foo
9 | 10 | 11 | -------------------------------------------------------------------------------- /test/data/example-xrds.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 |foo
10 | 11 | 12 | -------------------------------------------------------------------------------- /test/data/test_discover/openid2.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |foo
10 | 11 | 12 | -------------------------------------------------------------------------------- /test/data/test_discover/openid_utf8.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |こんにちは
10 | 11 | 12 | -------------------------------------------------------------------------------- /admin/prepare-release: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # Prepare this repository for release 4 | # 5 | # required tools: 6 | # rdoc 7 | # darcs 8 | 9 | set -e 10 | 11 | HERE=$(readlink --canonicalize $(dirname "$0")) 12 | ROOT=$(dirname "$HERE") 13 | 14 | cd "$ROOT" 15 | 16 | # set permissions 17 | bash ./admin/fixperms 18 | 19 | # build documentation 20 | ./admin/build-docs 21 | 22 | # build changelog 23 | darcs changes --from-tag . --summary > CHANGELOG 24 | 25 | -------------------------------------------------------------------------------- /examples/rails_openid/test/performance/browsing_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | require 'rails/performance_test_help' 3 | 4 | class BrowsingTest < ActionDispatch::PerformanceTest 5 | # Refer to the documentation for all available options 6 | # self.profile_options = { :runs => 5, :metrics => [:wall_time, :memory] 7 | # :output => 'tmp/performance', :formats => [:flat] } 8 | 9 | def test_homepage 10 | get '/' 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /examples/rails_openid/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/data/test_discover/openid_1_and_2.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |foo
10 | 11 | 12 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: ruby 2 | sudo: required 3 | dist: trusty 4 | script: rake 5 | rvm: 6 | - "1.9" 7 | - "2.0" 8 | - "2.1" 9 | - "2.2" 10 | - "2.3" 11 | - "2.4" 12 | - "2.5" 13 | - "2.6" 14 | - ruby-head 15 | - jruby 16 | - jruby-head 17 | - jruby-19mode 18 | - rubinius-3 19 | 20 | before_install: 21 | - "gem install bundler || gem install bundler --version '< 2'" 22 | 23 | matrix: 24 | allow_failures: 25 | - rvm: "ruby-head" 26 | - rvm: "jruby-head" 27 | -------------------------------------------------------------------------------- /examples/rails_openid/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | RailsOpenid::Application.config.session_store :cookie_store, :key => '_rails_openid_session' 4 | 5 | # Use the database for sessions instead of the cookie-based default, 6 | # which shouldn't be used to store highly confidential information 7 | # (create the session table with "rails generate session_migration") 8 | # RailsOpenid::Application.config.session_store :active_record_store 9 | -------------------------------------------------------------------------------- /test/data/test_discover/yadis_idp_delegate.xml: -------------------------------------------------------------------------------- 1 | 2 |foo
11 | 12 | 13 | -------------------------------------------------------------------------------- /test/data/test_discover/malformed_meta_tag.html: -------------------------------------------------------------------------------- 1 | 2 | 3 |
22 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/admin/graph-require.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | OUTPUT_FILE="deps.png"
4 |
5 | if [ ! "$1" ] ; then
6 | echo "Usage: graph-require.sh We're sorry, but something went wrong.
23 |
22 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/examples/rails_openid/public/404.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | The change you wanted was rejected.
23 |Maybe you tried to change something you didn't have access to.
24 |
22 |
25 |
26 |
27 |
--------------------------------------------------------------------------------
/test/test_urinorm.rb:
--------------------------------------------------------------------------------
1 | require "minitest/autorun"
2 | require "testutil"
3 | require "openid/urinorm"
4 |
5 | class URINormTestCase < Minitest::Test
6 | include OpenID::TestDataMixin
7 |
8 | def test_normalize
9 | lines = read_data_file('urinorm.txt')
10 |
11 | while lines.length > 0
12 |
13 | case_name = lines.shift.strip
14 | actual = lines.shift.strip
15 | expected = lines.shift.strip
16 | lines.shift #=> newline
17 |
18 | if expected == 'fail'
19 | begin
20 | OpenID::URINorm.urinorm(actual)
21 | rescue URI::InvalidURIError
22 | assert true
23 | else
24 | raise 'Should have gotten URI error'
25 | end
26 | else
27 | normalized = OpenID::URINorm.urinorm(actual)
28 | assert_equal(expected, normalized, case_name)
29 | end
30 | end
31 | end
32 |
33 | end
34 |
35 |
--------------------------------------------------------------------------------
/examples/active_record_openid_store/XXX_upgrade_open_id_store.rb:
--------------------------------------------------------------------------------
1 | # Use this migration to upgrade the old 1.1 ActiveRecord store schema
2 | # to the new 2.0 schema.
3 | class UpgradeOpenIdStore < ActiveRecord::Migration
4 | def self.up
5 | drop_table "open_id_settings"
6 | drop_table "open_id_nonces"
7 | create_table "open_id_nonces", :force => true do |t|
8 | t.column :server_url, :string, :null => false
9 | t.column :timestamp, :integer, :null => false
10 | t.column :salt, :string, :null => false
11 | end
12 | end
13 |
14 | def self.down
15 | drop_table "open_id_nonces"
16 | create_table "open_id_nonces", :force => true do |t|
17 | t.column "nonce", :string
18 | t.column "created", :integer
19 | end
20 |
21 | create_table "open_id_settings", :force => true do |t|
22 | t.column "setting", :string
23 | t.column "value", :binary
24 | end
25 | end
26 | end
27 |
--------------------------------------------------------------------------------
/lib/openid/consumer/session.rb:
--------------------------------------------------------------------------------
1 | module OpenID
2 | class Consumer
3 | class Session
4 | def initialize(session, decode_klass = nil)
5 | @session = session
6 | @decode_klass = decode_klass
7 | end
8 |
9 | def [](key)
10 | val = @session[key]
11 | @decode_klass ? @decode_klass.from_session_value(val) : val
12 | end
13 |
14 | def []=(key, val)
15 | @session[key] = to_session_value(val)
16 | end
17 |
18 | def keys
19 | @session.keys
20 | end
21 |
22 | private
23 |
24 | def to_session_value(val)
25 | case val
26 | when Array
27 | val.map{|ele| to_session_value(ele) }
28 | when Hash
29 | Hash[*(val.map{|k,v| [k, to_session_value(v)] }.flatten(1))]
30 | else
31 | val.respond_to?(:to_session_value) ? val.to_session_value : val
32 | end
33 | end
34 | end
35 | end
36 | end
37 |
--------------------------------------------------------------------------------
/examples/rails_openid/app/views/server/decide.html.erb:
--------------------------------------------------------------------------------
1 |
28 |
--------------------------------------------------------------------------------
/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb:
--------------------------------------------------------------------------------
1 | # Use this migration to create the tables for the ActiveRecord store
2 | class AddOpenIdStoreToDb < ActiveRecord::Migration
3 | def self.up
4 | create_table "open_id_associations", :force => true do |t|
5 | t.column "server_url", :string, :null => false
6 | t.column "handle", :string, :null => false
7 | t.column "secret", :binary, :null => false
8 | t.column "issued", :integer, :null => false
9 | t.column "lifetime", :integer, :null => false
10 | t.column "assoc_type", :string, :null => false
11 | end
12 |
13 | create_table "open_id_nonces", :force => true do |t|
14 | t.column :server_url, :string, :null => false
15 | t.column :timestamp, :integer, :null => false
16 | t.column :salt, :string, :null => false
17 | end
18 | end
19 |
20 | def self.down
21 | drop_table "open_id_associations"
22 | drop_table "open_id_nonces"
23 | end
24 | end
25 |
--------------------------------------------------------------------------------
/examples/rails_openid/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 |
3 | gem 'rails', '3.2.13'
4 |
5 | # Bundle edge Rails instead:
6 | # gem 'rails', :git => 'git://github.com/rails/rails.git'
7 |
8 | gem 'sqlite3'
9 |
10 | gem 'json'
11 |
12 | # Gems used only for assets and not required
13 | # in production environments by default.
14 | group :assets do
15 | gem 'sass-rails', '~> 3.2.3'
16 | gem 'coffee-rails', '~> 3.2.1'
17 |
18 | # See https://github.com/sstephenson/execjs#readme for more supported runtimes
19 | # gem 'therubyracer', :platforms => :ruby
20 |
21 | gem 'uglifier', '>= 1.0.3'
22 | end
23 |
24 | gem 'jquery-rails'
25 |
26 | # To use ActiveModel has_secure_password
27 | # gem 'bcrypt-ruby', '~> 3.0.0'
28 |
29 | # To use Jbuilder templates for JSON
30 | # gem 'jbuilder'
31 |
32 | # Use unicorn as the app server
33 | # gem 'unicorn'
34 |
35 | # Deploy with Capistrano
36 | # gem 'capistrano'
37 |
38 | # To use debugger
39 | # gem 'ruby-debug'
40 |
41 | gem 'ruby-openid', :require => 'openid'
42 |
--------------------------------------------------------------------------------
/examples/rails_openid/public/dispatch.fcgi:
--------------------------------------------------------------------------------
1 | #!/usr/bin/ruby1.8
2 |
3 | #!/usr/local/bin/ruby
4 | #
5 | # You may specify the path to the FastCGI crash log (a log of unhandled
6 | # exceptions which forced the FastCGI instance to exit, great for debugging)
7 | # and the number of requests to process before running garbage collection.
8 | #
9 | # By default, the FastCGI crash log is RAILS_ROOT/log/fastcgi.crash.log
10 | # and the GC period is nil (turned off). A reasonable number of requests
11 | # could range from 10-100 depending on the memory footprint of your app.
12 | #
13 | # Example:
14 | # # Default log path, normal GC behavior.
15 | # RailsFCGIHandler.process!
16 | #
17 | # # Default log path, 50 requests between GC.
18 | # RailsFCGIHandler.process! nil, 50
19 | #
20 | # # Custom log path, normal GC behavior.
21 | # RailsFCGIHandler.process! '/var/log/myapp_fcgi_crash.log'
22 | #
23 | require File.dirname(__FILE__) + "/../config/environment"
24 | require 'fcgi_handler'
25 |
26 | RailsFCGIHandler.process!
27 |
--------------------------------------------------------------------------------
/test/data/test_xrds/=j3h.2007.11.14.xrds:
--------------------------------------------------------------------------------
1 |
2 | The page you were looking for doesn't exist.
23 |You may have mistyped the address or the page may have moved.
24 |Proceed to step 2 below." 31 | else 32 | flash[:error] = "Sorry, couldn't log you in. Try again." 33 | end 34 | 35 | redirect_to :action => 'index' 36 | end 37 | 38 | def logout 39 | # delete the username from the session hash 40 | session[:username] = nil 41 | session[:approvals] = nil 42 | redirect_to :action => 'index' 43 | end 44 | 45 | end 46 | -------------------------------------------------------------------------------- /test/util.rb: -------------------------------------------------------------------------------- 1 | # Utilities that are only used in the testing code 2 | require 'stringio' 3 | 4 | module OpenID 5 | module TestUtil 6 | def assert_log_matches(*regexes) 7 | begin 8 | old_logger = Util.logger 9 | log_output = StringIO.new 10 | Util.logger = Logger.new(log_output) 11 | result = yield 12 | ensure 13 | Util.logger = old_logger 14 | end 15 | log_output.rewind 16 | log_lines = log_output.readlines 17 | assert_equal(regexes.length, log_lines.length, 18 | [regexes, log_lines].inspect) 19 | log_lines.zip(regexes) do |line, regex| 20 | assert_match(regex, line) 21 | end 22 | result 23 | end 24 | 25 | def assert_log_line_count(num_lines) 26 | begin 27 | old_logger = Util.logger 28 | log_output = StringIO.new 29 | Util.logger = Logger.new(log_output) 30 | result = yield 31 | ensure 32 | Util.logger = old_logger 33 | end 34 | log_output.rewind 35 | log_lines = log_output.readlines 36 | assert_equal(num_lines, log_lines.length) 37 | result 38 | end 39 | 40 | def silence_logging 41 | begin 42 | old_logger = Util.logger 43 | log_output = StringIO.new 44 | Util.logger = Logger.new(log_output) 45 | result = yield 46 | ensure 47 | Util.logger = old_logger 48 | end 49 | result 50 | end 51 | end 52 | end 53 | 54 | -------------------------------------------------------------------------------- /lib/openid/yadis/services.rb: -------------------------------------------------------------------------------- 1 | 2 | require 'openid/yadis/filters' 3 | require 'openid/yadis/discovery' 4 | require 'openid/yadis/xrds' 5 | 6 | module OpenID 7 | module Yadis 8 | def Yadis.get_service_endpoints(input_url, flt=nil) 9 | # Perform the Yadis protocol on the input URL and return an 10 | # iterable of resulting endpoint objects. 11 | # 12 | # @param flt: A filter object or something that is convertable 13 | # to a filter object (using mkFilter) that will be used to 14 | # generate endpoint objects. This defaults to generating 15 | # BasicEndpoint objects. 16 | result = Yadis.discover(input_url) 17 | begin 18 | endpoints = Yadis.apply_filter(result.normalized_uri, 19 | result.response_text, flt) 20 | rescue XRDSError => err 21 | raise DiscoveryFailure.new(err.to_s, nil) 22 | end 23 | 24 | return [result.normalized_uri, endpoints] 25 | end 26 | 27 | def Yadis.apply_filter(normalized_uri, xrd_data, flt=nil) 28 | # Generate an iterable of endpoint objects given this input data, 29 | # presumably from the result of performing the Yadis protocol. 30 | 31 | flt = Yadis.make_filter(flt) 32 | et = Yadis.parseXRDS(xrd_data) 33 | 34 | endpoints = [] 35 | each_service(et) { |service_element| 36 | endpoints += flt.get_service_endpoints(normalized_uri, service_element) 37 | } 38 | 39 | return endpoints 40 | end 41 | end 42 | end 43 | -------------------------------------------------------------------------------- /lib/openid/yadis/parsehtml.rb: -------------------------------------------------------------------------------- 1 | require "openid/yadis/htmltokenizer" 2 | require 'cgi' 3 | 4 | module OpenID 5 | module Yadis 6 | def Yadis.html_yadis_location(html) 7 | parser = HTMLTokenizer.new(html) 8 | 9 | # to keep track of whether or not we are in the head element 10 | in_head = false 11 | 12 | begin 13 | while el = parser.getTag('head', '/head', 'meta', 'body', '/body', 14 | 'html', 'script') 15 | 16 | # we are leaving head or have reached body, so we bail 17 | return nil if ['/head', 'body', '/body'].member?(el.tag_name) 18 | 19 | if el.tag_name == 'head' 20 | unless el.to_s[-2] == ?/ # tag ends with a /: a short tag 21 | in_head = true 22 | end 23 | end 24 | next unless in_head 25 | 26 | if el.tag_name == 'script' 27 | unless el.to_s[-2] == ?/ # tag ends with a /: a short tag 28 | parser.getTag('/script') 29 | end 30 | end 31 | 32 | return nil if el.tag_name == 'html' 33 | 34 | if el.tag_name == 'meta' and (equiv = el.attr_hash['http-equiv']) 35 | if ['x-xrds-location','x-yadis-location'].member?(equiv.downcase) && 36 | el.attr_hash.member?('content') 37 | return CGI::unescapeHTML(el.attr_hash['content']) 38 | end 39 | end 40 | end 41 | rescue HTMLTokenizerError # just stop parsing if there's an error 42 | end 43 | end 44 | end 45 | end 46 | -------------------------------------------------------------------------------- /examples/rails_openid/config/environments/development.rb: -------------------------------------------------------------------------------- 1 | RailsOpenid::Application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Log error messages when you accidentally call methods on nil. 10 | config.whiny_nils = true 11 | 12 | # Show full error reports and disable caching 13 | config.consider_all_requests_local = true 14 | config.action_controller.perform_caching = false 15 | 16 | # Don't care if the mailer can't send 17 | config.action_mailer.raise_delivery_errors = false 18 | 19 | # Print deprecation notices to the Rails logger 20 | config.active_support.deprecation = :log 21 | 22 | # Only use best-standards-support built into browsers 23 | config.action_dispatch.best_standards_support = :builtin 24 | 25 | # Raise exception on mass assignment protection for Active Record models 26 | config.active_record.mass_assignment_sanitizer = :strict 27 | 28 | # Log the query plan for queries taking more than this (works 29 | # with SQLite, MySQL, and PostgreSQL) 30 | config.active_record.auto_explain_threshold_in_seconds = 0.5 31 | 32 | # Do not compress assets 33 | config.assets.compress = false 34 | 35 | # Expands the lines which load the assets 36 | config.assets.debug = true 37 | end 38 | -------------------------------------------------------------------------------- /test/test_extension.rb: -------------------------------------------------------------------------------- 1 | require 'minitest/autorun' 2 | require 'openid/extension' 3 | require 'openid/message' 4 | 5 | module OpenID 6 | class DummyExtension < OpenID::Extension 7 | TEST_URI = 'http://an.extension' 8 | TEST_ALIAS = 'dummy' 9 | def initialize 10 | @ns_uri = TEST_URI 11 | @ns_alias = TEST_ALIAS 12 | end 13 | 14 | def get_extension_args 15 | return {} 16 | end 17 | end 18 | 19 | class ToMessageTest < Minitest::Test 20 | def test_OpenID1 21 | oid1_msg = Message.new(OPENID1_NS) 22 | ext = DummyExtension.new 23 | ext.to_message(oid1_msg) 24 | namespaces = oid1_msg.namespaces 25 | assert(namespaces.implicit?(DummyExtension::TEST_URI)) 26 | assert_equal( 27 | DummyExtension::TEST_URI, 28 | namespaces.get_namespace_uri(DummyExtension::TEST_ALIAS)) 29 | assert_equal(DummyExtension::TEST_ALIAS, 30 | namespaces.get_alias(DummyExtension::TEST_URI)) 31 | end 32 | 33 | def test_OpenID2 34 | oid2_msg = Message.new(OPENID2_NS) 35 | ext = DummyExtension.new 36 | ext.to_message(oid2_msg) 37 | namespaces = oid2_msg.namespaces 38 | assert(!namespaces.implicit?(DummyExtension::TEST_URI)) 39 | assert_equal( 40 | DummyExtension::TEST_URI, 41 | namespaces.get_namespace_uri(DummyExtension::TEST_ALIAS)) 42 | assert_equal(DummyExtension::TEST_ALIAS, 43 | namespaces.get_alias(DummyExtension::TEST_URI)) 44 | end 45 | end 46 | end 47 | -------------------------------------------------------------------------------- /lib/openid/extensions/ui.rb: -------------------------------------------------------------------------------- 1 | # An implementation of the OpenID User Interface Extension 1.0 - DRAFT 0.5 2 | # see: http://svn.openid.net/repos/specifications/user_interface/1.0/trunk/openid-user-interface-extension-1_0.html 3 | 4 | require 'openid/extension' 5 | 6 | module OpenID 7 | 8 | module UI 9 | NS_URI = "http://specs.openid.net/extensions/ui/1.0" 10 | 11 | class Request < Extension 12 | attr_accessor :lang, :icon, :mode, :ns_alias, :ns_uri 13 | def initialize(mode = nil, icon = nil, lang = nil) 14 | @ns_alias = 'ui' 15 | @ns_uri = NS_URI 16 | @lang = lang 17 | @icon = icon 18 | @mode = mode 19 | end 20 | 21 | def get_extension_args 22 | ns_args = {} 23 | ns_args['lang'] = @lang if @lang 24 | ns_args['icon'] = @icon if @icon 25 | ns_args['mode'] = @mode if @mode 26 | return ns_args 27 | end 28 | 29 | # Instantiate a Request object from the arguments in a 30 | # checkid_* OpenID message 31 | # return nil if the extension was not requested. 32 | def self.from_openid_request(oid_req) 33 | ui_req = new 34 | args = oid_req.message.get_args(NS_URI) 35 | if args == {} 36 | return nil 37 | end 38 | ui_req.parse_extension_args(args) 39 | return ui_req 40 | end 41 | 42 | # Set UI extension parameters 43 | def parse_extension_args(args) 44 | @lang = args["lang"] 45 | @icon = args["icon"] 46 | @mode = args["mode"] 47 | end 48 | 49 | end 50 | 51 | end 52 | 53 | end 54 | -------------------------------------------------------------------------------- /CHANGES-2.0.0: -------------------------------------------------------------------------------- 1 | 2 | * API Changes 3 | * PAPE (Provider Authentication Policy Extension) module 4 | * Updated extension for specification draft 2 5 | * PAPE::Request::from_success_response returns nil if PAPE 6 | response arguments were not signed 7 | * Added functions to generate request/response HTML forms with 8 | auto-submission javascript 9 | * Consumer (relying party) API: 10 | Auth_OpenID_AuthRequest::htmlMarkup 11 | * Server API: Auth_OpenID_OpenIDResponse::toHTML 12 | * Removed Rails login generator 13 | * SReg::Response::from_success_response returns nil when no signed 14 | arguments were found 15 | 16 | * New Features 17 | * Fetchers now only read/request first megabyte of response 18 | 19 | * Bug fixes 20 | * NOT NULL constraints to tables created by ActiveRecordStore 21 | * check_authentication requests: copy entire response, not just 22 | signed fields. Fixes missing namespace in check_authentication 23 | requests 24 | * OpenID 1 association requests no longer explicitly set 25 | no-encryption session type 26 | * Improved HTML parsing 27 | * AssociationRequest::answer: include session_type in 28 | no-encryption assoc responses 29 | * normalize return_to URL before performing return_to verification 30 | * OpenID::Consumer::IdResHandler.verify_discovery_results_openid1: 31 | fall back to OpenID 1.0 type if 1.1 endpoint cannot be found 32 | * StandardFetcher now includes a timeout setting 33 | * Handle blank content types in 34 | OpenID::Yadis::DiscoveryResult.where_is_yadis? 35 | * Properly convert timestamps to ints before storing in DB, and vise 36 | versa 37 | -------------------------------------------------------------------------------- /CHANGES-2.1.0: -------------------------------------------------------------------------------- 1 | 2 | * API Changes 3 | * PAPE (Provider Authentication Policy Extension) module 4 | * Updated extension for specification draft 2 5 | * PAPE::Request::from_success_response returns nil if PAPE 6 | response arguments were not signed 7 | * Added functions to generate request/response HTML forms with 8 | auto-submission javascript 9 | * Consumer (relying party) API: 10 | Auth_OpenID_AuthRequest::htmlMarkup 11 | * Server API: Auth_OpenID_OpenIDResponse::toHTML 12 | * Removed Rails login generator 13 | * SReg::Response::from_success_response returns nil when no signed 14 | arguments were found 15 | 16 | * New Features 17 | * Fetchers now only read/request first megabyte of response 18 | 19 | * Bug fixes 20 | * NOT NULL constraints to tables created by ActiveRecordStore 21 | * check_authentication requests: copy entire response, not just 22 | signed fields. Fixes missing namespace in check_authentication 23 | requests 24 | * OpenID 1 association requests no longer explicitly set 25 | no-encryption session type 26 | * Improved HTML parsing 27 | * AssociationRequest::answer: include session_type in 28 | no-encryption assoc responses 29 | * normalize return_to URL before performing return_to verification 30 | * OpenID::Consumer::IdResHandler.verify_discovery_results_openid1: 31 | fall back to OpenID 1.0 type if 1.1 endpoint cannot be found 32 | * StandardFetcher now includes a timeout setting 33 | * Handle blank content types in 34 | OpenID::Yadis::DiscoveryResult.where_is_yadis? 35 | * Properly convert timestamps to ints before storing in DB, and vise 36 | versa 37 | -------------------------------------------------------------------------------- /examples/rails_openid/config/environments/test.rb: -------------------------------------------------------------------------------- 1 | RailsOpenid::Application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Configure static asset server for tests with Cache-Control for performance 11 | config.serve_static_assets = true 12 | config.static_cache_control = "public, max-age=3600" 13 | 14 | # Log error messages when you accidentally call methods on nil 15 | config.whiny_nils = true 16 | 17 | # Show full error reports and disable caching 18 | config.consider_all_requests_local = true 19 | config.action_controller.perform_caching = false 20 | 21 | # Raise exceptions instead of rendering exception templates 22 | config.action_dispatch.show_exceptions = false 23 | 24 | # Disable request forgery protection in test environment 25 | config.action_controller.allow_forgery_protection = false 26 | 27 | # Tell Action Mailer not to deliver emails to the real world. 28 | # The :test delivery method accumulates sent emails in the 29 | # ActionMailer::Base.deliveries array. 30 | config.action_mailer.delivery_method = :test 31 | 32 | # Raise exception on mass assignment protection for Active Record models 33 | config.active_record.mass_assignment_sanitizer = :strict 34 | 35 | # Print deprecation notices to the stderr 36 | config.active_support.deprecation = :stderr 37 | end 38 | -------------------------------------------------------------------------------- /test/test_xri.rb: -------------------------------------------------------------------------------- 1 | require 'minitest/autorun' 2 | require 'openid/yadis/xri' 3 | 4 | module OpenID 5 | 6 | module Yadis 7 | 8 | class XriDiscoveryTestCase < Minitest::Test 9 | 10 | def test_isXRI? 11 | assert_equal(:xri, XRI.identifier_scheme('=john.smith')) 12 | assert_equal(:xri, XRI.identifier_scheme('@smiths/john')) 13 | assert_equal(:xri, XRI.identifier_scheme('xri://=john')) 14 | assert_equal(:xri, XRI.identifier_scheme('@ootao*test1')) 15 | assert_equal(:uri, XRI.identifier_scheme('smoker.myopenid.com')) 16 | assert_equal(:uri, XRI.identifier_scheme('http://smoker.myopenid.com')) 17 | assert_equal(:uri, XRI.identifier_scheme('https://smoker.myopenid.com')) 18 | end 19 | end 20 | 21 | class XriEscapingTestCase < Minitest::Test 22 | def test_escaping_percents 23 | assert_equal('@example/abc%252Fd/ef', 24 | XRI.escape_for_iri('@example/abc%2Fd/ef')) 25 | end 26 | 27 | def test_escaping_xref 28 | # no escapes 29 | assert_equal('@example/foo/(@bar)', 30 | XRI.escape_for_iri('@example/foo/(@bar)')) 31 | # escape slashes 32 | assert_equal('@example/foo/(@bar%2Fbaz)', 33 | XRI.escape_for_iri('@example/foo/(@bar/baz)')) 34 | # escape query ? and fragment # 35 | assert_equal('@example/foo/(@baz%3Fp=q%23r)?i=j#k', 36 | XRI.escape_for_iri('@example/foo/(@baz?p=q#r)?i=j#k')) 37 | end 38 | end 39 | 40 | class XriTransformationTestCase < Minitest::Test 41 | def test_to_iri_normal 42 | assert_equal('xri://@example', XRI.to_iri_normal('@example')) 43 | end 44 | # iri_to_url: 45 | # various ucschar to hex 46 | end 47 | end 48 | end 49 | -------------------------------------------------------------------------------- /examples/rails_openid/app/views/layouts/server.html.erb: -------------------------------------------------------------------------------- 1 | 2 |
51 | Welcome, <%= session[:username] %> | <%= link_to('Log out', :controller => 'login', :action => 'logout') %>
52 | <%= @base_url %>user/<%= session[:username] %> 53 |
54 | <% end %>
55 |
56 | 52 | <%= @base_url %>user/<%= session[:username] %> 53 |
Ruby OpenID Server Example
57 | 58 |59 | 60 | <% if flash[:notice] or flash[:error] %> 61 |
62 | <%= flash[:error] or flash[:notice] %>
63 |
64 | <% end %>
65 |
66 | <%= yield %>
67 |
68 |
69 |
70 |
71 |
--------------------------------------------------------------------------------
/lib/openid/kvpost.rb:
--------------------------------------------------------------------------------
1 | require "openid/message"
2 | require "openid/fetchers"
3 |
4 | module OpenID
5 | # Exception that is raised when the server returns a 400 response
6 | # code to a direct request.
7 | class ServerError < OpenIDError
8 | attr_reader :error_text, :error_code, :message
9 |
10 | def initialize(error_text, error_code, message)
11 | super(error_text)
12 | @error_text = error_text
13 | @error_code = error_code
14 | @message = message
15 | end
16 |
17 | def self.from_message(msg)
18 | error_text = msg.get_arg(OPENID_NS, 'error',
19 | '
6 |
11 |
12 |
13 |
14 | <% end %>
15 |
16 | Welcome to the Ruby OpenID example. This code is a starting point 17 | for developers wishing to implement an OpenID provider or relying 18 | party. We've used the Rails 19 | platform to demonstrate, but the library code is not Rails specific.
20 | 21 |To use the example provider
22 |23 |
-
24 |
25 |
- Enter a username in the form above. You will be "Logged In"
26 | to the server, at which point you may authenticate using an OpenID
27 | consumer. Your OpenID URL will be displayed after you log
28 | in.
The server will automatically create an identity page for 29 | you at <%= @base_url %>user/name
30 |
31 | Because WEBrick can only handle one thing at a time, you'll need to 32 | run another instance of the example on another port if you want to use 33 | a relying party to use with this example provider:
34 |35 |
37 | 38 |script/server --port=300136 |(The RP needs to be able to access the provider, so unless you're 39 | running this example on a public IP, you can't use the live example 40 | at openidenabled.com on 41 | your local provider.)
42 |
43 |
44 | - Point your browser to this new instance and follow the directions 45 | below. 46 | 47 |
To use the example relying party
52 | 53 |Visit /consumer 54 | and enter your OpenID.
55 | 56 | 57 | -------------------------------------------------------------------------------- /lib/openid/urinorm.rb: -------------------------------------------------------------------------------- 1 | require 'uri' 2 | 3 | module OpenID 4 | 5 | module URINorm 6 | public 7 | def URINorm.urinorm(uri) 8 | uri = URI.parse(uri) 9 | 10 | raise URI::InvalidURIError.new('no scheme') unless uri.scheme 11 | uri.scheme = uri.scheme.downcase 12 | unless ['http','https'].member?(uri.scheme) 13 | raise URI::InvalidURIError.new('Not an HTTP or HTTPS URI') 14 | end 15 | 16 | raise URI::InvalidURIError.new('no host') unless uri.host 17 | uri.host = uri.host.downcase 18 | 19 | uri.path = remove_dot_segments(uri.path) 20 | uri.path = '/' if uri.path.length == 0 21 | 22 | uri = uri.normalize.to_s 23 | uri = uri.gsub(PERCENT_ESCAPE_RE) { 24 | sub = $&[1..2].to_i(16).chr 25 | reserved(sub) ? $&.upcase : sub 26 | } 27 | 28 | return uri 29 | end 30 | 31 | private 32 | RESERVED_RE = /[A-Za-z0-9._~-]/ 33 | PERCENT_ESCAPE_RE = /%[0-9a-zA-Z]{2}/ 34 | 35 | def URINorm.reserved(chr) 36 | not RESERVED_RE =~ chr 37 | end 38 | 39 | def URINorm.remove_dot_segments(path) 40 | result_segments = [] 41 | 42 | while path.length > 0 43 | if path.start_with?('../') 44 | path = path[3..-1] 45 | elsif path.start_with?('./') 46 | path = path[2..-1] 47 | elsif path.start_with?('/./') 48 | path = path[2..-1] 49 | elsif path == '/.' 50 | path = '/' 51 | elsif path.start_with?('/../') 52 | path = path[3..-1] 53 | result_segments.pop if result_segments.length > 0 54 | elsif path == '/..' 55 | path = '/' 56 | result_segments.pop if result_segments.length > 0 57 | elsif path == '..' or path == '.' 58 | path = '' 59 | else 60 | i = 0 61 | i = 1 if path[0].chr == '/' 62 | i = path.index('/', i) 63 | i = path.length if i.nil? 64 | result_segments << path[0...i] 65 | path = path[i..-1] 66 | end 67 | end 68 | 69 | return result_segments.join('') 70 | end 71 | end 72 | 73 | end 74 | -------------------------------------------------------------------------------- /examples/active_record_openid_store/README: -------------------------------------------------------------------------------- 1 | =Active Record OpenID Store Plugin 2 | 3 | A store is required by an OpenID server and optionally by the consumer 4 | to store associations, nonces, and auth key information across 5 | requests and processes. If rails is distributed across several 6 | machines, they must must all have access to the same OpenID store 7 | data, so the FilesystemStore won't do. 8 | 9 | This directory contains a plugin for connecting your 10 | OpenID enabled rails app to an ActiveRecord based OpenID store. 11 | 12 | ==Install 13 | 14 | 1) Copy this directory and all it's contents into your 15 | RAILS_ROOT/vendor/plugins directory. You structure should look like 16 | this: 17 | 18 | RAILS_ROOT/vendor/plugins/active_record_openid_store/ 19 | 20 | 2) Copy the migration, XXX_add_open_id_store_to_db.rb to your 21 | RAILS_ROOT/db/migrate directory. Rename the XXX portion of the 22 | file to next sequential migration number. 23 | 24 | 3) Run the migration: 25 | 26 | rake migrate 27 | 28 | 4) Change your app to use the ActiveRecordOpenIDStore: 29 | 30 | store = ActiveRecordOpenIDStore.new 31 | consumer = OpenID::Consumer.new(session, store) 32 | 33 | 5) That's it! All your OpenID state will now be stored in the database. 34 | 35 | ==Upgrade 36 | 37 | If you are upgrading from the 1.x ActiveRecord store, replace your old 38 | RAILS_ROOT/vendor/plugins/active_record_openid_store/ directory with 39 | the new one and run the migration XXX_upgrade_open_id_store.rb. 40 | 41 | ==What about garbage collection? 42 | 43 | You may garbage collect unused nonces and expired associations using 44 | the gc instance method of ActiveRecordOpenIDStore. Hook it up to a 45 | task in your app's Rakefile like so: 46 | 47 | desc 'GC OpenID store, deleting expired nonces and associations' 48 | task :gc_openid_store => :environment do 49 | require 'openid_ar_store' 50 | nonces, associations = ActiveRecordStore.new.cleanup 51 | puts "Deleted #{nonces} nonces, #{associations} associations" 52 | end 53 | 54 | Run it by typing: 55 | 56 | rake gc_openid_store 57 | 58 | 59 | ==Questions? 60 | Contact Dag Arneson: dag at janrain dot com 61 | -------------------------------------------------------------------------------- /lib/openid/store/nonce.rb: -------------------------------------------------------------------------------- 1 | require 'openid/cryptutil' 2 | require 'date' 3 | require 'time' 4 | 5 | module OpenID 6 | module Nonce 7 | DEFAULT_SKEW = 60*60*5 8 | TIME_FMT = '%Y-%m-%dT%H:%M:%SZ' 9 | TIME_STR_LEN = '0000-00-00T00:00:00Z'.size 10 | @@NONCE_CHRS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" 11 | TIME_VALIDATOR = /\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ/ 12 | 13 | @skew = DEFAULT_SKEW 14 | 15 | # The allowed nonce time skew in seconds. Defaults to 5 hours. 16 | # Used for checking nonce validity, and by stores' cleanup methods. 17 | def Nonce.skew 18 | @skew 19 | end 20 | 21 | def Nonce.skew=(new_skew) 22 | @skew = new_skew 23 | end 24 | 25 | # Extract timestamp from a nonce string 26 | def Nonce.split_nonce(nonce_str) 27 | timestamp_str = nonce_str[0...TIME_STR_LEN] 28 | raise ArgumentError if timestamp_str.size < TIME_STR_LEN 29 | raise ArgumentError unless timestamp_str.match(TIME_VALIDATOR) 30 | ts = Time.parse(timestamp_str).to_i 31 | raise ArgumentError if ts < 0 32 | return ts, nonce_str[TIME_STR_LEN..-1] 33 | end 34 | 35 | # Is the timestamp that is part of the specified nonce string 36 | # within the allowed clock-skew of the current time? 37 | def Nonce.check_timestamp(nonce_str, allowed_skew=nil, now=nil) 38 | allowed_skew = skew if allowed_skew.nil? 39 | begin 40 | stamp, _ = split_nonce(nonce_str) 41 | rescue ArgumentError # bad timestamp 42 | return false 43 | end 44 | now = Time.now.to_i unless now 45 | 46 | # times before this are too old 47 | past = now - allowed_skew 48 | 49 | # times newer than this are too far in the future 50 | future = now + allowed_skew 51 | 52 | return (past <= stamp and stamp <= future) 53 | end 54 | 55 | # generate a nonce with the specified timestamp (defaults to now) 56 | def Nonce.mk_nonce(time = nil) 57 | salt = CryptUtil::random_string(6, @@NONCE_CHRS) 58 | if time.nil? 59 | t = Time.now.getutc 60 | else 61 | t = Time.at(time).getutc 62 | end 63 | time_str = t.strftime(TIME_FMT) 64 | return time_str + salt 65 | end 66 | 67 | end 68 | end 69 | -------------------------------------------------------------------------------- /test/test_responses.rb: -------------------------------------------------------------------------------- 1 | require "minitest/autorun" 2 | require "openid/consumer/discovery" 3 | require "openid/consumer/responses" 4 | 5 | module OpenID 6 | class Consumer 7 | module TestResponses 8 | class TestSuccessResponse < Minitest::Test 9 | def setup 10 | @endpoint = OpenIDServiceEndpoint.new 11 | @endpoint.claimed_id = 'identity_url' 12 | end 13 | 14 | def test_extension_response 15 | q = { 16 | 'ns.sreg' => 'urn:sreg', 17 | 'ns.unittest' => 'urn:unittest', 18 | 'unittest.one' => '1', 19 | 'unittest.two' => '2', 20 | 'sreg.nickname' => 'j3h', 21 | 'return_to' => 'return_to', 22 | } 23 | signed_list = q.keys.map { |k| 'openid.' + k } 24 | msg = Message.from_openid_args(q) 25 | resp = SuccessResponse.new(@endpoint, msg, signed_list) 26 | utargs = resp.extension_response('urn:unittest', false) 27 | assert_equal(utargs, {'one' => '1', 'two' => '2'}) 28 | sregargs = resp.extension_response('urn:sreg', false) 29 | assert_equal(sregargs, {'nickname' => 'j3h'}) 30 | end 31 | 32 | def test_extension_response_signed 33 | args = { 34 | 'ns.sreg' => 'urn:sreg', 35 | 'ns.unittest' => 'urn:unittest', 36 | 'unittest.one' => '1', 37 | 'unittest.two' => '2', 38 | 'sreg.nickname' => 'j3h', 39 | 'sreg.dob' => 'yesterday', 40 | 'return_to' => 'return_to', 41 | 'signed' => 'sreg.nickname,unittest.one,sreg.dob', 42 | } 43 | 44 | signed_list = ['openid.sreg.nickname', 45 | 'openid.unittest.one', 46 | 'openid.sreg.dob',] 47 | 48 | msg = Message.from_openid_args(args) 49 | resp = SuccessResponse.new(@endpoint, msg, signed_list) 50 | 51 | # All args in this NS are signed, so expect all. 52 | sregargs = resp.extension_response('urn:sreg', true) 53 | assert_equal(sregargs, {'nickname' => 'j3h', 'dob' => 'yesterday'}) 54 | 55 | # Not all args in this NS are signed, so expect nil when 56 | # asking for them. 57 | utargs = resp.extension_response('urn:unittest', true) 58 | assert_nil(utargs) 59 | end 60 | end 61 | end 62 | end 63 | end 64 | -------------------------------------------------------------------------------- /lib/openid/store/memory.rb: -------------------------------------------------------------------------------- 1 | require 'openid/store/interface' 2 | module OpenID 3 | module Store 4 | # An in-memory implementation of Store. This class is mainly used 5 | # for testing, though it may be useful for long-running single 6 | # process apps. Note that this store is NOT thread-safe. 7 | # 8 | # You should probably be looking at OpenID::Store::Filesystem 9 | class Memory < Interface 10 | 11 | def initialize 12 | @associations = Hash.new { |hash, key| hash[key] = {} } 13 | @nonces = {} 14 | end 15 | 16 | def store_association(server_url, assoc) 17 | assocs = @associations[server_url] 18 | @associations[server_url] = assocs.merge({assoc.handle => deepcopy(assoc)}) 19 | end 20 | 21 | def get_association(server_url, handle=nil) 22 | assocs = @associations[server_url] 23 | assoc = nil 24 | if handle 25 | assoc = assocs[handle] 26 | else 27 | assoc = assocs.values.sort{|a,b| a.issued <=> b.issued}[-1] 28 | end 29 | 30 | return assoc 31 | end 32 | 33 | def remove_association(server_url, handle) 34 | assocs = @associations[server_url] 35 | if assocs.delete(handle) 36 | return true 37 | else 38 | return false 39 | end 40 | end 41 | 42 | def use_nonce(server_url, timestamp, salt) 43 | return false if (timestamp - Time.now.to_i).abs > Nonce.skew 44 | nonce = [server_url, timestamp, salt].join('') 45 | return false if @nonces[nonce] 46 | @nonces[nonce] = timestamp 47 | return true 48 | end 49 | 50 | def cleanup_associations 51 | count = 0 52 | @associations.each{|server_url, assocs| 53 | assocs.each{|handle, assoc| 54 | if assoc.expires_in == 0 55 | assocs.delete(handle) 56 | count += 1 57 | end 58 | } 59 | } 60 | return count 61 | end 62 | 63 | def cleanup_nonces 64 | count = 0 65 | now = Time.now.to_i 66 | @nonces.each{|nonce, timestamp| 67 | if (timestamp - now).abs > Nonce.skew 68 | @nonces.delete(nonce) 69 | count += 1 70 | end 71 | } 72 | return count 73 | end 74 | 75 | protected 76 | 77 | def deepcopy(o) 78 | Marshal.load(Marshal.dump(o)) 79 | end 80 | 81 | end 82 | end 83 | end 84 | -------------------------------------------------------------------------------- /test/test_parsehtml.rb: -------------------------------------------------------------------------------- 1 | require "minitest/autorun" 2 | require "testutil" 3 | require "openid/yadis/parsehtml" 4 | 5 | module OpenID 6 | class ParseHTMLTestCase < Minitest::Test 7 | include OpenID::TestDataMixin 8 | 9 | def test_parsehtml 10 | reserved_values = ['None', 'EOF'] 11 | chunks = read_data_file('test1-parsehtml.txt', false).split("\f\n") 12 | 13 | chunks.each{|c| 14 | expected, html = c.split("\n", 2) 15 | found = Yadis::html_yadis_location(html) 16 | 17 | assert(!reserved_values.member?(found)) 18 | 19 | # this case is a little hard to detect and the distinction 20 | # seems unimportant 21 | expected = "None" if expected == "EOF" 22 | 23 | found = "None" if found.nil? 24 | assert_equal(expected, found, html.split("\n",2)[0]) 25 | } 26 | end 27 | end 28 | 29 | # the HTML tokenizer test 30 | class TC_TestHTMLTokenizer < Minitest::Test 31 | def test_bad_link 32 | toke = HTMLTokenizer.new("") 33 | assert("http://bad.com/link" == toke.getTag("a").attr_hash['href']) 34 | end 35 | 36 | def test_namespace 37 | toke = HTMLTokenizer.new("This is the header
58 |
59 | This is the paragraph, it contains
60 | links,
61 | ![images
62 | are
63 | really cool](\"blah.gif\")
. Ok, here is some more text and
64 | another link.
65 |
" == toke.getTag("h1", "h2", "h3").to_s.downcase)
72 | assert(HTMLTag.new("") == toke.getTag("IMG", "A"))
73 | assert("links" == toke.getTrimmedText)
74 | assert(toke.getTag("IMG", "A").attr_hash['optional'])
75 | assert("_blank" == toke.getTag("IMG", "A").attr_hash['target'])
76 | end
77 | end
78 | end
79 |
80 |
--------------------------------------------------------------------------------
/examples/rails_openid/config/routes.rb:
--------------------------------------------------------------------------------
1 | RailsOpenid::Application.routes.draw do
2 | root :controller => 'login', :action => :index
3 | match 'server/xrds', :controller => 'server', :action => 'idp_xrds'
4 | match 'user/:username', :controller => 'server', :action => 'user_page'
5 | match 'user/:username/xrds', :controller => 'server', :action => 'user_xrds'
6 |
7 | # Allow downloading Web Service WSDL as a file with an extension
8 | # instead of a file named 'wsdl'
9 | match ':controller/service.wsdl', :action => 'wsdl'
10 |
11 | # Install the default route as the lowest priority.
12 | match ':controller/:action/:id'
13 |
14 |
15 | # The priority is based upon order of creation:
16 | # first created -> highest priority.
17 |
18 | # Sample of regular route:
19 | # match 'products/:id' => 'catalog#view'
20 | # Keep in mind you can assign values other than :controller and :action
21 |
22 | # Sample of named route:
23 | # match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
24 | # This route can be invoked with purchase_url(:id => product.id)
25 |
26 | # Sample resource route (maps HTTP verbs to controller actions automatically):
27 | # resources :products
28 |
29 | # Sample resource route with options:
30 | # resources :products do
31 | # member do
32 | # get 'short'
33 | # post 'toggle'
34 | # end
35 | #
36 | # collection do
37 | # get 'sold'
38 | # end
39 | # end
40 |
41 | # Sample resource route with sub-resources:
42 | # resources :products do
43 | # resources :comments, :sales
44 | # resource :seller
45 | # end
46 |
47 | # Sample resource route with more complex sub-resources
48 | # resources :products do
49 | # resources :comments
50 | # resources :sales do
51 | # get 'recent', :on => :collection
52 | # end
53 | # end
54 |
55 | # Sample resource route within a namespace:
56 | # namespace :admin do
57 | # # Directs /admin/products/* to Admin::ProductsController
58 | # # (app/controllers/admin/products_controller.rb)
59 | # resources :products
60 | # end
61 |
62 | # You can have the root of your site routed with "root"
63 | # just remember to delete public/index.html.
64 | # root :to => 'welcome#index'
65 |
66 | # See how all your routes lay out with "rake routes"
67 |
68 | # This is a legacy wild controller route that's not recommended for RESTful applications.
69 | # Note: This route will make all actions in every controller accessible via GET requests.
70 | match ':controller(/:action(/:id))(.:format)'
71 | end
72 |
--------------------------------------------------------------------------------
/test/data/test_xrds/subsegments.xrds:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | *nishitani
5 | 2007-12-25T11:33:39.000Z
7 | xri://=
8 | !E117.EF2F.454B.C707
9 | =!E117.EF2F.454B.C707
10 |
11 | http://openid.net/signon/1.0
12 | xri://!!1003!103
13 | https://linksafe.ezibroker.net/server/
14 |
15 |
16 | xri://$res*auth*($v*2.0)
17 | xri://!!1003!103
18 | application/xrds+xml;trust=none
19 | http://resolve.ezibroker.net/resolve/=nishitani/
20 |
21 |
22 | xri://+i-service*(+forwarding)*($v*1.0)
23 | xri://!!1003!103
25 | (+index)
26 | http://linksafe-forward.ezibroker.net/forwarding/
28 |
29 |
30 |
31 | *masaki
32 | SUCCESS
33 | xri://!!1003
34 | !0000.0000.3B9A.CA01
35 | =!E117.EF2F.454B.C707!0000.0000.3B9A.CA01
36 |
37 | http://openid.net/signon/1.0
38 | xri://!!1003!103
39 | https://linksafe.ezibroker.net/server/
40 |
41 |
42 | xri://+i-service*(+contact)*($v*1.0)
43 | xri://!!1003!103
45 | (+contact)
46 | http://linksafe-contact.ezibroker.net/contact/
48 |
49 |
50 | xri://+i-service*(+forwarding)*($v*1.0)
51 | xri://!!1003!103
53 | (+index)
54 | http://linksafe-forward.ezibroker.net/forwarding/
56 |
57 |
58 |
59 |
--------------------------------------------------------------------------------
/test/test_nonce.rb:
--------------------------------------------------------------------------------
1 | require 'minitest/autorun'
2 | require 'openid/store/nonce'
3 |
4 | module OpenID
5 | class NonceTestCase < Minitest::Test
6 |
7 | NONCE_RE = /\A\d{4}-\d\d-\d\dT\d\d:\d\d:\d\dZ/
8 |
9 | def test_mk_nonce
10 | nonce = Nonce::mk_nonce
11 | assert(nonce.match(NONCE_RE))
12 | assert(nonce.size == 26)
13 | end
14 |
15 | def test_mk_nonce_time
16 | nonce = Nonce::mk_nonce(0)
17 | assert(nonce.match(NONCE_RE))
18 | assert(nonce.size == 26)
19 | assert(nonce.match(/^1970-01-01T00:00:00Z/))
20 | end
21 |
22 | def test_split
23 | s = '1970-01-01T00:00:00Z'
24 | expected_t = 0
25 | expected_salt = ''
26 | actual_t, actual_salt = Nonce::split_nonce(s)
27 | assert_equal(expected_t, actual_t)
28 | assert_equal(expected_salt, actual_salt)
29 | end
30 |
31 | def test_mk_split
32 | t = 42
33 | nonce_str = Nonce::mk_nonce(t)
34 | assert(nonce_str.match(NONCE_RE))
35 | at, salt = Nonce::split_nonce(nonce_str)
36 | assert_equal(6, salt.size)
37 | assert_equal(t, at)
38 | end
39 |
40 | def test_bad_split
41 | cases = [
42 | '',
43 | '1970-01-01T00:00:00+1:00',
44 | '1969-01-01T00:00:00Z',
45 | '1970-00-01T00:00:00Z',
46 | '1970.01-01T00:00:00Z',
47 | 'Thu Sep 7 13:29:31 PDT 2006',
48 | 'monkeys',
49 | ]
50 | cases.each{|c|
51 | assert_raises(ArgumentError, c.inspect) { Nonce::split_nonce(c) }
52 | }
53 | end
54 |
55 | def test_check_timestamp
56 | cases = [
57 | # exact, no allowed skew
58 | ['1970-01-01T00:00:00Z', 0, 0, true],
59 |
60 | # exact, large skew
61 | ['1970-01-01T00:00:00Z', 1000, 0, true],
62 |
63 | # no allowed skew, one second old
64 | ['1970-01-01T00:00:00Z', 0, 1, false],
65 |
66 | # many seconds old, outside of skew
67 | ['1970-01-01T00:00:00Z', 10, 50, false],
68 |
69 | # one second old, one second skew allowed
70 | ['1970-01-01T00:00:00Z', 1, 1, true],
71 |
72 | # One second in the future, one second skew allowed
73 | ['1970-01-01T00:00:02Z', 1, 1, true],
74 |
75 | # two seconds in the future, one second skew allowed
76 | ['1970-01-01T00:00:02Z', 1, 0, false],
77 |
78 | # malformed nonce string
79 | ['monkeys', 0, 0, false],
80 | ]
81 |
82 | cases.each{|c|
83 | (nonce_str, allowed_skew, now, expected) = c
84 | actual = Nonce::check_timestamp(nonce_str, allowed_skew, now)
85 | assert_equal(expected, actual, c.inspect)
86 | }
87 | end
88 | end
89 | end
90 |
--------------------------------------------------------------------------------
/examples/rails_openid/app/views/consumer/index.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 | Rails OpenID Example Relying Party
4 |
5 |
41 |
42 | Rails OpenID Example Relying Party
43 | <% if flash[:alert] %>
44 |
45 | <%= h(flash[:alert]) %>
46 |
47 | <% end %>
48 | <% if flash[:error] %>
49 |
50 | <%= h(flash[:error]) %>
51 |
52 | <% end %>
53 | <% if flash[:success] %>
54 |
55 | <%= h(flash[:success]) %>
56 |
57 | <% end %>
58 | <% if flash[:sreg_results] %>
59 |
60 | <%= flash[:sreg_results] %>
61 |
62 | <% end %>
63 | <% if flash[:pape_results] %>
64 |
65 | <%= flash[:pape_results] %>
66 |
67 | <% end %>
68 |
69 |
79 |
80 |
81 |
82 |
--------------------------------------------------------------------------------
/examples/rails_openid/config/environments/production.rb:
--------------------------------------------------------------------------------
1 | RailsOpenid::Application.configure do
2 | # Settings specified here will take precedence over those in config/application.rb
3 |
4 | # Code is not reloaded between requests
5 | config.cache_classes = true
6 |
7 | # Full error reports are disabled and caching is turned on
8 | config.consider_all_requests_local = false
9 | config.action_controller.perform_caching = true
10 |
11 | # Disable Rails's static asset server (Apache or nginx will already do this)
12 | config.serve_static_assets = false
13 |
14 | # Compress JavaScripts and CSS
15 | config.assets.compress = true
16 |
17 | # Don't fallback to assets pipeline if a precompiled asset is missed
18 | config.assets.compile = false
19 |
20 | # Generate digests for assets URLs
21 | config.assets.digest = true
22 |
23 | # Defaults to nil and saved in location specified by config.assets.prefix
24 | # config.assets.manifest = YOUR_PATH
25 |
26 | # Specifies the header that your server uses for sending files
27 | # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
28 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
29 |
30 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
31 | # config.force_ssl = true
32 |
33 | # See everything in the log (default is :info)
34 | # config.log_level = :debug
35 |
36 | # Prepend all log lines with the following tags
37 | # config.log_tags = [ :subdomain, :uuid ]
38 |
39 | # Use a different logger for distributed setups
40 | # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
41 |
42 | # Use a different cache store in production
43 | # config.cache_store = :mem_cache_store
44 |
45 | # Enable serving of images, stylesheets, and JavaScripts from an asset server
46 | # config.action_controller.asset_host = "http://assets.example.com"
47 |
48 | # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
49 | # config.assets.precompile += %w( search.js )
50 |
51 | # Disable delivery errors, bad email addresses will be ignored
52 | # config.action_mailer.raise_delivery_errors = false
53 |
54 | # Enable threaded mode
55 | # config.threadsafe!
56 |
57 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
58 | # the I18n.default_locale when a translation can not be found)
59 | config.i18n.fallbacks = true
60 |
61 | # Send deprecation notices to registered listeners
62 | config.active_support.deprecation = :notify
63 |
64 | # Log the query plan for queries taking more than this (works
65 | # with SQLite, MySQL, and PostgreSQL)
66 | # config.active_record.auto_explain_threshold_in_seconds = 0.5
67 | end
68 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Ruby OpenID
2 |
3 | A Ruby library for verifying and serving OpenID identities.
4 |
5 | [](http://travis-ci.org/openid/ruby-openid)
6 |
7 | ## Features
8 |
9 | * Easy to use API for verifying OpenID identites - OpenID::Consumer
10 | * Support for serving OpenID identites - OpenID::Server
11 | * Does not depend on underlying web framework
12 | * Supports multiple storage mechanisms (Filesystem, ActiveRecord, Memory)
13 | * Example code to help you get started, including:
14 | * Ruby on Rails based consumer and server
15 | * OpenIDLoginGenerator for quickly getting creating a rails app that uses
16 | OpenID for authentication
17 | * ActiveRecordOpenIDStore plugin
18 | * Comprehensive test suite
19 | * Supports both OpenID 1 and OpenID 2 transparently
20 |
21 | ## Installing
22 |
23 | Before running the examples or writing your own code you'll need to install
24 | the library. See the INSTALL file or use rubygems:
25 |
26 | gem install ruby-openid
27 |
28 | Check the installation:
29 |
30 | $ irb
31 | irb> require 'rubygems'
32 | => false
33 | irb> gem 'ruby-openid'
34 | => true
35 |
36 | The library is known to work with Ruby 1.9.2 and above on Unix, Max OS X and Win32.
37 |
38 | ## Getting Started
39 |
40 | The best way to start is to look at the rails_openid example.
41 | You can run it with:
42 |
43 | cd examples/rails_openid
44 | script/server
45 |
46 | If you are writing an OpenID Relying Party, a good place to start is:
47 | `examples/rails_openid/app/controllers/consumer_controller.rb`
48 |
49 | And if you are writing an OpenID provider:
50 | `examples/rails_openid/app/controllers/server_controller.rb`
51 |
52 | The library code is quite well documented, so don't be squeamish, and
53 | look at the library itself if there's anything you don't understand in
54 | the examples.
55 |
56 | ## Homepage
57 |
58 | * GitHub repository: [openid/ruby-openid](http://github.com/openid/ruby-openid)
59 | * Homepage: [OpenID.net](http://openid.net/)
60 |
61 | ## Community
62 |
63 | Discussion regarding the Ruby OpenID library and other JanRain OpenID
64 | libraries takes place on the [OpenID mailing list](http://openid.net/developers/dev-mailing-lists/).
65 |
66 | Please join this list to discuss, ask implementation questions, report
67 | bugs, etc. Also check out the openid channel on the freenode IRC
68 | network.
69 |
70 | If you have a bugfix or feature you'd like to contribute, don't
71 | hesitate to send it to us: [How to contribute](http://openidenabled.com/contribute/).
72 |
73 | ## Author
74 |
75 | Copyright 2006-2012, JanRain, Inc.
76 |
77 | Contact openid@janrain.com.
78 |
79 | ## License
80 |
81 | Apache Software License. For more information see the LICENSE file.
82 |
--------------------------------------------------------------------------------
/test/test_dh.rb:
--------------------------------------------------------------------------------
1 | require 'minitest/autorun'
2 | require 'testutil'
3 | require 'openid/dh'
4 |
5 | module OpenID
6 | class DiffieHellmanExposed < OpenID::DiffieHellman
7 | def DiffieHellmanExposed.strxor_for_testing(a, b)
8 | return DiffieHellmanExposed.strxor(a, b)
9 | end
10 | end
11 |
12 | class DiffieHellmanTestCase < Minitest::Test
13 | include OpenID::TestDataMixin
14 |
15 | NUL = "\x00"
16 |
17 | def test_strxor_success
18 | [#input 1 input 2 expected
19 | [NUL, NUL, NUL ],
20 | ["\x01", NUL, "\x01" ],
21 | ["a", "a", NUL ],
22 | ["a", NUL, "a" ],
23 | ["abc", NUL * 3, "abc" ],
24 | ["x" * 10, NUL * 10, "x" * 10],
25 | ["\x01", "\x02", "\x03" ],
26 | ["\xf0", "\x0f", "\xff" ],
27 | ["\xff", "\x0f", "\xf0" ],
28 | ].each do |input1, input2, expected|
29 | actual = DiffieHellmanExposed.strxor_for_testing(input1, input2)
30 | assert_equal(expected.force_encoding("UTF-8"), actual.force_encoding("UTF-8"))
31 | end
32 | end
33 |
34 | def test_strxor_failure
35 | [
36 | ['', 'a' ],
37 | ['foo', 'ba' ],
38 | [NUL * 3, NUL * 4],
39 | [255, 127 ].map{|h| (0..h).map{|i|i.chr}.join('')},
40 | ].each do |aa, bb|
41 | assert_raises(ArgumentError) {
42 | DiffieHellmanExposed.strxor(aa, bb)
43 | }
44 | end
45 | end
46 |
47 | def test_simple_exchange
48 | dh1 = DiffieHellman.from_defaults()
49 | dh2 = DiffieHellman.from_defaults()
50 | secret1 = dh1.get_shared_secret(dh2.public)
51 | secret2 = dh2.get_shared_secret(dh1.public)
52 | assert_equal(secret1, secret2)
53 | end
54 |
55 | def test_xor_secret
56 | dh1 = DiffieHellman.from_defaults()
57 | dh2 = DiffieHellman.from_defaults()
58 | secret = "Shhhhhh! don't tell!"
59 | encrypted = dh1.xor_secret((CryptUtil.method :sha1), dh2.public, secret)
60 | decrypted = dh2.xor_secret((CryptUtil.method :sha1), dh1.public, encrypted)
61 | assert_equal(secret, decrypted)
62 | end
63 |
64 | def test_dh
65 | dh = DiffieHellman.from_defaults()
66 | class << dh
67 | def set_private_test(priv)
68 | set_private(priv)
69 | end
70 | end
71 |
72 | read_data_file('dh.txt', true).each do |line|
73 | priv, pub = line.split(' ').map {|x| x.to_i}
74 | dh.set_private_test(priv)
75 | assert_equal(dh.public, pub)
76 | end
77 | end
78 |
79 | def test_using_defaults
80 | dh = DiffieHellman.from_defaults()
81 | assert(dh.using_default_values?)
82 | dh = DiffieHellman.new(3, 2750161)
83 | assert(!dh.using_default_values?)
84 | end
85 | end
86 | end
87 |
--------------------------------------------------------------------------------
/test/test_xrires.rb:
--------------------------------------------------------------------------------
1 | require 'minitest/autorun'
2 | require 'openid/yadis/xrires'
3 |
4 | module OpenID
5 | module Yadis
6 |
7 | class XRDSFetcher
8 | def initialize(results)
9 | @results = results
10 | end
11 |
12 | def fetch(url, body=nil, headers=nil, redirect_limit=nil)
13 | if !@results.empty?
14 | return @results.shift
15 | end
16 |
17 | nil
18 | end
19 | end
20 |
21 | class ProxyQueryTestCase < Minitest::Test
22 | def setup
23 | @proxy_url = 'http://xri.example.com/'
24 | @proxy = XRI::ProxyResolver.new(@proxy_url)
25 | @servicetype = 'xri://+i-service*(+forwarding)*($v*1.0)'
26 | @servicetype_enc = 'xri%3A%2F%2F%2Bi-service%2A%28%2Bforwarding%29%2A%28%24v%2A1.0%29'
27 | end
28 |
29 | def test_proxy_url
30 | st = @servicetype
31 | ste = @servicetype_enc
32 | args_esc = ["_xrd_r=application%2Fxrds%2Bxml", "_xrd_t=#{ste}"]
33 | pqu = @proxy.method('query_url')
34 | h = @proxy_url
35 |
36 | assert_match h + '=foo?', pqu.call('=foo', st)
37 | assert_match args_esc[0], pqu.call('=foo', st)
38 | assert_match args_esc[1], pqu.call('=foo', st)
39 |
40 | assert_match h + '=foo/bar?baz&', pqu.call('=foo/bar?baz', st)
41 | assert_match args_esc[0], pqu.call('=foo/bar?baz', st)
42 | assert_match args_esc[1], pqu.call('=foo/bar?baz', st)
43 |
44 | assert_match h + '=foo/bar?baz=quux&', pqu.call('=foo/bar?baz=quux', st)
45 | assert_match args_esc[0], pqu.call('=foo/bar?baz=quux', st)
46 | assert_match args_esc[1], pqu.call('=foo/bar?baz=quux', st)
47 |
48 | assert_match h + '=foo/bar?mi=fa&so=la&', pqu.call('=foo/bar?mi=fa&so=la', st)
49 | assert_match args_esc[0], pqu.call('=foo/bar?mi=fa&so=la', st)
50 | assert_match args_esc[1], pqu.call('=foo/bar?mi=fa&so=la', st)
51 |
52 | # With no service endpoint selection.
53 | args_esc = "_xrd_r=application%2Fxrds%2Bxml%3Bsep%3Dfalse"
54 |
55 | assert_match h + '=foo?', pqu.call('=foo', nil)
56 | assert_match args_esc, pqu.call('=foo', nil)
57 | end
58 |
59 | def test_proxy_url_qmarks
60 | st = @servicetype
61 | ste = @servicetype_enc
62 | args_esc = ["_xrd_r=application%2Fxrds%2Bxml", "_xrd_t=#{ste}"]
63 | pqu = @proxy.method('query_url')
64 | h = @proxy_url
65 |
66 | assert_match h + '=foo/bar??', pqu.call('=foo/bar?', st)
67 | assert_match args_esc[0], pqu.call('=foo/bar?', st)
68 | assert_match args_esc[1], pqu.call('=foo/bar?', st)
69 |
70 | assert_match h + '=foo/bar????', pqu.call('=foo/bar???', st)
71 | assert_match args_esc[0], pqu.call('=foo/bar???', st)
72 | assert_match args_esc[1], pqu.call('=foo/bar???', st)
73 | end
74 | end
75 | end
76 | end
77 |
--------------------------------------------------------------------------------
/test/data/test1-discover.txt:
--------------------------------------------------------------------------------
1 | equiv
2 | Status: 200 OK
3 | Content-Type: text/html
4 |
5 |
6 |
7 |
8 | Joe Schmoe's Homepage
9 |
10 |
11 | Joe Schmoe's Homepage
12 | Blah blah blah blah blah blah blah
13 |
14 |
15 |
16 | header
17 | Status: 200 OK
18 | Content-Type: text/html
19 | YADIS_HEADER: URL_BASE/xrds
20 |
21 |
22 |
23 | Joe Schmoe's Homepage
24 |
25 |
26 | Joe Schmoe's Homepage
27 | Blah blah blah blah blah blah blah
28 |
29 |
30 | xrds
31 | Status: 200 OK
32 | Content-Type: application/xrds+xml
33 |
34 |
35 |
36 | xrds_ctparam
37 | Status: 200 OK
38 | Content-Type: application/xrds+xml; charset=UTF8
39 |
40 |
41 |
42 | xrds_ctcase
43 | Status: 200 OK
44 | Content-Type: appliCATION/XRDS+xml
45 |
46 |
47 |
48 | xrds_html
49 | Status: 200 OK
50 | Content-Type: text/html
51 |
52 |
53 |
54 | redir_equiv
55 | Status: 302 Found
56 | Content-Type: text/plain
57 | Location: URL_BASE/equiv
58 |
59 | You are presently being redirected.
60 |
61 | redir_header
62 | Status: 302 Found
63 | Content-Type: text/plain
64 | Location: URL_BASE/header
65 |
66 | You are presently being redirected.
67 |
68 | redir_xrds
69 | Status: 302 Found
70 | Content-Type: application/xrds+xml
71 | Location: URL_BASE/xrds
72 |
73 |
74 |
75 | redir_xrds_html
76 | Status: 302 Found
77 | Content-Type: text/plain
78 | Location: URL_BASE/xrds_html
79 |
80 | You are presently being redirected.
81 |
82 | redir_redir_equiv
83 | Status: 302 Found
84 | Content-Type: text/plain
85 | Location: URL_BASE/redir_equiv
86 |
87 | You are presently being redirected.
88 |
89 | lowercase_header
90 | Status: 200 OK
91 | Content-Type: text/html
92 | x-xrds-location: URL_BASE/xrds
93 |
94 |
95 |
96 | Joe Schmoe's Homepage
97 |
98 |
99 | Joe Schmoe's Homepage
100 | Blah blah blah blah blah blah blah
101 |
102 |
103 | 404_server_response
104 | Status: 404 Not Found
105 |
106 | EEk!
107 |
108 | 500_server_response
109 | Status: 500 Server error
110 |
111 | EEk!
112 |
113 | 201_server_response
114 | Status: 201 Created
115 |
116 | EEk!
117 |
118 | 404_with_header
119 | Status: 404 Not Found
120 | YADIS_HEADER: URL_BASE/xrds
121 |
122 | EEk!
123 |
124 | 404_with_meta
125 | Status: 404 Not Found
126 | Content-Type: text/html
127 |
128 |
129 |
130 |
131 | Joe Schmoe's Homepage
132 |
133 |
134 | Joe Schmoe's Homepage
135 | Blah blah blah blah blah blah blah
136 |
137 |
138 |
--------------------------------------------------------------------------------
/lib/openid/extensions/oauth.rb:
--------------------------------------------------------------------------------
1 | # An implementation of the OpenID OAuth Extension
2 | # Extension 1.0
3 | # see: http://openid.net/specs/
4 |
5 | require 'openid/extension'
6 |
7 | module OpenID
8 |
9 | module OAuth
10 | NS_URI = "http://specs.openid.net/extensions/oauth/1.0"
11 | # An OAuth token request, sent from a relying
12 | # party to a provider
13 | class Request < Extension
14 | attr_accessor :consumer, :scope, :ns_alias, :ns_uri
15 | def initialize(consumer=nil, scope=nil)
16 | @ns_alias = 'oauth'
17 | @ns_uri = NS_URI
18 | @consumer = consumer
19 | @scope = scope
20 | end
21 |
22 |
23 | def get_extension_args
24 | ns_args = {}
25 | ns_args['consumer'] = @consumer if @consumer
26 | ns_args['scope'] = @scope if @scope
27 | return ns_args
28 | end
29 |
30 | # Instantiate a Request object from the arguments in a
31 | # checkid_* OpenID message
32 | # return nil if the extension was not requested.
33 | def self.from_openid_request(oid_req)
34 | oauth_req = new
35 | args = oid_req.message.get_args(NS_URI)
36 | if args == {}
37 | return nil
38 | end
39 | oauth_req.parse_extension_args(args)
40 | return oauth_req
41 | end
42 |
43 | # Set the state of this request to be that expressed in these
44 | # OAuth arguments
45 | def parse_extension_args(args)
46 | @consumer = args["consumer"]
47 | @scope = args["scope"]
48 | end
49 |
50 | end
51 |
52 | # A OAuth request token response, sent from a provider
53 | # to a relying party
54 | class Response < Extension
55 | attr_accessor :request_token, :scope
56 | def initialize(request_token=nil, scope=nil)
57 | @ns_alias = 'oauth'
58 | @ns_uri = NS_URI
59 | @request_token = request_token
60 | @scope = scope
61 | end
62 |
63 | # Create a Response object from an OpenID::Consumer::SuccessResponse
64 | def self.from_success_response(success_response)
65 | args = success_response.get_signed_ns(NS_URI)
66 | return nil if args.nil?
67 | oauth_resp = new
68 | oauth_resp.parse_extension_args(args)
69 | return oauth_resp
70 | end
71 |
72 | # parse the oauth request arguments into the
73 | # internal state of this object
74 | # if strict is specified, raise an exception when bad data is
75 | # encountered
76 | def parse_extension_args(args, strict=false)
77 | @request_token = args["request_token"]
78 | @scope = args["scope"]
79 | end
80 |
81 | def get_extension_args
82 | ns_args = {}
83 | ns_args['request_token'] = @request_token if @request_token
84 | ns_args['scope'] = @scope if @scope
85 | return ns_args
86 | end
87 |
88 | end
89 | end
90 |
91 | end
92 |
--------------------------------------------------------------------------------
/lib/openid/yadis/xri.rb:
--------------------------------------------------------------------------------
1 | require 'openid/fetchers'
2 |
3 | module OpenID
4 | module Yadis
5 | module XRI
6 |
7 | # The '(' is for cross-reference authorities, and hopefully has a
8 | # matching ')' somewhere.
9 | XRI_AUTHORITIES = ["!", "=", "@", "+", "$", "("]
10 |
11 | def self.identifier_scheme(identifier)
12 | if (!identifier.nil? and
13 | identifier.length > 0 and
14 | (identifier.match('^xri://') or
15 | XRI_AUTHORITIES.member?(identifier[0].chr)))
16 | return :xri
17 | else
18 | return :uri
19 | end
20 | end
21 |
22 | # Transform an XRI reference to an IRI reference. Note this is
23 | # not not idempotent, so do not apply this to an identifier more
24 | # than once. XRI Syntax section 2.3.1
25 | def self.to_iri_normal(xri)
26 | iri = xri.dup
27 | iri.insert(0, 'xri://') if not iri.match('^xri://')
28 | return escape_for_iri(iri)
29 | end
30 |
31 | # Note this is not not idempotent, so do not apply this more than
32 | # once. XRI Syntax section 2.3.2
33 | def self.escape_for_iri(xri)
34 | esc = xri.dup
35 | # encode all %
36 | esc.gsub!(/%/, '%25')
37 | esc.gsub!(/\((.*?)\)/) { |xref_match|
38 | xref_match.gsub(/[\/\?\#]/) { |char_match|
39 | CGI::escape(char_match)
40 | }
41 | }
42 | return esc
43 | end
44 |
45 | # Transform an XRI reference to a URI reference. Note this is not
46 | # not idempotent, so do not apply this to an identifier more than
47 | # once. XRI Syntax section 2.3.1
48 | def self.to_uri_normal(xri)
49 | return iri_to_uri(to_iri_normal(xri))
50 | end
51 |
52 | # RFC 3987 section 3.1
53 | def self.iri_to_uri(iri)
54 | uri = iri.dup
55 | # for char in ucschar or iprivate
56 | # convert each char to %HH%HH%HH (as many %HH as octets)
57 | return uri
58 | end
59 |
60 | def self.provider_is_authoritative(provider_id, canonical_id)
61 | lastbang = canonical_id.rindex('!')
62 | return false unless lastbang
63 | parent = canonical_id[0...lastbang]
64 | return parent == provider_id
65 | end
66 |
67 | def self.root_authority(xri)
68 | xri = xri[6..-1] if xri.index('xri://') == 0
69 | authority = xri.split('/', 2)[0]
70 | if authority[0].chr == '('
71 | root = authority[0...authority.index(')')+1]
72 | elsif XRI_AUTHORITIES.member?(authority[0].chr)
73 | root = authority[0].chr
74 | else
75 | root = authority.split(/[!*]/)[0]
76 | end
77 |
78 | self.make_xri(root)
79 | end
80 |
81 | def self.make_xri(xri)
82 | if xri.index('xri://') != 0
83 | xri = 'xri://' + xri
84 | end
85 | return xri
86 | end
87 | end
88 | end
89 | end
90 |
--------------------------------------------------------------------------------
/test/test_ui.rb:
--------------------------------------------------------------------------------
1 | require 'openid/extensions/ui'
2 | require 'openid/message'
3 | require 'openid/server'
4 | require 'minitest/autorun'
5 |
6 | module OpenID
7 | module UITest
8 | class UIRequestTestCase < Minitest::Test
9 |
10 | def setup
11 | @req = UI::Request.new
12 | end
13 |
14 | def test_construct
15 | assert_nil @req.mode
16 | assert_nil @req.icon
17 | assert_nil @req.lang
18 | assert_equal 'ui', @req.ns_alias
19 |
20 | req2 = UI::Request.new("popup", true, "ja-JP")
21 | assert_equal "popup", req2.mode
22 | assert_equal true, req2.icon
23 | assert_equal "ja-JP", req2.lang
24 | end
25 |
26 | def test_add_mode
27 | @req.mode = "popup"
28 | assert_equal "popup", @req.mode
29 | end
30 |
31 | def test_add_icon
32 | @req.icon = true
33 | assert_equal true, @req.icon
34 | end
35 |
36 | def test_add_lang
37 | @req.lang = "ja-JP"
38 | assert_equal "ja-JP", @req.lang
39 | end
40 |
41 | def test_get_extension_args
42 | assert_equal({}, @req.get_extension_args)
43 | @req.mode = "popup"
44 | assert_equal({'mode' => 'popup'}, @req.get_extension_args)
45 | @req.icon = true
46 | assert_equal({'mode' => 'popup', 'icon' => true}, @req.get_extension_args)
47 | @req.lang = "ja-JP"
48 | assert_equal({'mode' => 'popup', 'icon' => true, 'lang' => 'ja-JP'}, @req.get_extension_args)
49 | end
50 |
51 | def test_parse_extension_args
52 | args = {'mode' => 'popup', 'icon' => true, 'lang' => 'ja-JP'}
53 | @req.parse_extension_args args
54 | assert_equal "popup", @req.mode
55 | assert_equal true, @req.icon
56 | assert_equal "ja-JP", @req.lang
57 | end
58 |
59 | def test_parse_extension_args_empty
60 | @req.parse_extension_args({})
61 | assert_nil @req.mode
62 | assert_nil @req.icon
63 | assert_nil @req.lang
64 | end
65 |
66 | def test_from_openid_request
67 | openid_req_msg = Message.from_openid_args(
68 | 'mode' => 'checkid_setup',
69 | 'ns' => OPENID2_NS,
70 | 'ns.ui' => UI::NS_URI,
71 | 'ui.mode' => 'popup',
72 | 'ui.icon' => true,
73 | 'ui.lang' => 'ja-JP'
74 | )
75 | oid_req = Server::OpenIDRequest.new
76 | oid_req.message = openid_req_msg
77 | req = UI::Request.from_openid_request oid_req
78 | assert_equal "popup", req.mode
79 | assert_equal true, req.icon
80 | assert_equal "ja-JP", req.lang
81 | end
82 |
83 | def test_from_openid_request_no_ui_params
84 | message = Message.new
85 | openid_req = Server::OpenIDRequest.new
86 | openid_req.message = message
87 | ui_req = UI::Request.from_openid_request openid_req
88 | assert ui_req.nil?
89 | end
90 |
91 | end
92 | end
93 | end
94 |
--------------------------------------------------------------------------------
/examples/rails_openid/config/application.rb:
--------------------------------------------------------------------------------
1 | require File.expand_path('../boot', __FILE__)
2 |
3 | require 'rails/all'
4 |
5 | if defined?(Bundler)
6 | # If you precompile assets before deploying to production, use this line
7 | Bundler.require(*Rails.groups(:assets => %w(development test)))
8 | # If you want your assets lazily compiled in production, use this line
9 | # Bundler.require(:default, :assets, Rails.env)
10 | end
11 |
12 | module RailsOpenid
13 | class Application < Rails::Application
14 | # Settings in config/environments/* take precedence over those specified here.
15 | # Application configuration should go into files in config/initializers
16 | # -- all .rb files in that directory are automatically loaded.
17 |
18 | # Custom directories with classes and modules you want to be autoloadable.
19 | # config.autoload_paths += %W(#{config.root}/extras)
20 |
21 | # Only load the plugins named here, in the order given (default is alphabetical).
22 | # :all can be used as a placeholder for all plugins not explicitly named.
23 | # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
24 |
25 | # Activate observers that should always be running.
26 | # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
27 |
28 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
29 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
30 | # config.time_zone = 'Central Time (US & Canada)'
31 |
32 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
33 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
34 | # config.i18n.default_locale = :de
35 |
36 | # Configure the default encoding used in templates for Ruby 1.9.
37 | config.encoding = "utf-8"
38 |
39 | # Configure sensitive parameters which will be filtered from the log file.
40 | config.filter_parameters += [:password]
41 |
42 | # Enable escaping HTML in JSON.
43 | config.active_support.escape_html_entities_in_json = true
44 |
45 | # Use SQL instead of Active Record's schema dumper when creating the database.
46 | # This is necessary if your schema can't be completely dumped by the schema dumper,
47 | # like if you have constraints or database-specific column types
48 | # config.active_record.schema_format = :sql
49 |
50 | # Enforce whitelist mode for mass assignment.
51 | # This will create an empty whitelist of attributes available for mass-assignment for all models
52 | # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
53 | # parameters by using an attr_accessible or attr_protected declaration.
54 | config.active_record.whitelist_attributes = true
55 |
56 | # Enable the asset pipeline
57 | config.assets.enabled = true
58 |
59 | # Version of your assets, change this if you want to expire all your assets
60 | config.assets.version = '1.0'
61 | end
62 | end
63 |
--------------------------------------------------------------------------------
/lib/openid/dh.rb:
--------------------------------------------------------------------------------
1 | require "openid/util"
2 | require "openid/cryptutil"
3 |
4 | module OpenID
5 |
6 | # Encapsulates a Diffie-Hellman key exchange. This class is used
7 | # internally by both the consumer and server objects.
8 | #
9 | # Read more about Diffie-Hellman on wikipedia:
10 | # http://en.wikipedia.org/wiki/Diffie-Hellman
11 |
12 | class DiffieHellman
13 |
14 | # From the OpenID specification
15 | @@default_mod = 155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443
16 | @@default_gen = 2
17 |
18 | attr_reader :modulus, :generator, :public
19 |
20 | # A new DiffieHellman object, using the modulus and generator from
21 | # the OpenID specification
22 | def DiffieHellman.from_defaults
23 | DiffieHellman.new(@@default_mod, @@default_gen)
24 | end
25 |
26 | def initialize(modulus=nil, generator=nil, priv=nil)
27 | @modulus = modulus.nil? ? @@default_mod : modulus
28 | @generator = generator.nil? ? @@default_gen : generator
29 | set_private(priv.nil? ? OpenID::CryptUtil.rand(@modulus-2) + 1 : priv)
30 | end
31 |
32 | def get_shared_secret(composite)
33 | DiffieHellman.powermod(composite, @private, @modulus)
34 | end
35 |
36 | def xor_secret(algorithm, composite, secret)
37 | dh_shared = get_shared_secret(composite)
38 | packed_dh_shared = OpenID::CryptUtil.num_to_binary(dh_shared)
39 | hashed_dh_shared = algorithm.call(packed_dh_shared)
40 | return DiffieHellman.strxor(secret, hashed_dh_shared)
41 | end
42 |
43 | def using_default_values?
44 | @generator == @@default_gen && @modulus == @@default_mod
45 | end
46 |
47 | private
48 | def set_private(priv)
49 | @private = priv
50 | @public = DiffieHellman.powermod(@generator, @private, @modulus)
51 | end
52 |
53 | def DiffieHellman.strxor(s, t)
54 | if s.length != t.length
55 | raise ArgumentError, "strxor: lengths don't match. " +
56 | "Inputs were #{s.inspect} and #{t.inspect}"
57 | end
58 |
59 | if String.method_defined? :bytes
60 | s.bytes.to_a.zip(t.bytes.to_a).map{|sb,tb| sb^tb}.pack('C*')
61 | else
62 | indices = 0...(s.length)
63 | chrs = indices.collect {|i| (s[i]^t[i]).chr}
64 | chrs.join("")
65 | end
66 | end
67 |
68 | # This code is taken from this post:
69 | #
70 | # by Eric Lee Green.
71 | def DiffieHellman.powermod(x, n, q)
72 | counter=0
73 | n_p=n
74 | y_p=1
75 | z_p=x
76 | while n_p != 0
77 | if n_p[0]==1
78 | y_p=(y_p*z_p) % q
79 | end
80 | n_p = n_p >> 1
81 | z_p = (z_p * z_p) % q
82 | counter += 1
83 | end
84 | return y_p
85 | end
86 |
87 | end
88 |
89 | end
90 |
--------------------------------------------------------------------------------
/lib/openid/yadis/xrires.rb:
--------------------------------------------------------------------------------
1 | require "cgi"
2 | require "openid/yadis/xri"
3 | require "openid/yadis/xrds"
4 | require "openid/fetchers"
5 |
6 | module OpenID
7 |
8 | module Yadis
9 |
10 | module XRI
11 |
12 | class XRIHTTPError < StandardError; end
13 |
14 | class ProxyResolver
15 |
16 | DEFAULT_PROXY = 'http://proxy.xri.net/'
17 |
18 | def initialize(proxy_url=nil)
19 | if proxy_url
20 | @proxy_url = proxy_url
21 | else
22 | @proxy_url = DEFAULT_PROXY
23 | end
24 |
25 | @proxy_url += '/' unless @proxy_url.match('/$')
26 | end
27 |
28 | def query_url(xri, service_type=nil)
29 | # URI normal form has a leading xri://, but we need to strip
30 | # that off again for the QXRI. This is under discussion for
31 | # XRI Resolution WD 11.
32 | qxri = XRI.to_uri_normal(xri)[6..-1]
33 | hxri = @proxy_url + qxri
34 | args = {'_xrd_r' => 'application/xrds+xml'}
35 | if service_type
36 | args['_xrd_t'] = service_type
37 | else
38 | # don't perform service endpoint selection
39 | args['_xrd_r'] += ';sep=false'
40 | end
41 |
42 | return XRI.append_args(hxri, args)
43 | end
44 |
45 | def query(xri)
46 | # these can be query args or http headers, needn't be both.
47 | # headers = {'Accept' => 'application/xrds+xml;sep=true'}
48 | canonicalID = nil
49 |
50 | url = self.query_url(xri)
51 | begin
52 | response = OpenID.fetch(url)
53 | rescue
54 | raise XRIHTTPError, "Could not fetch #{xri}, #{$!}"
55 | end
56 | raise XRIHTTPError, "Could not fetch #{xri}" if response.nil?
57 |
58 | xrds = Yadis::parseXRDS(response.body)
59 | canonicalID = Yadis::get_canonical_id(xri, xrds)
60 |
61 | return canonicalID, Yadis::services(xrds)
62 | # TODO:
63 | # * If we do get hits for multiple service_types, we're almost
64 | # certainly going to have duplicated service entries and
65 | # broken priority ordering.
66 | end
67 | end
68 |
69 | def self.urlencode(args)
70 | a = []
71 | args.each do |key, val|
72 | a << (CGI::escape(key) + "=" + CGI::escape(val))
73 | end
74 | a.join("&")
75 | end
76 |
77 | def self.append_args(url, args)
78 | return url if args.length == 0
79 |
80 | # rstrip question marks
81 | rstripped = url.dup
82 | while rstripped[-1].chr == '?'
83 | rstripped = rstripped[0...rstripped.length-1]
84 | end
85 |
86 | if rstripped.index('?')
87 | sep = '&'
88 | else
89 | sep = '?'
90 | end
91 |
92 | return url + sep + XRI.urlencode(args)
93 | end
94 |
95 | end
96 |
97 | end
98 |
99 | end
100 |
--------------------------------------------------------------------------------
/lib/hmac/hmac.rb:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2001 Daiki Ueno
2 | # This library is distributed under the terms of the Ruby license.
3 |
4 | # This module provides common interface to HMAC engines.
5 | # HMAC standard is documented in RFC 2104:
6 | #
7 | # H. Krawczyk et al., "HMAC: Keyed-Hashing for Message Authentication",
8 | # RFC 2104, February 1997
9 | #
10 | # These APIs are inspired by JCE 1.2's javax.crypto.Mac interface.
11 | #
12 | #
13 |
14 | module HMAC
15 | class Base
16 | def initialize(algorithm, block_size, output_length, key)
17 | @algorithm = algorithm
18 | @block_size = block_size
19 | @output_length = output_length
20 | @status = STATUS_UNDEFINED
21 | @key_xor_ipad = ''
22 | @key_xor_opad = ''
23 | set_key(key) unless key.nil?
24 | end
25 |
26 | private
27 | def check_status
28 | unless @status == STATUS_INITIALIZED
29 | raise RuntimeError,
30 | "The underlying hash algorithm has not yet been initialized."
31 | end
32 | end
33 |
34 | public
35 | def set_key(key)
36 | # If key is longer than the block size, apply hash function
37 | # to key and use the result as a real key.
38 | key = @algorithm.digest(key) if key.size > @block_size
39 | key_xor_ipad = "\x36" * @block_size
40 | key_xor_opad = "\x5C" * @block_size
41 | for i in 0 .. key.size - 1
42 | key_xor_ipad[i] ^= key[i]
43 | key_xor_opad[i] ^= key[i]
44 | end
45 | @key_xor_ipad = key_xor_ipad
46 | @key_xor_opad = key_xor_opad
47 | @md = @algorithm.new
48 | @status = STATUS_INITIALIZED
49 | end
50 |
51 | def reset_key
52 | @key_xor_ipad.gsub!(/./, '?')
53 | @key_xor_opad.gsub!(/./, '?')
54 | @key_xor_ipad[0..-1] = ''
55 | @key_xor_opad[0..-1] = ''
56 | @status = STATUS_UNDEFINED
57 | end
58 |
59 | def update(text)
60 | check_status
61 | # perform inner H
62 | md = @algorithm.new
63 | md.update(@key_xor_ipad)
64 | md.update(text)
65 | str = md.digest
66 | # perform outer H
67 | md = @algorithm.new
68 | md.update(@key_xor_opad)
69 | md.update(str)
70 | @md = md
71 | end
72 | alias << update
73 |
74 | def digest
75 | check_status
76 | @md.digest
77 | end
78 |
79 | def hexdigest
80 | check_status
81 | @md.hexdigest
82 | end
83 | alias to_s hexdigest
84 |
85 | # These two class methods below are safer than using above
86 | # instance methods combinatorially because an instance will have
87 | # held a key even if it's no longer in use.
88 | def Base.digest(key, text)
89 | begin
90 | hmac = self.new(key)
91 | hmac.update(text)
92 | hmac.digest
93 | ensure
94 | hmac.reset_key
95 | end
96 | end
97 |
98 | def Base.hexdigest(key, text)
99 | begin
100 | hmac = self.new(key)
101 | hmac.update(text)
102 | hmac.hexdigest
103 | ensure
104 | hmac.reset_key
105 | end
106 | end
107 |
108 | private_class_method :new, :digest, :hexdigest
109 | end
110 |
111 | STATUS_UNDEFINED, STATUS_INITIALIZED = 0, 1
112 | end
113 |
--------------------------------------------------------------------------------
/lib/openid/store/interface.rb:
--------------------------------------------------------------------------------
1 | require 'openid/util'
2 |
3 | module OpenID
4 |
5 | # Stores for Associations and nonces. Used by both the Consumer and
6 | # the Server. If you have a database abstraction layer or other
7 | # state storage in your application or framework already, you can
8 | # implement the store interface.
9 | module Store
10 | # Abstract Store
11 | # Changes in 2.0:
12 | # * removed store_nonce, get_auth_key, is_dumb
13 | # * changed use_nonce to support one-way nonces
14 | # * added cleanup_nonces, cleanup_associations, cleanup
15 | class Interface < Object
16 |
17 | # Put a Association object into storage.
18 | # When implementing a store, don't assume that there are any limitations
19 | # on the character set of the server_url. In particular, expect to see
20 | # unescaped non-url-safe characters in the server_url field.
21 | def store_association(server_url, association)
22 | raise NotImplementedError
23 | end
24 |
25 | # Returns a Association object from storage that matches
26 | # the server_url. Returns nil if no such association is found or if
27 | # the one matching association is expired. (Is allowed to GC expired
28 | # associations when found.)
29 | def get_association(server_url, handle=nil)
30 | raise NotImplementedError
31 | end
32 |
33 | # If there is a matching association, remove it from the store and
34 | # return true, otherwise return false.
35 | def remove_association(server_url, handle)
36 | raise NotImplementedError
37 | end
38 |
39 | # Return true if the nonce has not been used before, and store it
40 | # for a while to make sure someone doesn't try to use the same value
41 | # again. Return false if the nonce has already been used or if the
42 | # timestamp is not current.
43 | # You can use OpenID::Store::Nonce::SKEW for your timestamp window.
44 | # server_url: URL of the server from which the nonce originated
45 | # timestamp: time the nonce was created in seconds since unix epoch
46 | # salt: A random string that makes two nonces issued by a server in
47 | # the same second unique
48 | def use_nonce(server_url, timestamp, salt)
49 | raise NotImplementedError
50 | end
51 |
52 | # Remove expired nonces from the store
53 | # Discards any nonce that is old enough that it wouldn't pass use_nonce
54 | # Not called during normal library operation, this method is for store
55 | # admins to keep their storage from filling up with expired data
56 | def cleanup_nonces
57 | raise NotImplementedError
58 | end
59 |
60 | # Remove expired associations from the store
61 | # Not called during normal library operation, this method is for store
62 | # admins to keep their storage from filling up with expired data
63 | def cleanup_associations
64 | raise NotImplementedError
65 | end
66 |
67 | # Remove expired nonces and associations from the store
68 | # Not called during normal library operation, this method is for store
69 | # admins to keep their storage from filling up with expired data
70 | def cleanup
71 | return cleanup_nonces, cleanup_associations
72 | end
73 | end
74 | end
75 | end
76 |
--------------------------------------------------------------------------------
/lib/openid/util.rb:
--------------------------------------------------------------------------------
1 | require "cgi"
2 | require "uri"
3 | require "logger"
4 |
5 | # See OpenID::Consumer or OpenID::Server modules, as well as the store classes
6 | module OpenID
7 | class AssertionError < Exception
8 | end
9 |
10 | # Exceptions that are raised by the library are subclasses of this
11 | # exception type, so if you want to catch all exceptions raised by
12 | # the library, you can catch OpenIDError
13 | class OpenIDError < StandardError
14 | end
15 |
16 | module Util
17 |
18 | BASE64_CHARS = ('ABCDEFGHIJKLMNOPQRSTUVWXYZ' \
19 | 'abcdefghijklmnopqrstuvwxyz0123456789+/')
20 | BASE64_RE = Regexp.compile("
21 | \\A
22 | ([#{BASE64_CHARS}]{4})*
23 | ([#{BASE64_CHARS}]{2}==|
24 | [#{BASE64_CHARS}]{3}=)?
25 | \\Z", Regexp::EXTENDED)
26 |
27 | def Util.assert(value, message=nil)
28 | if not value
29 | raise AssertionError, message or value
30 | end
31 | end
32 |
33 | def Util.to_base64(s)
34 | [s].pack('m').gsub("\n", "")
35 | end
36 |
37 | def Util.from_base64(s)
38 | without_newlines = s.gsub(/[\r\n]+/, '')
39 | if !BASE64_RE.match(without_newlines)
40 | raise ArgumentError, "Malformed input: #{s.inspect}"
41 | end
42 | without_newlines.unpack('m').first
43 | end
44 |
45 | def Util.urlencode(args)
46 | a = []
47 | args.each do |key, val|
48 | if val.nil?
49 | val = ''
50 | elsif !!val == val
51 | #it's boolean let's convert it to string representation
52 | # or else CGI::escape won't like it
53 | val = val.to_s
54 | end
55 |
56 | a << (CGI::escape(key) + "=" + CGI::escape(val))
57 | end
58 | a.join("&")
59 | end
60 |
61 | def Util.parse_query(qs)
62 | query = {}
63 | CGI::parse(qs).each {|k,v| query[k] = v[0]}
64 | return query
65 | end
66 |
67 | def Util.append_args(url, args)
68 | url = url.dup
69 | return url if args.length == 0
70 |
71 | if args.respond_to?('each_pair')
72 | args = args.sort
73 | end
74 |
75 | url << (url.include?("?") ? "&" : "?")
76 | url << Util.urlencode(args)
77 | end
78 |
79 | @@logger = Logger.new(STDERR)
80 | @@logger.progname = "OpenID"
81 |
82 | def Util.logger=(logger)
83 | @@logger = logger
84 | end
85 |
86 | def Util.logger
87 | @@logger
88 | end
89 |
90 | # change the message below to do whatever you like for logging
91 | def Util.log(message)
92 | logger.info(message)
93 | end
94 |
95 | def Util.auto_submit_html(form, title='OpenID transaction in progress')
96 | return "
97 |
98 |
99 | #{title}
100 |
101 |
102 | #{form}
103 |
109 |
110 |
111 | "
112 | end
113 |
114 | ESCAPE_TABLE = { '&' => '&', '<' => '<', '>' => '>', '"' => '"', "'" => ''' }
115 | # Modified from ERb's html_encode
116 | def Util.html_encode(str)
117 | str.to_s.gsub(/[&<>"']/) {|s| ESCAPE_TABLE[s] }
118 | end
119 | end
120 |
121 | end
122 |
--------------------------------------------------------------------------------
/lib/openid/cryptutil.rb:
--------------------------------------------------------------------------------
1 | require "openid/util"
2 | require "digest/sha1"
3 | require "digest/sha2"
4 | begin
5 | require "openssl"
6 | rescue LoadError
7 | begin
8 | # Try loading the ruby-hmac files if they exist
9 | require "hmac-sha1"
10 | require "hmac-sha2"
11 | rescue LoadError
12 | # Nothing exists use included hmac files
13 | require "hmac/sha1"
14 | require "hmac/sha2"
15 | end
16 | end
17 |
18 | module OpenID
19 | # This module contains everything needed to perform low-level
20 | # cryptograph and data manipulation tasks.
21 | module CryptUtil
22 |
23 | # Generate a random number, doing a little extra work to make it
24 | # more likely that it's suitable for cryptography. If your system
25 | # doesn't have /dev/urandom then this number is not
26 | # cryptographically safe. See
27 | #
Joe Schmoe's Homepage
100 |Blah blah blah blah blah blah blah
101 | 102 | 103 | 404_server_response 104 | Status: 404 Not Found 105 | 106 | EEk! 107 | 108 | 500_server_response 109 | Status: 500 Server error 110 | 111 | EEk! 112 | 113 | 201_server_response 114 | Status: 201 Created 115 | 116 | EEk! 117 | 118 | 404_with_header 119 | Status: 404 Not Found 120 | YADIS_HEADER: URL_BASE/xrds 121 | 122 | EEk! 123 | 124 | 404_with_meta 125 | Status: 404 Not Found 126 | Content-Type: text/html 127 | 128 | 129 | 130 | 131 |Joe Schmoe's Homepage
135 |Blah blah blah blah blah blah blah
136 | 137 | 138 | -------------------------------------------------------------------------------- /lib/openid/extensions/oauth.rb: -------------------------------------------------------------------------------- 1 | # An implementation of the OpenID OAuth Extension 2 | # Extension 1.0 3 | # see: http://openid.net/specs/ 4 | 5 | require 'openid/extension' 6 | 7 | module OpenID 8 | 9 | module OAuth 10 | NS_URI = "http://specs.openid.net/extensions/oauth/1.0" 11 | # An OAuth token request, sent from a relying 12 | # party to a provider 13 | class Request < Extension 14 | attr_accessor :consumer, :scope, :ns_alias, :ns_uri 15 | def initialize(consumer=nil, scope=nil) 16 | @ns_alias = 'oauth' 17 | @ns_uri = NS_URI 18 | @consumer = consumer 19 | @scope = scope 20 | end 21 | 22 | 23 | def get_extension_args 24 | ns_args = {} 25 | ns_args['consumer'] = @consumer if @consumer 26 | ns_args['scope'] = @scope if @scope 27 | return ns_args 28 | end 29 | 30 | # Instantiate a Request object from the arguments in a 31 | # checkid_* OpenID message 32 | # return nil if the extension was not requested. 33 | def self.from_openid_request(oid_req) 34 | oauth_req = new 35 | args = oid_req.message.get_args(NS_URI) 36 | if args == {} 37 | return nil 38 | end 39 | oauth_req.parse_extension_args(args) 40 | return oauth_req 41 | end 42 | 43 | # Set the state of this request to be that expressed in these 44 | # OAuth arguments 45 | def parse_extension_args(args) 46 | @consumer = args["consumer"] 47 | @scope = args["scope"] 48 | end 49 | 50 | end 51 | 52 | # A OAuth request token response, sent from a provider 53 | # to a relying party 54 | class Response < Extension 55 | attr_accessor :request_token, :scope 56 | def initialize(request_token=nil, scope=nil) 57 | @ns_alias = 'oauth' 58 | @ns_uri = NS_URI 59 | @request_token = request_token 60 | @scope = scope 61 | end 62 | 63 | # Create a Response object from an OpenID::Consumer::SuccessResponse 64 | def self.from_success_response(success_response) 65 | args = success_response.get_signed_ns(NS_URI) 66 | return nil if args.nil? 67 | oauth_resp = new 68 | oauth_resp.parse_extension_args(args) 69 | return oauth_resp 70 | end 71 | 72 | # parse the oauth request arguments into the 73 | # internal state of this object 74 | # if strict is specified, raise an exception when bad data is 75 | # encountered 76 | def parse_extension_args(args, strict=false) 77 | @request_token = args["request_token"] 78 | @scope = args["scope"] 79 | end 80 | 81 | def get_extension_args 82 | ns_args = {} 83 | ns_args['request_token'] = @request_token if @request_token 84 | ns_args['scope'] = @scope if @scope 85 | return ns_args 86 | end 87 | 88 | end 89 | end 90 | 91 | end 92 | -------------------------------------------------------------------------------- /lib/openid/yadis/xri.rb: -------------------------------------------------------------------------------- 1 | require 'openid/fetchers' 2 | 3 | module OpenID 4 | module Yadis 5 | module XRI 6 | 7 | # The '(' is for cross-reference authorities, and hopefully has a 8 | # matching ')' somewhere. 9 | XRI_AUTHORITIES = ["!", "=", "@", "+", "$", "("] 10 | 11 | def self.identifier_scheme(identifier) 12 | if (!identifier.nil? and 13 | identifier.length > 0 and 14 | (identifier.match('^xri://') or 15 | XRI_AUTHORITIES.member?(identifier[0].chr))) 16 | return :xri 17 | else 18 | return :uri 19 | end 20 | end 21 | 22 | # Transform an XRI reference to an IRI reference. Note this is 23 | # not not idempotent, so do not apply this to an identifier more 24 | # than once. XRI Syntax section 2.3.1 25 | def self.to_iri_normal(xri) 26 | iri = xri.dup 27 | iri.insert(0, 'xri://') if not iri.match('^xri://') 28 | return escape_for_iri(iri) 29 | end 30 | 31 | # Note this is not not idempotent, so do not apply this more than 32 | # once. XRI Syntax section 2.3.2 33 | def self.escape_for_iri(xri) 34 | esc = xri.dup 35 | # encode all % 36 | esc.gsub!(/%/, '%25') 37 | esc.gsub!(/\((.*?)\)/) { |xref_match| 38 | xref_match.gsub(/[\/\?\#]/) { |char_match| 39 | CGI::escape(char_match) 40 | } 41 | } 42 | return esc 43 | end 44 | 45 | # Transform an XRI reference to a URI reference. Note this is not 46 | # not idempotent, so do not apply this to an identifier more than 47 | # once. XRI Syntax section 2.3.1 48 | def self.to_uri_normal(xri) 49 | return iri_to_uri(to_iri_normal(xri)) 50 | end 51 | 52 | # RFC 3987 section 3.1 53 | def self.iri_to_uri(iri) 54 | uri = iri.dup 55 | # for char in ucschar or iprivate 56 | # convert each char to %HH%HH%HH (as many %HH as octets) 57 | return uri 58 | end 59 | 60 | def self.provider_is_authoritative(provider_id, canonical_id) 61 | lastbang = canonical_id.rindex('!') 62 | return false unless lastbang 63 | parent = canonical_id[0...lastbang] 64 | return parent == provider_id 65 | end 66 | 67 | def self.root_authority(xri) 68 | xri = xri[6..-1] if xri.index('xri://') == 0 69 | authority = xri.split('/', 2)[0] 70 | if authority[0].chr == '(' 71 | root = authority[0...authority.index(')')+1] 72 | elsif XRI_AUTHORITIES.member?(authority[0].chr) 73 | root = authority[0].chr 74 | else 75 | root = authority.split(/[!*]/)[0] 76 | end 77 | 78 | self.make_xri(root) 79 | end 80 | 81 | def self.make_xri(xri) 82 | if xri.index('xri://') != 0 83 | xri = 'xri://' + xri 84 | end 85 | return xri 86 | end 87 | end 88 | end 89 | end 90 | -------------------------------------------------------------------------------- /test/test_ui.rb: -------------------------------------------------------------------------------- 1 | require 'openid/extensions/ui' 2 | require 'openid/message' 3 | require 'openid/server' 4 | require 'minitest/autorun' 5 | 6 | module OpenID 7 | module UITest 8 | class UIRequestTestCase < Minitest::Test 9 | 10 | def setup 11 | @req = UI::Request.new 12 | end 13 | 14 | def test_construct 15 | assert_nil @req.mode 16 | assert_nil @req.icon 17 | assert_nil @req.lang 18 | assert_equal 'ui', @req.ns_alias 19 | 20 | req2 = UI::Request.new("popup", true, "ja-JP") 21 | assert_equal "popup", req2.mode 22 | assert_equal true, req2.icon 23 | assert_equal "ja-JP", req2.lang 24 | end 25 | 26 | def test_add_mode 27 | @req.mode = "popup" 28 | assert_equal "popup", @req.mode 29 | end 30 | 31 | def test_add_icon 32 | @req.icon = true 33 | assert_equal true, @req.icon 34 | end 35 | 36 | def test_add_lang 37 | @req.lang = "ja-JP" 38 | assert_equal "ja-JP", @req.lang 39 | end 40 | 41 | def test_get_extension_args 42 | assert_equal({}, @req.get_extension_args) 43 | @req.mode = "popup" 44 | assert_equal({'mode' => 'popup'}, @req.get_extension_args) 45 | @req.icon = true 46 | assert_equal({'mode' => 'popup', 'icon' => true}, @req.get_extension_args) 47 | @req.lang = "ja-JP" 48 | assert_equal({'mode' => 'popup', 'icon' => true, 'lang' => 'ja-JP'}, @req.get_extension_args) 49 | end 50 | 51 | def test_parse_extension_args 52 | args = {'mode' => 'popup', 'icon' => true, 'lang' => 'ja-JP'} 53 | @req.parse_extension_args args 54 | assert_equal "popup", @req.mode 55 | assert_equal true, @req.icon 56 | assert_equal "ja-JP", @req.lang 57 | end 58 | 59 | def test_parse_extension_args_empty 60 | @req.parse_extension_args({}) 61 | assert_nil @req.mode 62 | assert_nil @req.icon 63 | assert_nil @req.lang 64 | end 65 | 66 | def test_from_openid_request 67 | openid_req_msg = Message.from_openid_args( 68 | 'mode' => 'checkid_setup', 69 | 'ns' => OPENID2_NS, 70 | 'ns.ui' => UI::NS_URI, 71 | 'ui.mode' => 'popup', 72 | 'ui.icon' => true, 73 | 'ui.lang' => 'ja-JP' 74 | ) 75 | oid_req = Server::OpenIDRequest.new 76 | oid_req.message = openid_req_msg 77 | req = UI::Request.from_openid_request oid_req 78 | assert_equal "popup", req.mode 79 | assert_equal true, req.icon 80 | assert_equal "ja-JP", req.lang 81 | end 82 | 83 | def test_from_openid_request_no_ui_params 84 | message = Message.new 85 | openid_req = Server::OpenIDRequest.new 86 | openid_req.message = message 87 | ui_req = UI::Request.from_openid_request openid_req 88 | assert ui_req.nil? 89 | end 90 | 91 | end 92 | end 93 | end 94 | -------------------------------------------------------------------------------- /examples/rails_openid/config/application.rb: -------------------------------------------------------------------------------- 1 | require File.expand_path('../boot', __FILE__) 2 | 3 | require 'rails/all' 4 | 5 | if defined?(Bundler) 6 | # If you precompile assets before deploying to production, use this line 7 | Bundler.require(*Rails.groups(:assets => %w(development test))) 8 | # If you want your assets lazily compiled in production, use this line 9 | # Bundler.require(:default, :assets, Rails.env) 10 | end 11 | 12 | module RailsOpenid 13 | class Application < Rails::Application 14 | # Settings in config/environments/* take precedence over those specified here. 15 | # Application configuration should go into files in config/initializers 16 | # -- all .rb files in that directory are automatically loaded. 17 | 18 | # Custom directories with classes and modules you want to be autoloadable. 19 | # config.autoload_paths += %W(#{config.root}/extras) 20 | 21 | # Only load the plugins named here, in the order given (default is alphabetical). 22 | # :all can be used as a placeholder for all plugins not explicitly named. 23 | # config.plugins = [ :exception_notification, :ssl_requirement, :all ] 24 | 25 | # Activate observers that should always be running. 26 | # config.active_record.observers = :cacher, :garbage_collector, :forum_observer 27 | 28 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. 29 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. 30 | # config.time_zone = 'Central Time (US & Canada)' 31 | 32 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. 33 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] 34 | # config.i18n.default_locale = :de 35 | 36 | # Configure the default encoding used in templates for Ruby 1.9. 37 | config.encoding = "utf-8" 38 | 39 | # Configure sensitive parameters which will be filtered from the log file. 40 | config.filter_parameters += [:password] 41 | 42 | # Enable escaping HTML in JSON. 43 | config.active_support.escape_html_entities_in_json = true 44 | 45 | # Use SQL instead of Active Record's schema dumper when creating the database. 46 | # This is necessary if your schema can't be completely dumped by the schema dumper, 47 | # like if you have constraints or database-specific column types 48 | # config.active_record.schema_format = :sql 49 | 50 | # Enforce whitelist mode for mass assignment. 51 | # This will create an empty whitelist of attributes available for mass-assignment for all models 52 | # in your app. As such, your models will need to explicitly whitelist or blacklist accessible 53 | # parameters by using an attr_accessible or attr_protected declaration. 54 | config.active_record.whitelist_attributes = true 55 | 56 | # Enable the asset pipeline 57 | config.assets.enabled = true 58 | 59 | # Version of your assets, change this if you want to expire all your assets 60 | config.assets.version = '1.0' 61 | end 62 | end 63 | -------------------------------------------------------------------------------- /lib/openid/dh.rb: -------------------------------------------------------------------------------- 1 | require "openid/util" 2 | require "openid/cryptutil" 3 | 4 | module OpenID 5 | 6 | # Encapsulates a Diffie-Hellman key exchange. This class is used 7 | # internally by both the consumer and server objects. 8 | # 9 | # Read more about Diffie-Hellman on wikipedia: 10 | # http://en.wikipedia.org/wiki/Diffie-Hellman 11 | 12 | class DiffieHellman 13 | 14 | # From the OpenID specification 15 | @@default_mod = 155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443 16 | @@default_gen = 2 17 | 18 | attr_reader :modulus, :generator, :public 19 | 20 | # A new DiffieHellman object, using the modulus and generator from 21 | # the OpenID specification 22 | def DiffieHellman.from_defaults 23 | DiffieHellman.new(@@default_mod, @@default_gen) 24 | end 25 | 26 | def initialize(modulus=nil, generator=nil, priv=nil) 27 | @modulus = modulus.nil? ? @@default_mod : modulus 28 | @generator = generator.nil? ? @@default_gen : generator 29 | set_private(priv.nil? ? OpenID::CryptUtil.rand(@modulus-2) + 1 : priv) 30 | end 31 | 32 | def get_shared_secret(composite) 33 | DiffieHellman.powermod(composite, @private, @modulus) 34 | end 35 | 36 | def xor_secret(algorithm, composite, secret) 37 | dh_shared = get_shared_secret(composite) 38 | packed_dh_shared = OpenID::CryptUtil.num_to_binary(dh_shared) 39 | hashed_dh_shared = algorithm.call(packed_dh_shared) 40 | return DiffieHellman.strxor(secret, hashed_dh_shared) 41 | end 42 | 43 | def using_default_values? 44 | @generator == @@default_gen && @modulus == @@default_mod 45 | end 46 | 47 | private 48 | def set_private(priv) 49 | @private = priv 50 | @public = DiffieHellman.powermod(@generator, @private, @modulus) 51 | end 52 | 53 | def DiffieHellman.strxor(s, t) 54 | if s.length != t.length 55 | raise ArgumentError, "strxor: lengths don't match. " + 56 | "Inputs were #{s.inspect} and #{t.inspect}" 57 | end 58 | 59 | if String.method_defined? :bytes 60 | s.bytes.to_a.zip(t.bytes.to_a).map{|sb,tb| sb^tb}.pack('C*') 61 | else 62 | indices = 0...(s.length) 63 | chrs = indices.collect {|i| (s[i]^t[i]).chr} 64 | chrs.join("") 65 | end 66 | end 67 | 68 | # This code is taken from this post: 69 | #