0
@@ -9,7 +9,7 @@
0
 #
0
 # It's strongly recommended to check this file into your version control system.
0
 
0
-ActiveRecord::Schema.define(:version => 14) do
0
+ActiveRecord::Schema.define(:version => 15) do
0
 
0
   create_table "attachments", :force => true do |t|
0
     t.integer  "size"
0
@@ -51,13 +51,9 @@ ActiveRecord::Schema.define(:version => 14) do
0
   end
0
 
0
   create_table "open_id_authentication_nonces", :force => true do |t|
0
-    t.string  "nonce"
0
-    t.integer "created"
0
-  end
0
-
0
-  create_table "open_id_authentication_settings", :force => true do |t|
0
-    t.string "setting"
0
-    t.binary "value"
0
+    t.integer "timestamp",  :null => false
0
+    t.string  "server_url"
0
+    t.string  "salt",       :null => false
0
   end
0
 
0
   create_table "page_versions", :force => true do |t|

0
@@ -1,3 +1,7 @@
0
+* Updated plugin to use Ruby OpenID 2.x.x [Josh Peek]
0
+
0
+* Tied plugin to ruby-openid 1.1.4 gem until we can make it compatible with 2.x [DHH]
0
+
0
 * Use URI instead of regexps to normalize the URL and gain free, better matching #8136 [dkubb]
0
 
0
 * Allow -'s in #normalize_url [Rick]

0
@@ -8,7 +8,7 @@ Provides a thin wrapper around the excellent ruby-openid gem from JanRan. Be sur
0
 To understand what OpenID is about and how it works, it helps to read the documentation for lib/openid/consumer.rb
0
 from that gem.
0
 
0
-The specification used is http://openid.net/specs/openid-authentication-1_1.html (not the 2.0 draft).
0
+The specification used is http://openid.net/specs/openid-authentication-2_0.html.
0
 
0
 
0
 Prerequisites
0
@@ -95,7 +95,7 @@ app/controllers/sessions_controller.rb
0
             if @current_user = @account.users.find_by_identity_url(identity_url)
0
               successful_login
0
             else
0
-              failed_login "Sorry, no user by that identity URL exists (#{identity_url})")
0
+              failed_login "Sorry, no user by that identity URL exists (#{identity_url})"
0
             end
0
           else
0
             failed_login result.message

0
@@ -1,12 +1,11 @@
0
 begin
0
-  require 'openid'  
0
+  require 'openid'
0
 rescue LoadError
0
   begin
0
-    gem 'ruby-openid'
0
-    require 'openid'
0
-  rescue LoadError
0
+    gem 'ruby-openid', '>=2.0.4'
0
+  rescue Gem::LoadError
0
     puts "Install the ruby-openid gem to enable OpenID support"
0
   end
0
 end
0
 
0
-ActionController::Base.send :include, OpenIdAuthentication
0
\ No newline at end of file
0
+ActionController::Base.send :include, OpenIdAuthentication

0
@@ -1,16 +1,20 @@
0
+require 'uri'
0
+require 'openid/extensions/sreg'
0
+require 'openid/store/filesystem'
0
+
0
 module OpenIdAuthentication
0
   OPEN_ID_AUTHENTICATION_DIR = RAILS_ROOT + "/tmp/openids"
0
-  
0
+
0
   def self.store
0
     @@store
0
   end
0
-  
0
+
0
   def self.store=(value)
0
     @@store = value
0
   end
0
-  
0
+
0
   self.store = :db
0
-  
0
+
0
   def store
0
     OpenIdAuthentication.store
0
   end
0
@@ -20,19 +24,20 @@ module OpenIdAuthentication
0
 
0
   class Result
0
     ERROR_MESSAGES = {
0
-      :missing    => "Sorry, the OpenID server couldn't be found",
0
-      :canceled   => "OpenID verification was canceled",
0
-      :failed     => "Sorry, the OpenID verification failed"
0
+      :missing      => "Sorry, the OpenID server couldn't be found",
0
+      :canceled     => "OpenID verification was canceled",
0
+      :failed       => "Sorry, the OpenID verification failed",
0
+      :setup_needed => "OpenID verification needs setup"
0
     }
0
-    
0
+
0
     def self.[](code)
0
       new(code)
0
     end
0
-    
0
+
0
     def initialize(code)
0
       @code = code
0
     end
0
-    
0
+
0
     def ===(code)
0
       if code == :unsuccessful && unsuccessful?
0
         true
0
@@ -40,7 +45,7 @@ module OpenIdAuthentication
0
         @code == code
0
       end
0
     end
0
-    
0
+
0
     ERROR_MESSAGES.keys.each { |state| define_method("#{state}?") { @code == state } }
0
 
0
     def successful?
0
@@ -50,24 +55,21 @@ module OpenIdAuthentication
0
     def unsuccessful?
0
       ERROR_MESSAGES.keys.include?(@code)
0
     end
0
-    
0
+
0
     def message
0
       ERROR_MESSAGES[@code]
0
     end
0
   end
0
 
0
   def self.normalize_url(url)
0
-    begin
0
-      uri = URI.parse(url)
0
-      uri = URI.parse("http://#{uri}") unless uri.scheme
0
-      uri.scheme = uri.scheme.downcase  # URI should do this
0
-      uri.normalize.to_s
0
-    rescue URI::InvalidURIError
0
-      raise InvalidOpenId.new("#{url} is not an OpenID URL")
0
-    end
0
+    uri = URI.parse(url.to_s.strip)
0
+    uri = URI.parse("http://#{uri}") unless uri.scheme
0
+    uri.scheme = uri.scheme.downcase  # URI should do this
0
+    uri.normalize.to_s
0
+  rescue URI::InvalidURIError
0
+    raise InvalidOpenId.new("#{url} is not an OpenID URL")
0
   end
0
 
0
-
0
   protected
0
     def normalize_url(url)
0
       OpenIdAuthentication.normalize_url(url)
0
@@ -87,59 +89,63 @@ module OpenIdAuthentication
0
       end
0
     end
0
 
0
-
0
   private
0
     def begin_open_id_authentication(identity_url, fields = {})
0
-      open_id_response = timeout_protection_from_identity_server { open_id_consumer.begin(identity_url) }
0
-
0
-      case open_id_response.status
0
-      when OpenID::FAILURE
0
-        yield Result[:missing], identity_url, nil
0
-      when OpenID::SUCCESS
0
-        add_simple_registration_fields(open_id_response, fields)
0
-        redirect_to(open_id_redirect_url(open_id_response))
0
-      end
0
+      open_id_request = open_id_consumer.begin(identity_url)
0
+      add_simple_registration_fields(open_id_request, fields)
0
+      redirect_to(open_id_redirect_url(open_id_request))
0
+    rescue OpenID::OpenIDError, Timeout::Error => e
0
+      logger.error("[OPENID] #{e}")
0
+      yield Result[:missing], identity_url, nil
0
     end
0
-  
0
+
0
     def complete_open_id_authentication
0
-      open_id_response = timeout_protection_from_identity_server { open_id_consumer.complete(params) }
0
-      identity_url     = normalize_url(open_id_response.identity_url) if open_id_response.identity_url
0
+      params_with_path = params.reject { |key, value| request.path_parameters[key] }
0
+      open_id_response = timeout_protection_from_identity_server { open_id_consumer.complete(params_with_path, requested_url) }
0
+      identity_url     = normalize_url(open_id_response.endpoint.claimed_id) if open_id_response.endpoint.claimed_id
0
 
0
       case open_id_response.status
0
-      when OpenID::CANCEL
0
+      when OpenID::Consumer::SUCCESS
0
+        yield Result[:successful], identity_url, OpenID::SReg::Response.from_success_response(open_id_response)
0
+      when OpenID::Consumer::CANCEL
0
         yield Result[:canceled], identity_url, nil
0
-      when OpenID::FAILURE
0
-        logger.info "OpenID authentication failed: #{open_id_response.msg}"
0
+      when OpenID::Consumer::FAILURE
0
         yield Result[:failed], identity_url, nil
0
-      when OpenID::SUCCESS
0
-        yield Result[:successful], identity_url, open_id_response.extension_response('sreg')
0
-      end      
0
+      when OpenID::Consumer::SETUP_NEEDED
0
+        yield Result[:setup_needed], open_id_response.setup_url, nil
0
+      end
0
     end
0
 
0
     def open_id_consumer
0
       OpenID::Consumer.new(session, open_id_store)
0
     end
0
-    
0
+
0
     def open_id_store
0
       case store
0
-      when :db  : OpenIdAuthentication::DbStore.new
0
-      when :file: OpenID::FilesystemStore.new(OPEN_ID_AUTHENTICATION_DIR)
0
+      when :db
0
+        OpenIdAuthentication::DbStore.new
0
+      when :file
0
+        OpenID::FilesystemStore.new(OPEN_ID_AUTHENTICATION_DIR)
0
       else
0
         raise "Unknown store: #{store}"
0
       end
0
     end
0
 
0
+    def add_simple_registration_fields(open_id_request, fields)
0
+      sreg_request = OpenID::SReg::Request.new
0
+      sreg_request.request_fields(Array(fields[:required]).map(&:to_s), true) if fields[:required]
0
+      sreg_request.request_fields(Array(fields[:optional]).map(&:to_s), false) if fields[:optional]
0
+      sreg_request.policy_url = fields[:policy_url] if fields[:policy_url]
0
+      open_id_request.add_extension(sreg_request)
0
+    end
0
 
0
-    def add_simple_registration_fields(open_id_response, fields)
0
-      open_id_response.add_extension_arg('sreg', 'required', [ fields[:required] ].flatten * ',') if fields[:required]
0
-      open_id_response.add_extension_arg('sreg', 'optional', [ fields[:optional] ].flatten * ',') if fields[:optional]
0
+    def open_id_redirect_url(open_id_request)
0
+      open_id_request.return_to_args['open_id_complete'] = '1'
0
+      open_id_request.redirect_url(root_url, requested_url)
0
     end
0
-    
0
-    def open_id_redirect_url(open_id_response)
0
-      open_id_response.redirect_url(
0
-        request.protocol + request.host_with_port + "/",
0
-        open_id_response.return_to("#{request.protocol + request.host_with_port + request.relative_url_root + request.path}?open_id_complete=1")
0
-      )     
0
+
0
+    def requested_url
0
+      "#{request.protocol + request.host_with_port + request.relative_url_root + request.path}"
0
     end
0
 
0
     def timeout_protection_from_identity_server
0
@@ -149,10 +155,10 @@ module OpenIdAuthentication
0
         def status
0
           OpenID::FAILURE
0
         end
0
-        
0
+
0
         def msg
0
           "Identity server timed out"
0
         end
0
       end.new
0
     end
0
-end
0
\ No newline at end of file
0
+end

0
@@ -6,4 +6,4 @@ module OpenIdAuthentication
0
       OpenID::Association.new(handle, secret, issued, lifetime, assoc_type)
0
     end
0
   end
0
-end
0
\ No newline at end of file
0
+end

0
@@ -1,29 +1,19 @@
0
+require 'openid/store/interface'
0
+
0
 module OpenIdAuthentication
0
-  class DbStore < OpenID::Store
0
-    def self.gc
0
+  class DbStore < OpenID::Store::Interface
0
+    def self.cleanup_nonces
0
       now = Time.now.to_i
0
-
0
-      # remove old nonces
0
-      nonces = Nonce.find(:all)
0
-      nonces.each {|n| n.destroy if now - n.created > 6.hours} unless nonces.nil?
0
-    
0
-      # remove expired assocs
0
-      assocs = Association.find(:all)
0
-      assocs.each { |a| a.destroy if a.from_record.expired? } unless assocs.nil?
0
+      Nonce.delete_all(["timestamp > ? OR timestamp < ?", now + OpenID::Nonce.skew, now - OpenID::Nonce.skew])
0
     end
0
 
0
-
0
-    def get_auth_key
0
-      unless setting = Setting.find_by_setting('auth_key')
0
-        auth_key = OpenID::Util.random_string(20)
0
-        setting  = Setting.create(:setting => 'auth_key', :value => auth_key)
0
-      end
0
-
0
-      setting.value
0
+    def self.cleanup_associations
0
+      now = Time.now.to_i
0
+      Association.delete_all(['issued + lifetime > ?',now])
0
     end
0
 
0
     def store_association(server_url, assoc)
0
-      remove_association(server_url, assoc.handle)    
0
+      remove_association(server_url, assoc.handle)
0
       Association.create(:server_url => server_url,
0
                          :handle     => assoc.handle,
0
                          :secret     => assoc.secret,
0
@@ -32,49 +22,34 @@ module OpenIdAuthentication
0
                          :assoc_type => assoc.assoc_type)
0
     end
0
 
0
-    def get_association(server_url, handle=nil)
0
-      assocs = handle.blank? ? 
0
-        Association.find_all_by_server_url(server_url) :
0
+    def get_association(server_url, handle = nil)
0
+      assocs = if handle.blank?
0
+          Association.find_all_by_server_url(server_url)
0
+        else
0
           Association.find_all_by_server_url_and_handle(server_url, handle)
0
-    
0
+        end
0
+
0
       assocs.reverse.each do |assoc|
0
-        a = assoc.from_record    
0
-        if a.expired?
0
+        a = assoc.from_record
0
+        if a.expires_in == 0
0
           assoc.destroy
0
         else
0
           return a
0
         end
0
       end if assocs.any?
0
-    
0
+
0
       return nil
0
     end
0
-  
0
+
0
     def remove_association(server_url, handle)
0
-      assoc = Association.find_by_server_url_and_handle(server_url, handle)
0
-      unless assoc.nil?
0
-        assoc.destroy
0
-        return true
0
-      end
0
-      false
0
-    end
0
-  
0
-    def store_nonce(nonce)
0
-      use_nonce(nonce)
0
-      Nonce.create :nonce => nonce, :created => Time.now.to_i
0
+      Association.delete_all(['server_url = ? AND handle = ?', server_url, handle]) > 0
0
     end
0
-  
0
-    def use_nonce(nonce)
0
-      nonce = Nonce.find_by_nonce(nonce)
0
-      return false if nonce.nil?
0
-    
0
-      age = Time.now.to_i - nonce.created
0
-      nonce.destroy
0
 
0
-      age < 6.hours # max nonce age of 6 hours
0
-    end
0
-  
0
-    def dumb?
0
-      false
0
+    def use_nonce(server_url, timestamp, salt)
0
+      return false if Nonce.find_by_server_url_and_timestamp_and_salt(server_url, timestamp, salt)
0
+      return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
0
+      Nonce.create(:server_url => server_url, :timestamp => timestamp, :salt => salt)
0
+      return true
0
     end
0
   end
0
-end
0
\ No newline at end of file
0
+end

0
@@ -2,4 +2,4 @@ module OpenIdAuthentication
0
   class Nonce < ActiveRecord::Base
0
     set_table_name :open_id_authentication_nonces
0
   end
0
-end
0
\ No newline at end of file
0
+end

0
@@ -2,15 +2,29 @@ namespace :open_id_authentication do
0
   namespace :db do
0
     desc "Creates authentication tables for use with OpenIdAuthentication"
0
     task :create => :environment do
0
-      raise "Task unavailable to this database (no migration support)" unless ActiveRecord::Base.connection.supports_migrations?
0
+      generate_migration(["open_id_authentication_tables", "add_open_id_authentication_tables"])
0
+    end
0
+
0
+    desc "Upgrade authentication tables from ruby-openid 1.x.x to 2.x.x"
0
+    task :upgrade => :environment do
0
+      generate_migration(["upgrade_open_id_authentication_tables", "upgrade_open_id_authentication_tables"])
0
+    end
0
+
0
+    def generate_migration(args)
0
       require 'rails_generator'
0
       require 'rails_generator/scripts/generate'
0
-      Rails::Generator::Scripts::Generate.new.run([ "open_id_authentication_tables", "add_open_id_authentication_tables" ])
0
+
0
+      if ActiveRecord::Base.connection.supports_migrations?
0
+        Rails::Generator::Scripts::Generate.new.run(args)
0
+      else
0
+        raise "Task unavailable to this database (no migration support)"
0
+      end
0
     end
0
 
0
     desc "Clear the authentication tables"
0
     task :clear => :environment do
0
-      OpenIdAuthentication::DbStore.gc
0
+      OpenIdAuthentication::DbStore.cleanup_nonces
0
+      OpenIdAuthentication::DbStore.cleanup_associations
0
     end
0
   end
0
-end
0
\ No newline at end of file
0
+end

0
@@ -1,9 +1,4 @@
0
-require 'test/unit'
0
-require 'rubygems'
0
-require 'active_support'
0
-
0
-RAILS_ROOT = File.dirname(__FILE__)
0
-require File.dirname(__FILE__) + "/../lib/open_id_authentication"
0
+require File.dirname(__FILE__) + '/test_helper'
0
 
0
 class NormalizeTest < Test::Unit::TestCase
0
   include OpenIdAuthentication
0
@@ -20,7 +15,8 @@ class NormalizeTest < Test::Unit::TestCase
0
     "https://loudthinking.com:443"          => "https://loudthinking.com/",
0
     "http://loudthinking.com:8080"          => "http://loudthinking.com:8080/",
0
     "techno-weenie.net"                     => "http://techno-weenie.net/",
0
-    "http://techno-weenie.net"              => "http://techno-weenie.net/"
0
+    "http://techno-weenie.net"              => "http://techno-weenie.net/",
0
+    "http://techno-weenie.net  "            => "http://techno-weenie.net/"
0
   }
0
 
0
   def test_normalizations
0
@@ -30,6 +26,7 @@ class NormalizeTest < Test::Unit::TestCase
0
   end
0
   
0
   def test_broken_open_id
0
+    assert_raises(InvalidOpenId) { normalize_url(nil) }
0
     assert_raises(InvalidOpenId) { normalize_url("=name") }
0
   end
0
-end
0
\ No newline at end of file
0
+end

0
@@ -1,14 +1,4 @@
0
-require 'test/unit'
0
-
0
-require 'rubygems'
0
-gem 'mocha'
0
-require 'mocha'
0
-
0
-gem 'ruby-openid'
0
-require 'openid'
0
-
0
-RAILS_ROOT = File.dirname(__FILE__)
0
-require File.dirname(__FILE__) + "/../lib/open_id_authentication"
0
+require File.dirname(__FILE__) + '/test_helper'
0
 
0
 class OpenIdAuthenticationTest < Test::Unit::TestCase
0
   def setup
0
@@ -19,8 +9,10 @@ class OpenIdAuthenticationTest < Test::Unit::TestCase
0
   end
0
 
0
   def test_authentication_should_fail_when_the_identity_server_is_missing
0
-    @controller.stubs(:open_id_consumer).returns(stub(:begin => stub(:status => OpenID::FAILURE)))
0
-    
0
+    open_id_consumer = mock()
0
+    open_id_consumer.expects(:begin).raises(OpenID::OpenIDError)
0
+    @controller.stubs(:open_id_consumer).returns(open_id_consumer)
0
+
0
     @controller.send(:authenticate_with_open_id, "http://someone.example.com") do |result, identity_url|
0
       assert result.missing?
0
       assert_equal "Sorry, the OpenID server couldn't be found", result.message
0
@@ -28,7 +20,9 @@ class OpenIdAuthenticationTest < Test::Unit::TestCase
0
   end
0
 
0
   def test_authentication_should_fail_when_the_identity_server_times_out
0
-    @controller.stubs(:open_id_consumer).returns(stub(:begin => Proc.new { raise Timeout::Error, "Identity Server took too long." }))
0
+    open_id_consumer = mock()
0
+    open_id_consumer.expects(:begin).raises(Timeout::Error, "Identity Server took too long.")
0
+    @controller.stubs(:open_id_consumer).returns(open_id_consumer)
0
 
0
     @controller.send(:authenticate_with_open_id, "http://someone.example.com") do |result, identity_url|
0
       assert result.missing?
0
@@ -37,8 +31,8 @@ class OpenIdAuthenticationTest < Test::Unit::TestCase
0
   end
0
 
0
   def test_authentication_should_begin_when_the_identity_server_is_present
0
-    @controller.stubs(:open_id_consumer).returns(stub(:begin => stub(:status => OpenID::SUCCESS)))
0
-    @controller.expects(:begin_open_id_authentication) 
0
+    @controller.stubs(:open_id_consumer).returns(stub(:begin => true))
0
+    @controller.expects(:begin_open_id_authentication)
0
     @controller.send(:authenticate_with_open_id, "http://someone.example.com")
0
   end
0
-end
0
\ No newline at end of file
0
+end

0
@@ -1,7 +1,4 @@
0
-require 'test/unit'
0
-
0
-RAILS_ROOT = File.dirname(__FILE__)
0
-require File.dirname(__FILE__) + "/../lib/open_id_authentication"
0
+require File.dirname(__FILE__) + '/test_helper'
0
 
0
 class StatusTest < Test::Unit::TestCase
0
   include OpenIdAuthentication