dbloete / masquerade fork watch download tarball
public
Description: A Ruby on Rails-based OpenID server for all ya identity providers out there. It is pretty close to the current OpenID specifications and supports SReg, AX (only fetch requests, yet) and PAPE
Homepage: http://dennisbloete.de/projects/masquerade/
Clone URL: git://github.com/dbloete/masquerade.git
Click here to lend your support to: masquerade and make a donation at www.pledgie.com ! 
Changes to the discovery information
dbloete (author)
Tue Jul 08 01:19:53 -0700 2008
commit  760c5b499f93cc567edf4814d6db2a65fd333f17
tree    924ed47ca64769dc22810d5abf9942e6d819ed8c
parent  0619f7d3b02e9a1a91844e49e9f9a3c96d2e385a
0
app/controllers/consumer_controller.rb 
...
37
38
39
40
 
41
42
43
 
...
37
38
39
 
40
41
42
43
 
0
@@ -37,7 +37,7 @@ class ConsumerController < ApplicationController
0
     if params[:use_pape]
0
       papereq = OpenID::PAPE::Request.new
0
       papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT)
0
-      papereq.max_auth_age = 2*60*60
0
+      papereq.max_auth_age = 2*60
0
       oidreq.add_extension(papereq)
0
       oidreq.return_to_args['did_pape'] = 'y'
0
     end
0
app/controllers/info_controller.rb 
...
5
6
7
8
 
9
10
11
 
...
5
6
7
 
8
9
10
11
 
0
@@ -5,7 +5,7 @@ class InfoController < ApplicationController
0
   def index
0
     response.headers['X-XRDS-Location'] = formatted_server_url(:format => :xrds, :protocol => scheme)
0
   end
0
-
0
+  
0
   # This page is to prevent phishing attacks. It should
0
   # not contain any links, the user has to navigate to
0
   # the right login page manually.
0
app/helpers/application_helper.rb 
...
14
15
16
 
 
 
 
 
 
17
18
19
 
...
14
15
16
17
18
19
20
21
22
23
24
25
 
0
@@ -14,6 +14,12 @@ module ApplicationHelper
0
     active_page? 'accounts' => ['show']
0
   end
0
   
0
+  # Is the current page the home page? This is used to display
0
+  # further information (like the endoint url) in the <head>
0
+  def home_page?
0
+    active_page? 'info' => ['index']
0
+  end
0
+  
0
   # Custom label names for request properties (like SReg data)
0
   def property_label_text(property)
0
     case property.to_sym
0
app/models/account.rb 
...
68
69
70
71
 
 
 
 
 
 
72
73
74
 
...
68
69
70
 
71
72
73
74
75
76
77
78
79
 
0
@@ -68,7 +68,12 @@ class Account < ActiveRecord::Base
0
   def pending?
0
     @activated
0
   end
0
-
0
+  
0
+  # Does the user have the possibility to authenticate with a one time password?
0
+  def has_otp_device?
0
+    !yubico_identity.nil?
0
+  end
0
+  
0
   # Authenticates a user by their login name and password.
0
   # Returns the user or nil.
0
   def self.authenticate(login, password)
0
app/views/accounts/show.xrds.builder 
...
9
10
11
 
 
12
13
14
...
17
18
19
 
 
20
21
22
...
25
26
27
 
 
28
29
30
 
...
9
10
11
12
13
14
15
16
...
19
20
21
22
23
24
25
26
...
29
30
31
32
33
34
35
36
 
0
@@ -9,6 +9,8 @@ xml.xrds(:XRDS,
0
       xml.Type OpenID::SReg::NS_URI_1_1
0
       xml.Type OpenID::SReg::NS_URI_1_0
0
       xml.Type OpenID::AX::AXMessage::NS_URI
0
+      xml.Type OpenID::PAPE::AUTH_MULTI_FACTOR if APP_CONFIG['use_ssl'] && @account.has_otp_device?
0
+      xml.Type OpenID::PAPE::AUTH_PHISHING_RESISTANT if APP_CONFIG['use_ssl'] && @account.has_otp_device?
0
       xml.URI endpoint_url
0
       xml.LocalID identity_url(:account => @account, :protocol => scheme)
0
     end
0
@@ -17,6 +19,8 @@ xml.xrds(:XRDS,
0
       xml.Type OpenID::SReg::NS_URI_1_1
0
       xml.Type OpenID::SReg::NS_URI_1_0
0
       xml.Type OpenID::AX::AXMessage::NS_URI
0
+      xml.Type OpenID::PAPE::AUTH_MULTI_FACTOR if APP_CONFIG['use_ssl'] && @account.has_otp_device?
0
+      xml.Type OpenID::PAPE::AUTH_PHISHING_RESISTANT if APP_CONFIG['use_ssl'] && @account.has_otp_device?
0
       xml.URI endpoint_url
0
       xml.tag!('openid:Delegate', identity_url(:account => @account, :protocol => scheme))
0
     end
0
@@ -25,6 +29,8 @@ xml.xrds(:XRDS,
0
       xml.Type OpenID::SReg::NS_URI_1_1
0
       xml.Type OpenID::SReg::NS_URI_1_0
0
       xml.Type OpenID::AX::AXMessage::NS_URI
0
+      xml.Type OpenID::PAPE::AUTH_MULTI_FACTOR if APP_CONFIG['use_ssl'] && @account.has_otp_device?
0
+      xml.Type OpenID::PAPE::AUTH_PHISHING_RESISTANT if APP_CONFIG['use_ssl'] && @account.has_otp_device?
0
       xml.URI endpoint_url
0
       xml.tag!('openid:Delegate', identity_url(:account => @account, :protocol => scheme))
0
     end
0
app/views/layouts/application.html.erb 
...
6
7
8
 
 
9
10
11
 
...
6
7
8
9
10
11
12
13
 
0
@@ -6,6 +6,8 @@
0
     <% if identity_page? %>
0
     <meta http-equiv="X-XRDS-Location" content="<%= formatted_identity_url(:account => @account, :format => :xrds, :protocol => scheme) %>" />
0
     <link rel="openid.server openid2.provider" href="<%= endpoint_url %>" />
0
+		<% elsif home_page? %>
0
+		<meta http-equiv="X-XRDS-Location" content="<%= formatted_server_url(:format => :xrds, :protocol => scheme) %>" />
0
     <% end %>
0
     <link rel="seatbelt.config" type="application/xml" href="<%= formatted_seatbelt_config_url(:format => :xml, :protocol => scheme) %>" />
0
     <link rel="Shortcut Icon" href="/favicon.ico" type="image/x-icon" />
0
app/views/server/index.xrds.builder 
...
9
10
11
12
 
 
13
14
15
 
...
9
10
11
 
12
13
14
15
16
 
0
@@ -9,7 +9,8 @@ xml.xrds(:XRDS,
0
       xml.Type OpenID::SReg::NS_URI_1_1
0
       xml.Type OpenID::SReg::NS_URI_1_0
0
       xml.Type OpenID::AX::AXMessage::NS_URI
0
-      xml.Type OpenID::PAPE::NS_URI
0
+      xml.Type OpenID::PAPE::AUTH_MULTI_FACTOR if APP_CONFIG['use_ssl']
0
+      xml.Type OpenID::PAPE::AUTH_PHISHING_RESISTANT if APP_CONFIG['use_ssl']
0
       xml.URI endpoint_url
0
     end
0
   end

Comments

    No one has commented yet.