Chris@1296: require 'uri' Chris@1296: require 'openid' Chris@1296: require 'rack/openid' Chris@1296: Chris@1296: module OpenIdAuthentication Chris@1296: def self.new(app) Chris@1296: store = OpenIdAuthentication.store Chris@1296: if store.nil? Chris@1296: Rails.logger.warn "OpenIdAuthentication.store is nil. Using in-memory store." Chris@1296: end Chris@1296: Chris@1296: ::Rack::OpenID.new(app, OpenIdAuthentication.store) Chris@1296: end Chris@1296: Chris@1296: def self.store Chris@1296: @@store Chris@1296: end Chris@1296: Chris@1296: def self.store=(*store_option) Chris@1296: store, *parameters = *([ store_option ].flatten) Chris@1296: Chris@1296: @@store = case store Chris@1296: when :memory Chris@1296: require 'openid/store/memory' Chris@1296: OpenID::Store::Memory.new Chris@1296: when :file Chris@1296: require 'openid/store/filesystem' Chris@1296: OpenID::Store::Filesystem.new(Rails.root.join('tmp/openids')) Chris@1296: when :memcache Chris@1296: require 'memcache' Chris@1296: require 'openid/store/memcache' Chris@1296: OpenID::Store::Memcache.new(MemCache.new(parameters)) Chris@1296: else Chris@1296: store Chris@1296: end Chris@1296: end Chris@1296: Chris@1296: self.store = nil Chris@1296: Chris@1296: class InvalidOpenId < StandardError Chris@1296: end Chris@1296: Chris@1296: class Result Chris@1296: ERROR_MESSAGES = { Chris@1296: :missing => "Sorry, the OpenID server couldn't be found", Chris@1296: :invalid => "Sorry, but this does not appear to be a valid OpenID", Chris@1296: :canceled => "OpenID verification was canceled", Chris@1296: :failed => "OpenID verification failed", Chris@1296: :setup_needed => "OpenID verification needs setup" Chris@1296: } Chris@1296: Chris@1296: def self.[](code) Chris@1296: new(code) Chris@1296: end Chris@1296: Chris@1296: def initialize(code) Chris@1296: @code = code Chris@1296: end Chris@1296: Chris@1296: def status Chris@1296: @code Chris@1296: end Chris@1296: Chris@1296: ERROR_MESSAGES.keys.each { |state| define_method("#{state}?") { @code == state } } Chris@1296: Chris@1296: def successful? Chris@1296: @code == :successful Chris@1296: end Chris@1296: Chris@1296: def unsuccessful? Chris@1296: ERROR_MESSAGES.keys.include?(@code) Chris@1296: end Chris@1296: Chris@1296: def message Chris@1296: ERROR_MESSAGES[@code] Chris@1296: end Chris@1296: end Chris@1296: Chris@1296: # normalizes an OpenID according to http://openid.net/specs/openid-authentication-2_0.html#normalization Chris@1296: def self.normalize_identifier(identifier) Chris@1296: # clean up whitespace Chris@1296: identifier = identifier.to_s.strip Chris@1296: Chris@1296: # if an XRI has a prefix, strip it. Chris@1296: identifier.gsub!(/xri:\/\//i, '') Chris@1296: Chris@1296: # dodge XRIs -- TODO: validate, don't just skip. Chris@1296: unless ['=', '@', '+', '$', '!', '('].include?(identifier.at(0)) Chris@1296: # does it begin with http? if not, add it. Chris@1296: identifier = "http://#{identifier}" unless identifier =~ /^http/i Chris@1296: Chris@1296: # strip any fragments Chris@1296: identifier.gsub!(/\#(.*)$/, '') Chris@1296: Chris@1296: begin Chris@1296: uri = URI.parse(identifier) Chris@1296: uri.scheme = uri.scheme.downcase if uri.scheme # URI should do this Chris@1296: identifier = uri.normalize.to_s Chris@1296: rescue URI::InvalidURIError Chris@1296: raise InvalidOpenId.new("#{identifier} is not an OpenID identifier") Chris@1296: end Chris@1296: end Chris@1296: Chris@1296: return identifier Chris@1296: end Chris@1296: Chris@1296: protected Chris@1296: # The parameter name of "openid_identifier" is used rather than Chris@1296: # the Rails convention "open_id_identifier" because that's what Chris@1296: # the specification dictates in order to get browser auto-complete Chris@1296: # working across sites Chris@1296: def using_open_id?(identifier = nil) #:doc: Chris@1296: identifier ||= open_id_identifier Chris@1296: !identifier.blank? || request.env[Rack::OpenID::RESPONSE] Chris@1296: end Chris@1296: Chris@1296: def authenticate_with_open_id(identifier = nil, options = {}, &block) #:doc: Chris@1296: identifier ||= open_id_identifier Chris@1296: Chris@1296: if request.env[Rack::OpenID::RESPONSE] Chris@1296: complete_open_id_authentication(&block) Chris@1296: else Chris@1296: begin_open_id_authentication(identifier, options, &block) Chris@1296: end Chris@1296: end Chris@1296: Chris@1296: private Chris@1296: def open_id_identifier Chris@1296: params[:openid_identifier] || params[:openid_url] Chris@1296: end Chris@1296: Chris@1296: def begin_open_id_authentication(identifier, options = {}) Chris@1296: options[:identifier] = identifier Chris@1296: value = Rack::OpenID.build_header(options) Chris@1296: response.headers[Rack::OpenID::AUTHENTICATE_HEADER] = value Chris@1296: head :unauthorized Chris@1296: end Chris@1296: Chris@1296: def complete_open_id_authentication Chris@1296: response = request.env[Rack::OpenID::RESPONSE] Chris@1296: identifier = response.display_identifier Chris@1296: Chris@1296: case response.status Chris@1296: when OpenID::Consumer::SUCCESS Chris@1296: yield Result[:successful], identifier, Chris@1296: OpenID::SReg::Response.from_success_response(response) Chris@1296: when :missing Chris@1296: yield Result[:missing], identifier, nil Chris@1296: when :invalid Chris@1296: yield Result[:invalid], identifier, nil Chris@1296: when OpenID::Consumer::CANCEL Chris@1296: yield Result[:canceled], identifier, nil Chris@1296: when OpenID::Consumer::FAILURE Chris@1296: yield Result[:failed], identifier, nil Chris@1296: when OpenID::Consumer::SETUP_NEEDED Chris@1296: yield Result[:setup_needed], response.setup_url, nil Chris@1296: end Chris@1296: end Chris@1296: end