Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

updated docs, changed way store is generated

  • Loading branch information...
commit 4f295a33e5eccb4cbecc78e5042147b779b49952 1 parent d2c8765
@bmuller bmuller authored
Showing with 52 additions and 45 deletions.
  1. +35 −30 README.markdown
  2. +17 −15 lib/googleapps_auth.rb
View
65 README.markdown
@@ -1,7 +1,7 @@
# Rails-GoogleApps-Auth
rails-googleapps-auth is a Rails plugin for OpenID auth against Google apps for your domain accounts. There are a few unique issues
when dealing with authenticating against Google's Apps-For-Your-Domain accounts, which is why this plugin was created (instead of using
-[a more general plugin][open_id_authentication]).
+[a more general plugin](https://github.com/rails/open_id_authentication)).
# Usage
## Installation
@@ -15,39 +15,45 @@ Then, checkout this repo into your vendors/plugins dir:
## Authenticating Users
Create a new controller.
- class AuthController < ApplicationController
- def login
- # user will immediately be redirected to google to log in.
- # args are 1) your domain, 2) your "finish" controller action, and
- # 3) any required ax params (email/firstname/lastname/language)
- google_apps_authenticate "hungrymachine.com", 'finish', [:email]
- end
-
- def finish
- response = google_apps_handle_auth
- if response.failed? or response.canceled?
- flash[:notice] = "Could not authenticate: #{response.error}"
- else
- # start a session, log user in
- sessoin[:logged_in] = true
- session[:email] = response[:email]
- end
- redirect_to :root_url
- end
- end
+ class AuthController < ApplicationController
+ def login
+ # user will immediately be redirected to google to log in.
+ # args are 1) your domain, 2) your "finish" controller action, and
+ # 3) any required ax params (email/firstname/lastname/language)
+ google_apps_authenticate "hungrymachine.com", 'finish', [:email]
+ end
+
+ def finish
+ response = google_apps_handle_auth
+ if response.failed? or response.canceled?
+ flash[:notice] = "Could not authenticate: #{response.error}"
+ else
+ # start a session, log user in
+ session[:user] = response[:email]
+ flash[:notice] = "Thanks for logging in, #{response[:email]}"
+ end
+ redirect_to :root_url
+ end
+ end
To log users in, just redirect them to your controller's **login** action. Additionally, you will need to
add routes for your two actions in your *config/routes.rb* file:
map.resources :auth, :collection => { :login => :get, :finish => :get }
Additionally, a memory store is used by default, but if you will have many users authenticating you should use a different
-**OpenID::Store** by adding the following to your controller:
- require 'openid/store/memory'
- self.store = OpenID::Store::Memcache.new(MemCache.new(<your memcache params>))
- # or
- require 'openid/store/filesystem'
- self.store = OpenID::Store::Filesystem.new(Rails.root.join('tmp/openids'))
-
+**OpenID::Store** by adding a *store* protected method to your controller:
+
+ require 'openid/store/memory' # or 'openid/store/filesystem'
+
+ class AuthController < ApplicationController
+ def store
+ OpenID::Store::Memcache.new(MemCache.new('localhost:11211'))
+ # or OpenID::Store::Filesystem.new(Rails.root.join('tmp/openids'))
+ end
+
+ ...
+ end
+
# Further Reading
* [Google's docs on OpenID discovery for hosted domains](http://groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains)
@@ -55,7 +61,6 @@ Additionally, a memory store is used by default, but if you will have many users
# Alternative
-An alternative to this module is the full [open_id_authentication plugin][open_id_authentication], which may
+An alternative to this module is the full [open_id_authentication plugin](https://github.com/rails/open_id_authentication), which may
be useful if you plan to authenticate against other identity providers than Google.
-[opend_id_authentication]: https://github.com/rails/open_id_authentication
View
32 lib/googleapps_auth.rb
@@ -2,7 +2,6 @@
require 'openid/store/memory'
require 'openid/extensions/ax'
-
module GoogleAppsAuth
ID_PREFIX = "https://www.google.com/accounts/o8/site-xrds?hd="
XRDS_PREFIX = "https://www.google.com/accounts/o8/user-xrds?uri="
@@ -82,23 +81,26 @@ def google_apps_handle_auth
end
end
+ def store
+ OpenID::Store::Memory.new
+ end
- private
def consumer
- @@store ||= OpenID::Store::Memory.new
- @consumer ||= OpenID::Consumer.new(session, @@store)
+ @consumer ||= OpenID::Consumer.new(session, store)
end
+end
- ## TemplateURI's are not followed by the openid gem - so we have to trick it
- class OpenID::Consumer::IdResHandler
- def verify_discovery_results
- oldid = @message.get_arg(OpenID::OPENID_NS, 'identity', nil)
- @message.set_arg(OpenID::OPENID_NS, 'identity', GoogleAppsAuth::XRDS_PREFIX + oldid)
- @message.set_arg(OpenID::OPENID_NS, 'claimed_id', GoogleAppsAuth::XRDS_PREFIX + oldid)
- verify_discovery_results_openid2
- @message.set_arg(OpenID::OPENID_NS, 'identity', oldid)
- @message.set_arg(OpenID::OPENID_NS, 'claimed_id', oldid)
- end
+
+## TemplateURI's are not followed by the openid gem - so we have to trick it
+class OpenID::Consumer::IdResHandler
+ def verify_discovery_results
+ oldid = @message.get_arg(OpenID::OPENID_NS, 'identity', nil)
+ @message.set_arg(OpenID::OPENID_NS, 'identity', GoogleAppsAuth::XRDS_PREFIX + oldid)
+ @message.set_arg(OpenID::OPENID_NS, 'claimed_id', GoogleAppsAuth::XRDS_PREFIX + oldid)
+ verify_discovery_results_openid2
+ @message.set_arg(OpenID::OPENID_NS, 'identity', oldid)
+ @message.set_arg(OpenID::OPENID_NS, 'claimed_id', oldid)
end
-
end
+
+
Please sign in to comment.
Something went wrong with that request. Please try again.