verge 0.0.1

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,10 @@
+*.sw?
+.DS_Store
+coverage
+rdoc
+doc/*
+.yardoc
+pkg
+*.sqlite3
+log/*
+tmp/*

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Adam Elliot
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,17 @@
+= Verge
+
+Lightweight centralized authentications system.
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2009 Adam Elliot. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,68 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "verge"
+    gem.summary = %Q{Lightweight centralized authentication system built on Sinatra}
+    gem.description = %Q{Simple system that grants trusted sites tokens if users have successfully authenticated. So they are free to interact with each other securely.}
+    gem.email = "adam@wartube.com"
+    gem.homepage = "http://github.com/adamelliot/verge"
+    gem.authors = ["Adam Elliot"]
+    gem.add_dependency "sinatra"
+    gem.add_dependency "datamapper"
+    gem.add_dependency "bcrypt-ruby"
+    gem.add_dependency "activesupport"
+    gem.add_development_dependency "rspec"
+    gem.add_development_dependency "factory_girl"
+    gem.add_development_dependency "rack-test"
+    gem.add_development_dependency "do_sqlite3"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.spec_opts = %W{--options \"#{File.dirname(__FILE__)}/spec/spec.opts\"}
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.spec_opts = %W{--options \"#{File.dirname(__FILE__)}/spec/spec.opts\"}
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+  spec.rcov_opts = lambda do
+     IO.readlines("#{File.dirname(__FILE__)}/spec/rcov.opts").map {|l| l.chomp.split " "}.flatten
+   end
+end
+
+task :spec => :check_dependencies
+
+begin
+  require 'reek/rake_task'
+  Reek::RakeTask.new do |t|
+    t.fail_on_error = true
+    t.verbose = false
+    t.source_files = 'lib/**/*.rb'
+  end
+rescue LoadError
+  task :reek do
+    abort "Reek is not available. In order to run reek, you must: sudo gem install reek"
+  end
+end
+
+task :default => :spec
+
+begin
+  require 'yard'
+  YARD::Rake::YardocTask.new
+rescue LoadError
+  task :yardoc do
+    abort "YARD is not available. In order to run yardoc, you must: sudo gem install yard"
+  end
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/lib/verge/crypto.rb

@@ -0,0 +1,15 @@
+require 'digest/sha2'
+
+module Verge
+  module Crypto
+    extend self
+
+    def token # nodoc #
+      Digest::SHA512.hexdigest((1..10).collect{ rand.to_s }.join + Time.now.usec.to_s)
+    end
+    
+    def digest(*values) # nodoc #
+      Digest::SHA512.hexdigest values.join
+    end
+  end
+end

data/lib/verge/server/base.rb

@@ -0,0 +1,74 @@
+require 'sinatra/base'
+require 'erb'
+
+module Verge
+  module Server
+    class Base < Sinatra::Base
+      enable :logging
+      set :root, File.dirname(__FILE__)
+      
+      configure :development do
+        enable :dump_errors
+      end
+
+      # Request from clients (browers generally) to authenticate with username
+      # and password. Returns a token that should be sent back to the site
+      # along with the login passed here to be verified by the site
+      # as allowed to login.
+      get '/auth' do
+        extract_site
+
+        user = User.authenticate(params[:login], params[:password])
+        halt 401, "Bad user." if user.nil?
+
+        set_cookie_for_user(user)
+        user.token.value
+      end
+
+      get '/token.js' do
+        @token = request.cookies["token"]
+        @login = request.cookies["login"]
+
+        erb 'token.js'.to_sym unless @token.nil? || @token.blank? || @login.nil? || @login.blank?
+      end
+
+      # Creates user accounts
+      post '/create' do
+        extract_site
+
+        user = User.new(:login => params[:login], :password => params[:password])
+        halt 400, "Could not create user." unless user.save
+
+        # TODO: Make user activation not manditory, for now ther is no activation mechanism
+        user.activate!
+
+        user.token.value
+      end
+
+      # Verifies if a token passed to a site is valid and checks that it
+      # properly matches the user requesting it.
+      # 
+      # This is called from the sites themselves to verify that the token
+      # being passed from the client isn't spoofed and can be trusted to 
+      # be the user they say they are.
+      get '/verify/:token' do |token|
+        signed_token = extract_site.signed_tokens.first(:value => token)
+        halt 404, "Token not found." if signed_token.nil?
+      end
+      
+      private
+
+      def extract_site # nodoc #
+        site = Site.find_by_url(request.referer)
+        (site.nil? && halt(401, "Not a valid site.")) || site
+      end
+
+      def set_cookie_for_user(user) # nodoc #
+        response.set_cookie("token", {
+          :value => user.token.value,
+          :path => '/'
+        })
+      end
+    end
+  end
+end

data/lib/verge/server/models.rb

@@ -0,0 +1,156 @@
+require 'dm-core'
+require 'dm-aggregates'
+require 'dm-validations'
+require 'dm-types'
+require 'dm-timestamps'
+
+require 'activesupport'
+
+DataMapper::Logger.new("#{Dir.pwd}/../log/dm.log", :debug)
+DataMapper::setup(:default, ENV['DATABASE_URL'] || "sqlite3:///#{Dir.pwd}/../db.sqlite3")
+
+module Verge
+  module Server
+    class User
+      include DataMapper::Resource
+
+      property :id,         Serial,     :key => true
+      property :login,      String,     :nullable => false, :length => 1..255
+      property :password,   BCryptHash
+      property :activated,  Boolean,    :default => false, :nullable => false
+      property :expiry,     DateTime,   :default => lambda { DateTime.now + 1.day }
+
+      has n, :tokens, :expiry.gt => DateTime.now
+
+      validates_is_unique :login
+
+      before :destroy, :destroy_tokens
+
+      # Generates a new token for this user.
+      def generate_token(expiry = nil)
+        tokens.create(expiry && {:expiry => expiry} || {})
+      end
+
+      # Returns a valid token for this user. If no tokens exist on is created
+      def token
+        tokens.count > 0 ? tokens.first : generate_token
+      end
+      
+      # Marks this user as valid. Invalid users will be destroyed after their
+      # expiry passes.
+      def activate!
+        activated = true
+        expiry = nil
+        save
+      end
+
+      # Attempts to find a user based on the credentials passed.
+      def self.authenticate(login, password)
+        u = User.first(:login => login)
+        (u.nil? || u.password != password) && nil || u
+      end
+
+      # Removes expired users
+      def self.remove_expired_users
+        User.all(:expiry.lt => DateTime.now).destroy
+      end
+
+      private
+
+      def destroy_tokens
+        tokens.all.destroy
+      end
+    end
+
+    class SignedToken
+      include DataMapper::Resource
+
+      property :id,       Serial,   :key => true
+      property :value,    String,   :length => 128..128, :nullable => false
+
+      belongs_to :token
+      belongs_to :site
+
+      validates_is_unique :value
+    end
+
+    class Token
+      TERMINAL_EPOCH = DateTime.new(4000) # Distant future
+
+      include DataMapper::Resource
+
+      property :id,       Serial,   :key => true
+      property :value,    String,   :length => 128..128,  :default => lambda { Verge::Crypto.token }
+      property :expiry,   DateTime, :nullable => false,   :default => TERMINAL_EPOCH
+
+      belongs_to :user
+      has n, :signed_tokens
+
+      before :destroy, :destroy_signed_tokens
+      after :create, :sign
+
+      private
+
+      def sign # nodoc #
+        Site.all.each do |site|
+          site.sign_token(self)
+        end
+      end
+
+      def destroy_signed_tokens # nodoc #
+        signed_tokens.destroy
+      end
+    end
+
+    class Site
+      include DataMapper::Resource
+
+      property :id,         Serial, :key => true
+      property :domain,     String, :length => 3..300
+      property :signature,  String, :length => 128..128, :default => lambda { Verge::Crypto.token }
+
+      has n, :signed_tokens
+
+      validates_is_unique :domain
+      validates_is_unique :signature
+
+      before :destroy, :destroy_signed_tokens
+      after :create, :sign_tokens
+      
+      # Prepends this sites token to the string list and runs a digest over
+      # the new string.
+      def sign(*args)
+        Verge::Crypto.digest(signature, args.join)
+      end
+
+      # Takes a token for a user and signs it creating a new hash
+      def sign_token(token)
+        signed_tokens.create(:value => sign(token.user.login, token.value), :token => token)
+      end
+
+      # Searchs all the sites for ones that match the protocol and domain
+      #   EG:
+      #    "http://verge.example.com/some/path?id=1" will match
+      #    "verge.example.com"
+      def self.find_by_url(url)
+        return nil if url.nil?
+        domain = url[/^([A-Za-z\d]*(:\/\/)){0,1}([^\/]*)/, 3]
+        Site.first(:domain => domain)
+      end
+
+      private
+
+      def sign_tokens # nodoc #
+        Token.all(:expiry.gt => DateTime.now).each do |token|
+          sign_token(token)
+        end
+      end
+
+      def destroy_signed_tokens # nodoc #
+        signed_tokens.destroy
+      end
+    end
+
+    DataMapper.auto_migrate!
+  end
+end

data/lib/verge/server/views/token.js.erb

@@ -0,0 +1,29 @@
+(function() {
+  function announceToken() {
+    var login = "<%= @login %>";
+    var token = "<%= @token %>";
+    
+    // For now we'll just write the server's token to the console, in the
+    // future we'll need to actually do something with it.
+    if (console) {
+      console.log("Login: " + login);
+      console.log("Token: " + token);
+    }
+  }
+
+  (function() {
+    if (document.addEventListener) {
+      document.addEventListener("DOMContentLoaded", function() {
+        document.removeEventListener("DOMContentLoaded", arguments.callee, false);
+        announceToken();
+      }, false);
+    } else if (document.attachEvent) {
+      document.attachEvent("onreadystatechange", function() {
+        if (document.readyState == "complete") {
+          document.detachEvent("onreadystatechange", argument.callee);
+          announceToken();
+        }
+      });
+    }
+  })();
+})();

data/lib/verge.rb

@@ -0,0 +1,14 @@
+require 'rubygems'
+
+module Verge
+  autoload :Crypto, "verge/crypto"
+  
+  module Server
+    autoload :Base, "verge/server/base"
+
+    autoload :User, "verge/server/models"
+    autoload :SignedToken, "verge/server/models"
+    autoload :Token, "verge/server/models"
+    autoload :Site, "verge/server/models"
+  end
+end

data/spec/crypto_spec.rb

@@ -0,0 +1,11 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+ 
+describe Verge::Crypto do
+  it "returns a sha512 token" do
+    Verge::Crypto.token.length.should == 128
+  end
+  
+  it "creates a hash for multiple values entered" do
+    Verge::Crypto.digest("some", "values").length.should == 128
+  end
+end

data/spec/factories.rb

@@ -0,0 +1,17 @@
+Factory.sequence(:login) { |n| "verge-#{n}" }
+Factory.sequence(:domain) { |n| "site-#{n}.com" }
+
+Factory.define(:user, :class => Verge::Server::User) do |u|
+  u.login { Factory.next(:login) }
+  u.password '0rbital'
+end
+
+Factory.define(:site, :class => Verge::Server::Site) do |s|
+  s.domain { Factory.next(:domain) }
+end
+
+Factory.define(:signed_token, :class => Verge::Server::SignedToken) do |s|
+  s.token_id 1
+  s.site_id 1
+  s.value { Verge::Crypto.token }
+end

data/spec/models_spec.rb

@@ -0,0 +1,148 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Verge::Server::User do
+  before :each  do
+    Verge::Server::Token.all.destroy!
+    Verge::Server::User.all.destroy!
+    @user = Factory(:user)
+  end
+  
+  it "doesn't allow duplicate logins" do
+    Factory(:user, :login => @user.login).should_not be_valid
+  end
+  
+  it "finds user when provided valid credentials" do
+    Verge::Server::User.authenticate(@user.login, "0rbital").should_not be_nil
+  end
+  
+  it "returns nil if no user is found for credentials" do
+    Verge::Server::User.authenticate("nobody", "---").should be_nil
+  end
+
+  it "creates a token with an expiry" do
+    expiry = DateTime.now + 100
+    @user.generate_token(expiry)
+    @user.tokens.first.expiry.should eql(expiry)
+  end
+  
+  it "destroys any tokens that belong to it when destroyed" do
+    @user.token
+    @user.destroy
+    Verge::Server::Token.count.should eql(0)
+  end
+  
+  it "valid token returns an existing token when one's been created" do
+    @user.generate_token
+    count = @user.tokens.count
+    @user.token
+  
+    @user.tokens.count.should eql(count)
+  end
+  
+  it "valid token creates a new token when none exist" do
+    count = @user.tokens.count
+    @user.token
+    
+    @user.tokens.count.should eql(count + 1)
+  end
+  
+  it "starts out as an inactive user and has an expiry" do
+    @user.activated.should be_false
+    @user.expiry.should >= DateTime.now + 4.minutes
+  end
+  
+  it "will mark the model as activated and remove the expiry" do
+    @user.activate!
+  end
+  
+  it "removes any uses that have expired" do
+    Factory(:user, :expiry => 1.minute.ago)
+    count = Verge::Server::User.count
+    Verge::Server::User.remove_expired_users
+    Verge::Server::User.count.should == (count - 1)
+  end
+end
+
+describe Verge::Server::SignedToken do
+  before :each do
+    @signed_token = Factory(:signed_token)
+  end
+  
+  it "doesn't allow duplicate signatures" do
+    Factory(:signed_token, :value => @signed_token.value).should_not be_valid
+  end
+end
+
+describe Verge::Server::Token do
+  before :each do
+    Verge::Server::SignedToken.all.destroy!
+    Verge::Server::Token.all.destroy!
+    Factory(:site)
+    @user = Factory(:user)
+
+    @token = Verge::Server::Token.create(:user_id => @user.id)
+  end
+  
+  it "has a valid token" do
+    @token.value.length.should eql(128)
+  end
+  
+  it "has a user_id" do
+    new_token = Verge::Server::Token.new
+    new_token.user_id.should be_nil
+    new_token.should_not be_valid
+  end
+  
+  it "destroys any signed tokens that belong to it when destroyed" do
+    @token.destroy
+    Verge::Server::SignedToken.count.should eql(0)
+  end
+  
+  it "automatically creates signed tokens for each site when created" do
+    Verge::Server::Site.count.should eql(Verge::Server::SignedToken.count)
+  end
+end
+
+describe Verge::Server::Site do
+  before :each do
+    Verge::Server::Site.all.destroy!
+    Verge::Server::User.all.destroy!
+    Verge::Server::Token.all.destroy!
+    Verge::Server::SignedToken.all.destroy!
+    
+    @user = Factory(:user)
+    @site = Factory(:site)
+  end
+  
+  it "returns valid token after signing token" do
+    @site.sign_token(Verge::Server::User.first.token).value.length.should == 128
+  end
+
+  it "destroys any signed tokens that belong to it when destroyed" do
+    Verge::Server::Token.create(:user_id => @user.id)
+    @site.signed_tokens.destroy
+    Verge::Server::SignedToken.count.should eql(0)
+  end
+
+  it "signs any tokens that haven't expired when created" do
+    @user.token
+    Verge::Server::SignedToken.count.should eql(Verge::Server::Site.count)
+    # Factory(:site) uses create! which will bypass the after hook
+    Factory.build(:site).save.should be_true
+    Verge::Server::SignedToken.count.should eql(Verge::Server::Site.count)
+  end
+  
+  it "returns a site when the domain and protocol match" do
+    site1 = Factory(:site)
+    site2 = Verge::Server::Site.find_by_url("http://#{site1.domain}/some/other/path?junk=10&true=false")
+    site2.should_not be_nil
+    site2.domain.should eql(site1.domain)
+  end
+  
+  it "should create a valid signed token when signing" do
+    @user.token.should_not be_nil
+    Verge::Server::SignedToken.count.should eql(1)
+    signature = Verge::Crypto.digest(@site.signature, @user.login, @user.token.value)
+    Verge::Server::SignedToken.first.value.should == signature
+  end
+end

data/spec/rcov.opts

@@ -0,0 +1,2 @@
+--exclude "spec/*,/Library/*" 
+-T

data/spec/spec.opts

@@ -0,0 +1,4 @@
+--color
+--loadby mtime
+--reverse
+-fs

data/spec/spec_helper.rb

@@ -0,0 +1,18 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'verge'
+require 'spec'
+require 'spec/autorun'
+require 'rack/test'
+require 'factory_girl'
+
+require File.expand_path(File.dirname(__FILE__)) + '/factories'
+
+Spec::Runner.configure do |config|
+  config.include Rack::Test::Methods
+
+  # Add an app method for RSpec
+  def app
+    Rack::Lint.new(Verge::Server::Base.new)
+  end
+end

data/spec/verge_spec.rb

@@ -0,0 +1,128 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+module VergeSpecHelper
+  def valid_auth_request_for_user(user)
+    {:login => user.login, :password => "0rbital"}
+  end
+  
+  def new_user_credentials_for_site(site)
+    login = 'new-verge-user'
+    {:login => login, :password => '0rbital', :signature => site.sign(login)}
+  end
+end
+
+describe Verge::Server do
+  include VergeSpecHelper
+
+  before :each do
+    @site = Factory(:site)
+    header("Referer", @site.domain)
+  end
+  
+  describe "GET to /token.js" do
+    it "echos cookie back in javascript" do
+      login = "astro"
+      token = "bombastic"
+
+      set_cookie("login=#{login}")
+      set_cookie("token=#{token}")
+
+      get '/token.js'
+      last_response.body.should =~ /#{login}/
+      last_response.body.should =~ /#{token}/
+    end
+    
+    it "echos nothing if no cookies are sent" do
+      get '/token.js'
+      last_response.body.should == ""
+      last_response.should be_ok
+    end
+    
+    it "echos nothing if login is blank" do
+      set_cookie("login=")
+      set_cookie("token=a-token")
+
+      get '/token.js'
+      last_response.body.should == ""
+      last_response.should be_ok
+    end
+
+    it "echos nothing if login is blank" do
+      set_cookie("login=a-login")
+      set_cookie("token=")
+
+      get '/token.js'
+      last_response.body.should == ""
+      last_response.should be_ok
+    end
+  end
+  
+
+  describe 'GET to /auth' do
+    before :each do
+      @user = Factory(:user)
+    end
+
+    it 'fails with empty request' do
+      get '/auth'
+      last_response.status.should == 401
+    end
+
+    it 'returns a code when valid' do
+      get '/auth', valid_auth_request_for_user(@user)
+      last_response.body.should == @user.token.value
+    end
+    
+    it 'sets a cookie on success' do
+      get '/auth', valid_auth_request_for_user(@user)
+      last_response.headers["Set-Cookie"].should == "token=#{@user.token.value}; path=/"
+    end
+  end
+  
+  describe "POST to /create" do
+    before :each do
+      Verge::Server::User.all.destroy!
+    end
+    
+    it "fails if site not found" do
+      header("Referer", "BAD://SITE")
+      post '/create'
+
+      last_response.status.should == 401
+    end
+    
+    it "creates a new user" do
+      post '/create', new_user_credentials_for_site(@site)
+      last_response.should be_ok
+      last_response.body.should == Verge::Server::User.first.token.value
+    end
+  end
+
+  describe 'GET to /verify/:token' do
+    before :each do
+      @user = Factory(:user)
+      @signed_token = @user.token.signed_tokens.first(:site_id => @site.id)
+      
+      header("Referer", @site.domain)
+    end
+ 
+    it "fails if no regisered site is found" do
+      header("Referer", "BAD://SITE")
+      get "/verify/anything"
+
+      last_response.status.should == 401
+    end
+    
+    it "fails if token can't be found" do
+      get "/verify/anything"
+      
+      last_response.status.should == 404
+    end
+    
+    it "succeeds if the token is valid" do
+      get "/verify/#{@signed_token.value}"
+
+      last_response.should be_ok
+    end
+  end
+end

data/verge.gemspec

@@ -0,0 +1,87 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{verge}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Adam Elliot"]
+  s.date = %q{2009-10-20}
+  s.description = %q{Simple system that grants trusted sites tokens if users have successfully authenticated. So they are free to interact with each other securely.}
+  s.email = %q{adam@wartube.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "lib/verge.rb",
+     "lib/verge/crypto.rb",
+     "lib/verge/server/base.rb",
+     "lib/verge/server/models.rb",
+     "lib/verge/server/views/token.js.erb",
+     "spec/crypto_spec.rb",
+     "spec/factories.rb",
+     "spec/models_spec.rb",
+     "spec/rcov.opts",
+     "spec/spec.opts",
+     "spec/spec_helper.rb",
+     "spec/verge_spec.rb",
+     "verge.gemspec"
+  ]
+  s.homepage = %q{http://github.com/adamelliot/verge}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Lightweight centralized authentication system built on Sinatra}
+  s.test_files = [
+    "spec/crypto_spec.rb",
+     "spec/factories.rb",
+     "spec/models_spec.rb",
+     "spec/spec_helper.rb",
+     "spec/verge_spec.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<sinatra>, [">= 0"])
+      s.add_runtime_dependency(%q<datamapper>, [">= 0"])
+      s.add_runtime_dependency(%q<bcrypt-ruby>, [">= 0"])
+      s.add_runtime_dependency(%q<activesupport>, [">= 0"])
+      s.add_development_dependency(%q<rspec>, [">= 0"])
+      s.add_development_dependency(%q<factory_girl>, [">= 0"])
+      s.add_development_dependency(%q<rack-test>, [">= 0"])
+      s.add_development_dependency(%q<do_sqlite3>, [">= 0"])
+    else
+      s.add_dependency(%q<sinatra>, [">= 0"])
+      s.add_dependency(%q<datamapper>, [">= 0"])
+      s.add_dependency(%q<bcrypt-ruby>, [">= 0"])
+      s.add_dependency(%q<activesupport>, [">= 0"])
+      s.add_dependency(%q<rspec>, [">= 0"])
+      s.add_dependency(%q<factory_girl>, [">= 0"])
+      s.add_dependency(%q<rack-test>, [">= 0"])
+      s.add_dependency(%q<do_sqlite3>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<sinatra>, [">= 0"])
+    s.add_dependency(%q<datamapper>, [">= 0"])
+    s.add_dependency(%q<bcrypt-ruby>, [">= 0"])
+    s.add_dependency(%q<activesupport>, [">= 0"])
+    s.add_dependency(%q<rspec>, [">= 0"])
+    s.add_dependency(%q<factory_girl>, [">= 0"])
+    s.add_dependency(%q<rack-test>, [">= 0"])
+    s.add_dependency(%q<do_sqlite3>, [">= 0"])
+  end
+end
+

metadata

@@ -0,0 +1,157 @@
+--- !ruby/object:Gem::Specification 
+name: verge
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Adam Elliot
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-10-20 00:00:00 -06:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: sinatra
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: datamapper
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: bcrypt-ruby
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: activesupport
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: factory_girl
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: rack-test
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+- !ruby/object:Gem::Dependency 
+  name: do_sqlite3
+  type: :development
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: Simple system that grants trusted sites tokens if users have successfully authenticated. So they are free to interact with each other securely.
+email: adam@wartube.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- lib/verge.rb
+- lib/verge/crypto.rb
+- lib/verge/server/base.rb
+- lib/verge/server/models.rb
+- lib/verge/server/views/token.js.erb
+- spec/crypto_spec.rb
+- spec/factories.rb
+- spec/models_spec.rb
+- spec/rcov.opts
+- spec/spec.opts
+- spec/spec_helper.rb
+- spec/verge_spec.rb
+- verge.gemspec
+has_rdoc: true
+homepage: http://github.com/adamelliot/verge
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Lightweight centralized authentication system built on Sinatra
+test_files: 
+- spec/crypto_spec.rb
+- spec/factories.rb
+- spec/models_spec.rb
+- spec/spec_helper.rb
+- spec/verge_spec.rb