Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2025-09-22 05:50:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update open_id_authentication to 079b91f70602814c98d4345e198f743bb56b76b5

Browse source
This commit is contained in:
Eric Allen 2009-12-07 18:21:49 -05:00
parent 144e74682b
commit ac0ff3feaf
8 changed files with 109 additions and 246 deletions
Download patch file Download diff file Expand all files Collapse all files

13
vendor/plugins/open_id_authentication/README vendored
View file

@ -214,5 +214,18 @@ You can support it in your app by changing #open_id_authentication
{ :login => 'nickname', :email => 'email', :display_name => 'fullname' }
end
Attribute Exchange OpenID Extension
===================================
Some OpenID providers also support the OpenID AX (attribute exchange) protocol for exchanging identity information between endpoints. See more: http://openid.net/specs/openid-attribute-exchange-1_0.html
Accessing AX data is very similar to the Simple Registration process, described above -- just add the URI identifier for the AX field to your :optional or :required parameters. For example:
authenticate_with_open_id(identity_url,
:required => [ :email, 'http://schema.openid.net/birthDate' ]) do |result, identity_url, registration|
This would provide the sreg data for :email, and the AX data for 'http://schema.openid.net/birthDate'
Copyright (c) 2007 David Heinemeier Hansson, released under the MIT license

1
vendor/plugins/open_id_authentication/init.rb vendored
View file

@ -13,5 +13,6 @@ else
end
config.to_prepare do
OpenID::Util.logger = Rails.logger
ActionController::Base.send :include, OpenIdAuthentication
end

96
vendor/plugins/open_id_authentication/lib/open_id_authentication.rb vendored
View file

@ -1,9 +1,11 @@
require 'uri'
require 'openid/extensions/sreg'
require 'openid/extensions/ax'
require 'openid/store/filesystem'
require File.dirname(__FILE__) + '/open_id_authentication/association'
require File.dirname(__FILE__) + '/open_id_authentication/nonce'
require File.dirname(__FILE__) + '/open_id_authentication/db_store'
require File.dirname(__FILE__) + '/open_id_authentication/mem_cache_store'
require File.dirname(__FILE__) + '/open_id_authentication/request'
require File.dirname(__FILE__) + '/open_id_authentication/timeout_fixes' if OpenID::VERSION == "2.0.4"
@ -20,12 +22,10 @@ module OpenIdAuthentication
@@store = case store
when :db
OpenIdAuthentication::DbStore.new
when :mem_cache
OpenIdAuthentication::MemCacheStore.new(*parameters)
when :file
OpenID::Store::Filesystem.new(OPEN_ID_AUTHENTICATION_DIR)
else
raise "Unknown store: #{store}"
store
end
end
@ -70,13 +70,38 @@ module OpenIdAuthentication
end
end
# normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
def self.normalize_identifier(identifier)
# clean up whitespace
identifier = identifier.to_s.strip
# if an XRI has a prefix, strip it.
identifier.gsub!(/xri:\/\//i, '')
# dodge XRIs -- TODO: validate, don't just skip.
unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
# does it begin with http? if not, add it.
identifier = "http://#{identifier}" unless identifier =~ /^http/i
# strip any fragments
identifier.gsub!(/\#(.*)$/, '')
begin
uri = URI.parse(identifier)
uri.scheme = uri.scheme.downcase # URI should do this
identifier = uri.normalize.to_s
rescue URI::InvalidURIError
raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
end
end
return identifier
end
# deprecated for OpenID 2.0, where not all OpenIDs are URLs
def self.normalize_url(url)
uri = URI.parse(url.to_s.strip)
uri = URI.parse("http://#{uri}") unless uri.scheme
uri.scheme = uri.scheme.downcase # URI should do this
uri.normalize.to_s
rescue URI::InvalidURIError
raise InvalidOpenId.new("#{url} is not an OpenID URL")
ActiveSupport::Deprecation.warn "normalize_url has been deprecated, use normalize_identifier instead"
self.normalize_identifier(url)
end
protected
@ -84,6 +109,10 @@ module OpenIdAuthentication
OpenIdAuthentication.normalize_url(url)
end
def normalize_identifier(url)
OpenIdAuthentication.normalize_identifier(url)
end
# The parameter name of "openid_identifier" is used rather than the Rails convention "open_id_identifier"
# because that's what the specification dictates in order to get browser auto-complete working across sites
def using_open_id?(identity_url = nil) #:doc:
@ -103,12 +132,16 @@ module OpenIdAuthentication
private
def begin_open_id_authentication(identity_url, options = {})
identity_url = normalize_url(identity_url)
identity_url = normalize_identifier(identity_url)
return_to = options.delete(:return_to)
method = options.delete(:method)
options[:required] ||= [] # reduces validation later
options[:optional] ||= []
open_id_request = open_id_consumer.begin(identity_url)
add_simple_registration_fields(open_id_request, options)
add_ax_fields(open_id_request, options)
redirect_to(open_id_redirect_url(open_id_request, return_to, method))
rescue OpenIdAuthentication::InvalidOpenId => e
yield Result[:invalid], identity_url, nil
@ -121,11 +154,20 @@ module OpenIdAuthentication
params_with_path = params.reject { |key, value| request.path_parameters[key] }
params_with_path.delete(:format)
open_id_response = timeout_protection_from_identity_server { open_id_consumer.complete(params_with_path, requested_url) }
identity_url = normalize_url(open_id_response.display_identifier) if open_id_response.display_identifier
identity_url = normalize_identifier(open_id_response.display_identifier) if open_id_response.display_identifier
case open_id_response.status
when OpenID::Consumer::SUCCESS
yield Result[:successful], identity_url, OpenID::SReg::Response.from_success_response(open_id_response)
profile_data = {}
# merge the SReg data and the AX data into a single hash of profile data
[ OpenID::SReg::Response, OpenID::AX::FetchResponse ].each do |data_response|
if data_response.from_success_response( open_id_response )
profile_data.merge! data_response.from_success_response( open_id_response ).data
end
end
yield Result[:successful], identity_url, profile_data
when OpenID::Consumer::CANCEL
yield Result[:canceled], identity_url, nil
when OpenID::Consumer::FAILURE
@ -141,12 +183,34 @@ module OpenIdAuthentication
def add_simple_registration_fields(open_id_request, fields)
sreg_request = OpenID::SReg::Request.new
sreg_request.request_fields(Array(fields[:required]).map(&:to_s), true) if fields[:required]
sreg_request.request_fields(Array(fields[:optional]).map(&:to_s), false) if fields[:optional]
# filter out AX identifiers (URIs)
required_fields = fields[:required].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact
optional_fields = fields[:optional].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact
sreg_request.request_fields(required_fields, true) unless required_fields.blank?
sreg_request.request_fields(optional_fields, false) unless optional_fields.blank?
sreg_request.policy_url = fields[:policy_url] if fields[:policy_url]
open_id_request.add_extension(sreg_request)
end
def add_ax_fields( open_id_request, fields )
ax_request = OpenID::AX::FetchRequest.new
# look through the :required and :optional fields for URIs (AX identifiers)
fields[:required].each do |f|
next unless f =~ /^https?:\/\//
ax_request.add( OpenID::AX::AttrInfo.new( f, nil, true ) )
end
fields[:optional].each do |f|
next unless f =~ /^https?:\/\//
ax_request.add( OpenID::AX::AttrInfo.new( f, nil, false ) )
end
open_id_request.add_extension( ax_request )
end
def open_id_redirect_url(open_id_request, return_to = nil, method = nil)
open_id_request.return_to_args['_method'] = (method || request.method).to_s
open_id_request.return_to_args['open_id_complete'] = '1'
@ -157,7 +221,7 @@ module OpenIdAuthentication
relative_url_root = self.class.respond_to?(:relative_url_root) ?
self.class.relative_url_root.to_s :
request.relative_url_root
"#{request.protocol + request.host_with_port + relative_url_root + request.path}"
"#{request.protocol}#{request.host_with_port}#{ActionController::Base.relative_url_root}#{request.path}"
end
def timeout_protection_from_identity_server

73
vendor/plugins/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb vendored
View file

@ -1,73 +0,0 @@
require 'digest/sha1'
require 'openid/store/interface'
module OpenIdAuthentication
class MemCacheStore < OpenID::Store::Interface
def initialize(*addresses)
@connection = ActiveSupport::Cache::MemCacheStore.new(addresses)
end
def store_association(server_url, assoc)
server_key = association_server_key(server_url)
assoc_key = association_key(server_url, assoc.handle)
assocs = @connection.read(server_key) || {}
assocs[assoc.issued] = assoc_key
@connection.write(server_key, assocs)
@connection.write(assoc_key, assoc, :expires_in => assoc.lifetime)
end
def get_association(server_url, handle = nil)
if handle
@connection.read(association_key(server_url, handle))
else
server_key = association_server_key(server_url)
assocs = @connection.read(server_key)
return if assocs.nil?
last_key = assocs[assocs.keys.sort.last]
@connection.read(last_key)
end
end
def remove_association(server_url, handle)
server_key = association_server_key(server_url)
assoc_key = association_key(server_url, handle)
assocs = @connection.read(server_key)
return false unless assocs && assocs.has_value?(assoc_key)
assocs = assocs.delete_if { |key, value| value == assoc_key }
@connection.write(server_key, assocs)
@connection.delete(assoc_key)
return true
end
def use_nonce(server_url, timestamp, salt)
return false if @connection.read(nonce_key(server_url, salt))
return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
@connection.write(nonce_key(server_url, salt), timestamp, :expires_in => OpenID::Nonce.skew)
return true
end
private
def association_key(server_url, handle = nil)
"openid_association_#{digest(server_url)}_#{digest(handle)}"
end
def association_server_key(server_url)
"openid_association_server_#{digest(server_url)}"
end
def nonce_key(server_url, salt)
"openid_nonce_#{digest(server_url)}_#{digest(salt)}"
end
def digest(text)
Digest::SHA1.hexdigest(text)
end
end
end

8
vendor/plugins/open_id_authentication/lib/open_id_authentication/request.rb vendored
View file

@ -14,4 +14,10 @@ module OpenIdAuthentication
end
end
ActionController::AbstractRequest.send :include, OpenIdAuthentication::Request
# In Rails 2.3, the request object has been renamed
# from AbstractRequest to Request
if defined? ActionController::Request
ActionController::Request.send :include, OpenIdAuthentication::Request
else
ActionController::AbstractRequest.send :include, OpenIdAuthentication::Request
end

151
vendor/plugins/open_id_authentication/test/mem_cache_store_test.rb vendored
View file

@ -1,151 +0,0 @@
require File.dirname(__FILE__) + '/test_helper'
require File.dirname(__FILE__) + '/../lib/open_id_authentication/mem_cache_store'
# Mock MemCacheStore with MemoryStore for testing
class OpenIdAuthentication::MemCacheStore < OpenID::Store::Interface
def initialize(*addresses)
@connection = ActiveSupport::Cache::MemoryStore.new
end
end
class MemCacheStoreTest < Test::Unit::TestCase
ALLOWED_HANDLE = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'
def setup
@store = OpenIdAuthentication::MemCacheStore.new
end
def test_store
server_url = "http://www.myopenid.com/openid"
assoc = gen_assoc(0)
# Make sure that a missing association returns no result
assert_retrieve(server_url)
# Check that after storage, getting returns the same result
@store.store_association(server_url, assoc)
assert_retrieve(server_url, nil, assoc)
# more than once
assert_retrieve(server_url, nil, assoc)
# Storing more than once has no ill effect
@store.store_association(server_url, assoc)
assert_retrieve(server_url, nil, assoc)
# Removing an association that does not exist returns not present
assert_remove(server_url, assoc.handle + 'x', false)
# Removing an association that does not exist returns not present
assert_remove(server_url + 'x', assoc.handle, false)
# Removing an association that is present returns present
assert_remove(server_url, assoc.handle, true)
# but not present on subsequent calls
assert_remove(server_url, assoc.handle, false)
# Put assoc back in the store
@store.store_association(server_url, assoc)
# More recent and expires after assoc
assoc2 = gen_assoc(1)
@store.store_association(server_url, assoc2)
# After storing an association with a different handle, but the
# same server_url, the handle with the later expiration is returned.
assert_retrieve(server_url, nil, assoc2)
# We can still retrieve the older association
assert_retrieve(server_url, assoc.handle, assoc)
# Plus we can retrieve the association with the later expiration
# explicitly
assert_retrieve(server_url, assoc2.handle, assoc2)
# More recent, and expires earlier than assoc2 or assoc. Make sure
# that we're picking the one with the latest issued date and not
# taking into account the expiration.
assoc3 = gen_assoc(2, 100)
@store.store_association(server_url, assoc3)
assert_retrieve(server_url, nil, assoc3)
assert_retrieve(server_url, assoc.handle, assoc)
assert_retrieve(server_url, assoc2.handle, assoc2)
assert_retrieve(server_url, assoc3.handle, assoc3)
assert_remove(server_url, assoc2.handle, true)
assert_retrieve(server_url, nil, assoc3)
assert_retrieve(server_url, assoc.handle, assoc)
assert_retrieve(server_url, assoc2.handle, nil)
assert_retrieve(server_url, assoc3.handle, assoc3)
assert_remove(server_url, assoc2.handle, false)
assert_remove(server_url, assoc3.handle, true)
assert_retrieve(server_url, nil, assoc)
assert_retrieve(server_url, assoc.handle, assoc)
assert_retrieve(server_url, assoc2.handle, nil)
assert_retrieve(server_url, assoc3.handle, nil)
assert_remove(server_url, assoc2.handle, false)
assert_remove(server_url, assoc.handle, true)
assert_remove(server_url, assoc3.handle, false)
assert_retrieve(server_url, nil, nil)
assert_retrieve(server_url, assoc.handle, nil)
assert_retrieve(server_url, assoc2.handle, nil)
assert_retrieve(server_url, assoc3.handle, nil)
assert_remove(server_url, assoc2.handle, false)
assert_remove(server_url, assoc.handle, false)
assert_remove(server_url, assoc3.handle, false)
end
def test_nonce
server_url = "http://www.myopenid.com/openid"
[server_url, ''].each do |url|
nonce1 = OpenID::Nonce::mk_nonce
assert_nonce(nonce1, true, url, "#{url}: nonce allowed by default")
assert_nonce(nonce1, false, url, "#{url}: nonce not allowed twice")
assert_nonce(nonce1, false, url, "#{url}: nonce not allowed third time")
# old nonces shouldn't pass
old_nonce = OpenID::Nonce::mk_nonce(3600)
assert_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed")
end
end
private
def gen_assoc(issued, lifetime = 600)
secret = OpenID::CryptUtil.random_string(20, nil)
handle = OpenID::CryptUtil.random_string(128, ALLOWED_HANDLE)
OpenID::Association.new(handle, secret, Time.now + issued, lifetime, 'HMAC-SHA1')
end
def assert_retrieve(url, handle = nil, expected = nil)
assoc = @store.get_association(url, handle)
if expected.nil?
assert_nil(assoc)
else
assert_equal(expected, assoc)
assert_equal(expected.handle, assoc.handle)
assert_equal(expected.secret, assoc.secret)
end
end
def assert_remove(url, handle, expected)
present = @store.remove_association(url, handle)
assert_equal(expected, present)
end
def assert_nonce(nonce, expected, server_url, msg = "")
stamp, salt = OpenID::Nonce::split_nonce(nonce)
actual = @store.use_nonce(server_url, stamp, salt)
assert_equal(expected, actual, msg)
end
end

10
vendor/plugins/open_id_authentication/test/normalize_test.rb vendored
View file

@ -16,17 +16,17 @@ class NormalizeTest < Test::Unit::TestCase
"http://loudthinking.com:8080" => "http://loudthinking.com:8080/",
"techno-weenie.net" => "http://techno-weenie.net/",
"http://techno-weenie.net" => "http://techno-weenie.net/",
"http://techno-weenie.net " => "http://techno-weenie.net/"
"http://techno-weenie.net " => "http://techno-weenie.net/",
"=name" => "=name"
}
def test_normalizations
NORMALIZATIONS.each do |from, to|
assert_equal to, normalize_url(from)
assert_equal to, normalize_identifier(from)
end
end
def test_broken_open_id
assert_raises(InvalidOpenId) { normalize_url(nil) }
assert_raises(InvalidOpenId) { normalize_url("=name") }
assert_raises(InvalidOpenId) { normalize_identifier(nil) }
end
end

3
vendor/plugins/open_id_authentication/test/test_helper.rb vendored
View file

@ -4,6 +4,9 @@ require 'rubygems'
gem 'activesupport'
require 'active_support'
gem 'actionpack'
require 'action_controller'
gem 'mocha'
require 'mocha'