Skip to content
Browse files

Import from darcs HEAD from http://openidenabled.com/files/ruby-openi…

  • Loading branch information...
0 parents commit 3714803c704a65ec15d4af299a83f869439c9dd9 @pelle pelle committed
Showing with 11,123 additions and 0 deletions.
  1. +1 −0 .gitignore
  2. +215 −0 CHANGELOG
  3. +36 −0 CHANGES-2.1.0
  4. +47 −0 INSTALL
  5. +210 −0 LICENSE
  6. +2 −0 NOTICE
  7. +82 −0 README
  8. +127 −0 UPGRADE
  9. +12 −0 admin/build-docs
  10. +36 −0 admin/darcs-ignore
  11. +11 −0 admin/fixperms
  12. +47 −0 admin/gettlds.py
  13. +30 −0 admin/graph-require.sh
  14. +1 −0 admin/library-name
  15. +13 −0 admin/mkassoc
  16. +24 −0 admin/prepare-release
  17. +15 −0 admin/runtests
  18. +45 −0 admin/runtests.rb
  19. +32 −0 examples/README
  20. +58 −0 examples/active_record_openid_store/README
  21. +24 −0 examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb
  22. +26 −0 examples/active_record_openid_store/XXX_upgrade_open_id_store.rb
  23. +8 −0 examples/active_record_openid_store/init.rb
  24. +10 −0 examples/active_record_openid_store/lib/association.rb
  25. +3 −0 examples/active_record_openid_store/lib/nonce.rb
  26. +4 −0 examples/active_record_openid_store/lib/open_id_setting.rb
  27. +57 −0 examples/active_record_openid_store/lib/openid_ar_store.rb
  28. +212 −0 examples/active_record_openid_store/test/store_test.rb
  29. +49 −0 examples/discover
  30. +153 −0 examples/rails_openid/README
  31. +10 −0 examples/rails_openid/Rakefile
  32. +4 −0 examples/rails_openid/app/controllers/application.rb
  33. +122 −0 examples/rails_openid/app/controllers/consumer_controller.rb
  34. +45 −0 examples/rails_openid/app/controllers/login_controller.rb
  35. +265 −0 examples/rails_openid/app/controllers/server_controller.rb
  36. +3 −0 examples/rails_openid/app/helpers/application_helper.rb
  37. +2 −0 examples/rails_openid/app/helpers/login_helper.rb
  38. +9 −0 examples/rails_openid/app/helpers/server_helper.rb
  39. +81 −0 examples/rails_openid/app/views/consumer/index.rhtml
  40. +68 −0 examples/rails_openid/app/views/layouts/server.rhtml
  41. +56 −0 examples/rails_openid/app/views/login/index.rhtml
  42. +26 −0 examples/rails_openid/app/views/server/decide.rhtml
  43. +19 −0 examples/rails_openid/config/boot.rb
  44. +74 −0 examples/rails_openid/config/database.yml
  45. +54 −0 examples/rails_openid/config/environment.rb
  46. +19 −0 examples/rails_openid/config/environments/development.rb
  47. +19 −0 examples/rails_openid/config/environments/production.rb
  48. +19 −0 examples/rails_openid/config/environments/test.rb
  49. +24 −0 examples/rails_openid/config/routes.rb
  50. +2 −0 examples/rails_openid/doc/README_FOR_APP
  51. +40 −0 examples/rails_openid/public/.htaccess
  52. +8 −0 examples/rails_openid/public/404.html
  53. +8 −0 examples/rails_openid/public/500.html
  54. +12 −0 examples/rails_openid/public/dispatch.cgi
  55. +26 −0 examples/rails_openid/public/dispatch.fcgi
  56. +12 −0 examples/rails_openid/public/dispatch.rb
  57. 0 examples/rails_openid/public/favicon.ico
  58. BIN examples/rails_openid/public/images/openid_login_bg.gif
  59. +750 −0 examples/rails_openid/public/javascripts/controls.js
  60. +584 −0 examples/rails_openid/public/javascripts/dragdrop.js
  61. +854 −0 examples/rails_openid/public/javascripts/effects.js
  62. +1,785 −0 examples/rails_openid/public/javascripts/prototype.js
  63. +1 −0 examples/rails_openid/public/robots.txt
  64. +3 −0 examples/rails_openid/script/about
  65. +3 −0 examples/rails_openid/script/breakpointer
  66. +3 −0 examples/rails_openid/script/console
  67. +3 −0 examples/rails_openid/script/destroy
  68. +3 −0 examples/rails_openid/script/generate
  69. +3 −0 examples/rails_openid/script/performance/benchmarker
  70. +3 −0 examples/rails_openid/script/performance/profiler
  71. +3 −0 examples/rails_openid/script/plugin
  72. +3 −0 examples/rails_openid/script/process/reaper
  73. +3 −0 examples/rails_openid/script/process/spawner
  74. +3 −0 examples/rails_openid/script/process/spinner
  75. +3 −0 examples/rails_openid/script/runner
  76. +3 −0 examples/rails_openid/script/server
  77. +18 −0 examples/rails_openid/test/functional/login_controller_test.rb
  78. +18 −0 examples/rails_openid/test/functional/server_controller_test.rb
  79. +28 −0 examples/rails_openid/test/test_helper.rb
  80. +21 −0 gemspec
  81. +112 −0 lib/hmac/hmac.rb
  82. +11 −0 lib/hmac/sha1.rb
  83. +25 −0 lib/hmac/sha2.rb
  84. +20 −0 lib/openid.rb
  85. +249 −0 lib/openid/association.rb
  86. +395 −0 lib/openid/consumer.rb
  87. +344 −0 lib/openid/consumer/associationmanager.rb
  88. +186 −0 lib/openid/consumer/checkid_request.rb
  89. +498 −0 lib/openid/consumer/discovery.rb
  90. +123 −0 lib/openid/consumer/discovery_manager.rb
  91. +134 −0 lib/openid/consumer/html_parse.rb
  92. +523 −0 lib/openid/consumer/idres.rb
  93. +148 −0 lib/openid/consumer/responses.rb
  94. +97 −0 lib/openid/cryptutil.rb
  95. +89 −0 lib/openid/dh.rb
  96. +39 −0 lib/openid/extension.rb
  97. +516 −0 lib/openid/extensions/ax.rb
  98. +179 −0 lib/openid/extensions/pape.rb
  99. +277 −0 lib/openid/extensions/sreg.rb
  100. +11 −0 lib/openid/extras.rb
  101. +238 −0 lib/openid/fetchers.rb
  102. +136 −0 lib/openid/kvform.rb
  103. +58 −0 lib/openid/kvpost.rb
Sorry, we could not display the entire diff because it was too big.
1 .gitignore
@@ -0,0 +1 @@
+_darcs
215 CHANGELOG
@@ -0,0 +1,215 @@
+Mon Jan 23 12:48:00 PST 2006 brian@janrain.com
+ * fixed bug in expiresIn. added expired? method
+
+ M ./lib/openid/filestore.rb -1 +1
+ M ./lib/openid/stores.rb +4
+
+Mon Jan 23 12:46:37 PST 2006 brian@janrain.com
+ * removed deps section from INSTALL file. deps are now included in lib because they are so small and to lower to bar of installing the library.
+
+ M ./INSTALL -9
+
+Tue Jan 17 14:45:57 PST 2006 brian@janrain.com
+ * added better handling of non-URL input
+
+ M ./lib/openid/consumer.rb -1 +5
+
+Sat Jan 14 19:39:57 PST 2006 brian@janrain.com
+ * added html and hmac deps into lib since they are so small
+
+ A ./lib/hmac-md5.rb
+ A ./lib/hmac-rmd160.rb
+ A ./lib/hmac-sha1.rb
+ A ./lib/hmac-sha2.rb
+ A ./lib/hmac.rb
+ A ./lib/html/
+ A ./lib/html/htmltokenizer.rb
+
+Mon Jan 16 15:04:05 PST 2006 Josh Hoyt <josh@janrain.com>
+ * Add script that will prepare the repository for release
+
+ A ./admin/fixperms
+ A ./admin/prepare-release
+
+Mon Jan 16 14:35:27 PST 2006 Josh Hoyt <josh@janrain.com>
+ * Add custom boring file
+
+ A ./admin/darcs-ignore
+
+Mon Jan 16 14:07:13 PST 2006 Josh Hoyt <josh@janrain.com>
+ * Put the build-docs script into the admin directory
+
+ ./build-docs -> ./admin/build-docs
+ A ./admin/
+
+Mon Jan 16 14:05:47 PST 2006 Josh Hoyt <josh@janrain.com>
+ * Add script to build documentation
+
+ A ./build-docs
+
+Wed Jan 4 16:06:41 PST 2006 brian@janrain.com
+ tagged ruby-openid-0.9.2
+
+
+Wed Jan 4 16:02:32 PST 2006 brian@janrain.com
+ * added openid_login_generator rails generator to examples
+
+ A ./examples/openid_login_generator/
+ A ./examples/openid_login_generator/USAGE
+ A ./examples/openid_login_generator/openid_login_generator.rb
+ A ./examples/openid_login_generator/templates/
+ A ./examples/openid_login_generator/templates/README
+ A ./examples/openid_login_generator/templates/controller.rb
+ A ./examples/openid_login_generator/templates/helper.rb
+ A ./examples/openid_login_generator/templates/login_system.rb
+ A ./examples/openid_login_generator/templates/user.rb
+ A ./examples/openid_login_generator/templates/view_login.rhtml
+ A ./examples/openid_login_generator/templates/view_logout.rhtml
+ A ./examples/openid_login_generator/templates/view_signup.rhtml
+ A ./examples/openid_login_generator/templates/view_welcome.rhtml
+
+Wed Jan 4 16:01:12 PST 2006 brian@janrain.com
+ * updated examples README to include openid_login_generator
+
+ M ./examples/README +11
+
+Wed Jan 4 14:58:24 PST 2006 brian@janrain.com
+ * added link to ruby library from consumer.rb example
+
+ M ./examples/consumer.rb -1 +1
+
+Wed Jan 4 10:56:45 PST 2006 brian@janrain.com
+ * ensure Content-type header is present for POSTs
+
+ M ./lib/openid/fetchers.rb -1 +2
+
+Fri Dec 30 17:05:25 PST 2005 brian@janrain.com
+ tagged ruby-openid-0.9.1
+
+
+Fri Dec 30 17:03:54 PST 2005 brian@janrain.com
+ * added Ruby on Rails example consumer
+
+ M ./examples/README -1 +14
+ A ./examples/openid_rails.tar.gz
+
+Thu Dec 29 16:00:20 PST 2005 brian@janrain.com
+ tagged ruby-openid-0.9.0
+
+
+Thu Dec 29 15:43:07 PST 2005 brian@janrain.com
+ * removed docs directory. generated rdoc html will be added manually to tarballs, and not be kept in repository
+
+ R ./docs/
+ R ./docs/README
+
+Thu Dec 29 15:21:21 PST 2005 brian@janrain.com
+ * added more docs for stores
+
+ M ./TODO -2 +4
+ M ./lib/openid/filestore.rb -16 +3
+ M ./lib/openid/stores.rb -9 +1
+
+Thu Dec 29 14:58:52 PST 2005 brian@janrain.com
+ * Huge documentation patch
+
+ M ./INSTALL -12 +22
+ M ./README -1 +1
+ M ./lib/openid/consumer.rb -24 +370
+ M ./lib/openid/fetchers.rb -2 +1
+ M ./lib/openid/filestore.rb -6 +4
+ M ./lib/openid/stores.rb -2 +1
+
+Thu Dec 29 10:59:54 PST 2005 brian@janrain.com
+ * added more info and rdoc formatting to README
+
+ M ./README -10 +26
+
+Thu Dec 29 09:45:51 PST 2005 brian@janrain.com
+ * fixed bad comment
+
+ M ./examples/consumer.rb -1 +1
+
+Wed Dec 28 17:59:48 PST 2005 brian@janrain.com
+ * added platform agnositc temp dir discovery
+
+ M ./examples/consumer.rb -1 +5
+
+Wed Dec 28 17:13:21 PST 2005 brian@janrain.com
+ * moved getOpenIDParamerters to util
+
+ M ./lib/openid/consumer.rb -10 +2
+ M ./lib/openid/util.rb +8
+
+Wed Dec 28 15:47:51 PST 2005 brian@janrain.com
+ * code cleanup
+
+ M ./lib/openid/consumer.rb -5
+
+Wed Dec 28 15:29:31 PST 2005 brian@janrain.com
+ * added linkparse to test suite script
+
+ M ./test/runtests -1 +1
+
+Wed Dec 28 15:29:07 PST 2005 brian@janrain.com
+ * added link parsing tests, lots of em
+
+ A ./test/linkparse.rb
+
+Wed Dec 28 15:28:07 PST 2005 brian@janrain.com
+ * link parsing more robust: handle non-html data, and make sure link tag is in head
+
+ M ./lib/openid/parse.rb -5 +13
+
+Tue Dec 27 16:11:09 PST 2005 brian@janrain.com
+ * added more tests for openid/util
+
+ M ./test/dh.rb -2 +1
+ M ./test/runtests +1
+ A ./test/util.rb
+
+Tue Dec 27 16:10:28 PST 2005 brian@janrain.com
+ * change util methods to use all use /dev/urandom if available
+
+ M ./lib/openid/util.rb -15 +35
+
+Tue Dec 27 16:09:53 PST 2005 brian@janrain.com
+ * changed tmp pathname to something more useful
+
+ M ./examples/consumer.rb -1 +1
+
+Fri Dec 16 09:04:59 PST 2005 Josh Hoyt <josh@janrain.com>
+ * Removed (now obsolete) interface.rb
+
+ This has been subsumed by consumer.rb
+
+ R ./lib/openid/interface.rb
+
+Thu Dec 15 18:25:04 PST 2005 brian@janrain.com
+ * initial checkin
+
+ A ./COPYING
+ A ./INSTALL
+ A ./README
+ A ./TODO
+ A ./docs/
+ A ./docs/README
+ A ./examples/
+ A ./examples/README
+ A ./examples/consumer.rb
+ A ./lib/
+ A ./lib/openid/
+ A ./lib/openid/consumer.rb
+ A ./lib/openid/dh.rb
+ A ./lib/openid/fetchers.rb
+ A ./lib/openid/filestore.rb
+ A ./lib/openid/interface.rb
+ A ./lib/openid/parse.rb
+ A ./lib/openid/stores.rb
+ A ./lib/openid/util.rb
+ A ./setup.rb
+ A ./test/
+ A ./test/assoc.rb
+ A ./test/dh.rb
+ A ./test/runtests
+ A ./test/teststore.rb
36 CHANGES-2.1.0
@@ -0,0 +1,36 @@
+
+* API Changes
+ * PAPE (Provider Authentication Policy Extension) module
+ * Updated extension for specification draft 2
+ * PAPE::Request::from_success_response returns nil if PAPE
+ response arguments were not signed
+ * Added functions to generate request/response HTML forms with
+ auto-submission javascript
+ * Consumer (relying party) API:
+ Auth_OpenID_AuthRequest::htmlMarkup
+ * Server API: Auth_OpenID_OpenIDResponse::toHTML
+ * Removed Rails login generator
+ * SReg::Response::from_success_response returns nil when no signed
+ arguments were found
+
+* New Features
+ * Fetchers now only read/request first megabyte of response
+
+* Bug fixes
+ * NOT NULL constraints to tables created by ActiveRecordStore
+ * check_authentication requests: copy entire response, not just
+ signed fields. Fixes missing namespace in check_authentication
+ requests
+ * OpenID 1 association requests no longer explicitly set
+ no-encryption session type
+ * Improved HTML parsing
+ * AssociationRequest::answer: include session_type in
+ no-encryption assoc responses
+ * normalize return_to URL before performing return_to verification
+ * OpenID::Consumer::IdResHandler.verify_discovery_results_openid1:
+ fall back to OpenID 1.0 type if 1.1 endpoint cannot be found
+ * StandardFetcher now includes a timeout setting
+ * Handle blank content types in
+ OpenID::Yadis::DiscoveryResult.where_is_yadis?
+ * Properly convert timestamps to ints before storing in DB, and vise
+ versa
47 INSTALL
@@ -0,0 +1,47 @@
+= Ruby OpenID Library Installation
+
+== Rubygems Installation
+
+Rubygems is a tool for installing ruby libraries and their
+dependancies. If you have rubygems installed, simply:
+
+ gem install ruby-openid
+
+== Manual Installation
+
+Unpack the archive and run setup.rb to install:
+
+ ruby setup.rb
+
+setup.rb installs the library into your system ruby. If don't want to
+add openid to you system ruby, you may instead add the *lib* directory of
+the extracted tarball to your RUBYLIB environment variable:
+
+ $ export RUBYLIB=${RUBYLIB}:/path/to/ruby-openid/lib
+
+
+== Testing the Installation
+
+Make sure everything installed ok:
+ $> irb
+ irb$> require "openid"
+ => true
+
+Or, if you installed via rubygems:
+
+ $> irb
+ irb$> require "rubygems"
+ => true
+ irb$> require_gem "ruby-openid"
+ => true
+
+== Run the test suite
+
+Go into the test directory and execute the *runtests.rb* script.
+
+== Next steps
+
+* Run consumer.rb in the examples directory.
+* Get started writing your own consumer using OpenID::Consumer
+* Write your own server with OpenID::Server
+* Use the OpenIDLoginGenerator! Read example/README for more info.
210 LICENSE
@@ -0,0 +1,210 @@
+The code in lib/hmac/ is Copyright 2001 by Daiki Ueno, and distributed under
+the terms of the Ruby license. See http://www.ruby-lang.org/en/LICENSE.txt
+
+lib/openid/yadis/htmltokenizer.rb is Copyright 2004 by Ben Giddings and
+distributed under the terms of the Ruby license.
+
+The remainder of this package is Copyright 2006-2008 by JanRain, Inc. and
+distributed under the terms of license below:
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
2 NOTICE
@@ -0,0 +1,2 @@
+This product includes software developed by JanRain,
+available from http://openidenabled.com/
82 README
@@ -0,0 +1,82 @@
+=Ruby OpenID
+
+A Ruby library for verifying and serving OpenID identities.
+
+==Features
+* Easy to use API for verifying OpenID identites - OpenID::Consumer
+* Support for serving OpenID identites - OpenID::Server
+* Does not depend on underlying web framework
+* Supports multiple storage mechanisms (Filesystem, ActiveRecord, Memory)
+* Example code to help you get started, including:
+ * Ruby on Rails based consumer and server
+ * OpenIDLoginGenerator for quickly getting creating a rails app that uses
+ OpenID for authentication
+ * ActiveRecordOpenIDStore plugin
+* Comprehensive test suite
+* Supports both OpenID 1 and OpenID 2 transparently
+
+==Installing
+Before running the examples or writing your own code you'll need to install
+the library. See the INSTALL file or use rubygems:
+
+ gem install ruby-openid
+
+Check the installation:
+
+ $ irb
+ irb> require 'rubygems'
+ irb> require_gem 'ruby-openid'
+ => true
+
+The library is known to work with Ruby 1.8.4 on Unix, Max OSX and
+Win32. Examples have been tested with Rails 1.1 and 1.2, and 2.0.
+
+==Getting Started
+The best way to start is to look at the rails_openid example.
+You can run it with:
+ cd examples/rails_openid
+ script/server
+
+If you are writing an OpenID Relying Party, a good place to start is:
+examples/rails_openid/app/controllers/consumer_controller.rb
+
+And if you are writing an OpenID provider:
+examples/rails_openid/app/controllers/server_controller.rb
+
+The library code is quite well documented, so don't be squeamish, and
+look at the library itself if there's anything you don't understand in
+the examples.
+
+==Homepage
+http://openidenabled.com/ruby-openid/
+
+See also:
+http://openid.net/
+http://openidenabled.com/
+
+==Community
+Discussion regarding the Ruby OpenID library and other JanRain OpenID
+libraries takes place on the the OpenID mailing list on
+openidenabled.com.
+
+http://lists.openidenabled.com/mailman/listinfo/dev
+
+Please join this list to discuss, ask implementation questions, report
+bugs, etc. Also check out the openid channel on the freenode IRC
+network.
+
+If you have a bugfix or feature you'd like to contribute, don't
+hesitate to send it to us. For more detailed information on how to
+contribute, see
+
+ http://openidenabled.com/contribute/
+
+==Author
+Copyright 2006-2008, JanRain, Inc.
+
+Contact openid@janrain.com or visit the OpenID channel on pibb.com:
+
+http://pibb.com/go/openid
+
+==License
+Apache Software License. For more information see the LICENSE file.
127 UPGRADE
@@ -0,0 +1,127 @@
+= Upgrading from the OpenID 1.x series library
+
+== Consumer Upgrade
+
+The flow is largely the same, however there are a number of significant
+changes. The consumer example is helpful to look at:
+examples/rails_openid/app/controllers/consumer_controller.rb
+
+
+=== Stores
+
+You will need to require the file for the store that you are using.
+For the filesystem store, this is 'openid/stores/filesystem'
+They are also now in modules. The filesystem store is
+ OpenID::Store::Filesystem
+The format has changed, and you should remove your old store directory.
+
+The ActiveRecord store ( examples/active_record_openid_store ) still needs
+to be put in a plugin directory for your rails app. There's a migration
+that needs to be run; examine the README in that directory.
+
+Also, note that the stores now can be garbage collected with the method
+ store.cleanup
+
+
+=== Starting the OpenID transaction
+
+The OpenIDRequest object no longer has status codes. Instead,
+consumer.begin raises an OpenID::OpenIDError if there is a problem
+initiating the transaction, so you'll want something along the lines of:
+
+ begin
+ openid_request = consumer.begin(params[:openid_identifier])
+ rescue OpenID::OpenIDError => e
+ # display error e
+ return
+ end
+ #success case
+
+Data regarding the OpenID server once lived in
+ openid_request.service
+
+The corresponding object in the 2.0 lib can be retrieved with
+ openid_request.endpoint
+
+Getting the unverified identifier: Where you once had
+ openid_request.identity_url
+you will now want
+ openid_request.endpoint.claimed_id
+which might be different from what you get at the end of the transaction,
+since it is now possible for users to enter their server's url directly.
+
+Arguments on the return_to URL are now verified, so if you want to add
+additional arguments to the return_to url, use
+ openid_request.return_to_args['param'] = value
+
+Generating the redirect is the same as before, but add any extensions
+first.
+
+If you need to set up an SSL certificate authority list for the fetcher,
+use the 'ca_file' attr_accessor on the OpenID::StandardFetcher. This has
+changed from 'ca_path' in the 1.x.x series library. That is, set
+OpenID.fetcher.ca_file = '/path/to/ca.list'
+before calling consumer.begin.
+
+=== Requesting Simple Registration Data
+
+You'll need to require the code for the extension
+ require 'openid/extensions/sreg'
+
+The new code for adding an SReg request now looks like:
+
+ sreg_request = OpenID::SReg::Request.new
+ sreg_request.request_fields(['email', 'dob'], true) # required
+ sreg_request.request_fields(['nickname', 'fullname'], false) # optional
+ sreg_request.policy_url = policy_url
+ openid_request.add_extension(sreg_request)
+
+The code for adding other extensions is similar. Code for the Attribute
+Exchange (AX) and Provider Authentication Policy Extension (PAPE) are
+included with the library, and additional extensions can be implemented
+subclassing OpenID::Extension.
+
+
+=== Completing the transaction
+
+The return_to and its arguments are verified, so you need to pass in
+the base URL and the arguments. With Rails, the params method mashes
+together parameters from GET, POST, and the path, so you'll need to pull
+off the path "parameters" with something like
+
+ return_to = url_for(:only_path => false,
+ :controller => 'openid',
+ :action => 'complete')
+ parameters = params.reject{|k,v| request.path_parameters[k] }
+ openid_response = consumer.complete(parameters, return_to)
+
+The response still uses the status codes, but they are now namespaced
+slightly differently, for example OpenID::Consumer::SUCCESS
+
+In the case of failure, the error message is now found in
+ openid_response.message
+
+The identifier to display to the user can be found in
+ openid_response.endpoint.display_identifier
+
+The Simple Registration response can be read from the OpenID response
+with
+ sreg_response = OpenID::SReg::Response.from_success_response(openid_response)
+ nickname = sreg_response['nickname']
+ # etc.
+
+
+== Server Upgrade
+
+The server code is mostly the same as before, with the exception of
+extensions. Also, you must pass in the endpoint URL to the server
+constructor:
+ @server = OpenID::Server.new(store, server_url)
+
+I recommend looking at
+examples/rails_openid/app/controllers/server_controller.rb
+for an example of the new way of doing extensions.
+
+--
+Dag Arneson, JanRain Inc.
+Please direct questions to openid@janrain.com
12 admin/build-docs
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+#
+# Build the HTML documentation for the JanRain PHP OpenID library
+#
+# Usage:
+# build-docs
+#
+# Must be run from the base of the repository
+
+RDOC_FILES="README INSTALL LICENSE UPGRADE lib/openid examples/README"
+MAIN=README
+rdoc --main="$MAIN" $RDOC_FILES
36 admin/darcs-ignore
@@ -0,0 +1,36 @@
+# Boring file regexps:
+\.hi$
+\.o$
+\.o\.cmd$
+# *.ko files aren't boring by default because they might
+# be Korean translations rather than kernel modules.
+# \.ko$
+\.ko\.cmd$
+\.mod\.c$
+(^|/)\.tmp_versions($|/)
+(^|/)CVS($|/)
+(^|/)RCS($|/)
+~$
+#(^|/)\.[^/]
+(^|/)_darcs($|/)
+\.bak$
+\.BAK$
+\.orig$
+(^|/)vssver\.scc$
+\.swp$
+(^|/)MT($|/)
+(^|/)\{arch\}($|/)
+(^|/).arch-ids($|/)
+(^|/),
+\.class$
+\.prof$
+(^|/)\.DS_Store$
+(^|/)BitKeeper($|/)
+(^|/)ChangeSet($|/)
+(^|/)\.svn($|/)
+\.py[co]$
+\#
+\.cvsignore$
+(^|/)Thumbs\.db$
+^doc($|/)
+^CHANGELOG$
11 admin/fixperms
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+cat <<EOF | xargs chmod +x
+admin/prepare-release
+admin/build-docs
+admin/fixperms
+admin/runtests
+admin/graph-require.sh
+examples/discover
+EOF
+
+find "examples/rails_openid/script/" -type f | xargs chmod +x
47 admin/gettlds.py
@@ -0,0 +1,47 @@
+"""
+Fetch the current TLD list from the IANA Web site, parse it, and print
+an expression suitable for direct insertion into each library's trust
+root validation module
+
+Usage:
+ python gettlds.py (php|python|ruby)
+
+Then cut-n-paste.
+"""
+
+import urllib2
+
+import sys
+
+langs = {
+ 'php': (r"'/\.(",
+ "'", "|", "|' .",
+ r")\.?$/'"),
+ 'python': ("['",
+ "'", "', '", "',",
+ "']"),
+ 'ruby': ("%w'",
+ "", " ", "",
+ "'"),
+ }
+
+lang = sys.argv[1]
+prefix, line_prefix, separator, line_suffix, suffix = langs[lang]
+
+f = urllib2.urlopen('http://data.iana.org/TLD/tlds-alpha-by-domain.txt')
+tlds = []
+output_line = ""
+for input_line in f:
+ if input_line.startswith('#'):
+ continue
+
+ tld = input_line.strip().lower()
+ new_output_line = output_line + prefix + tld
+ if len(new_output_line) > 60:
+ print output_line + line_suffix
+ output_line = line_prefix + tld
+ else:
+ output_line = new_output_line
+ prefix = separator
+
+print output_line + suffix
30 admin/graph-require.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+OUTPUT_FILE="deps.png"
+
+if [ ! "$1" ] ; then
+ echo "Usage: graph-require.sh <lib_directory> [output_filename]"
+ exit 1
+fi
+
+if [ "$2" ] ; then
+ OUTPUT_FILE=$2
+fi
+
+grep -r '^ *require ['"'"'"]' $1 > require.txt
+
+python <<EOF
+import re
+import pydot
+import sys
+
+parse_require = re.compile(
+ '\\\\blib/([^:]+).rb: *require ["\\']([^"\\']+)[\\'"]\$',
+ re.MULTILINE)
+matches = [(file, dep) for (file, dep)
+ in parse_require.findall(file('require.txt').read())
+ if re.match('(yadis|openid)($|/)', dep)
+ ]
+g = pydot.graph_from_edges(matches, directed=True)
+g.write_png('$OUTPUT_FILE')
+EOF
1 admin/library-name
@@ -0,0 +1 @@
+ruby-openid
13 admin/mkassoc
@@ -0,0 +1,13 @@
+#!/usr/bin/env ruby
+
+require "openid/consumer/associationmanager"
+require "openid/store/memstore"
+
+store = OpenID::MemoryStore.new
+ARGV.each do |server_url|
+ mgr = OpenID::Consumer::AssociationManager.new(store, URI.parse(server_url))
+ puts '=' * 50
+ puts "Server: #{server_url}"
+ puts mgr.get_association.serialize
+ puts '-' * 50
+end
24 admin/prepare-release
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+#
+# Prepare this repository for release
+#
+# required tools:
+# rdoc
+# darcs
+
+set -e
+
+HERE=$(readlink --canonicalize $(dirname "$0"))
+ROOT=$(dirname "$HERE")
+
+cd "$ROOT"
+
+# set permissions
+bash ./admin/fixperms
+
+# build documentation
+./admin/build-docs
+
+# build changelog
+darcs changes --from-tag . --summary > CHANGELOG
+
15 admin/runtests
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+case "$1" in
+ --coverage)
+ shift
+ RUBY="rcov --exclude=^lib/hmac/,^admin/ --sort=coverage"
+ ;;
+ *)
+ RUBY="ruby"
+ ;;
+esac
+
+HERE=$(dirname $(readlink --canonicalize "$0"))
+REPOROOT=$(dirname "$HERE")
+TESTING_MEMCACHE="localhost:11211" RUBYLIB="$REPOROOT/lib" $RUBY "$@" "$REPOROOT/admin/runtests.rb"
45 admin/runtests.rb
@@ -0,0 +1,45 @@
+#!/usr/bin/ruby
+
+require "logger"
+require "stringio"
+require "pathname"
+
+require 'test/unit/collector/dir'
+require 'test/unit/ui/console/testrunner'
+
+begin
+ require 'rubygems'
+ require 'memcache'
+rescue LoadError
+else
+ if ENV['TESTING_MEMCACHE']
+ TESTING_MEMCACHE = MemCache.new(ENV['TESTING_MEMCACHE'])
+ end
+end
+
+def main
+ old_verbose = $VERBOSE
+ $VERBOSE = true
+
+ tests_dir = Pathname.new(__FILE__).dirname.dirname.join('test')
+
+ # Collect tests from everything named test_*.rb.
+ c = Test::Unit::Collector::Dir.new
+
+ if c.respond_to?(:base=)
+ # In order to supress warnings from ruby 1.8.6 about accessing
+ # undefined member
+ c.base = tests_dir
+ suite = c.collect
+ else
+ # Because base is not defined in ruby < 1.8.6
+ suite = c.collect(tests_dir)
+ end
+
+ result = Test::Unit::UI::Console::TestRunner.run(suite)
+ result.passed?
+ensure
+ $VERBOSE = old_verbose
+end
+
+exit(main)
32 examples/README
@@ -0,0 +1,32 @@
+This directory contains several examples that demonstrate use of the
+OpenID library. Make sure you have properly installed the library
+before running the examples. These examples are a great place to
+start in integrating OpenID into your application.
+
+==Rails example
+
+The rails_openid contains a fully functional OpenID server and relying
+party, and acts as a starting point for implementing your own
+production rails server. You'll need the latest version of Ruby on
+Rails installed, and then:
+
+ cd rails_openid
+ ./script/server
+
+Open a web browser to http://localhost:3000/ and follow the instructions.
+
+The relevant code to work from when writing your Rails OpenID Relying
+Party is:
+ rails_openid/app/controllers/consumer_controller.rb
+If you are working on an OpenID provider, check out
+ rails_openid/app/controllers/server_controller.rb
+
+Since the library and examples are Apache-licensed, don't be shy about
+copy-and-paste.
+
+==Rails ActiveRecord OpenIDStore plugin
+
+For various reasons you may want or need to deploy your ruby openid
+consumer/server using an SQL based store. The active_record_openid_store
+is a plugin that makes using an SQL based store simple. Follow the
+README inside the plugin's dir for usage.
58 examples/active_record_openid_store/README
@@ -0,0 +1,58 @@
+=Active Record OpenID Store Plugin
+
+A store is required by an OpenID server and optionally by the consumer
+to store associations, nonces, and auth key information across
+requests and processes. If rails is distributed across several
+machines, they must must all have access to the same OpenID store
+data, so the FilesystemStore won't do.
+
+This directory contains a plugin for connecting your
+OpenID enabled rails app to an ActiveRecord based OpenID store.
+
+==Install
+
+1) Copy this directory and all it's contents into your
+RAILS_ROOT/vendor/plugins directory. You structure should look like
+this:
+
+ RAILS_ROOT/vendor/plugins/active_record_openid_store/
+
+2) Copy the migration, XXX_add_open_id_store_to_db.rb to your
+ RAILS_ROOT/db/migrate directory. Rename the XXX portion of the
+ file to next sequential migration number.
+
+3) Run the migration:
+
+ rake migrate
+
+4) Change your app to use the ActiveRecordOpenIDStore:
+
+ store = ActiveRecordOpenIDStore.new
+ consumer = OpenID::Consumer.new(session, store)
+
+5) That's it! All your OpenID state will now be stored in the database.
+
+==Upgrade
+
+If you are upgrading from the 1.x ActiveRecord store, replace your old
+RAILS_ROOT/vendor/plugins/active_record_openid_store/ directory with
+the new one and run the migration XXX_upgrade_open_id_store.rb.
+
+==What about garbage collection?
+
+You may garbage collect unused nonces and expired associations using
+the gc instance method of ActiveRecordOpenIDStore. Hook it up to a
+task in your app's Rakefile like so:
+
+ desc 'GC OpenID store'
+ task :gc_openid_store => :environment do
+ ActiveRecordOpenIDStore.new.cleanup
+ end
+
+Run it by typing:
+
+ rake gc_openid_store
+
+
+==Questions?
+Contact Dag Arneson: dag at janrain dot com
24 examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb
@@ -0,0 +1,24 @@
+# Use this migration to create the tables for the ActiveRecord store
+class AddOpenIdStoreToDb < ActiveRecord::Migration
+ def self.up
+ create_table "open_id_associations", :force => true do |t|
+ t.column "server_url", :binary, :null => false
+ t.column "handle", :string, :null => false
+ t.column "secret", :binary, :null => false
+ t.column "issued", :integer, :null => false
+ t.column "lifetime", :integer, :null => false
+ t.column "assoc_type", :string, :null => false
+ end
+
+ create_table "open_id_nonces", :force => true do |t|
+ t.column :server_url, :string, :null => false
+ t.column :timestamp, :integer, :null => false
+ t.column :salt, :string, :null => false
+ end
+ end
+
+ def self.down
+ drop_table "open_id_associations"
+ drop_table "open_id_nonces"
+ end
+end
26 examples/active_record_openid_store/XXX_upgrade_open_id_store.rb
@@ -0,0 +1,26 @@
+# Use this migration to upgrade the old 1.1 ActiveRecord store schema
+# to the new 2.0 schema.
+class UpgradeOpenIdStore < ActiveRecord::Migration
+ def self.up
+ drop_table "open_id_settings"
+ drop_table "open_id_nonces"
+ create_table "open_id_nonces", :force => true do |t|
+ t.column :server_url, :string, :null => false
+ t.column :timestamp, :integer, :null => false
+ t.column :salt, :string, :null => false
+ end
+ end
+
+ def self.down
+ drop_table "open_id_nonces"
+ create_table "open_id_nonces", :force => true do |t|
+ t.column "nonce", :string
+ t.column "created", :integer
+ end
+
+ create_table "open_id_settings", :force => true do |t|
+ t.column "setting", :string
+ t.column "value", :binary
+ end
+ end
+end
8 examples/active_record_openid_store/init.rb
@@ -0,0 +1,8 @@
+# might using the ruby-openid gem
+begin
+ require 'rubygems'
+rescue LoadError
+ nil
+end
+require 'openid'
+require 'openid_ar_store'
10 examples/active_record_openid_store/lib/association.rb
@@ -0,0 +1,10 @@
+require 'openid/association'
+require 'time'
+
+class Association < ActiveRecord::Base
+ set_table_name 'open_id_associations'
+ def from_record
+ OpenID::Association.new(handle, secret, Time.at(issued), lifetime, assoc_type)
+ end
+end
+
3 examples/active_record_openid_store/lib/nonce.rb
@@ -0,0 +1,3 @@
+class Nonce < ActiveRecord::Base
+ set_table_name 'open_id_nonces'
+end
4 examples/active_record_openid_store/lib/open_id_setting.rb
@@ -0,0 +1,4 @@
+class OpenIdSetting < ActiveRecord::Base
+
+ validates_uniqueness_of :setting
+end
57 examples/active_record_openid_store/lib/openid_ar_store.rb
@@ -0,0 +1,57 @@
+require 'association'
+require 'nonce'
+require 'openid/store/interface'
+
+# not in OpenID module to avoid namespace conflict
+class ActiveRecordStore < OpenID::Store::Interface
+ def store_association(server_url, assoc)
+ remove_association(server_url, assoc.handle)
+ Association.create!(:server_url => server_url,
+ :handle => assoc.handle,
+ :secret => assoc.secret,
+ :issued => assoc.issued.to_i,
+ :lifetime => assoc.lifetime,
+ :assoc_type => assoc.assoc_type)
+ end
+
+ def get_association(server_url, handle=nil)
+ assocs = if handle.blank?
+ Association.find_all_by_server_url(server_url)
+ else
+ Association.find_all_by_server_url_and_handle(server_url, handle)
+ end
+
+ assocs.reverse.each do |assoc|
+ a = assoc.from_record
+ if a.expires_in == 0
+ assoc.destroy
+ else
+ return a
+ end
+ end if assocs.any?
+
+ return nil
+ end
+
+ def remove_association(server_url, handle)
+ Association.delete_all(['server_url = ? AND handle = ?', server_url, handle]) > 0
+ end
+
+ def use_nonce(server_url, timestamp, salt)
+ return false if Nonce.find_by_server_url_and_timestamp_and_salt(server_url, timestamp, salt)
+ return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew
+ Nonce.create!(:server_url => server_url, :timestamp => timestamp, :salt => salt)
+ return true
+ end
+
+ def cleanup_nonces
+ now = Time.now.to_i
+ Nonce.delete_all(["timestamp > ? OR timestamp < ?", now + OpenID::Nonce.skew, now - OpenID::Nonce.skew])
+ end
+
+ def cleanup_associations
+ now = Time.now.to_i
+ Association.delete_all(['issued + lifetime > ?',now])
+ end
+
+end
212 examples/active_record_openid_store/test/store_test.rb
@@ -0,0 +1,212 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+require 'test/unit'
+RAILS_ENV = "test"
+require File.expand_path(File.join(File.dirname(__FILE__), '../../../../config/environment.rb'))
+
+module StoreTestCase
+ @@allowed_handle = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~'
+ @@allowed_nonce = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+ def _gen_nonce
+ OpenID::CryptUtil.random_string(8, @@allowed_nonce)
+ end
+
+ def _gen_handle(n)
+ OpenID::CryptUtil.random_string(n, @@allowed_handle)
+ end
+
+ def _gen_secret(n, chars=nil)
+ OpenID::CryptUtil.random_string(n, chars)
+ end
+
+ def _gen_assoc(issued, lifetime=600)
+ secret = _gen_secret(20)
+ handle = _gen_handle(128)
+ OpenID::Association.new(handle, secret, Time.now + issued, lifetime,
+ 'HMAC-SHA1')
+ end
+
+ def _check_retrieve(url, handle=nil, expected=nil)
+ ret_assoc = @store.get_association(url, handle)
+
+ if expected.nil?
+ assert_nil(ret_assoc)
+ else
+ assert_equal(expected, ret_assoc)
+ assert_equal(expected.handle, ret_assoc.handle)
+ assert_equal(expected.secret, ret_assoc.secret)
+ end
+ end
+
+ def _check_remove(url, handle, expected)
+ present = @store.remove_association(url, handle)
+ assert_equal(expected, present)
+ end
+
+ def test_store
+ server_url = "http://www.myopenid.com/openid"
+ assoc = _gen_assoc(issued=0)
+
+ # Make sure that a missing association returns no result
+ _check_retrieve(server_url)
+
+ # Check that after storage, getting returns the same result
+ @store.store_association(server_url, assoc)
+ _check_retrieve(server_url, nil, assoc)
+
+ # more than once
+ _check_retrieve(server_url, nil, assoc)
+
+ # Storing more than once has no ill effect
+ @store.store_association(server_url, assoc)
+ _check_retrieve(server_url, nil, assoc)
+
+ # Removing an association that does not exist returns not present
+ _check_remove(server_url, assoc.handle + 'x', false)
+
+ # Removing an association that does not exist returns not present
+ _check_remove(server_url + 'x', assoc.handle, false)
+
+ # Removing an association that is present returns present
+ _check_remove(server_url, assoc.handle, true)
+
+ # but not present on subsequent calls
+ _check_remove(server_url, assoc.handle, false)
+
+ # Put assoc back in the store
+ @store.store_association(server_url, assoc)
+
+ # More recent and expires after assoc
+ assoc2 = _gen_assoc(issued=1)
+ @store.store_association(server_url, assoc2)
+
+ # After storing an association with a different handle, but the
+ # same server_url, the handle with the later expiration is returned.
+ _check_retrieve(server_url, nil, assoc2)
+
+ # We can still retrieve the older association
+ _check_retrieve(server_url, assoc.handle, assoc)
+
+ # Plus we can retrieve the association with the later expiration
+ # explicitly
+ _check_retrieve(server_url, assoc2.handle, assoc2)
+
+ # More recent, and expires earlier than assoc2 or assoc. Make sure
+ # that we're picking the one with the latest issued date and not
+ # taking into account the expiration.
+ assoc3 = _gen_assoc(issued=2, lifetime=100)
+ @store.store_association(server_url, assoc3)
+
+ _check_retrieve(server_url, nil, assoc3)
+ _check_retrieve(server_url, assoc.handle, assoc)
+ _check_retrieve(server_url, assoc2.handle, assoc2)
+ _check_retrieve(server_url, assoc3.handle, assoc3)
+
+ _check_remove(server_url, assoc2.handle, true)
+
+ _check_retrieve(server_url, nil, assoc3)
+ _check_retrieve(server_url, assoc.handle, assoc)
+ _check_retrieve(server_url, assoc2.handle, nil)
+ _check_retrieve(server_url, assoc3.handle, assoc3)
+
+ _check_remove(server_url, assoc2.handle, false)
+ _check_remove(server_url, assoc3.handle, true)
+
+ _check_retrieve(server_url, nil, assoc)
+ _check_retrieve(server_url, assoc.handle, assoc)
+ _check_retrieve(server_url, assoc2.handle, nil)
+ _check_retrieve(server_url, assoc3.handle, nil)
+
+ _check_remove(server_url, assoc2.handle, false)
+ _check_remove(server_url, assoc.handle, true)
+ _check_remove(server_url, assoc3.handle, false)
+
+ _check_retrieve(server_url, nil, nil)
+ _check_retrieve(server_url, assoc.handle, nil)
+ _check_retrieve(server_url, assoc2.handle, nil)
+ _check_retrieve(server_url, assoc3.handle, nil)
+
+ _check_remove(server_url, assoc2.handle, false)
+ _check_remove(server_url, assoc.handle, false)
+ _check_remove(server_url, assoc3.handle, false)
+
+ assocValid1 = _gen_assoc(-3600, 7200)
+ assocValid2 = _gen_assoc(-5)
+ assocExpired1 = _gen_assoc(-7200, 3600)
+ assocExpired2 = _gen_assoc(-7200, 3600)
+
+ @store.cleanup_associations
+ @store.store_association(server_url + '1', assocValid1)
+ @store.store_association(server_url + '1', assocExpired1)
+ @store.store_association(server_url + '2', assocExpired2)
+ @store.store_association(server_url + '3', assocValid2)
+
+ cleaned = @store.cleanup_associations()
+ assert_equal(2, cleaned, "cleaned up associations")
+ end
+
+ def _check_use_nonce(nonce, expected, server_url, msg='')
+ stamp, salt = OpenID::Nonce::split_nonce(nonce)
+ actual = @store.use_nonce(server_url, stamp, salt)
+ assert_equal(expected, actual, msg)
+ end
+
+ def test_nonce
+ server_url = "http://www.myopenid.com/openid"
+ [server_url, ''].each{|url|
+ nonce1 = OpenID::Nonce::mk_nonce
+
+ _check_use_nonce(nonce1, true, url, "#{url}: nonce allowed by default")
+ _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed twice")
+ _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed third time")
+
+ # old nonces shouldn't pass
+ old_nonce = OpenID::Nonce::mk_nonce(3600)
+ _check_use_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed")
+
+ }
+
+ now = Time.now.to_i
+ old_nonce1 = OpenID::Nonce::mk_nonce(now - 20000)
+ old_nonce2 = OpenID::Nonce::mk_nonce(now - 10000)
+ recent_nonce = OpenID::Nonce::mk_nonce(now - 600)
+
+ orig_skew = OpenID::Nonce.skew
+ OpenID::Nonce.skew = 0
+ count = @store.cleanup_nonces
+ OpenID::Nonce.skew = 1000000
+ ts, salt = OpenID::Nonce::split_nonce(old_nonce1)
+ assert(@store.use_nonce(server_url, ts, salt), "oldnonce1")
+ ts, salt = OpenID::Nonce::split_nonce(old_nonce2)
+ assert(@store.use_nonce(server_url, ts, salt), "oldnonce2")
+ ts, salt = OpenID::Nonce::split_nonce(recent_nonce)
+ assert(@store.use_nonce(server_url, ts, salt), "recent_nonce")
+
+
+ OpenID::Nonce.skew = 1000
+ cleaned = @store.cleanup_nonces
+ assert_equal(2, cleaned, "Cleaned #{cleaned} nonces")
+
+ OpenID::Nonce.skew = 100000
+ ts, salt = OpenID::Nonce::split_nonce(old_nonce1)
+ assert(@store.use_nonce(server_url, ts, salt), "oldnonce1 after cleanup")
+ ts, salt = OpenID::Nonce::split_nonce(old_nonce2)
+ assert(@store.use_nonce(server_url, ts, salt), "oldnonce2 after cleanup")
+ ts, salt = OpenID::Nonce::split_nonce(recent_nonce)
+ assert(!@store.use_nonce(server_url, ts, salt), "recent_nonce after cleanup")
+
+ OpenID::Nonce.skew = orig_skew
+
+ end
+end
+
+
+class TestARStore < Test::Unit::TestCase
+ include StoreTestCase
+
+ def setup
+ @store = ActiveRecordStore.new
+ end
+
+end
+
49 examples/discover
@@ -0,0 +1,49 @@
+#!/usr/bin/env ruby
+require "openid/consumer/discovery"
+require 'openid/fetchers'
+
+OpenID::fetcher_use_env_http_proxy
+
+$names = [[:server_url, "Server URL "],
+ [:local_id, "Local ID "],
+ [:canonical_id, "Canonical ID"],
+ ]
+
+def show_services(user_input, normalized, services)
+ puts " Claimed identifier: #{normalized}"
+ if services.empty?
+ puts " No OpenID services found"
+ puts
+ else
+ puts " Discovered services:"
+ n = 0
+ services.each do |service|
+ n += 1
+ puts " #{n}."
+ $names.each do |meth, name|
+ val = service.send(meth)
+ if val
+ printf(" %s: %s\n", name, val)
+ end
+ end
+ puts " Type URIs:"
+ for type_uri in service.type_uris
+ puts " * #{type_uri}"
+ end
+ puts
+ end
+ end
+end
+
+ARGV.each do |openid_identifier|
+ puts "=" * 50
+ puts "Running discovery on #{openid_identifier}"
+ begin
+ normalized_identifier, services = OpenID.discover(openid_identifier)
+ rescue OpenID::DiscoveryFailure => why
+ puts "Discovery failed: #{why.message}"
+ puts
+ else
+ show_services(openid_identifier, normalized_identifier, services)
+ end
+end
153 examples/rails_openid/README
@@ -0,0 +1,153 @@
+== Welcome to Rails
+
+Rails is a web-application and persistence framework that includes everything
+needed to create database-backed web-applications according to the
+Model-View-Control pattern of separation. This pattern splits the view (also
+called the presentation) into "dumb" templates that are primarily responsible
+for inserting pre-built data in between HTML tags. The model contains the
+"smart" domain objects (such as Account, Product, Person, Post) that holds all
+the business logic and knows how to persist themselves to a database. The
+controller handles the incoming requests (such as Save New Account, Update
+Product, Show Post) by manipulating the model and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting started
+
+1. Run the WEBrick servlet: <tt>ruby script/server</tt> (run with --help for options)
+ ...or if you have lighttpd installed: <tt>ruby script/lighttpd</tt> (it's faster)
+2. Go to http://localhost:3000/ and get "Congratulations, you've put Ruby on Rails!"
+3. Follow the guidelines on the "Congratulations, you've put Ruby on Rails!" screen
+
+
+== Example for Apache conf
+
+ <VirtualHost *:80>
+ ServerName rails
+ DocumentRoot /path/application/public/
+ ErrorLog /path/application/log/server.log
+
+ <Directory /path/application/public/>
+ Options ExecCGI FollowSymLinks
+ AllowOverride all
+ Allow from all
+ Order allow,deny
+ </Directory>
+ </VirtualHost>
+
+NOTE: Be sure that CGIs can be executed in that directory as well. So ExecCGI
+should be on and ".cgi" should respond. All requests from 127.0.0.1 go
+through CGI, so no Apache restart is necessary for changes. All other requests
+go through FCGI (or mod_ruby), which requires a restart to show changes.
+
+
+== Debugging Rails
+
+Have "tail -f" commands running on both the server.log, production.log, and
+test.log files. Rails will automatically display debugging and runtime
+information to these files. Debugging info will also be shown in the browser
+on requests from 127.0.0.1.
+
+
+== Breakpoints
+
+Breakpoint support is available through the script/breakpointer client. This
+means that you can break out of execution at any point in the code, investigate
+and change the model, AND then resume execution! Example:
+
+ class WeblogController < ActionController::Base
+ def index
+ @posts = Post.find_all
+ breakpoint "Breaking out from the list"
+ end
+ end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the breakpointer window. Here you can do things like:
+
+Executing breakpoint "Breaking out from the list" at .../webrick_server.rb:16 in 'breakpoint'
+
+ >> @posts.inspect
+ => "[#<Post:0x14a6be8 @attributes={\"title\"=>nil, \"body\"=>nil, \"id\"=>\"1\"}>,
+ #<Post:0x14a6620 @attributes={\"title\"=>\"Rails you know!\", \"body\"=>\"Only ten..\", \"id\"=>\"2\"}>]"
+ >> @posts.first.title = "hello from a breakpoint"
+ => "hello from a breakpoint"
+
+...and even better is that you can examine how your runtime objects actually work:
+
+ >> f = @posts.first
+ => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+ >> f.
+ Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you press CTRL-D
+
+
+== Console
+
+You can interact with the domain model by starting the console through script/console.
+Here you'll have all parts of the application configured, just like it is when the
+application is running. You can inspect domain models, change values, and save to the
+database. Starting the script without arguments will launch it in the development environment.
+Passing an argument will specify a different environment, like <tt>console production</tt>.
+
+
+== Description of contents
+
+app
+ Holds all the code that's specific to this particular application.
+
+app/controllers
+ Holds controllers that should be named like weblog_controller.rb for
+ automated URL mapping. All controllers should descend from
+ ActionController::Base.
+
+app/models
+ Holds models that should be named like post.rb.
+ Most models will descend from ActiveRecord::Base.
+
+app/views
+ Holds the template files for the view that should be named like
+ weblog/index.rhtml for the WeblogController#index action. All views use eRuby
+ syntax. This directory can also be used to keep stylesheets, images, and so on
+ that can be symlinked to public.
+
+app/helpers
+ Holds view helpers that should be named like weblog_helper.rb.
+
+config
+ Configuration files for the Rails environment, the routing map, the database, and other dependencies.
+
+components
+ Self-contained mini-applications that can bundle together controllers, models, and views.
+
+lib
+ Application specific libraries. Basically, any kind of custom code that doesn't
+ belong under controllers, models, or helpers. This directory is in the load path.
+
+public
+ The directory available for the web server. Contains subdirectories for images, stylesheets,
+ and javascripts. Also contains the dispatchers and the default HTML files.
+
+script
+ Helper scripts for automation and generation.
+
+test
+ Unit and functional tests along with fixtures.
+
+vendor
+ External libraries that the application depends on. Also includes the plugins subdirectory.
+ This directory is in the load path.
10 examples/rails_openid/Rakefile
@@ -0,0 +1,10 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/switchtower.rake, and they will automatically be available to Rake.
+
+require(File.join(File.dirname(__FILE__), 'config', 'boot'))
+
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+require 'tasks/rails'
4 examples/rails_openid/app/controllers/application.rb
@@ -0,0 +1,4 @@
+# Filters added to this controller will be run for all controllers in the application.
+# Likewise, all the methods added will be available for all controllers.
+class ApplicationController < ActionController::Base
+end
122 examples/rails_openid/app/controllers/consumer_controller.rb
@@ -0,0 +1,122 @@
+require 'pathname'
+
+require "openid"
+require 'openid/extensions/sreg'
+require 'openid/extensions/pape'
+require 'openid/store/filesystem'
+
+class ConsumerController < ApplicationController
+ layout nil
+
+ def index
+ # render an openid form
+ end
+
+ def start
+ begin
+ identifier = params[:openid_identifier]
+ if identifier.nil?
+ flash[:error] = "Enter an OpenID identifier"
+ redirect_to :action => 'index'
+ return
+ end
+ oidreq = consumer.begin(identifier)
+ rescue OpenID::OpenIDError => e
+ flash[:error] = "Discovery failed for #{identifier}: #{e}"
+ redirect_to :action => 'index'
+ return
+ end
+ if params[:use_sreg]
+ sregreq = OpenID::SReg::Request.new
+ # required fields
+ sregreq.request_fields(['email','nickname'], true)
+ # optional fields
+ sregreq.request_fields(['dob', 'fullname'], false)
+ oidreq.add_extension(sregreq)
+ oidreq.return_to_args['did_sreg'] = 'y'
+ end
+ if params[:use_pape]
+ papereq = OpenID::PAPE::Request.new
+ papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT)
+ papereq.max_auth_age = 2*60*60
+ oidreq.add_extension(papereq)
+ oidreq.return_to_args['did_pape'] = 'y'
+ end
+ if params[:force_post]
+ oidreq.return_to_args['force_post']='x'*2048
+ end
+ return_to = url_for :action => 'complete', :only_path => false
+ realm = url_for :action => 'index', :only_path => false
+
+ if oidreq.send_redirect?(realm, return_to, params[:immediate])
+ redirect_to oidreq.redirect_url(realm, return_to, params[:immediate])
+ else
+ render :text => oidreq.html_markup(realm, return_to, params[:immediate], {'id' => 'openid_form'})
+ end
+ end
+
+ def complete
+ # FIXME - url_for some action is not necessarily the current URL.
+ current_url = url_for(:action => 'complete', :only_path => false)
+ parameters = params.reject{|k,v|request.path_parameters[k]}
+ oidresp = consumer.complete(parameters, current_url)
+ case oidresp.status
+ when OpenID::Consumer::FAILURE
+ if oidresp.display_identifier
+ flash[:error] = ("Verification of #{oidresp.display_identifier}"\
+ " failed: #{oidresp.message}")
+ else
+ flash[:error] = "Verification failed: #{oidresp.message}"
+ end
+ when OpenID::Consumer::SUCCESS
+ flash[:success] = ("Verification of #{oidresp.display_identifier}"\
+ " succeeded.")
+ if params[:did_sreg]
+ sreg_resp = OpenID::SReg::Response.from_success_response(oidresp)
+ sreg_message = "Simple Registration data was requested"
+ if sreg_resp.empty?
+ sreg_message << ", but none was returned."
+ else
+ sreg_message << ". The following data were sent:"
+ sreg_resp.data.each {|k,v|
+ sreg_message << "<br/><b>#{k}</b>: #{v}"
+ }
+ end
+ flash[:sreg_results] = sreg_message
+ end
+ if params[:did_pape]
+ pape_resp = OpenID::PAPE::Response.from_success_response(oidresp)
+ pape_message = "A phishing resistant authentication method was requested"
+ if pape_resp.auth_policies.member? OpenID::PAPE::AUTH_PHISHING_RESISTANT
+ pape_message << ", and the server reported one."
+ else
+ pape_message << ", but the server did not report one."
+ end
+ if pape_resp.auth_time
+ pape_message << "<br><b>Authentication time:</b> #{pape_resp.auth_time} seconds"
+ end
+ if pape_resp.nist_auth_level
+ pape_message << "<br><b>NIST Auth Level:</b> #{pape_resp.nist_auth_level}"
+ end
+ flash[:pape_results] = pape_message
+ end
+ when OpenID::Consumer::SETUP_NEEDED
+ flash[:alert] = "Immediate request failed - Setup Needed"
+ when OpenID::Consumer::CANCEL
+ flash[:alert] = "OpenID transaction cancelled."
+ else
+ end
+ redirect_to :action => 'index'
+ end
+
+ private
+
+ def consumer
+ if @consumer.nil?
+ dir = Pathname.new(RAILS_ROOT).join('db').join('cstore')
+ store = OpenID::Store::Filesystem.new(dir)
+ @consumer = OpenID::Consumer.new(session, store)
+ end
+ return @consumer
+ end
+end
45 examples/rails_openid/app/controllers/login_controller.rb
@@ -0,0 +1,45 @@
+# Controller for handling the login, logout process for "users" of our
+# little server. Users have no password. This is just an example.
+
+require 'openid'
+
+class LoginController < ApplicationController
+
+ layout 'server'
+
+ def base_url
+ url_for(:controller => 'login', :action => nil, :only_path => false)
+ end
+
+ def index
+ response.headers['X-XRDS-Location'] = url_for(:controller => "server",
+ :action => "idp_xrds",
+ :only_path => false)
+ @base_url = base_url
+ # just show the login page
+ end
+
+ def submit
+ user = params[:username]
+
+ # if we get a user, log them in by putting their username in
+ # the session hash.
+ unless user.nil?
+ session[:username] = user unless user.nil?
+ session[:approvals] = []
+ flash[:notice] = "Your OpenID URL is <b>#{base_url}user/#{user}</b><br/><br/>Proceed to step 2 below."
+ else
+ flash[:error] = "Sorry, couldn't log you in. Try again."
+ end
+
+ redirect_to :action => 'index'
+ end
+
+ def logout
+ # delete the username from the session hash
+ session[:username] = nil
+ session[:approvals] = nil
+ redirect_to :action => 'index'
+ end
+
+end
265 examples/rails_openid/app/controllers/server_controller.rb
@@ -0,0 +1,265 @@
+require 'pathname'
+
+# load the openid library, first trying rubygems
+#begin
+# require "rubygems"
+# require_gem "ruby-openid", ">= 1.0"
+#rescue LoadError
+require "openid"
+require "openid/consumer/discovery"
+require 'openid/extensions/sreg'
+require 'openid/extensions/pape'
+require 'openid/store/filesystem'
+#end
+
+class ServerController < ApplicationController
+
+ include ServerHelper
+ include OpenID::Server
+ layout nil
+
+ def index
+ begin
+ oidreq = server.decode_request(params)
+ rescue ProtocolError => e
+ # invalid openid request, so just display a page with an error message
+ render :text => e.to_s, :status => 500
+ return
+ end
+
+ # no openid.mode was given
+ unless oidreq
+ render :text => "This is an OpenID server endpoint."
+ return
+ end
+
+ oidresp = nil
+
+ if oidreq.kind_of?(CheckIDRequest)
+
+ identity = oidreq.identity
+
+ if oidreq.id_select
+ if oidreq.immediate
+ oidresp = oidreq.answer(false)
+ elsif session[:username].nil?
+ # The user hasn't logged in.
+ show_decision_page(oidreq)
+ return
+ else
+ # Else, set the identity to the one the user is using.
+ identity = url_for_user
+ end
+ end
+
+ if oidresp
+ nil
+ elsif self.is_authorized(identity, oidreq.trust_root)
+ oidresp = oidreq.answer(true, nil, identity)
+
+ # add the sreg response if requested
+ add_sreg(oidreq, oidresp)
+ # ditto pape
+ add_pape(oidreq, oidresp)
+
+ elsif oidreq.immediate
+ server_url = url_for :action => 'index'
+ oidresp = oidreq.answer(false, server_url)
+
+ else
+ show_decision_page(oidreq)
+ return
+ end
+
+ else
+ oidresp = server.handle_request(oidreq)
+ end
+
+ self.render_response(oidresp)
+ end
+
+ def show_decision_page(oidreq, message="Do you trust this site with your identity?")
+ session[:last_oidreq] = oidreq
+ @oidreq = oidreq
+
+ if message
+ flash[:notice] = message
+ end
+
+ render :template => 'server/decide', :layout => 'server'
+ end
+
+ def user_page
+ # Yadis content-negotiation: we want to return the xrds if asked for.
+ accept = request.env['HTTP_ACCEPT']
+
+ # This is not technically correct, and should eventually be updated
+ # to do real Accept header parsing and logic. Though I expect it will work
+ # 99% of the time.
+ if accept and accept.include?('application/xrds+xml')
+ user_xrds
+ return
+ end
+
+ # content negotiation failed, so just render the user page
+ xrds_url = url_for(:controller=>'user',:action=>params[:username])+'/xrds'
+ identity_page = <<EOS
+<html><head>
+<meta http-equiv="X-XRDS-Location" content="#{xrds_url}" />
+<link rel="openid.server" href="#{url_for :action => 'index'}" />
+</head><body><p>OpenID identity page for #{params[:username]}</p>
+</body></html>
+EOS
+
+ # Also add the Yadis location header, so that they don't have
+ # to parse the html unless absolutely necessary.
+ response.headers['X-XRDS-Location'] = xrds_url
+ render :text => identity_page
+ end
+
+ def user_xrds
+ types = [
+ OpenID::OPENID_2_0_TYPE,
+ OpenID::OPENID_1_0_TYPE,
+ OpenID::SREG_URI,
+ ]
+
+ render_xrds(types)
+ end
+
+ def idp_xrds
+ types = [
+ OpenID::OPENID_IDP_2_0_TYPE,
+ ]
+
+ render_xrds(types)
+ end
+
+ def decision
+ oidreq = session[:last_oidreq]
+ session[:last_oidreq] = nil
+
+ if params[:yes].nil?
+ redirect_to oidreq.cancel_url
+ return
+ else
+ id_to_send = params[:id_to_send]
+
+ identity = oidreq.identity
+ if oidreq.id_select
+ if id_to_send and id_to_send != ""
+ session[:username] = id_to_send
+ session[:approvals] = []
+ identity = url_for_user
+ else
+ msg = "You must enter a username to in order to send " +
+ "an identifier to the Relying Party."
+ show_decision_page(oidreq, msg)
+ return
+ end
+ end
+
+ if session[:approvals]
+ session[:approvals] << oidreq.trust_root
+ else
+ session[:approvals] = [oidreq.trust_root]
+ end
+ oidresp = oidreq.answer(true, nil, identity)
+ add_sreg(oidreq, oidresp)
+ add_pape(oidreq, oidresp)
+ return self.render_response(oidresp)
+ end
+ end
+
+ protected
+
+ def server
+ if @server.nil?
+ server_url = url_for :action => 'index', :only_path => false
+ dir = Pathname.new(RAILS_ROOT).join('db').join('openid-store')
+ store = OpenID::Store::Filesystem.new(dir)
+ @server = Server.new(store, server_url)
+ end
+ return @server
+ end
+
+ def approved(trust_root)
+ return false if session[:approvals].nil?
+ return session[:approvals].member?(trust_root)
+ end
+
+ def is_authorized(identity_url, trust_root)
+ return (session[:username] and (identity_url == url_for_user) and self.approved(trust_root))
+ end
+
+ def render_xrds(types)
+ type_str = ""
+
+ types.each { |uri|
+ type_str += "<Type>#{uri}</Type>\n "
+ }
+
+ yadis = <<EOS
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+ xmlns:xrds="xri://$xrds"
+ xmlns="xri://$xrd*($v*2.0)">
+ <XRD>
+ <Service priority="0">
+ #{type_str}
+ <URI>#{url_for(:controller => 'server', :only_path => false)}</URI>
+ </Service>
+ </XRD>
+</xrds:XRDS>
+EOS
+
+ response.headers['content-type'] = 'application/xrds+xml'
+ render :text => yadis
+ end
+
+ def add_sreg(oidreq, oidresp)
+ # check for Simple Registration arguments and respond
+ sregreq = OpenID::SReg::Request.from_openid_request(oidreq)
+
+ return if sregreq.nil?
+ # In a real application, this data would be user-specific,
+ # and the user should be asked for permission to release
+ # it.
+ sreg_data = {
+ 'nickname' => session[:username],
+ 'fullname' => 'Mayor McCheese',
+ 'email' => 'mayor@example.com'
+ }
+
+ sregresp = OpenID::SReg::Response.extract_response(sregreq, sreg_data)
+ oidresp.add_extension(sregresp)
+ end
+
+ def add_pape(oidreq, oidresp)
+ papereq = OpenID::PAPE::Request.from_openid_request(oidreq)
+ return if papereq.nil?
+ paperesp = OpenID::PAPE::Response.new
+ paperesp.nist_auth_level = 0 # we don't even do auth at all!
+ oidresp.add_extension(paperesp)
+ end
+
+ def render_response(oidresp)
+ if oidresp.needs_signing
+ signed_response = server.signatory.sign(oidresp)
+ end
+ web_response = server.encode_response(oidresp)
+
+ case web_response.code
+ when HTTP_OK
+ render :text => web_response.body, :status => 200
+
+ when HTTP_REDIRECT
+ redirect_to web_response.headers['location']
+
+ else
+ render :text => web_response.body, :status => 400
+ end
+ end
+
+
+end
3 examples/rails_openid/app/helpers/application_helper.rb
@@ -0,0 +1,3 @@
+# Methods added to this helper will be available to all templates in the application.
+module ApplicationHelper
+end
2 examples/rails_openid/app/helpers/login_helper.rb
@@ -0,0 +1,2 @@
+module LoginHelper
+end
9 examples/rails_openid/app/helpers/server_helper.rb
@@ -0,0 +1,9 @@
+
+module ServerHelper
+
+ def url_for_user
+ url_for :controller => 'user', :action => session[:username]
+ end
+
+end
+
81 examples/rails_openid/app/views/consumer/index.rhtml
@@ -0,0 +1,81 @@
+<html>
+<head>
+<title>Rails OpenID Example Relying Party</title>
+</head>
+ <style type="text/css">
+ * {
+ font-family: verdana,sans-serif;
+ }
+ body {
+ width: 50em;
+ margin: 1em;
+ }
+ div {
+ padding: .5em;
+ }
+ .alert {
+ border: 1px solid #e7dc2b;
+ background: #fff888;
+ }
+ .error {
+ border: 1px solid #ff0000;
+ background: #ffaaaa;
+ }
+ .success {
+ border: 1px solid #00ff00;
+ background: #aaffaa;
+ }
+ #verify-form {
+ border: 1px solid #777777;
+ background: #dddddd;
+ margin-top: 1em;
+ padding-bottom: 0em;
+ }
+ input.openid {
+ background: url( /images/openid_login_bg.gif ) no-repeat;
+ background-position: 0 50%;
+ background-color: #fff;
+ padding-left: 18px;
+ }
+ </style>
+ <body>
+ <h1>Rails OpenID Example Relying Party</h1>
+ <% if flash[:alert] %>
+ <div class='alert'>
+ <%= h(flash[:alert]) %>
+ </div>
+ <% end %>
+ <% if flash[:error] %>
+ <div class='error'>
+ <%= h(flash[:error]) %>
+ </div>
+ <% end %>
+ <% if flash[:success] %>
+ <div class='success'>
+ <%= h(flash[:success]) %>
+ </div>
+ <% end %>
+ <% if flash[:sreg_results] %>
+ <div class='alert'>
+ <%= flash[:sreg_results] %>
+ </div>
+ <% end %>
+ <% if flash[:pape_results] %>
+ <div class='alert'>
+ <%= flash[:pape_results] %>
+ </div>
+ <% end %>
+ <div id="verify-form">
+ <form method="get" accept-charset="UTF-8"
+ action='<%= url_for :action => 'start' %>'>
+ Identifier:
+ <input type="text" class="openid" name="openid_identifier" />
+ <input type="submit" value="Verify" /><br />
+ <input type="checkbox" name="immediate" id="immediate" /><label for="immediate">Use immediate mode</label><br/>
+ <input type="checkbox" name="use_sreg" id="use_sreg" /><label for="use_sreg">Request registration data</label><br/>
+ <input type="checkbox" name="use_pape" id="use_pape" /><label for="use_pape">Request phishing-resistent auth policy (PAPE)</label><br/>
+ <input type="checkbox" name="force_post" id="force_post" /><label for="force_post">Force the transaction to use POST by adding 2K of extra data</label>
+ </form>
+ </div>
+ </body>
+</html>
68 examples/rails_openid/app/views/layouts/server.rhtml
@@ -0,0 +1,68 @@
+<html>
+ <head><title>OpenID Server Example</title></head>
+ <style type="text/css">
+ * {
+ font-family: verdana,sans-serif;
+ }
+ body {
+ width: 50em;
+ margin: 1em;
+ }
+ div {
+ padding: .5em;
+ }
+ table {
+ margin: none;
+ padding: none;
+ }
+ .notice {
+ border: 1px solid #60964f;
+ background: #b3dca7;
+ }
+ .error {
+ border: 1px solid #ff0000;
+ background: #ffaaaa;
+ }
+ #login-form {
+ border: 1px solid #777777;
+ background: #dddddd;
+ margin-top: 1em;
+ padding-bottom: 0em;
+ }
+ table {
+ padding: 1em;
+ }
+ li {margin-bottom: .5em;}
+ span.openid:before {
+ content: url(<%= @base_url %>images/openid_login_bg.gif) ;
+ }
+ span.openid {
+ font-size: smaller;
+ }
+ </style>
+ <body>
+
+
+
+ <% if session[:username] %>