Mercurial > hg > soundsoftware-site

annotate .svn/pristine/a4/a494e5a07ce50a0c4f746379917023ec9e432959.svn-base @ 1524:82fac3dcf466 redmine-2.5-integration

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix failure to interpret Javascript when autocompleting members for project
author Chris Cannam <chris.cannam@soundsoftware.ac.uk>
date Thu, 11 Sep 2014 10:24:38 +0100
parents cbb26bc654de
children
rev   line source
Chris@909 1 require 'uri'
Chris@909 2 require 'openid/extensions/sreg'
Chris@909 3 require 'openid/extensions/ax'
Chris@909 4 require 'openid/store/filesystem'
Chris@909 5
Chris@909 6 require File.dirname(__FILE__) + '/open_id_authentication/db_store'
Chris@909 7 require File.dirname(__FILE__) + '/open_id_authentication/mem_cache_store'
Chris@909 8 require File.dirname(__FILE__) + '/open_id_authentication/request'
Chris@909 9 require File.dirname(__FILE__) + '/open_id_authentication/timeout_fixes' if OpenID::VERSION == "2.0.4"
Chris@909 10
Chris@909 11 module OpenIdAuthentication
Chris@909 12 OPEN_ID_AUTHENTICATION_DIR = RAILS_ROOT + "/tmp/openids"
Chris@909 13
Chris@909 14 def self.store
Chris@909 15 @@store
Chris@909 16 end
Chris@909 17
Chris@909 18 def self.store=(*store_option)
Chris@909 19 store, *parameters = *([ store_option ].flatten)
Chris@909 20
Chris@909 21 @@store = case store
Chris@909 22 when :db
Chris@909 23 OpenIdAuthentication::DbStore.new
Chris@909 24 when :mem_cache
Chris@909 25 OpenIdAuthentication::MemCacheStore.new(*parameters)
Chris@909 26 when :file
Chris@909 27 OpenID::Store::Filesystem.new(OPEN_ID_AUTHENTICATION_DIR)
Chris@909 28 else
Chris@909 29 raise "Unknown store: #{store}"
Chris@909 30 end
Chris@909 31 end
Chris@909 32
Chris@909 33 self.store = :db
Chris@909 34
Chris@909 35 class InvalidOpenId < StandardError
Chris@909 36 end
Chris@909 37
Chris@909 38 class Result
Chris@909 39 ERROR_MESSAGES = {
Chris@909 40 :missing => "Sorry, the OpenID server couldn't be found",
Chris@909 41 :invalid => "Sorry, but this does not appear to be a valid OpenID",
Chris@909 42 :canceled => "OpenID verification was canceled",
Chris@909 43 :failed => "OpenID verification failed",
Chris@909 44 :setup_needed => "OpenID verification needs setup"
Chris@909 45 }
Chris@909 46
Chris@909 47 def self.[](code)
Chris@909 48 new(code)
Chris@909 49 end
Chris@909 50
Chris@909 51 def initialize(code)
Chris@909 52 @code = code
Chris@909 53 end
Chris@909 54
Chris@909 55 def status
Chris@909 56 @code
Chris@909 57 end
Chris@909 58
Chris@909 59 ERROR_MESSAGES.keys.each { |state| define_method("#{state}?") { @code == state } }
Chris@909 60
Chris@909 61 def successful?
Chris@909 62 @code == :successful
Chris@909 63 end
Chris@909 64
Chris@909 65 def unsuccessful?
Chris@909 66 ERROR_MESSAGES.keys.include?(@code)
Chris@909 67 end
Chris@909 68
Chris@909 69 def message
Chris@909 70 ERROR_MESSAGES[@code]
Chris@909 71 end
Chris@909 72 end
Chris@909 73
Chris@909 74 # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization
Chris@909 75 def self.normalize_identifier(identifier)
Chris@909 76 # clean up whitespace
Chris@909 77 identifier = identifier.to_s.strip
Chris@909 78
Chris@909 79 # if an XRI has a prefix, strip it.
Chris@909 80 identifier.gsub!(/xri:\/\//i, '')
Chris@909 81
Chris@909 82 # dodge XRIs -- TODO: validate, don't just skip.
Chris@909 83 unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0))
Chris@909 84 # does it begin with http? if not, add it.
Chris@909 85 identifier = "http://#{identifier}" unless identifier =~ /^http/i
Chris@909 86
Chris@909 87 # strip any fragments
Chris@909 88 identifier.gsub!(/\#(.*)$/, '')
Chris@909 89
Chris@909 90 begin
Chris@909 91 uri = URI.parse(identifier)
Chris@909 92 uri.scheme = uri.scheme.downcase if uri.scheme # URI should do this
Chris@909 93 identifier = uri.normalize.to_s
Chris@909 94 rescue URI::InvalidURIError
Chris@909 95 raise InvalidOpenId.new("#{identifier} is not an OpenID identifier")
Chris@909 96 end
Chris@909 97 end
Chris@909 98
Chris@909 99 return identifier
Chris@909 100 end
Chris@909 101
Chris@909 102 # deprecated for OpenID 2.0, where not all OpenIDs are URLs
Chris@909 103 def self.normalize_url(url)
Chris@909 104 ActiveSupport::Deprecation.warn "normalize_url has been deprecated, use normalize_identifier instead"
Chris@909 105 self.normalize_identifier(url)
Chris@909 106 end
Chris@909 107
Chris@909 108 protected
Chris@909 109 def normalize_url(url)
Chris@909 110 OpenIdAuthentication.normalize_url(url)
Chris@909 111 end
Chris@909 112
Chris@909 113 def normalize_identifier(url)
Chris@909 114 OpenIdAuthentication.normalize_identifier(url)
Chris@909 115 end
Chris@909 116
Chris@909 117 # The parameter name of "openid_identifier" is used rather than the Rails convention "open_id_identifier"
Chris@909 118 # because that's what the specification dictates in order to get browser auto-complete working across sites
Chris@909 119 def using_open_id?(identity_url = nil) #:doc:
Chris@909 120 identity_url ||= params[:openid_identifier] || params[:openid_url]
Chris@909 121 !identity_url.blank? || params[:open_id_complete]
Chris@909 122 end
Chris@909 123
Chris@909 124 def authenticate_with_open_id(identity_url = nil, options = {}, &block) #:doc:
Chris@909 125 identity_url ||= params[:openid_identifier] || params[:openid_url]
Chris@909 126
Chris@909 127 if params[:open_id_complete].nil?
Chris@909 128 begin_open_id_authentication(identity_url, options, &block)
Chris@909 129 else
Chris@909 130 complete_open_id_authentication(&block)
Chris@909 131 end
Chris@909 132 end
Chris@909 133
Chris@909 134 private
Chris@909 135 def begin_open_id_authentication(identity_url, options = {})
Chris@909 136 identity_url = normalize_identifier(identity_url)
Chris@909 137 return_to = options.delete(:return_to)
Chris@909 138 method = options.delete(:method)
Chris@909 139
Chris@909 140 options[:required] ||= [] # reduces validation later
Chris@909 141 options[:optional] ||= []
Chris@909 142
Chris@909 143 open_id_request = open_id_consumer.begin(identity_url)
Chris@909 144 add_simple_registration_fields(open_id_request, options)
Chris@909 145 add_ax_fields(open_id_request, options)
Chris@909 146 redirect_to(open_id_redirect_url(open_id_request, return_to, method))
Chris@909 147 rescue OpenIdAuthentication::InvalidOpenId => e
Chris@909 148 yield Result[:invalid], identity_url, nil
Chris@909 149 rescue OpenID::OpenIDError, Timeout::Error => e
Chris@909 150 logger.error("[OPENID] #{e}")
Chris@909 151 yield Result[:missing], identity_url, nil
Chris@909 152 end
Chris@909 153
Chris@909 154 def complete_open_id_authentication
Chris@909 155 params_with_path = params.reject { |key, value| request.path_parameters[key] }
Chris@909 156 params_with_path.delete(:format)
Chris@909 157 open_id_response = timeout_protection_from_identity_server { open_id_consumer.complete(params_with_path, requested_url) }
Chris@909 158 identity_url = normalize_identifier(open_id_response.display_identifier) if open_id_response.display_identifier
Chris@909 159
Chris@909 160 case open_id_response.status
Chris@909 161 when OpenID::Consumer::SUCCESS
Chris@909 162 profile_data = {}
Chris@909 163
Chris@909 164 # merge the SReg data and the AX data into a single hash of profile data
Chris@909 165 [ OpenID::SReg::Response, OpenID::AX::FetchResponse ].each do |data_response|
Chris@909 166 if data_response.from_success_response( open_id_response )
Chris@909 167 profile_data.merge! data_response.from_success_response( open_id_response ).data
Chris@909 168 end
Chris@909 169 end
Chris@909 170
Chris@909 171 yield Result[:successful], identity_url, profile_data
Chris@909 172 when OpenID::Consumer::CANCEL
Chris@909 173 yield Result[:canceled], identity_url, nil
Chris@909 174 when OpenID::Consumer::FAILURE
Chris@909 175 yield Result[:failed], identity_url, nil
Chris@909 176 when OpenID::Consumer::SETUP_NEEDED
Chris@909 177 yield Result[:setup_needed], open_id_response.setup_url, nil
Chris@909 178 end
Chris@909 179 end
Chris@909 180
Chris@909 181 def open_id_consumer
Chris@909 182 OpenID::Consumer.new(session, OpenIdAuthentication.store)
Chris@909 183 end
Chris@909 184
Chris@909 185 def add_simple_registration_fields(open_id_request, fields)
Chris@909 186 sreg_request = OpenID::SReg::Request.new
Chris@909 187
Chris@909 188 # filter out AX identifiers (URIs)
Chris@909 189 required_fields = fields[:required].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact
Chris@909 190 optional_fields = fields[:optional].collect { |f| f.to_s unless f =~ /^https?:\/\// }.compact
Chris@909 191
Chris@909 192 sreg_request.request_fields(required_fields, true) unless required_fields.blank?
Chris@909 193 sreg_request.request_fields(optional_fields, false) unless optional_fields.blank?
Chris@909 194 sreg_request.policy_url = fields[:policy_url] if fields[:policy_url]
Chris@909 195 open_id_request.add_extension(sreg_request)
Chris@909 196 end
Chris@909 197
Chris@909 198 def add_ax_fields( open_id_request, fields )
Chris@909 199 ax_request = OpenID::AX::FetchRequest.new
Chris@909 200
Chris@909 201 # look through the :required and :optional fields for URIs (AX identifiers)
Chris@909 202 fields[:required].each do |f|
Chris@909 203 next unless f =~ /^https?:\/\//
Chris@909 204 ax_request.add( OpenID::AX::AttrInfo.new( f, nil, true ) )
Chris@909 205 end
Chris@909 206
Chris@909 207 fields[:optional].each do |f|
Chris@909 208 next unless f =~ /^https?:\/\//
Chris@909 209 ax_request.add( OpenID::AX::AttrInfo.new( f, nil, false ) )
Chris@909 210 end
Chris@909 211
Chris@909 212 open_id_request.add_extension( ax_request )
Chris@909 213 end
Chris@909 214
Chris@909 215 def open_id_redirect_url(open_id_request, return_to = nil, method = nil)
Chris@909 216 open_id_request.return_to_args['_method'] = (method || request.method).to_s
Chris@909 217 open_id_request.return_to_args['open_id_complete'] = '1'
Chris@909 218 open_id_request.redirect_url(root_url, return_to || requested_url)
Chris@909 219 end
Chris@909 220
Chris@909 221 def requested_url
Chris@909 222 relative_url_root = self.class.respond_to?(:relative_url_root) ?
Chris@909 223 self.class.relative_url_root.to_s :
Chris@909 224 request.relative_url_root
Chris@909 225 "#{request.protocol}#{request.host_with_port}#{relative_url_root}#{request.path}"
Chris@909 226 end
Chris@909 227
Chris@909 228 def timeout_protection_from_identity_server
Chris@909 229 yield
Chris@909 230 rescue Timeout::Error
Chris@909 231 Class.new do
Chris@909 232 def status
Chris@909 233 OpenID::FAILURE
Chris@909 234 end
Chris@909 235
Chris@909 236 def msg
Chris@909 237 "Identity server timed out"
Chris@909 238 end
Chris@909 239 end.new
Chris@909 240 end
Chris@909 241 end