RubyGems - tfe-authlogic_openid - Versions diffs - 0.1.0 - Mend

tfe-authlogic_openid 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

data/test/libs/open_id_authentication/Rakefile ADDED Viewed

@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+desc 'Default: run unit tests.'
+task :default => :test
+desc 'Test the open_id_authentication plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+desc 'Generate documentation for the open_id_authentication plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'OpenIdAuthentication'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/test/libs/open_id_authentication/generators/open_id_authentication_tables/open_id_authentication_tables_generator.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class OpenIdAuthenticationTablesGenerator < Rails::Generator::NamedBase
+  def initialize(runtime_args, runtime_options = {})
+    super
+  end
+  def manifest
+    record do |m|
+      m.migration_template 'migration.rb', 'db/migrate'
+    end
+  end
+end

data/test/libs/open_id_authentication/generators/open_id_authentication_tables/templates/migration.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class <%= class_name %> < ActiveRecord::Migration
+  def self.up
+    create_table :open_id_authentication_associations, :force => true do |t|
+      t.integer :issued, :lifetime
+      t.string :handle, :assoc_type
+      t.binary :server_url, :secret
+    end
+    create_table :open_id_authentication_nonces, :force => true do |t|
+      t.integer :timestamp, :null => false
+      t.string :server_url, :null => true
+      t.string :salt, :null => false
+    end
+  end
+  def self.down
+    drop_table :open_id_authentication_associations
+    drop_table :open_id_authentication_nonces
+  end
+end

data/test/libs/open_id_authentication/generators/upgrade_open_id_authentication_tables/templates/migration.rb ADDED Viewed

@@ -0,0 +1,26 @@
+class <%= class_name %> < ActiveRecord::Migration
+  def self.up
+    drop_table :open_id_authentication_settings
+    drop_table :open_id_authentication_nonces
+    create_table :open_id_authentication_nonces, :force => true do |t|
+      t.integer :timestamp, :null => false
+      t.string :server_url, :null => true
+      t.string :salt, :null => false
+    end
+  end
+  def self.down
+    drop_table :open_id_authentication_nonces
+    create_table :open_id_authentication_nonces, :force => true do |t|
+      t.integer :created
+      t.string :nonce
+    end
+    create_table :open_id_authentication_settings, :force => true do |t|
+      t.string :setting
+      t.binary :value
+    end
+  end
+end

data/test/libs/open_id_authentication/generators/upgrade_open_id_authentication_tables/upgrade_open_id_authentication_tables_generator.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class UpgradeOpenIdAuthenticationTablesGenerator < Rails::Generator::NamedBase
+  def initialize(runtime_args, runtime_options = {})
+    super
+  end
+  def manifest
+    record do |m|
+      m.migration_template 'migration.rb', 'db/migrate'
+    end
+  end
+end

data/test/libs/open_id_authentication/init.rb ADDED Viewed

@@ -0,0 +1,18 @@
+if config.respond_to?(:gems)
+  config.gem 'ruby-openid', :lib => 'openid', :version => '>=2.0.4'
+else
+  begin
+    require 'openid'
+  rescue LoadError
+    begin
+      gem 'ruby-openid', '>=2.0.4'
+    rescue Gem::LoadError
+      puts "Install the ruby-openid gem to enable OpenID support"
+    end
+  end
+end
+config.to_prepare do
+  OpenID::Util.logger = Rails.logger
+  ActionController::Base.send :include, OpenIdAuthentication
+end

data/test/libs/open_id_authentication/lib/open_id_authentication.rb ADDED Viewed

@@ -0,0 +1,244 @@
+require 'uri'
+require 'openid/extensions/sreg'
+require 'openid/extensions/ax'
+require 'openid/store/filesystem'
+require File.dirname(__FILE__) + '/open_id_authentication/association'
+require File.dirname(__FILE__) + '/open_id_authentication/nonce'
+require File.dirname(__FILE__) + '/open_id_authentication/db_store'
+require File.dirname(__FILE__) + '/open_id_authentication/mem_cache_store'
+require File.dirname(__FILE__) + '/open_id_authentication/request'
+require File.dirname(__FILE__) + '/open_id_authentication/timeout_fixes' if OpenID::VERSION == "2.0.4"
+module OpenIdAuthentication
+  OPEN_ID_AUTHENTICATION_DIR = RAILS_ROOT + "/tmp/openids"
+  def self.store
+    @@store
+  end
+  def self.store=(*store_option)
+    store, *parameters = *([ store_option ].flatten)
+    @@store = case store
+    when :db
+      OpenIdAuthentication::DbStore.new
+    when :mem_cache
+      OpenIdAuthentication::MemCacheStore.new(*parameters)
+    when :file
+      OpenID::Store::Filesystem.new(OPEN_ID_AUTHENTICATION_DIR)
+    else
+      raise "Unknown store: #{store}"
+    end
+  end
+  self.store = :db
+  class InvalidOpenId < StandardError
+  end
+  class Result
+    ERROR_MESSAGES = {
+      :missing      => "Sorry, the OpenID server couldn't be found",
+      :invalid      => "Sorry, but this does not appear to be a valid OpenID",
+      :canceled     => "OpenID verification was canceled",
+      :failed       => "OpenID verification failed",
+      :setup_needed => "OpenID verification needs setup"
+    }
+    def self.[](code)
+      new(code)
+    end
+    def initialize(code)
+      @code = code
+    end
+    def status
+      @code
+    end
+    ERROR_MESSAGES.keys.each { |state| define_method("#{state}?") { @code == state } }
+    def successful?
+      @code == :successful
+    end
+    def unsuccessful?
+      ERROR_MESSAGES.keys.include?(@code)
+    end
+    def message
+      ERROR_MESSAGES[@code]
+    end
+  end
+  # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
+  def self.normalize_identifier(identifier)
+    # clean up whitespace
+    identifier = identifier.to_s.strip
+    # if an XRI has a prefix, strip it.
+    identifier.gsub!(/xri:\/\//i, '')
+    # dodge XRIs -- TODO: validate, don't just skip.
+    unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
+      # does it begin with http?  if not, add it.
+      identifier = "http://#{identifier}" unless identifier =~ /^http/i
+      # strip any fragments
+      identifier.gsub!(/\#(.*)$/, '')
+      begin
+        uri = URI.parse(identifier)
+        uri.scheme = uri.scheme.downcase  # URI should do this
+        identifier = uri.normalize.to_s
+      rescue URI::InvalidURIError
+        raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
+      end
+    end
+    return identifier
+  end
+  # deprecated for OpenID 2.0, where not all OpenIDs are URLs
+  def self.normalize_url(url)
+    ActiveSupport::Deprecation.warn "normalize_url has been deprecated, use normalize_identifier instead"
+    self.normalize_identifier(url)
+  end
+  protected
+    def normalize_url(url)
+      OpenIdAuthentication.normalize_url(url)
+    end
+    def normalize_identifier(url)
+      OpenIdAuthentication.normalize_identifier(url)
+    end
+    # The parameter name of "openid_identifier" is used rather than the Rails convention "open_id_identifier"
+    # because that's what the specification dictates in order to get browser auto-complete working across sites
+    def using_open_id?(identity_url = nil) #:doc:
+      identity_url ||= params[:openid_identifier] || params[:openid_url]
+      !identity_url.blank? || params[:open_id_complete]
+    end
+    def authenticate_with_open_id(identity_url = nil, options = {}, &block) #:doc:
+      identity_url ||= params[:openid_identifier] || params[:openid_url]
+      if params[:open_id_complete].nil?
+        begin_open_id_authentication(identity_url, options, &block)
+      else
+        complete_open_id_authentication(&block)
+      end
+    end
+  private
+    def begin_open_id_authentication(identity_url, options = {})
+      identity_url = normalize_identifier(identity_url)
+      return_to    = options.delete(:return_to)
+      method       = options.delete(:method)
+      options[:required] ||= []  # reduces validation later
+      options[:optional] ||= []
+      open_id_request = open_id_consumer.begin(identity_url)
+      add_simple_registration_fields(open_id_request, options)
+      add_ax_fields(open_id_request, options)
+      redirect_to(open_id_redirect_url(open_id_request, return_to, method))
+    rescue OpenIdAuthentication::InvalidOpenId => e
+      yield Result[:invalid], identity_url, nil
+    rescue OpenID::OpenIDError, Timeout::Error => e
+      logger.error("[OPENID] #{e}")
+      yield Result[:missing], identity_url, nil
+    end
+    def complete_open_id_authentication
+      params_with_path = params.reject { |key, value| request.path_parameters[key] }
+      params_with_path.delete(:format)
+      open_id_response = timeout_protection_from_identity_server { open_id_consumer.complete(params_with_path, requested_url) }
+      identity_url     = normalize_identifier(open_id_response.display_identifier) if open_id_response.display_identifier
+      case open_id_response.status
+      when OpenID::Consumer::SUCCESS
+        profile_data = {}
+        # merge the SReg data and the AX data into a single hash of profile data
+        [ OpenID::SReg::Response, OpenID::AX::FetchResponse ].each do |data_response|
+          if data_response.from_success_response( open_id_response )
+            profile_data.merge! data_response.from_success_response( open_id_response ).data
+          end
+        end
+        yield Result[:successful], identity_url, profile_data
+      when OpenID::Consumer::CANCEL
+        yield Result[:canceled], identity_url, nil
+      when OpenID::Consumer::FAILURE
+        yield Result[:failed], identity_url, nil
+      when OpenID::Consumer::SETUP_NEEDED
+        yield Result[:setup_needed], open_id_response.setup_url, nil
+      end
+    end
+    def open_id_consumer
+      OpenID::Consumer.new(session, OpenIdAuthentication.store)
+    end
+    def add_simple_registration_fields(open_id_request, fields)
+      sreg_request = OpenID::SReg::Request.new
+      # filter out AX identifiers (URIs)
+      required_fields = fields[:required].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact
+      optional_fields = fields[:optional].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact
+      sreg_request.request_fields(required_fields, true) unless required_fields.blank?
+      sreg_request.request_fields(optional_fields, false) unless optional_fields.blank?
+      sreg_request.policy_url = fields[:policy_url] if fields[:policy_url]
+      open_id_request.add_extension(sreg_request)
+    end
+    def add_ax_fields( open_id_request, fields )
+      ax_request = OpenID::AX::FetchRequest.new
+      # look through the :required and :optional fields for URIs (AX identifiers)
+      fields[:required].each do |f|
+        next unless f =~ /^https?:\/\//
+        ax_request.add( OpenID::AX::AttrInfo.new( f, nil, true ) )
+      end
+      fields[:optional].each do |f|
+        next unless f =~ /^https?:\/\//
+        ax_request.add( OpenID::AX::AttrInfo.new( f, nil, false ) )
+      end
+      open_id_request.add_extension( ax_request )
+    end
+    def open_id_redirect_url(open_id_request, return_to = nil, method = nil)
+      open_id_request.return_to_args['_method'] = (method || request.method).to_s
+      open_id_request.return_to_args['open_id_complete'] = '1'
+      open_id_request.redirect_url(root_url, return_to || requested_url)
+    end
+    def requested_url
+      relative_url_root = self.class.respond_to?(:relative_url_root) ?
+        self.class.relative_url_root.to_s :
+        request.relative_url_root
+      "#{request.protocol}#{request.host_with_port}#{ActionController::Base.relative_url_root}#{request.path}"
+    end
+    def timeout_protection_from_identity_server
+      yield
+    rescue Timeout::Error
+      Class.new do
+        def status
+          OpenID::FAILURE
+        end
+        def msg
+          "Identity server timed out"
+        end
+      end.new
+    end
+end

data/test/libs/open_id_authentication/lib/open_id_authentication/association.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module OpenIdAuthentication
+  class Association < ActiveRecord::Base
+    set_table_name :open_id_authentication_associations
+    def from_record
+      OpenID::Association.new(handle, secret, issued, lifetime, assoc_type)
+    end
+  end
+end

data/test/libs/open_id_authentication/lib/open_id_authentication/db_store.rb ADDED Viewed

@@ -0,0 +1,55 @@
+require 'openid/store/interface'
+module OpenIdAuthentication
+  class DbStore < OpenID::Store::Interface
+    def self.cleanup_nonces
+      now = Time.now.to_i
+      Nonce.delete_all(["timestamp > ? OR timestamp < ?", now + OpenID::Nonce.skew, now - OpenID::Nonce.skew])
+    end
+    def self.cleanup_associations
+      now = Time.now.to_i
+      Association.delete_all(['issued + lifetime > ?',now])
+    end
+    def store_association(server_url, assoc)
+      remove_association(server_url, assoc.handle)
+      Association.create(:server_url => server_url,
+                         :handle     => assoc.handle,
+                         :secret     => assoc.secret,
+                         :issued     => assoc.issued,
+                         :lifetime   => assoc.lifetime,
+                         :assoc_type => assoc.assoc_type)
+    end
+    def get_association(server_url, handle = nil)
+      assocs = if handle.blank?
+          Association.find_all_by_server_url(server_url)
+        else
+          Association.find_all_by_server_url_and_handle(server_url, handle)
+        end
+      assocs.reverse.each do |assoc|
+        a = assoc.from_record
+        if a.expires_in == 0
+          assoc.destroy
+        else
+          return a
+        end
+      end if assocs.any?
+      return nil
+    end
+    def remove_association(server_url, handle)
+      Association.delete_all(['server_url = ? AND handle = ?', server_url, handle]) > 0
+    end
+    def use_nonce(server_url, timestamp, salt)
+      return false if Nonce.find_by_server_url_and_timestamp_and_salt(server_url, timestamp, salt)
+      return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
+      Nonce.create(:server_url => server_url, :timestamp => timestamp, :salt => salt)
+      return true
+    end
+  end
+end

data/test/libs/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb ADDED Viewed

@@ -0,0 +1,73 @@
+require 'digest/sha1'
+require 'openid/store/interface'
+module OpenIdAuthentication
+  class MemCacheStore < OpenID::Store::Interface
+    def initialize(*addresses)
+      @connection = ActiveSupport::Cache::MemCacheStore.new(addresses)
+    end
+    def store_association(server_url, assoc)
+      server_key = association_server_key(server_url)
+      assoc_key = association_key(server_url, assoc.handle)
+      assocs = @connection.read(server_key) || {}
+      assocs[assoc.issued] = assoc_key
+      @connection.write(server_key, assocs)
+      @connection.write(assoc_key, assoc, :expires_in => assoc.lifetime)
+    end
+    def get_association(server_url, handle = nil)
+      if handle
+        @connection.read(association_key(server_url, handle))
+      else
+        server_key = association_server_key(server_url)
+        assocs = @connection.read(server_key)
+        return if assocs.nil?
+        last_key = assocs[assocs.keys.sort.last]
+        @connection.read(last_key)
+      end
+    end
+    def remove_association(server_url, handle)
+      server_key = association_server_key(server_url)
+      assoc_key = association_key(server_url, handle)
+      assocs = @connection.read(server_key)
+      return false unless assocs && assocs.has_value?(assoc_key)
+      assocs = assocs.delete_if { |key, value| value == assoc_key }
+      @connection.write(server_key, assocs)
+      @connection.delete(assoc_key)
+      return true
+    end
+    def use_nonce(server_url, timestamp, salt)
+      return false if @connection.read(nonce_key(server_url, salt))
+      return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
+      @connection.write(nonce_key(server_url, salt), timestamp, :expires_in => OpenID::Nonce.skew)
+      return true
+    end
+    private
+      def association_key(server_url, handle = nil)
+        "openid_association_#{digest(server_url)}_#{digest(handle)}"
+      end
+      def association_server_key(server_url)
+        "openid_association_server_#{digest(server_url)}"
+      end
+      def nonce_key(server_url, salt)
+        "openid_nonce_#{digest(server_url)}_#{digest(salt)}"
+      end
+      def digest(text)
+        Digest::SHA1.hexdigest(text)
+      end
+  end
+end