db/migrate/20080924120254_add_identity_url_to_user.rb db/migrate/20080924123512_add_open_id_authentication_tables.rb vendor/plugins/open_id_authentication/CHANGELOG vendor/plugins/open_id_authentication/README vendor/plugins/open_id_authentication/Rakefile vendor/plugins/open_id_authentication/generators/open_id_authentication_tables/open_id_authentication_tables_generator.rb vendor/plugins/open_id_authentication/generators/open_id_authentication_tables/templates/migration.rb vendor/plugins/open_id_authentication/generators/upgrade_open_id_authentication_tables/templates/migration.rb vendor/plugins/open_id_authentication/generators/upgrade_open_id_authentication_tables/upgrade_open_id_authentication_tables_generator.rb vendor/plugins/open_id_authentication/init.rb vendor/plugins/open_id_authentication/lib/open_id_authentication.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/association.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/db_store.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/mem_cache_store.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/nonce.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/request.rb vendor/plugins/open_id_authentication/lib/open_id_authentication/timeout_fixes.rb vendor/plugins/open_id_authentication/tasks/open_id_authentication_tasks.rake vendor/plugins/open_id_authentication/test/mem_cache_store_test.rb vendor/plugins/open_id_authentication/test/normalize_test.rb vendor/plugins/open_id_authentication/test/open_id_authentication_test.rb vendor/plugins/open_id_authentication/test/status_test.rb vendor/plugins/open_id_authentication/test/test_helper.rb @@ -1,22 +1,26 @@ class UsersController < ApplicationController + skip_before_filter :verify_authenticity_token, :only => :create + def new @user = User.new end def create logout_keeping_session! - @user = User.new(params[:user]) - @user.register! if @user && @user.valid? - success = @user && @user.valid? - if success && @user.errors.empty? - redirect_back_or_default('/') - flash[:notice] = "Thanks for signing up! We're sending you an email with your activation code." + if using_open_id? + authenticate_with_open_id(params[:openid_url], :return_to => open_id_create_url, + :required => [ :nickname, :email ]) do |result, identity_url, registration| + if result.successful? + create_new_user(:identity_url => identity_url, :login => registration['nickname'], :email => registration['email']) + else + failed_creation(result.message || "Sorry, something went wrong") + end + end else - flash[:error] = "We couldn't set up that account, sorry. Please try again, or contact an admin (link is above)." - render :action => 'new' + create_new_user(params[:user]) end end - + def activate logout_keeping_session! user = User.find_by_activation_code(params[:activation_code]) unless params[:activation_code].blank? @@ -33,4 +37,26 @@ class UsersController < ApplicationController redirect_back_or_default('/') end end + + protected + + def create_new_user(attributes) + @user = User.new(attributes) + @user.register! if @user && @user.valid? + if @user.errors.empty? + successful_creation + else + failed_creation + end + end + + def successful_creation + redirect_back_or_default('/') + flash[:notice] = "Thanks for signing up! We're sending you an email with your activation code." + end + + def failed_creation(message = 'Sorry, there was an error creating your account') + flash[:error] = message + render :action => :new + end end app/controllers/users_controller.rb @@ -7,16 +7,18 @@ class User < ActiveRecord::Base include Authorization::AasmRoles # Validations - validates_presence_of :login - validates_length_of :login, :within => 3..40 - validates_uniqueness_of :login, :case_sensitive => false - validates_format_of :login, :with => RE_LOGIN_OK, :message => MSG_LOGIN_BAD + validates_presence_of :login, :if => :not_using_openid? + validates_length_of :login, :within => 3..40, :if => :not_using_openid? + validates_uniqueness_of :login, :case_sensitive => false, :if => :not_using_openid? + validates_format_of :login, :with => RE_LOGIN_OK, :message => MSG_LOGIN_BAD, :if => :not_using_openid? validates_format_of :name, :with => RE_NAME_OK, :message => MSG_NAME_BAD, :allow_nil => true validates_length_of :name, :maximum => 100 - validates_presence_of :email - validates_length_of :email, :within => 6..100 #r@a.wk - validates_uniqueness_of :email, :case_sensitive => false - validates_format_of :email, :with => RE_EMAIL_OK, :message => MSG_EMAIL_BAD + validates_presence_of :email, :if => :not_using_openid? + validates_length_of :email, :within => 6..100, :if => :not_using_openid? + validates_uniqueness_of :email, :case_sensitive => false, :if => :not_using_openid? + validates_format_of :email, :with => RE_EMAIL_OK, :message => MSG_EMAIL_BAD, :if => :not_using_openid? + validates_uniqueness_of :identity_url, :unless => :not_using_openid? + validate :normalize_identity_url # Relationships has_and_belongs_to_many :roles @@ -24,14 +26,9 @@ class User < ActiveRecord::Base # HACK HACK HACK -- how to do attr_accessible from here? # prevents a user from submitting a crafted form that bypasses activation # anything else you want your user to change should be added here. - attr_accessible :login, :email, :name, :password, :password_confirmation + attr_accessible :login, :email, :name, :password, :password_confirmation, :identity_url # Authenticates a user by their login name and unencrypted password. Returns the user or nil. - # - # uff. this is really an authorization, not authentication routine. - # We really need a Dispatch Chain here or something. - # This will also let us return a human error message. - # def self.authenticate(login, password) u = find_in_state :first, :active, :conditions => { :login => login } # need to get the salt u && u.authenticated?(password) ? u : nil @@ -42,6 +39,16 @@ class User < ActiveRecord::Base list ||= self.roles.map(&:name) list.include?(role.to_s) || list.include?('admin') end + + # Not using open id + def not_using_openid? + identity_url.blank? + end + + # Overwrite password_required for open id + def password_required? + new_record? ? not_using_openid? && (crypted_password.blank? || !password.blank?) : !password.blank? + end protected @@ -49,4 +56,10 @@ class User < ActiveRecord::Base self.deleted_at = nil self.activation_code = self.class.make_token end + + def normalize_identity_url + self.identity_url = OpenIdAuthentication.normalize_url(identity_url) unless not_using_openid? + rescue URI::InvalidURIError + errors.add_to_base("Invalid OpenID URL") + end end app/models/user.rb @@ -23,6 +23,15 @@ </li> </ol> </fieldset> + <fieldset> + <legend>Signup with OpenID</legend> + <ol> + <li> + <label for="openid_url">OpenID URL</label> + <%= text_field_tag :openid_url, params[:openid_url] || params['openid.identity'] %> + </li> + </ol> + </fieldset> <div class="buttons"> <%= submit_tag 'Sign up' %> </div> app/views/users/new.html.erb @@ -7,6 +7,8 @@ ActionController::Routing::Routes.draw do |map| map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil map.forgot_password '/forgot_password', :controller => 'passwords', :action => 'new' map.change_password '/change_password/:reset_code', :controller => 'passwords', :action => 'reset' + map.open_id_complete '/opensession', :controller => "sessions", :action => "create", :requirements => { :method => :get } + map.open_id_create '/opencreate', :controller => "users", :action => "create", :requirements => { :method => :get } # Restful Authentication Resources map.resources :users config/routes.rb @@ -9,7 +9,22 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20080912160936) do +ActiveRecord::Schema.define(:version => 20080924123512) do + + create_table "open_id_authentication_associations", :force => true do |t| + t.integer "issued" + t.integer "lifetime" + t.string "handle" + t.string "assoc_type" + t.binary "server_url" + t.binary "secret" + end + + create_table "open_id_authentication_nonces", :force => true do |t| + t.integer "timestamp", :null => false + t.string "server_url" + t.string "salt", :null => false + end create_table "passwords", :force => true do |t| t.integer "user_id" @@ -35,8 +50,8 @@ ActiveRecord::Schema.define(:version => 20080912160936) do t.datetime "updated_at" end - add_index "sessions", ["updated_at"], :name => "index_sessions_on_updated_at" add_index "sessions", ["session_id"], :name => "index_sessions_on_session_id" + add_index "sessions", ["updated_at"], :name => "index_sessions_on_updated_at" create_table "users", :force => true do |t| t.string "login", :limit => 40 @@ -52,6 +67,7 @@ ActiveRecord::Schema.define(:version => 20080912160936) do t.datetime "deleted_at" t.datetime "created_at" t.datetime "updated_at" + t.string "identity_url" end add_index "users", ["login"], :name => "index_users_on_login", :unique => true db/schema.rb @@ -12,13 +12,13 @@ module Authorization aasm_column :state aasm_initial_state :initial => :pending aasm_state :passive - aasm_state :pending, :enter => :make_activation_code + aasm_state :pending, :enter => :make_activation_code, aasm_state :active, :enter => :do_activate aasm_state :suspended aasm_state :deleted, :enter => :do_delete aasm_event :register do - transitions :from => :passive, :to => :pending, :guard => Proc.new {|u| !(u.crypted_password.blank? && u.password.blank?) } + transitions :from => :passive, :to => :pending, :guard => Proc.new {|u| !(u.crypted_password.blank? && u.password.blank?) || !u.not_using_openid? } end aasm_event :activate do vendor/plugins/restful_authentication/lib/authorization/aasm_roles.rb 0bf2d9fb9ff51a1ca0d3e43f972e5788e6bc17c2 Jim Neath jim@virtuaffinity.net http://github.com/laktek/extended-bort/commit/0298a4ab788a20dbb73d40ac32d5c907a5a21030 0298a4ab788a20dbb73d40ac32d5c907a5a21030 2008-09-24T06:37:30-07:00 2008-09-24T06:37:30-07:00 Started work on OpenID integration 539399c2d4231c75d3586c263e7139d3eff3f013 Jim Neath jim@virtuaffinity.net