dbloete / masquerade fork watch download tarball
public
Description: A Ruby on Rails-based OpenID server for all ya identity providers out there. It is pretty close to the current OpenID specifications and supports SReg, AX (only fetch requests, yet) and PAPE
Homepage: http://dennisbloete.de/projects/masquerade/
Clone URL: git://github.com/dbloete/masquerade.git
Click here to lend your support to: masquerade and make a donation at www.pledgie.com ! 
Added support for Attribute Exchange fetch requests
dbloete (author)
Mon Apr 21 14:32:47 -0700 2008
commit  2c7677ea1bdb08e54cacd91bec0b6c45ac66494e
tree    51d871fd5ba61794f6ec37dc4da893d31b81a159
parent  9e4fee16d3b1c5e1d80f6efe574375cd8fd84f3a
masquerade / app / controllers / consumer_controller.rb
100644 114 lines (107 sloc) 4.957 kb
raw history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

class ConsumerController < ApplicationController
 
  skip_before_filter :verify_authenticity_token
 
  def start
    begin
      oidreq = openid_consumer.begin(params[:openid_identifier])
    rescue OpenID::OpenIDError => e
      flash[:error] = "Discovery failed for #{params[:openid_identifier]}: #{e}"
      redirect_to consumer_path
      return
    end
    if params[:use_sreg]
      sregreq = OpenID::SReg::Request.new
      sregreq.policy_url = 'http://www.policy-url.com'
      sregreq.request_fields(['nickname', 'email'], true) # required
      sregreq.request_fields(['fullname', 'dob'], false) # optional
      oidreq.add_extension(sregreq)
      oidreq.return_to_args['did_sreg'] = 'y'
    end
    if params[:use_ax]
      axreq = OpenID::AX::FetchRequest.new
      requested_attrs = [['http://axschema.org/namePerson/friendly', 'nickname', true],
                         ['http://axschema.org/contact/email', 'email', true],
                         ['http://axschema.org/namePerson', 'fullname'],
                         ['http://axschema.org/contact/web/default', 'website', false, 2],
                         ['http://axschema.org/contact/postalCode/home', 'postcode'],
                         ['http://axschema.org/person/gender', 'gender'],
                         ['http://axschema.org/birthDate', 'birth_date'],
                         ['http://axschema.org/contact/country/home', 'country'],
                         ['http://axschema.org/pref/language', 'language'],
                         ['http://axschema.org/pref/timezone', 'timezone']]
      requested_attrs.each { |a| axreq.add(OpenID::AX::AttrInfo.new(a[0], a[1], a[2] || false, a[3] || 1)) }
      oidreq.add_extension(axreq)
      oidreq.return_to_args['did_ax'] = 'y'
    end
    if params[:use_pape]
      papereq = OpenID::PAPE::Request.new
      papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT)
      papereq.max_auth_age = 2*60*60
      oidreq.add_extension(papereq)
      oidreq.return_to_args['did_pape'] = 'y'
    end
    if params[:force_post]
      oidreq.return_to_args['force_post'] = 'x' * 2048
    end
    if oidreq.send_redirect?(consumer_url, consumer_complete_url, params[:immediate])
      redirect_to oidreq.redirect_url(consumer_url, consumer_complete_url, params[:immediate])
    else
      @form_text = oidreq.form_markup(consumer_url, consumer_complete_url, params[:immediate], { 'id' => 'checkid_form' })
    end
  end
 
  def complete
    parameters = params.reject{ |k,v| request.path_parameters[k] }
    oidresp = openid_consumer.complete(parameters, url_for({}))
    case oidresp.status
    when OpenID::Consumer::SETUP_NEEDED
      flash[:error] = "Immediate request failed - setup needed"
    when OpenID::Consumer::CANCEL
      flash[:error] = "OpenID transaction cancelled."
    when OpenID::Consumer::FAILURE
      flash[:error] = oidresp.display_identifier ?
        "Verification of #{oidresp.display_identifier} failed: #{oidresp.message}" :
        "Verification failed: #{oidresp.message}"
    when OpenID::Consumer::SUCCESS
      flash[:notice] = "Verification of #{oidresp.display_identifier} succeeded."
      if params[:did_sreg]
        sreg_resp = OpenID::SReg::Response.from_success_response(oidresp)
        sreg_message = "\n\nSimple Registration data was requested"
        if sreg_resp.empty?
          sreg_message << ", but none was returned."
        else
          sreg_message << ". The following data were sent:\n"
          sreg_resp.data.each { |k,v| sreg_message << "#{k}: #{v}\n" }
        end
        flash[:notice] += sreg_message
      end
      if params[:did_ax]
        ax_resp = OpenID::AX::FetchResponse.from_success_response(oidresp)
        ax_message = "\n\nAttribute Exchange data was requested"
        unless ax_resp
          ax_message << ", but none was returned."
        else
          ax_message << ". The following data were sent:\n"
          ax_resp.data.each { |k,v| ax_message << "#{k}: #{v}\n" }
        end
        flash[:notice] += ax_message
      end
      if params[:did_pape]
        pape_resp = OpenID::PAPE::Response.from_success_response(oidresp)
        pape_message = "\n\nA phishing resistant authentication method was requested"
        if pape_resp.auth_policies.member? OpenID::PAPE::AUTH_PHISHING_RESISTANT
          pape_message << ", and the server reported one."
        else
          pape_message << ", but the server did not report one."
        end
        pape_message << "\nAuthentication age: #{pape_resp.auth_age} seconds" if pape_resp.auth_age
        pape_message << "\nNIST Auth Level: #{pape_resp.nist_auth_level}" if pape_resp.nist_auth_level
        flash[:notice] += pape_message
      end
    end
    redirect_to :action => 'index'
  end
  
  private
  
  # OpenID consumer reader, used to access the consumer functionality
  def openid_consumer
    @openid_consumer ||= OpenID::Consumer.new(session, ActiveRecordStore.new)
  end
  
end