Updated OpenIdAuthentication to use Ruby OpenID 2.x.x gem (closes #10…

…604) [Josh Peek]

git-svn-id: http://svn.rubyonrails.org/rails/plugins/open_id_authentication@9103 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

CHANGELOG

@@ -1,3 +1,5 @@
+* Updated plugin to use Ruby OpenID 2.x.x [Josh Peek]
+
 * Tied plugin to ruby-openid 1.1.4 gem until we can make it compatible with 2.x [DHH]
 
 * Use URI instead of regexps to normalize the URL and gain free, better matching #8136 [dkubb]

README

@@ -8,7 +8,7 @@ Provides a thin wrapper around the excellent ruby-openid gem from JanRan. Be sur
 To understand what OpenID is about and how it works, it helps to read the documentation for lib/openid/consumer.rb
 from that gem.
 
-The specification used is http://openid.net/specs/openid-authentication-1_1.html (not the 2.0 draft).
+The specification used is http://openid.net/specs/openid-authentication-2_0.html.
 
 
 Prerequisites

lib/generators/open_id_authentication_tables/open_id_authentication_tables_generator.rb → generators/open_id_authentication_tables/open_id_authentication_tables_generator.rb

@@ -8,4 +8,4 @@ def manifest
       m.migration_template 'migration.rb', 'db/migrate'
     end
   end
-end
+end

generators/open_id_authentication_tables/templates/migration.rb

@@ -0,0 +1,20 @@
+class <%= class_name %> < ActiveRecord::Migration
+  def self.up
+    create_table :open_id_authentication_associations, :force => true do |t|
+      t.integer :issued, :lifetime
+      t.string :handle, :assoc_type
+      t.binary :server_url, :secret
+    end
+
+    create_table :open_id_authentication_nonces, :force => true do |t|
+      t.integer :timestamp, :null => false
+      t.string :server_url, :null => true
+      t.string :salt, :null => false
+    end
+  end
+
+  def self.down
+    drop_table :open_id_authentication_associations
+    drop_table :open_id_authentication_nonces
+  end
+end

generators/upgrade_open_id_authentication_tables/templates/migration.rb

@@ -0,0 +1,26 @@
+class <%= class_name %> < ActiveRecord::Migration
+  def self.up
+    drop_table :open_id_authentication_settings
+    drop_table :open_id_authentication_nonces
+
+    create_table :open_id_authentication_nonces, :force => true do |t|
+      t.integer :timestamp, :null => false
+      t.string :server_url, :null => true
+      t.string :salt, :null => false
+    end
+  end
+
+  def self.down
+    drop_table :open_id_authentication_nonces
+
+    create_table :open_id_authentication_nonces, :force => true do |t|
+      t.integer :created
+      t.string :nonce
+    end
+
+    create_table :open_id_authentication_settings, :force => true do |t|
+      t.string :setting
+      t.binary :value
+    end
+  end
+end

generators/upgrade_open_id_authentication_tables/upgrade_open_id_authentication_tables_generator.rb

@@ -0,0 +1,11 @@
+class UpgradeOpenIdAuthenticationTablesGenerator < Rails::Generator::NamedBase
+  def initialize(runtime_args, runtime_options = {})
+    super
+  end
+
+  def manifest
+    record do |m|
+      m.migration_template 'migration.rb', 'db/migrate'
+    end
+  end
+end

init.rb

@@ -1,8 +1,11 @@
 begin
-  gem 'ruby-openid', '=1.1.4'
-  require 'openid'  
+  require 'openid'
 rescue LoadError
-  puts "Install the ruby-openid gem to enable OpenID support"
+  begin
+    gem 'ruby-openid', '>=2.0.4'
+  rescue Gem::LoadError
+    puts "Install the ruby-openid gem to enable OpenID support"
+  end
 end
 
-ActionController::Base.send :include, OpenIdAuthentication
+ActionController::Base.send :include, OpenIdAuthentication

lib/open_id_authentication.rb

@@ -1,18 +1,20 @@
 require 'uri'
+require 'openid/extensions/sreg'
+require 'openid/store/filesystem'
 
 module OpenIdAuthentication
   OPEN_ID_AUTHENTICATION_DIR = RAILS_ROOT + "/tmp/openids"
-  
+
   def self.store
     @@store
   end
-  
+
   def self.store=(value)
     @@store = value
   end
-  
+
   self.store = :db
-  
+
   def store
     OpenIdAuthentication.store
   end
@@ -22,27 +24,28 @@ class InvalidOpenId < StandardError
 
   class Result
     ERROR_MESSAGES = {
-      :missing    => "Sorry, the OpenID server couldn't be found",
-      :canceled   => "OpenID verification was canceled",
-      :failed     => "Sorry, the OpenID verification failed"
+      :missing      => "Sorry, the OpenID server couldn't be found",
+      :canceled     => "OpenID verification was canceled",
+      :failed       => "Sorry, the OpenID verification failed",
+      :setup_needed => "OpenID verification needs setup"
     }
-    
+
     def self.[](code)
       new(code)
     end
-    
+
     def initialize(code)
       @code = code
     end
-    
+
     def ===(code)
       if code == :unsuccessful && unsuccessful?
         true
       else
         @code == code
       end
     end
-    
+
     ERROR_MESSAGES.keys.each { |state| define_method("#{state}?") { @code == state } }
 
     def successful?
@@ -52,7 +55,7 @@ def successful?
     def unsuccessful?
       ERROR_MESSAGES.keys.include?(@code)
     end
-    
+
     def message
       ERROR_MESSAGES[@code]
     end
@@ -67,7 +70,6 @@ def self.normalize_url(url)
     raise InvalidOpenId.new("#{url} is not an OpenID URL")
   end
 
-
   protected
     def normalize_url(url)
       OpenIdAuthentication.normalize_url(url)
@@ -87,39 +89,37 @@ def authenticate_with_open_id(identity_url = params[:openid_url], fields = {}, &
       end
     end
 
-
   private
     def begin_open_id_authentication(identity_url, fields = {})
-      open_id_response = timeout_protection_from_identity_server { open_id_consumer.begin(identity_url) }
-
-      case open_id_response.status
-      when OpenID::FAILURE
-        yield Result[:missing], identity_url, nil
-      when OpenID::SUCCESS
-        add_simple_registration_fields(open_id_response, fields)
-        redirect_to(open_id_redirect_url(open_id_response))
-      end
+      open_id_request = open_id_consumer.begin(identity_url)
+      add_simple_registration_fields(open_id_request, fields)
+      redirect_to(open_id_redirect_url(open_id_request))
+    rescue OpenID::OpenIDError, Timeout::Error => e
+      logger.error("[OPENID] #{e}")
+      yield Result[:missing], identity_url, nil
     end
-  
+
     def complete_open_id_authentication
-      open_id_response = timeout_protection_from_identity_server { open_id_consumer.complete(params) }
-      identity_url     = normalize_url(open_id_response.identity_url) if open_id_response.identity_url
+      params_with_path = params.reject { |key, value| request.path_parameters[key] }
+      open_id_response = timeout_protection_from_identity_server { open_id_consumer.complete(params_with_path, requested_url) }
+      identity_url     = normalize_url(open_id_response.endpoint.claimed_id) if open_id_response.endpoint.claimed_id
 
       case open_id_response.status
-      when OpenID::CANCEL
+      when OpenID::Consumer::SUCCESS
+        yield Result[:successful], identity_url, OpenID::SReg::Response.from_success_response(open_id_response)
+      when OpenID::Consumer::CANCEL
         yield Result[:canceled], identity_url, nil
-      when OpenID::FAILURE
-        logger.info "OpenID authentication failed: #{open_id_response.msg}"
+      when OpenID::Consumer::FAILURE
         yield Result[:failed], identity_url, nil
-      when OpenID::SUCCESS
-        yield Result[:successful], identity_url, open_id_response.extension_response('sreg')
-      end      
+      when OpenID::Consumer::SETUP_NEEDED
+        yield Result[:setup_needed], open_id_response.setup_url, nil
+      end
     end
 
     def open_id_consumer
       OpenID::Consumer.new(session, open_id_store)
     end
-    
+
     def open_id_store
       case store
       when :db
@@ -131,17 +131,21 @@ def open_id_store
       end
     end
 
+    def add_simple_registration_fields(open_id_request, fields)
+      sreg_request = OpenID::SReg::Request.new
+      sreg_request.request_fields(Array(fields[:required]).map(&:to_s), true) if fields[:required]
+      sreg_request.request_fields(Array(fields[:optional]).map(&:to_s), false) if fields[:optional]
+      sreg_request.policy_url = fields[:policy_url] if fields[:policy_url]
+      open_id_request.add_extension(sreg_request)
+    end
 
-    def add_simple_registration_fields(open_id_response, fields)
-      open_id_response.add_extension_arg('sreg', 'required', [ fields[:required] ].flatten * ',') if fields[:required]
-      open_id_response.add_extension_arg('sreg', 'optional', [ fields[:optional] ].flatten * ',') if fields[:optional]
+    def open_id_redirect_url(open_id_request)
+      open_id_request.return_to_args['open_id_complete'] = '1'
+      open_id_request.redirect_url(root_url, requested_url)
     end
-
-    def open_id_redirect_url(open_id_response)
-      open_id_response.redirect_url(
-        request.protocol + request.host_with_port + "/",
-        open_id_response.return_to("#{request.protocol + request.host_with_port + request.relative_url_root + request.path}?open_id_complete=1")
-      )     
+
+    def requested_url
+      "#{request.protocol + request.host_with_port + request.relative_url_root + request.path}"
     end
 
     def timeout_protection_from_identity_server
@@ -151,7 +155,7 @@ def timeout_protection_from_identity_server
         def status
           OpenID::FAILURE
         end
-        
+
         def msg
           "Identity server timed out"
         end

lib/open_id_authentication/association.rb

@@ -6,4 +6,4 @@ def from_record
       OpenID::Association.new(handle, secret, issued, lifetime, assoc_type)
     end
   end
-end
+end