAJOR, MINOR, TINY)
+    # The current version as a String
+    STRING = CURRENT.to_s
+  end
+end

data/test/acts_as_authentic_test.rb

@@ -0,0 +1,105 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class ActsAsAuthenticTest < ActiveSupport::TestCase
+  def test_included
+    assert User.send(:acts_as_authentic_modules).include?(AuthlogicOpenid::ActsAsAuthentic::Methods)
+    assert_equal :validate_password_with_openid?, User.validates_length_of_password_field_options[:if]
+    assert_equal :validate_password_with_openid?, User.validates_confirmation_of_password_field_options[:if]
+    assert_equal :validate_password_with_openid?, User.validates_length_of_password_confirmation_field_options[:if]
+  end
+  
+  def test_password_not_required_on_create
+    user = User.new
+    user.login = "sweet"
+    user.email = "a@a.com"
+    user.openid_identifier = "https://me.yahoo.com/a/9W0FJjRj0o981TMSs0vqVxPdmMUVOQ--"
+    assert !user.save {} # because we are redirecting, the user was NOT saved
+    assert redirecting_to_yahoo?
+  end
+  
+  def test_password_required_on_create
+    user = User.new
+    user.login = "sweet"
+    user.email = "a@a.com"
+    assert !user.save
+    assert user.errors.on(:password)
+    assert user.errors.on(:password_confirmation)
+  end
+  
+  def test_password_not_required_on_update
+    ben = users(:ben)
+    assert_nil ben.crypted_password
+    assert ben.save
+  end
+  
+  def test_password_required_on_update
+    ben = users(:ben)
+    ben.openid_identifier = nil
+    assert_nil ben.crypted_password
+    assert !ben.save
+    assert ben.errors.on(:password)
+    assert ben.errors.on(:password_confirmation)
+  end
+  
+  def test_validates_uniqueness_of_openid_identifier
+    u = User.new(:openid_identifier => "bens_identifier")
+    assert !u.valid?
+    assert u.errors.on(:openid_identifier)
+  end
+  
+  def test_setting_openid_identifier_changed_persistence_token
+    ben = users(:ben)
+    old_persistence_token = ben.persistence_token
+    ben.openid_identifier = "new"
+    assert_not_equal old_persistence_token, ben.persistence_token
+  end
+  
+  def test_invalid_openid_identifier
+    u = User.new(:openid_identifier => "%")
+    assert !u.valid?
+    assert u.errors.on(:openid_identifier)
+  end
+  
+  def test_blank_openid_identifer_gets_set_to_nil
+    u = User.new(:openid_identifier => "")
+    assert_nil u.openid_identifier
+  end
+  
+  def test_updating_with_openid
+    ben = users(:ben)
+    ben.openid_identifier = "https://me.yahoo.com/a/9W0FJjRj0o981TMSs0vqVxPdmMUVOQ--"
+    assert !ben.save {} # because we are redirecting
+    assert redirecting_to_yahoo?
+  end
+  
+  def test_updating_without_openid
+    ben = users(:ben)
+    ben.openid_identifier = nil
+    ben.password = "test"
+    ben.password_confirmation = "test"
+    assert ben.save
+    assert !redirecting_to_yahoo?
+  end
+  
+  def test_updating_without_validation
+    ben = users(:ben)
+    ben.openid_identifier = "https://me.yahoo.com/a/9W0FJjRj0o981TMSs0vqVxPdmMUVOQ--"
+    assert ben.save(false)
+    assert !redirecting_to_yahoo?
+  end
+  
+  def test_updating_without_a_block
+    ben = users(:ben)
+    ben.openid_identifier = "https://me.yahoo.com/a/9W0FJjRj0o981TMSs0vqVxPdmMUVOQ--"
+    assert ben.save
+    ben.reload
+    assert_equal "https://me.yahoo.com/a/9W0FJjRj0o981TMSs0vqVxPdmMUVOQ--", ben.openid_identifier
+  end
+  
+  def test_updating_while_not_activated
+    UserSession.controller = nil
+    ben = users(:ben)
+    ben.openid_identifier = "https://me.yahoo.com/a/9W0FJjRj0o981TMSs0vqVxPdmMUVOQ--"
+    assert ben.save {}
+  end
+end

data/test/fixtures/users.yml

@@ -0,0 +1,9 @@
+ben:
+  login: bjohnson
+  persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
+  single_access_token: <%= Authlogic::Random.friendly_token %>
+  perishable_token: <%= Authlogic::Random.friendly_token %>
+  openid_identifier: bens_identifier
+  email: bjohnson@binarylogic.com
+  first_name: Ben
+  last_name: Johnson

data/test/libs/open_id_authentication/CHANGELOG

@@ -0,0 +1,35 @@
+* Fake HTTP method from OpenID server since they only support a GET. Eliminates the need to set an extra route to match the server's reply. [Josh Peek]
+
+* OpenID 2.0 recommends that forms should use the field name "openid_identifier" rather than "openid_url" [Josh Peek]
+
+* Return open_id_response.display_identifier to the application instead of .endpoints.claimed_id. [nbibler]
+
+* Add Timeout protection [Rick]
+
+* An invalid identity url passed through authenticate_with_open_id will no longer raise an InvalidOpenId exception. Instead it will return Result[:missing] to the completion block.
+
+* Allow a return_to option to be used instead of the requested url [Josh Peek]
+
+* Updated plugin to use Ruby OpenID 2.x.x [Josh Peek]
+
+* Tied plugin to ruby-openid 1.1.4 gem until we can make it compatible with 2.x [DHH]
+
+* Use URI instead of regexps to normalize the URL and gain free, better matching #8136 [dkubb]
+
+* Allow -'s in #normalize_url [Rick]
+
+* remove instance of mattr_accessor, it was breaking tests since they don't load ActiveSupport.  Fix Timeout test [Rick]
+
+* Throw a InvalidOpenId exception instead of just a RuntimeError when the URL can't be normalized [DHH]
+
+* Just use the path for the return URL, so extra query parameters don't interfere [DHH]
+
+* Added a new default database-backed store after experiencing trouble with the filestore on NFS. The file store is still available as an option [DHH]
+
+* Added normalize_url and applied it to all operations going through the plugin [DHH]
+
+* Removed open_id? as the idea of using the same input box for both OpenID and username has died -- use using_open_id? instead (which checks for the presence of params[:openid_url] by default) [DHH]
+
+* Added OpenIdAuthentication::Result to make it easier to deal with default situations where you don't care to do something particular for each error state [DHH]
+
+* Stop relying on root_url being defined, we can just grab the current url instead [DHH]

data/test/libs/open_id_authentication/README

@@ -0,0 +1,231 @@
+OpenIdAuthentication
+====================
+
+Provides a thin wrapper around the excellent ruby-openid gem from JanRan. Be sure to install that first:
+
+  gem install ruby-openid
+
+To understand what OpenID is about and how it works, it helps to read the documentation for lib/openid/consumer.rb
+from that gem.
+
+The specification used is http://openid.net/specs/openid-authentication-2_0.html.
+
+
+Prerequisites
+=============
+
+OpenID authentication uses the session, so be sure that you haven't turned that off. It also relies on a number of
+database tables to store the authentication keys. So you'll have to run the migration to create these before you get started:
+
+  rake open_id_authentication:db:create
+
+Or, use the included generators to install or upgrade:
+
+  ./script/generate open_id_authentication_tables MigrationName
+  ./script/generate upgrade_open_id_authentication_tables MigrationName
+
+Alternatively, you can use the file-based store, which just relies on on tmp/openids being present in RAILS_ROOT. But be aware that this store only works if you have a single application server. And it's not safe to use across NFS. It's recommended that you use the database store if at all possible. To use the file-based store, you'll also have to add this line to your config/environment.rb:
+
+  OpenIdAuthentication.store = :file
+
+This particular plugin also relies on the fact that the authentication action allows for both POST and GET operations.
+If you're using RESTful authentication, you'll need to explicitly allow for this in your routes.rb. 
+
+The plugin also expects to find a root_url method that points to the home page of your site. You can accomplish this by using a root route in config/routes.rb:
+
+  map.root :controller => 'articles'
+
+This plugin relies on Rails Edge revision 6317 or newer.
+
+
+Example
+=======
+
+This example is just to meant to demonstrate how you could use OpenID authentication. You might well want to add
+salted hash logins instead of plain text passwords and other requirements on top of this. Treat it as a starting point,
+not a destination.
+
+Note that the User model referenced in the simple example below has an 'identity_url' attribute. You will want to add the same or similar field to whatever
+model you are using for authentication.
+
+Also of note is the following code block used in the example below:
+
+  authenticate_with_open_id do |result, identity_url|
+    ...
+  end
+  
+In the above code block, 'identity_url' will need to match user.identity_url exactly. 'identity_url' will be a string in the form of 'http://example.com' -
+If you are storing just 'example.com' with your user, the lookup will fail.
+
+There is a handy method in this plugin called 'normalize_url' that will help with validating OpenID URLs.
+
+  OpenIdAuthentication.normalize_url(user.identity_url)
+
+The above will return a standardized version of the OpenID URL - the above called with 'example.com' will return 'http://example.com/'
+It will also raise an InvalidOpenId exception if the URL is determined to not be valid.
+Use the above code in your User model and validate OpenID URLs before saving them.
+
+config/routes.rb
+
+  map.root :controller => 'articles'
+  map.resource :session
+
+
+app/views/sessions/new.erb
+
+  <% form_tag(session_url) do %>
+    <p>
+      <label for="name">Username:</label>
+      <%= text_field_tag "name" %>
+    </p>
+
+    <p>
+      <label for="password">Password:</label>
+      <%= password_field_tag %>
+    </p>
+
+    <p>
+      ...or use:
+    </p>
+
+    <p>
+      <label for="openid_identifier">OpenID:</label>
+      <%= text_field_tag "openid_identifier" %>
+    </p>
+
+    <p>
+      <%= submit_tag 'Sign in', :disable_with => "Signing in&hellip;" %>
+    </p>
+  <% end %>
+
+app/controllers/sessions_controller.rb
+  class SessionsController < ApplicationController
+    def create
+      if using_open_id?
+        open_id_authentication
+      else
+        password_authentication(params[:name], params[:password])
+      end
+    end
+
+
+    protected
+      def password_authentication(name, password)
+        if @current_user = @account.users.authenticate(params[:name], params[:password])
+          successful_login
+        else
+          failed_login "Sorry, that username/password doesn't work"
+        end
+      end
+
+      def open_id_authentication
+        authenticate_with_open_id do |result, identity_url|
+          if result.successful?
+            if @current_user = @account.users.find_by_identity_url(identity_url)
+              successful_login
+            else
+              failed_login "Sorry, no user by that identity URL exists (#{identity_url})"
+            end
+          else
+            failed_login result.message
+          end
+        end
+      end
+    
+    
+    private
+      def successful_login
+        session[:user_id] = @current_user.id
+        redirect_to(root_url)
+      end
+
+      def failed_login(message)
+        flash[:error] = message
+        redirect_to(new_session_url)
+      end
+  end
+
+
+
+If you're fine with the result messages above and don't need individual logic on a per-failure basis,
+you can collapse the case into a mere boolean:
+
+    def open_id_authentication
+      authenticate_with_open_id do |result, identity_url|
+        if result.successful? && @current_user = @account.users.find_by_identity_url(identity_url)
+          successful_login
+        else
+          failed_login(result.message || "Sorry, no user by that identity URL exists (#{identity_url})")
+        end
+      end
+    end
+
+
+Simple Registration OpenID Extension
+====================================
+
+Some OpenID Providers support this lightweight profile exchange protocol.  See more: http://www.openidenabled.com/openid/simple-registration-extension
+
+You can support it in your app by changing #open_id_authentication
+
+      def open_id_authentication(identity_url)
+        # Pass optional :required and :optional keys to specify what sreg fields you want.
+        # Be sure to yield registration, a third argument in the #authenticate_with_open_id block.
+        authenticate_with_open_id(identity_url, 
+            :required => [ :nickname, :email ],
+            :optional => :fullname) do |result, identity_url, registration|
+          case result.status
+          when :missing
+            failed_login "Sorry, the OpenID server couldn't be found"
+          when :invalid
+            failed_login "Sorry, but this does not appear to be a valid OpenID"
+          when :canceled
+            failed_login "OpenID verification was canceled"
+          when :failed
+            failed_login "Sorry, the OpenID verification failed"
+          when :successful
+            if @current_user = @account.users.find_by_identity_url(identity_url)
+              assign_registration_attributes!(registration)
+
+              if current_user.save
+                successful_login
+              else
+                failed_login "Your OpenID profile registration failed: " +
+                  @current_user.errors.full_messages.to_sentence
+              end
+            else
+              failed_login "Sorry, no user by that identity URL exists"
+            end
+          end
+        end
+      end
+      
+      # registration is a hash containing the valid sreg keys given above
+      # use this to map them to fields of your user model
+      def assign_registration_attributes!(registration)
+        model_to_registration_mapping.each do |model_attribute, registration_attribute|
+          unless registration[registration_attribute].blank?
+            @current_user.send("#{model_attribute}=", registration[registration_attribute])
+          end
+        end
+      end
+
+      def model_to_registration_mapping
+        { :login => 'nickname', :email => 'email', :display_name => 'fullname' }
+      end
+
+Attribute Exchange OpenID Extension
+===================================
+
+Some OpenID providers also support the OpenID AX (attribute exchange) protocol for exchanging identity information between endpoints.  See more: http://openid.net/specs/openid-attribute-exchange-1_0.html
+
+Accessing AX data is very similar to the Simple Registration process, described above -- just add the URI identifier for the AX field to your :optional or :required parameters.  For example:
+
+        authenticate_with_open_id(identity_url, 
+            :required => [ :email, 'http://schema.openid.net/birthDate' ]) do |result, identity_url, registration|
+      
+This would provide the sreg data for :email, and the AX data for 'http://schema.openid.net/birthDate'
+
+
+
+Copyright (c) 2007 David Heinemeier Hansson, released under the MIT license