forked from omniauth/omniauth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
open_id.rb
125 lines (110 loc) · 3.9 KB
/
open_id.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
require 'rack/openid'
require 'gapps_openid'
require 'omniauth/openid'
module OmniAuth
module Strategies
class OpenID
include OmniAuth::Strategy
AX = {
:email => 'http://axschema.org/contact/email',
:name => 'http://axschema.org/namePerson',
:nickname => 'http://axschema.org/namePerson/friendly',
:first_name => 'http://axschema.org/namePerson/first',
:last_name => 'http://axschema.org/namePerson/last',
:city => 'http://axschema.org/contact/city/home',
:state => 'http://axschema.org/contact/state/home',
:website => 'http://axschema.org/contact/web/default',
:image => 'http://axschema.org/media/image/aspect11'
}
def initialize(app, store = nil, options = {})
super(app, options[:name] || :open_id)
@options = options
@options[:required] ||= [AX[:email], AX[:name], 'email', 'fullname']
@options[:optional] ||= [AX[:first_name], AX[:last_name], AX[:nickname], AX[:city], AX[:state], AX[:website], AX[:image], 'postcode', 'nickname']
@store = store
end
def dummy_app
lambda{|env| [401, {"WWW-Authenticate" => Rack::OpenID.build_header(
:identifier => identifier,
:return_to => callback_url,
:required => @options[:required],
:optional => @options[:optional]
)}, []]}
end
def callback_url
uri = URI.parse(request.url)
uri.path += '/callback'
uri.to_s
end
def identifier
request[:identifier]
end
def request_phase
identifier ? start : get_identifier
end
def start
openid = Rack::OpenID.new(dummy_app, @store)
response = openid.call(env)
case env['rack.openid.response']
when Rack::OpenID::MissingResponse, Rack::OpenID::TimeoutResponse
fail :connection_failed
else
response
end
end
def get_identifier
response = app.call(env)
if response[0] < 400
response
else
OmniAuth::Form.build('OpenID Authentication') do
text_field('OpenID Identifier', 'identifier')
end.to_response
end
end
def callback_phase
env['REQUEST_METHOD'] = 'GET'
openid = Rack::OpenID.new(lambda{|env| [200,{},[]]}, @store)
openid.call(env)
resp = env.delete('rack.openid.response')
case resp.status
when :failure
fail!(:invalid_credentials)
when :success
request['auth'] = auth_hash(resp)
@app.call(env)
end
end
def auth_hash(response)
OmniAuth::Utils.deep_merge(super(), {
'uid' => response.display_identifier,
'user_info' => user_info(response)
})
end
def user_info(response)
sreg_user_info(response).merge(ax_user_info(response))
end
def sreg_user_info(response)
sreg = ::OpenID::SReg::Response.from_success_response(response)
return {} unless sreg
{
'email' => sreg['email'],
'name' => sreg['fullname'],
'location' => sreg['postcode'],
'nickname' => sreg['nickname']
}.reject{|k,v| v.nil? || v == ''}
end
def ax_user_info(response)
ax = ::OpenID::AX::FetchResponse.from_success_response(response)
return {} unless ax
{
'email' => ax[AX[:email]],
'name' => ax[AX[:name]],
'location' => ("#{ax[AX[:city]]}, #{ax[AX[:state]]}" if Array(ax[AX[:city]]).any? && Array(ax[AX[:state]]).any?),
'nickname' => ax[AX[:nickname]],
'urls' => ({'Website' => Array(ax[AX[:website]]).first} if Array(ax[AX[:website]]).any?)
}.inject({}){|h,(k,v)| h[k] = Array(v).first; h}.reject{|k,v| v.nil? || v == ''}
end
end
end
end