Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 123 lines (114 sloc) 4.193 kb
3714803 @pelle Import from darcs HEAD from http://openidenabled.com/files/ruby-openid/r...
pelle authored
1 require 'pathname'
2
3 require "openid"
4 require 'openid/extensions/sreg'
5 require 'openid/extensions/pape'
6 require 'openid/store/filesystem'
7
8 class ConsumerController < ApplicationController
9 layout nil
10
11 def index
12 # render an openid form
13 end
14
15 def start
16 begin
17 identifier = params[:openid_identifier]
18 if identifier.nil?
19 flash[:error] = "Enter an OpenID identifier"
20 redirect_to :action => 'index'
21 return
22 end
23 oidreq = consumer.begin(identifier)
24 rescue OpenID::OpenIDError => e
25 flash[:error] = "Discovery failed for #{identifier}: #{e}"
26 redirect_to :action => 'index'
27 return
28 end
29 if params[:use_sreg]
30 sregreq = OpenID::SReg::Request.new
31 # required fields
32 sregreq.request_fields(['email','nickname'], true)
33 # optional fields
34 sregreq.request_fields(['dob', 'fullname'], false)
35 oidreq.add_extension(sregreq)
36 oidreq.return_to_args['did_sreg'] = 'y'
37 end
38 if params[:use_pape]
39 papereq = OpenID::PAPE::Request.new
40 papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT)
41 papereq.max_auth_age = 2*60*60
42 oidreq.add_extension(papereq)
43 oidreq.return_to_args['did_pape'] = 'y'
44 end
45 if params[:force_post]
46 oidreq.return_to_args['force_post']='x'*2048
47 end
48 return_to = url_for :action => 'complete', :only_path => false
49 realm = url_for :action => 'index', :only_path => false
50
51 if oidreq.send_redirect?(realm, return_to, params[:immediate])
52 redirect_to oidreq.redirect_url(realm, return_to, params[:immediate])
53 else
54 render :text => oidreq.html_markup(realm, return_to, params[:immediate], {'id' => 'openid_form'})
55 end
56 end
57
58 def complete
59 # FIXME - url_for some action is not necessarily the current URL.
60 current_url = url_for(:action => 'complete', :only_path => false)
61 parameters = params.reject{|k,v|request.path_parameters[k]}
62 oidresp = consumer.complete(parameters, current_url)
63 case oidresp.status
64 when OpenID::Consumer::FAILURE
65 if oidresp.display_identifier
66 flash[:error] = ("Verification of #{oidresp.display_identifier}"\
67 " failed: #{oidresp.message}")
68 else
69 flash[:error] = "Verification failed: #{oidresp.message}"
70 end
71 when OpenID::Consumer::SUCCESS
72 flash[:success] = ("Verification of #{oidresp.display_identifier}"\
73 " succeeded.")
74 if params[:did_sreg]
75 sreg_resp = OpenID::SReg::Response.from_success_response(oidresp)
76 sreg_message = "Simple Registration data was requested"
77 if sreg_resp.empty?
78 sreg_message << ", but none was returned."
79 else
80 sreg_message << ". The following data were sent:"
81 sreg_resp.data.each {|k,v|
82 sreg_message << "<br/><b>#{k}</b>: #{v}"
83 }
84 end
85 flash[:sreg_results] = sreg_message
86 end
87 if params[:did_pape]
88 pape_resp = OpenID::PAPE::Response.from_success_response(oidresp)
89 pape_message = "A phishing resistant authentication method was requested"
90 if pape_resp.auth_policies.member? OpenID::PAPE::AUTH_PHISHING_RESISTANT
91 pape_message << ", and the server reported one."
92 else
93 pape_message << ", but the server did not report one."
94 end
95 if pape_resp.auth_time
96 pape_message << "<br><b>Authentication time:</b> #{pape_resp.auth_time} seconds"
97 end
98 if pape_resp.nist_auth_level
99 pape_message << "<br><b>NIST Auth Level:</b> #{pape_resp.nist_auth_level}"
100 end
101 flash[:pape_results] = pape_message
102 end
103 when OpenID::Consumer::SETUP_NEEDED
104 flash[:alert] = "Immediate request failed - Setup Needed"
105 when OpenID::Consumer::CANCEL
106 flash[:alert] = "OpenID transaction cancelled."
107 else
108 end
109 redirect_to :action => 'index'
110 end
111
112 private
113
114 def consumer
115 if @consumer.nil?
116 dir = Pathname.new(RAILS_ROOT).join('db').join('cstore')
117 store = OpenID::Store::Filesystem.new(dir)
118 @consumer = OpenID::Consumer.new(session, store)
119 end
120 return @consumer
121 end
122 end
Something went wrong with that request. Please try again.