# File 'lib/hmac/hmac.rb', line 36
+
+defset_key(key)
+ # If key is longer than the block size, apply hash function
+# to key and use the result as a real key.
+key=@algorithm.digest(key)ifkey.size>@block_size
+ key_xor_ipad="\x36"*@block_size
+ key_xor_opad="\x5C"*@block_size
+ foriin0..key.size-1
+ key_xor_ipad[i]^=key[i]
+ key_xor_opad[i]^=key[i]
+ end
+ @key_xor_ipad=key_xor_ipad
+ @key_xor_opad=key_xor_opad
+ @md=@algorithm.new
+ @status=STATUS_INITIALIZED
+end
# File 'lib/openid/yadis/htmltokenizer.rb', line 205
+
+definitialize(text)
+ super
+ temp_arr=text.scan(/^<!--\s*(.*?)\s*-->$/m)
+ raiseHTMLTokenizerError,"Text passed to HTMLComment.initialize is not a comment"iftemp_arr[0].nil?
+
+ @contents=temp_arr[0][0]
+end
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ #contents ⇒ Object
+
+
+
+
+
+
+
+
Returns the value of attribute contents.
+
+
+
+
+
+
+
+
+
+
+
+
+
+203
+204
+205
+
+
+
# File 'lib/openid/yadis/htmltokenizer.rb', line 203
+
+defcontents
+ @contents
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/HTMLTag.html b/docs/HTMLTag.html
new file mode 100644
index 00000000..9a12c179
--- /dev/null
+++ b/docs/HTMLTag.html
@@ -0,0 +1,640 @@
+
+
+
+
+
+
+ Class: HTMLTag
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/yadis/htmltokenizer.rb', line 218
+
+definitialize(text)
+ super
+ if"<"!=text[0]or">"!=text[-1]
+ raiseHTMLTokenizerError,"Text passed to HTMLComment.initialize is not a comment"
+ end
+
+ @attr_hash={}
+ @raw=text
+
+ tag_name=text.scan(/[\w:-]+/)[0]
+ raiseHTMLTokenizerError,"Error, tag is nil: #{tag_name}"iftag_name.nil?
+
+ if"/"==text[1]
+ # It's an end tag
+@end_tag=true
+ @tag_name="/"+tag_name.downcase
+ else
+ @end_tag=false
+ @tag_name=tag_name.downcase
+ end
+
+ @hashed=false
+end
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ #end_tag ⇒ Object(readonly)
+
+
+
+
+
+
+
+
Returns the value of attribute end_tag.
+
+
+
+
+
+
+
+
+
+
+
+
+
+216
+217
+218
+
+
+
# File 'lib/openid/yadis/htmltokenizer.rb', line 216
+
+defend_tag
+ @end_tag
+end
+
+
+
+
+
+
+
+
+
+
+ #tag_name ⇒ Object(readonly)
+
+
+
+
+
+
+
+
Returns the value of attribute tag_name.
+
+
+
+
+
+
+
+
+
+
+
+
+
+216
+217
+218
+
+
+
# File 'lib/openid/yadis/htmltokenizer.rb', line 216
+
+deftag_name
+ @tag_name
+end
+
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ #attr_hash ⇒ Object
+
+
+
+
+
+
+
+
Retrieve a hash of all the tagâs attributes.
+Lazily done, so that if you donât look at a tagâs attributes
+things go quicker
+ This is the paragraph, it contains
+ <a href=\"link.html\">links</a>,
+ <img src=\"blah.gif\" optional alt='images
+ are
+ really cool'>. Ok, here is some more text and
+ <A href=\"http://another.link.com/\" target=\"_blank\">another link</A>.
+
Get a tag from the specified set of desired tags.
+For example:
+foo = toke.getTag(âh1â, âh2â, âh3â)
+Will return the next header tag encountered.
# File 'lib/openid/yadis/htmltokenizer.rb', line 131
+
+defgetText(until_tag=nil)
+ ifuntil_tag.nil?
+ if"<"==@page[@cur_pos]
+ # Next token is a tag, not text
+""
+ else
+ # Next token is text
+getNextToken.text
+ end
+ else
+ ret_str=""
+
+ while(tag=peekNextToken)
+ breakiftag.is_a?(HTMLTag)andtag.tag_name==until_tag
+
+ ret_str<<(tag.text+"")if""!=tag.text
+ getNextToken
+ end
+
+ ret_str
+ end
+end
# File 'lib/openid/yadis/htmltokenizer.rb', line 68
+
+defpeekNextToken
+ returnif@cur_pos==@page.length
+
+ if"<"==@page[@cur_pos]
+ # Next token is a tag of some kind
+if"!--"==@page[(@cur_pos+1),3]
+ # Token is a comment
+tag_end=@page.index("-->",@cur_pos+1)
+ raiseHTMLTokenizerError,"No end found to started comment:\n#{@page[@cur_pos,80]}"iftag_end.nil?
+
+ # p @page[@cur_pos .. (tag_end+2)]
+HTMLComment.new(@page[@cur_pos..(tag_end+2)])
+ else
+ # Token is a html tag
+tag_end=@page.index(">",@cur_pos+1)
+ raiseHTMLTokenizerError,"No end found to started tag:\n#{@page[@cur_pos,80]}"iftag_end.nil?
+
+ # p @page[@cur_pos .. tag_end]
+HTMLTag.new(@page[@cur_pos..tag_end])
+ end
+ else
+ # Next token is text
+text_end=@page.index("<",@cur_pos)
+ text_end=text_end.nil??-1:(text_end-1)
+ # p @page[@cur_pos .. text_end]
+HTMLText.new(@page[@cur_pos..text_end])
+ end
+end
+
+
+
+
+
+
+
+
+ #reset ⇒ Object
+
+
+
+
+
+
+
+
Reset the parser, setting the current position back at the stop
+
+
+
+
+
+
+
+
+
+
+
+
+
+63
+64
+65
+
+
+
# File 'lib/openid/yadis/htmltokenizer.rb', line 63
+
+defreset
+ @cur_pos=0
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/HTMLTokenizerError.html b/docs/HTMLTokenizerError.html
new file mode 100644
index 00000000..853b8a5c
--- /dev/null
+++ b/docs/HTMLTokenizerError.html
@@ -0,0 +1,124 @@
+
+
+
+
+
+
+ Exception: HTMLTokenizerError
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/consumer/discovery.rb', line 348
+
+defself.arrange_by_type(service_list,preferred_types)
+ # Rearrange service_list in a new list so services are ordered by
+# types listed in preferred_types. Return the new list.
+
+ # Build a list with the service elements in tuples whose
+# comparison will prefer the one with the best matching service
+prio_services=[]
+
+ service_list.each_with_indexdo|s,index|
+ prio_services<<[best_matching_service(s,preferred_types),index,s]
+ end
+
+ prio_services.sort!
+
+ # Now that the services are sorted by priority, remove the sort
+# keys from the list.
+(0...prio_services.length).eachdo|i|
+ prio_services[i]=prio_services[i][2]
+ end
+
+ prio_services
+end
# File 'lib/openid/consumer/discovery.rb', line 333
+
+defself.best_matching_service(service,preferred_types)
+ # Return the index of the first matching type, or something higher
+# if no type matches.
+#
+# This provides an ordering in which service elements that contain
+# a type that comes earlier in the preferred types list come
+# before service elements that come later. If a service element
+# has more than one type, the most preferred one wins.
+preferred_types.each_with_indexdo|value,index|
+ returnindexifservice.type_uris.member?(value)
+ end
+
+ preferred_types.length
+end
raise ArgumentError if fieldname is not in the defined sreg fields
+
+
+
+
+
+
+
Raises:
+
+
+
+
+
+ (ArgumentError)
+
+
+
+
+
+
+
+
+
+
+
+
+
+30
+31
+32
+33
+34
+
+
+
# File 'lib/openid/extensions/sreg.rb', line 30
+
+defOpenID.check_sreg_field_name(fieldname)
+ returnifDATA_FIELDS.member?(fieldname)
+
+ raiseArgumentError,"#{fieldname} is not a defined simple registration field"
+end
+
+
+
+
+
+
+
+
+ .discover(identifier) ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+509
+510
+511
+512
+513
+514
+515
+
+
+
# File 'lib/openid/consumer/discovery.rb', line 509
+
+defself.discover(identifier)
+ ifYadis::XRI.identifier_scheme(identifier)==:xri
+ discover_xri(identifier)
+ else
+ discover_uri(identifier)
+ end
+end
# File 'lib/openid/consumer/discovery.rb', line 487
+
+defself.discover_uri(uri)
+ # Hack to work around URI parsing for URls with *no* scheme.
+uri="http://"+uriifuri.index("://").nil?
+
+ begin
+ parsed=URI.parse(uri)
+ rescueURI::InvalidURIError=>e
+ raiseDiscoveryFailure.new("URI is not valid: #{e.message}",nil)
+ end
+
+ if!parsed.scheme.nil?and!parsed.scheme.empty?&&!%w[httphttps].member?(parsed.scheme)
+ raiseDiscoveryFailure.new(
+ "URI scheme #{parsed.scheme} is not HTTP or HTTPS",nil
+ )
+ end
+
+ uri=normalize_url(uri)
+ claimed_id,openid_services=discover_yadis(uri)
+ claimed_id=normalize_url(claimed_id)
+ [claimed_id,openid_services]
+end
# File 'lib/openid/consumer/discovery.rb', line 440
+
+defself.discover_xri(iname)
+ endpoints=[]
+ iname=normalize_xri(iname)
+
+ begin
+ canonical_id,services=Yadis::XRI::ProxyResolver.new.query(iname)
+
+ raiseYadis::XRDSError.new(format("No CanonicalID found for XRI %s",iname))ifcanonical_id.nil?
+
+ flt=Yadis.make_filter(OpenIDServiceEndpoint)
+
+ services.eachdo|service_element|
+ endpoints+=flt.get_service_endpoints(iname,service_element)
+ end
+ rescueYadis::XRDSError,Yadis::XRI::XRIHTTPError=>e
+ Util.log("xrds error on "+iname+": "+e.to_s)
+ end
+
+ endpoints.eachdo|endpoint|
+ # Is there a way to pass this through the filter to the endpoint
+# constructor instead of tacking it on after?
+endpoint.canonical_id=canonical_id
+ endpoint.claimed_id=canonical_id
+ endpoint.display_identifier=iname
+ end
+
+ # FIXME: returned xri should probably be in some normal form
+[iname,get_op_or_user_services(endpoints)]
+end
# File 'lib/openid/consumer/discovery.rb', line 394
+
+defself.discover_yadis(uri)
+ # Discover OpenID services for a URI. Tries Yadis and falls back
+# on old-style <link rel='...'> discovery if Yadis fails.
+#
+# @param uri: normalized identity URL
+# @type uri: str
+#
+# @return: (claimed_id, services)
+# @rtype: (str, list(OpenIDServiceEndpoint))
+#
+# @raises DiscoveryFailure: when discovery fails.
+
+ # Might raise a yadis.discover.DiscoveryFailure if no document
+# came back for that URI at all. I don't think falling back to
+# OpenID 1.0 discovery on the same URL will help, so don't bother
+# to catch it.
+response=Yadis.discover(uri)
+
+ yadis_url=response.normalized_uri
+ body=response.response_text
+
+ begin
+ openid_services=OpenIDServiceEndpoint.from_xrds(yadis_url,body)
+ rescueYadis::XRDSError
+ # Does not parse as a Yadis XRDS file
+openid_services=[]
+ end
+
+ ifopenid_services.empty?
+ # Either not an XRDS or there are no OpenID services.
+
+ ifresponse.is_xrds
+ # if we got the Yadis content-type or followed the Yadis
+# header, re-fetch the document without following the Yadis
+# header, with no Accept header.
+returndiscover_no_yadis(uri)
+ end
+
+ # Try to parse the response as HTML.
+# <link rel="...">
+openid_services=OpenIDServiceEndpoint.from_html(yadis_url,body)
+ end
+
+ [yadis_url,get_op_or_user_services(openid_services)]
+end
# File 'lib/openid/consumer/html_parse.rb', line 131
+
+defself.find_first_href(link_attrs_list,target_rel)
+ # Return the value of the href attribute for the first link tag in
+# the list that has target_rel as a relationship.
+
+ # XXX: TESTME
+matches=find_links_rel(link_attrs_list,target_rel)
+ returnif!matchesormatches.empty?
+
+ first=matches[0]
+ first["href"]
+end
# File 'lib/openid/consumer/html_parse.rb', line 116
+
+defself.find_links_rel(link_attrs_list,target_rel)
+ # Filter the list of link attributes on whether it has target_rel
+# as a relationship.
+
+ # XXX: TESTME
+matches_target=->(attrs){link_has_rel(attrs,target_rel)}
+ result=[]
+
+ link_attrs_list.eachdo|item|
+ result<<itemifmatches_target.call(item)
+ end
+
+ result
+end
# File 'lib/openid/consumer/discovery.rb', line 265
+
+defself.find_op_local_identifier(service_element,type_uris)
+ # Find the OP-Local Identifier for this xrd:Service element.
+#
+# This considers openid:Delegate to be a synonym for xrd:LocalID
+# if both OpenID 1.X and OpenID 2.0 types are present. If only
+# OpenID 1.X is present, it returns the value of
+# openid:Delegate. If only OpenID 2.0 is present, it returns the
+# value of xrd:LocalID. If there is more than one LocalID tag and
+# the values are different, it raises a DiscoveryFailure. This is
+# also triggered when the xrd:LocalID and openid:Delegate tags are
+# different.
+
+ # XXX: Test this function on its own!
+
+ # Build the list of tags that could contain the OP-Local
+# Identifier
+local_id_tags=[]
+ iftype_uris.member?(OPENID_1_1_TYPE)or
+ type_uris.member?(OPENID_1_0_TYPE)
+ # local_id_tags << Yadis::nsTag(OPENID_1_0_NS, 'openid', 'Delegate')
+service_element.add_namespace("openid",OPENID_1_0_NS)
+ local_id_tags<<"openid:Delegate"
+ end
+
+ iftype_uris.member?(OPENID_2_0_TYPE)
+ # local_id_tags.append(Yadis::nsTag(XRD_NS_2_0, 'xrd', 'LocalID'))
+service_element.add_namespace("xrd",Yadis::XRD_NS_2_0)
+ local_id_tags<<"xrd:LocalID"
+ end
+
+ # Walk through all the matching tags and make sure that they all
+# have the same value
+local_id=nil
+ local_id_tags.eachdo|local_id_tag|
+ service_element.each_element(local_id_tag)do|local_id_element|
+ iflocal_id.nil?
+ local_id=local_id_element.text
+ elsiflocal_id!=local_id_element.text
+ format="More than one %s tag found in one service element"
+ message=format(format,local_id_tag)
+ raiseDiscoveryFailure.new(message,nil)
+ end
+ end
+ end
+
+ local_id
+end
# File 'lib/openid/consumer/discovery.rb', line 371
+
+defself.get_op_or_user_services(openid_services)
+ # Extract OP Identifier services. If none found, return the rest,
+# sorted with most preferred first according to
+# OpenIDServiceEndpoint.openid_type_uris.
+#
+# openid_services is a list of OpenIDServiceEndpoint objects.
+#
+# Returns a list of OpenIDServiceEndpoint objects.
+
+ op_services=arrange_by_type(openid_services,[OPENID_IDP_2_0_TYPE])
+
+ openid_services=arrange_by_type(
+ openid_services,
+ OpenIDServiceEndpoint::OPENID_TYPE_URIS,
+ )
+
+ if!op_services.empty?
+ op_services
+ else
+ openid_services
+ end
+end
# File 'lib/openid/association.rb', line 7
+
+defself.get_secret_size(assoc_type)
+ ifassoc_type=="HMAC-SHA1"
+ 20
+ elsifassoc_type=="HMAC-SHA256"
+ 32
+ else
+ raiseArgumentError("Unsupported association type: #{assoc_type}")
+ end
+end
+
+
+
+
+
+
+
+
+ .get_sreg_ns(message) ⇒ Object
+
+
+
+
+
+
+
+
Extract the simple registration namespace URI from the given
+OpenID message. Handles OpenID 1 and 2, as well as both sreg
+namespace URIs found in the wild, as well as missing namespace
+definitions (for OpenID 1)
# File 'lib/openid/extensions/sreg.rb', line 45
+
+defOpenID.get_sreg_ns(message)
+ [NS_URI_1_1,NS_URI_1_0].eachdo|ns|
+ returnnsifmessage.namespaces.get_alias(ns)
+ end
+ # try to add an alias, since we didn't find one
+ns=NS_URI_1_1
+ begin
+ message.namespaces.add_alias(ns,"sreg")
+ rescueIndexError
+ raiseNamespaceError
+ end
+ ns
+end
# File 'lib/openid/consumer/html_parse.rb', line 108
+
+defself.link_has_rel(link_attrs,target_rel)
+ # Does this link have target_rel as a relationship?
+
+ # XXX: TESTME
+rel_attr=link_attrs["rel"]
+ (rel_attrandrel_matches(rel_attr,target_rel))
+end
# File 'lib/openid/consumer/html_parse.rb', line 34
+
+defself.parse_link_attrs(html)
+ begin
+ stripped=html.gsub(REMOVED_RE,"")
+ rescueArgumentError
+ begin
+ stripped=html.encode("UTF-8","binary",invalid::replace,undef::replace,replace:"").gsub(
+ REMOVED_RE,""
+ )
+ rescueEncoding::UndefinedConversionError,Encoding::ConverterNotFoundError
+ # needed for a problem in JRuby where it can't handle the conversion.
+# see details here: https://github.com/jruby/jruby/issues/829
+stripped=html.encode("UTF-8","ASCII",invalid::replace,undef::replace,replace:"").gsub(
+ REMOVED_RE,""
+ )
+ end
+ end
+ parser=HTMLTokenizer.new(stripped)
+
+ links=[]
+ # to keep track of whether or not we are in the head element
+in_head=false
+ in_html=false
+ saw_head=false
+
+ begin
+ whileel=parser.getTag(
+ "head",
+ "/head",
+ "link",
+ "body",
+ "/body",
+ "html",
+ "/html",
+ )
+
+ # we are leaving head or have reached body, so we bail
+returnlinksif["/head","body","/body","/html"].member?(el.tag_name)
+
+ # enforce html > head > link
+in_html=trueifel.tag_name=="html"
+ nextunlessin_html
+
+ ifel.tag_name=="head"
+ ifsaw_head
+ returnlinks# only allow one head
+end
+
+ saw_head=true
+ in_head=trueunlessel.to_s[-2]==47# tag ends with a /: a short tag
+end
+ nextunlessin_head
+
+ returnlinksifel.tag_name=="html"
+
+ links<<unescape_hash(el.attr_hash)ifel.tag_name=="link"
+
+ end
+ rescueException# just stop parsing if there's an error
+end
+ links
+end
Given a namespace mapping and a string containing a comma-separated list of namespace aliases, return a list of type URIs that correspond to those aliases.
+
+
+
+
+
+
+
+
+
+
+
+
Class Method Details
+
+
+
+
+
+ .check_alias(name) ⇒ Object
+
+
+
+
+
+
+
+
check alias for invalid characters, raise AXError if found
# File 'lib/openid/extensions/ax.rb', line 13
+
+defself.check_alias(name)
+ returnunless/(,|\.)/.match?(name)
+
+ raiseError,"Alias #{name.inspect} must not contain a " \
+ "comma or period."
+end
Given a namespace mapping and a string containing a
+comma-separated list of namespace aliases, return a list of type
+URIs that correspond to those aliases.
+namespace_map: OpenID::NamespaceMap
# File 'lib/openid/extensions/ax.rb', line 104
+
+defself.to_type_uris(namespace_map,alias_list_s)
+ return[]ifalias_list_s.nil?
+
+ alias_list_s.split(",").inject([])do|uris,name|
+ type_uri=namespace_map.get_namespace_uri(name)
+ raiseIndexError,"No type defined for attribute name #{name.inspect}"iftype_uri.nil?
+
+ uris<<type_uri
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/AX/AXMessage.html b/docs/OpenID/AX/AXMessage.html
new file mode 100644
index 00000000..99a7d119
--- /dev/null
+++ b/docs/OpenID/AX/AXMessage.html
@@ -0,0 +1,462 @@
+
+
+
+
+
+
+ Class: OpenID::AX::AXMessage
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
An attribute exchange âfetch_requestâ message. This message is
+sent by a relying party when it wishes to obtain attributes about
+the subject of an OpenID authentication request.
Add an attribute to this attribute exchange request.
+attribute: AttrInfo, the attribute being requested
+Raises IndexError if the requested attribute is already present
+ in this request.
+
+
+
+
+
+
+
+
+
+
+
+
+
+135
+136
+137
+138
+139
+140
+141
+
+
+
# File 'lib/openid/extensions/ax.rb', line 135
+
+defadd(attribute)
+ if@requested_attributes[attribute.type_uri]
+ raiseIndexError,"The attribute #{attribute.type_uri} has already been requested"
+ end
+
+ @requested_attributes[attribute.type_uri]=attribute
+end
+
+
+
+
+
+
+
+
+ #attributes ⇒ Object
+
+
+
+
+
+
+
+
return the list of AttrInfo objects contained in the FetchRequest
+
+
+
+
+
+
+
+
+
+
+
+
+
+255
+256
+257
+
+
+
# File 'lib/openid/extensions/ax.rb', line 255
+
+defattributes
+ @requested_attributes.values
+end
+
+
+
+
+
+
+
+
+ #get_extension_args ⇒ Object
+
+
+
+
+
+
+
+
Get the serialized form of this attribute fetch request.
+returns a hash of the arguments
Use the aliases variable to manually add alias names in the response.
+Theyâll be returned to the client in the format:
+ openid.ax.type.email=http://openid.net/schema/contact/internet/email
+ openid.ax.value.email=guy@example.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+401
+402
+403
+
+
+
# File 'lib/openid/extensions/ax.rb', line 401
+
+defaliases
+ @aliases
+end
+
+
+
+
+
+
+
+
+
+
+ #update_url ⇒ Object(readonly)
+
+
+
+
+
+
+
+
Returns the value of attribute update_url.
+
+
+
+
+
+
+
+
+
+
+
+
+
+396
+397
+398
+
+
+
# File 'lib/openid/extensions/ax.rb', line 396
+
+defupdate_url
+ @update_url
+end
Serialize this object into arguments in the attribute
+exchange namespace
+Takes an optional FetchRequest. If specified, the response will be
+validated against this request, and empty responses for requested
+fields with no data will be sent.
# File 'lib/openid/extensions/ax.rb', line 415
+
+defget_extension_args(request=nil)
+ zero_value_types=[]
+
+ ifrequest
+ # Validate the data in the context of the request (the
+# same attributes should be present in each, and the
+# counts in the response must be no more than the counts
+# in the request)
+@data.keys.eachdo|type_uri|
+ unlessrequest.member?(type_uri)
+ raiseIndexError,"Response attribute not present in request: #{type_uri.inspect}"
+ end
+ end
+
+ request.attributes.eachdo|attr_info|
+ # Copy the aliases from the request so that reading
+# the response in light of the request is easier
+ifattr_info.ns_alias.nil?
+ @aliases.add(attr_info.type_uri)
+ else
+ @aliases.add_alias(attr_info.type_uri,attr_info.ns_alias)
+ end
+ values=@data[attr_info.type_uri]
+ zero_value_types<<attr_infoifvalues.empty?# @data defaults to []
+
+ ifattr_info.count!=UNLIMITED_VALUESandattr_info.count<values.size
+ raiseError,"More than the number of requested values were specified for #{attr_info.type_uri.inspect}"
+ end
+ end
+ end
+
+ kv_args=_get_extension_kv_args(@aliases)
+
+ # Add the KV args into the response with the args that are
+# unique to the fetch_response
+ax_args=new_args
+
+ zero_value_types.eachdo|attr_info|
+ name=@aliases.get_alias(attr_info.type_uri)
+ kv_args["type."+name]=attr_info.type_uri
+ kv_args["count."+name]="0"
+ end
+ update_url=(requestandrequest.update_urlor@update_url)
+ ax_args["update_url"]=update_urlunlessupdate_url.nil?
+ ax_args.update(kv_args)
+ ax_args
+end
# File 'lib/openid/extensions/ax.rb', line 297
+
+def_get_extension_kv_args(aliases=nil)
+ aliases=NamespaceMap.newifaliases.nil?
+
+ ax_args=new_args
+
+ @data.eachdo|type_uri,values|
+ name=aliases.add(type_uri)
+ ax_args["type."+name]=type_uri
+ ifvalues.size>1
+ ax_args["count."+name]=values.size.to_s
+
+ values.each_with_indexdo|value,i|
+ key="value.#{name}.#{i+1}"
+ ax_args[key]=value
+ end
+ # for attributes with only a single value, use a
+# nice shortcut to only show the value w/o the count
+else
+ values.eachdo|value|
+ key="value.#{name}"
+ ax_args[key]=value
+ end
+ end
+ end
+ ax_args
+end
Add a single value for the given attribute type to the
+message. If there are already values specified for this type,
+this value will be sent in addition to the values already
+specified.
+
+
+
+
+
+
+
+
+
+
+
+
+
+285
+286
+287
+
+
+
# File 'lib/openid/extensions/ax.rb', line 285
+
+defadd_value(type_uri,value)
+ @data[type_uri]=@data[type_uri]<<value
+end
+
+
+
+
+
+
+
+
+ #count(type_uri) ⇒ Object
+
+
+
+
+
+
+
+
get the number of responses for this attribute
+
+
+
+
+
+
+
+
+
+
+
+
+
+389
+390
+391
+
+
+
# File 'lib/openid/extensions/ax.rb', line 389
+
+defcount(type_uri)
+ @data[type_uri].size
+end
+
+
+
+
+
+
+
+
+ #get(type_uri) ⇒ Object
+
+
+
+
+
+
+
+
retrieve the list of values for this attribute
+
+
+
+
+
+
+
+
+
+
+
+
+
+379
+380
+381
+
+
+
# File 'lib/openid/extensions/ax.rb', line 379
+
+defget(type_uri)
+ @data[type_uri]
+end
Get a single value for an attribute. If no value was sent
+for this attribute, use the supplied default. If there is more
+than one value for this attribute, this method will fail.
# File 'lib/openid/extensions/ax.rb', line 370
+
+defget_single(type_uri,default=nil)
+ values=@data[type_uri]
+ returndefaultifvalues.empty?
+ raiseError,"More than one value present for #{type_uri.inspect}"ifvalues.size!=1
+
+ values[0]
+end
# File 'lib/openid/association.rb', line 133
+
+def==(other)
+ (other.class==self.classand
+ other.handle==handleand
+ other.secret==secretand
+
+ # The internals of the time objects seemed to differ
+# in an opaque way when serializing/unserializing.
+# I don't think this will be a problem.
+other.issued.to_i==issued.to_iand
+
+ other.lifetime==lifetimeand
+ other.assoc_type==assoc_type)
+end
# File 'lib/openid/association.rb', line 190
+
+defself.check_session_type(assoc_type,session_type)
+ returnifget_session_types(assoc_type).include?(session_type)
+
+ raiseProtocolError,"Session type #{session_type.inspect} not " \
+ "valid for association type #{assoc_type.inspect}"
+end
OpenID support for Relying Parties (aka Consumers).
+
+
This module documents the main interface with the OpenID consumer
+library. The only part of the library which has to be used and
+isnât documented in full here is the store required to create an
+Consumer instance.
+
+
= OVERVIEW
+
+
The OpenID identity verification process most commonly uses the
+following steps, as visible to the user of this library:
+
+
+
+
The user enters their OpenID into a field on the consumerâs
+site, and hits a login button.
+
+
+
The consumer site discovers the userâs OpenID provider using
+the Yadis protocol.
+
+
+
The consumer site sends the browser a redirect to the OpenID
+provider. This is the authentication request as described in
+the OpenID specification.
+
+
+
The OpenID providerâs site sends the browser a redirect back to
+the consumer site. This redirect contains the providerâs
+response to the authentication request.
+
+
+
+
The most important part of the flow to note is the consumerâs site
+must handle two separate HTTP requests in order to perform the
+full identity check.
+
+
= LIBRARY DESIGN
+
+
This consumer library is designed with that flow in mind. The
+goal is to make it as easy as possible to perform the above steps
+securely.
+
+
At a high level, there are two important parts in the consumer
+library. The first important part is this module, which contains
+the interface to actually use this library. The second is
+openid/store/interface.rb, which describes the interface to use if
+you need to create a custom method for storing the state this
+library needs to maintain between requests.
+
+
In general, the second part is less important for users of the
+library to know about, as several implementations are provided
+which cover a wide variety of situations in which consumers may
+use the library.
+
+
The Consumer class has methods corresponding to the actions
+necessary in each of steps 2, 3, and 4 described in the overview.
+Use of this library should be as easy as creating an Consumer
+instance and calling the methods appropriate for the action the
+site wants to take.
+
+
This library automatically detects which version of the OpenID
+protocol should be used for a transaction and constructs the
+proper requests and responses. Users of this library do not need
+to worry about supporting multiple protocol versions; the library
+supports them implicitly. Depending on the version of the
+protocol in use, the OpenID transaction may be more secure. See
+the OpenID specifications for more information.
+
+
= SESSIONS, STORES, AND STATELESS MODE
+
+
The Consumer object keeps track of two types of state:
+
+
+
+
State of the userâs current authentication attempt. Things
+like the identity URL, the list of endpoints discovered for
+that URL, and in case where some endpoints are unreachable, the
+list of endpoints already tried. This state needs to be held
+from Consumer.begin() to Consumer.complete(), but it is only
+applicable to a single session with a single user agent, and at
+the end of the authentication process (i.e. when an OP replies
+with either id_res. or cancel it may be
+discarded.
+
+
+
State of relationships with servers, i.e. shared secrets
+(associations) with servers and nonces seen on signed messages.
+This information should persist from one session to the next
+and should not be bound to a particular user-agent.
+
+
+
+
These two types of storage are reflected in the first two
+arguments of Consumerâs constructor, session and
+store. session is a dict-like object and we
+hope your web framework provides you with one of these bound to
+the user agent. store is an instance of Store.
+
+
Since the store does hold secrets shared between your application
+and the OpenID provider, you should be careful about how you use
+it in a shared hosting environment. If the filesystem or database
+permissions of your web host allow strangers to read from them, do
+not store your data there! If you have no safe place to store
+your data, construct your consumer with nil for the store, and it
+will operate only in stateless mode. Stateless mode may be
+slower, put more load on the OpenID provider, and trusts the
+provider to keep you safe from replay attacks.
+
+
Several store implementation are provided, and the interface is
+fully documented so that custom stores can be used as well. See
+the documentation for the Consumer class for more information on
+the interface for stores. The implementations that are provided
+allow the consumer site to store the necessary data in several
+different ways, including several SQL databases and normal files
+on disk.
+
+
= IMMEDIATE MODE
+
+
In the flow described above, the user may need to confirm to the
+OpenID provider that itâs ok to disclose his or her identity. The
+provider may draw pages asking for information from the user
+before it redirects the browser back to the consumerâs site. This
+is generally transparent to the consumer site, so it is typically
+ignored as an implementation detail.
+
+
There can be times, however, where the consumer site wants to get
+a response immediately. When this is the case, the consumer can
+put the library in immediate mode. In immediate mode, there is an
+extra response possible from the server, which is essentially the
+server reporting that it doesnât have enough information to answer
+the question yet.
+
+
= USING THIS LIBRARY
+
+
Integrating this library into an application is usually a
+relatively straightforward process. The process should basically
+follow this plan:
+
+
Add an OpenID login field somewhere on your site. When an OpenID
+is entered in that field and the form is submitted, it should make
+a request to the site that includes that OpenID URL.
+
+
First, the application should instantiate a Consumer with a
+session for per-user state and store for shared state using the
+store of choice.
+
+
Next, the application should call the begin method of
+Consumer instance. This method takes the OpenID URL as entered by
+the user. The begin method returns a CheckIDRequest
+object.
+
+
Next, the application should call the redirect_url method on the
+CheckIDRequest object. The parameter return_to is the
+URL that the OpenID server will send the user back to after
+attempting to verify his or her identity. The realm
+parameter is the URL (or URL pattern) that identifies your web
+site to the user when he or she is authorizing it. Send a
+redirect to the resulting URL to the userâs browser.
+
+
Thatâs the first half of the authentication process. The second
+half of the process is done after the userâs OpenID Provider sends
+the userâs browser a redirect back to your site to complete their
+login.
+
+
When that happens, the user will contact your site at the URL
+given as the return_to URL to the redirect_url call made
+above. The request will have several query parameters added to
+the URL by the OpenID provider as the information necessary to
+finish the request.
+
+
Get a Consumer instance with the same session and store as before
+and call its complete() method, passing in all the received query
+arguments and URL currently being handled.
+
+
There are multiple possible return types possible from that
+method. These indicate the whether or not the login was
+successful, and include any additional information appropriate for
+their type.
Code returned when either the of the
+OpenID::OpenIDConsumer.begin_auth or OpenID::OpenIDConsumer.complete_auth
+methods return successfully.
+
+
+
+
+
+
+
+
+
+
:success
+
+
FAILURE =
+
+
+
Code OpenID::OpenIDConsumer.complete_auth
+returns when the value it received indicated an invalid login.
+
+
+
+
+
+
+
+
+
+
:failure
+
+
CANCEL =
+
+
+
Code returned by OpenIDConsumer.complete_auth when the user
+cancels the operation from the server.
+
+
+
+
+
+
+
+
+
+
:cancel
+
+
SETUP_NEEDED =
+
+
+
Code returned by OpenID::OpenIDConsumer.complete_auth when the
+OpenIDConsumer instance is in immediate mode and ther server sends back a
+URL for the user to login with.
Start the OpenID authentication process. See steps 1-2 in the
+overview for the Consumer class.
+
+
user_url: Identity URL given by the user. This method performs a
+textual transformation of the URL to try and make sure it is
+normalized. For example, a user_url of example.com will be
+normalized to http://example.com/ normalizing and resolving any
+redirects the server might issue.
+
+
anonymous: A boolean value. Whether to make an anonymous
+request of the OpenID provider. Such a request does not ask for
+an authorization assertion for an OpenID identifier, but may be
+used with extensions to pass other data. e.g. âI donât care who
+you are, but Iâd like to know your time zone.â
+
+
Returns a CheckIDRequest object containing the discovered
+information, with a method for building a redirect URL to the
+server, as described in step 3 of the overview. This object may
+also be used to add extension arguments to the request, using
+its add_extension_arg method.
+
+
Raises DiscoveryFailure when no OpenID server can be found for
+this URL.
Start OpenID verification without doing OpenID server
+discovery. This method is used internally by Consumer.begin()
+after discovery is performed, and exists to provide an interface
+for library users needing to perform their own discovery.
+
+
service: an OpenID service endpoint descriptor. This object and
+factories for it are found in the openid/consumer/discovery.rb
+module.
Returns a subclass of Response. The type of response is
+indicated by the status attribute, which will be one of
+SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED.
# File 'lib/openid/consumer/associationmanager.rb', line 128
+
+defnegotiate_association
+ assoc_type,session_type=@negotiator.get_allowed_type
+ begin
+ request_association(assoc_type,session_type)
+ rescueServerError=>e
+ supported_types=extract_supported_association_type(e,assoc_type)
+ unlesssupported_types.nil?
+ # Attempt to create an association from the assoc_type and
+# session_type that the server told us it supported.
+assoc_type,session_type=supported_types
+ begin
+ request_association(assoc_type,session_type)
+ rescueServerError
+ Util.log("Server #{@server_url} refused its suggested " \
+ "association type: session_type=#{session_type}, " \
+ "assoc_type=#{assoc_type}")
+ nil
+ end
+ end
+ rescueInvalidOpenIDNamespace
+ Util.log("Server #{@server_url} returned a malformed association " \
+ "response. Falling back to check_id mode for this request.")
+ nil
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Consumer/CancelResponse.html b/docs/OpenID/Consumer/CancelResponse.html
new file mode 100644
index 00000000..67b23f06
--- /dev/null
+++ b/docs/OpenID/Consumer/CancelResponse.html
@@ -0,0 +1,238 @@
+
+
+
+
+
+
+ Class: OpenID::Consumer::CancelResponse
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
An object that holds the state necessary for generating an
+OpenID authentication request. This object holds the association
+with the server and the discovered information with which the
+request will be made.
+
+
It is separate from the consumer because you may wish to add
+things to the request before sending it on its way to the
+server. It also has serialization options that let you encode
+the authentication request as a URL or as a form POST.
Get html for a form to submit this request to the IDP.
+
+
form_tag_attrs is a hash of attributes to be added to the form
+tag. âaccept-charsetâ and âenctypeâ have defaults that can be
+overridden. If a value is supplied for âactionâ or âmethodâ,
+it will be replaced.
Produce a OpenID::Message representing this request.
+
+
Not specifying a return_to URL means that the user will not be
+returned to the site issuing the request upon its completion.
+
+
If immediate mode is requested, the OpenID provider is to send
+back a response immediately, useful for behind-the-scenes
+authentication attempts. Otherwise the OpenID provider may
+engage the user before providing a response. This is the
+default case, as the user may need to provide credentials or
+approve the request before a positive response can be sent.
Get a complete HTML document that autosubmits the request to the IDP
+with javascript. This method wraps form_markup - see that methodâs
+documentation for help with the parameters.
The resulting URL is the OpenID providerâs endpoint URL with
+parameters appended as query arguments. You should redirect
+the user agent to this URL.
+
+
OpenID 2.0 endpoints also accept POST requests, see
+âsend_redirect?â and âform_markupâ.
# File 'lib/openid/consumer/idres.rb', line 41
+
+definitialize(message,current_url,store=nil,endpoint=nil)
+ @store=store# Fer the nonce and invalidate_handle
+@message=message
+ @endpoint=endpoint
+ @current_url=current_url
+ @signed_list=nil
+
+ # Start the verification process
+id_res
+end
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ #endpoint ⇒ Object(readonly)
+
+
+
+
+
+
+
+
Returns the value of attribute endpoint.
+
+
+
+
+
+
+
+
+
+
+
+
+
+39
+40
+41
+
+
+
# File 'lib/openid/consumer/idres.rb', line 39
+
+defendpoint
+ @endpoint
+end
+
+
+
+
+
+
+
+
+
+
+ #message ⇒ Object(readonly)
+
+
+
+
+
+
+
+
Returns the value of attribute message.
+
+
+
+
+
+
+
+
+
+
+
+
+
+39
+40
+41
+
+
+
# File 'lib/openid/consumer/idres.rb', line 39
+
+defmessage
+ @message
+end
+
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ #signed_fields ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+52
+53
+54
+
+
+
# File 'lib/openid/consumer/idres.rb', line 52
+
+defsigned_fields
+ signed_list.map{|x|"openid."+x}
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Consumer/NoEncryptionSession.html b/docs/OpenID/Consumer/NoEncryptionSession.html
new file mode 100644
index 00000000..c04d1fd1
--- /dev/null
+++ b/docs/OpenID/Consumer/NoEncryptionSession.html
@@ -0,0 +1,406 @@
+
+
+
+
+
+
+ Class: OpenID::Consumer::NoEncryptionSession
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/consumer/responses.rb', line 22
+
+defendpoint
+ @endpoint
+end
+
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ #display_identifier ⇒ Object
+
+
+
+
+
+
+
+
The display identifier is related to the Claimed Identifier, but the
+two are not always identical. The display identifier is something the
+user should recognize as what they entered, whereas the responseâs
+claimed identifier (in the identity_url attribute) may have extra
+information for better persistence.
+
+
URLs will be stripped of their fragments for display. XRIs will
+display the human-readable identifier (i-name) instead of the
+persistent identifier (i-number).
+
+
Use the display identifier in your user interface. Use identity_url
+for querying your database or authorization server, or other
+identifier equality comparisons.
+
+
+
+
+
+
+
+
+
+
+
+
+
+47
+48
+49
+
+
+
# File 'lib/openid/consumer/responses.rb', line 47
+
+defdisplay_identifier
+ @endpoint?@endpoint.display_identifier:nil
+end
+
+
+
+
+
+
+
+
+ #identity_url ⇒ Object
+
+
+
+
+
+
+
+
The identity URL that has been authenticated; the Claimed Identifier.
+See also display_identifier.
+
+
+
+
+
+
+
+
+
+
+
+
+
+30
+31
+32
+
+
+
# File 'lib/openid/consumer/responses.rb', line 30
+
+defidentity_url
+ @endpoint?@endpoint.claimed_id:nil
+end
+
+
+
+
+
+
+
+
+ #status ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+24
+25
+26
+
+
+
# File 'lib/openid/consumer/responses.rb', line 24
+
+defstatus
+ self.class::STATUS
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Consumer/Session.html b/docs/OpenID/Consumer/Session.html
new file mode 100644
index 00000000..eea2eb61
--- /dev/null
+++ b/docs/OpenID/Consumer/Session.html
@@ -0,0 +1,370 @@
+
+
+
+
+
+
+ Class: OpenID::Consumer::Session
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/consumer/responses.rb', line 61
+
+definitialize(endpoint,message,signed_fields)
+ # Don't use :endpoint=, because endpoint should never be nil
+# for a successfull transaction.
+@endpoint=endpoint
+ @identity_url=endpoint.claimed_id
+ @message=message
+ @signed_fields=signed_fields
+end
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ #message ⇒ Object(readonly)
+
+
+
+
+
+
+
+
Returns the value of attribute message.
+
+
+
+
+
+
+
+
+
+
+
+
+
+59
+60
+61
+
+
+
# File 'lib/openid/consumer/responses.rb', line 59
+
+defmessage
+ @message
+end
+
+
+
+
+
+
+
+
+
+
+ #signed_fields ⇒ Object(readonly)
+
+
+
+
+
+
+
+
Returns the value of attribute signed_fields.
+
+
+
+
+
+
+
+
+
+
+
+
+
+59
+60
+61
+
+
+
# File 'lib/openid/consumer/responses.rb', line 59
+
+defsigned_fields
+ @signed_fields
+end
Get signed arguments from the response message. Return a dict
+of all arguments in the specified namespace. If any of the
+arguments are not signed, return nil.
+
+
+
+
+
+
+
+
+
+
+
+
+
+93
+94
+95
+96
+97
+98
+99
+
+
+
# File 'lib/openid/consumer/responses.rb', line 93
+
+defget_signed_ns(ns_uri)
+ msg_args=@message.get_args(ns_uri)
+ msg_args.each_keydo|key|
+ returnnilunlesssigned?(ns_uri,key)
+ end
+ msg_args
+end
+
+
+
+
+
+
+
+
+ #is_openid1 ⇒ Object
+
+
+
+
+
+
+
+
Was this authentication response an OpenID 1 authentication
+response?
+
+
+
+
+
+
+
+
+
+
+
+
+
+72
+73
+74
+
+
+
# File 'lib/openid/consumer/responses.rb', line 72
+
+defis_openid1
+ @message.is_openid1
+end
Generate a random number, doing a little extra work to make it
+more likely that itâs suitable for cryptography. If your system
+doesnât have /dev/urandom then this number is not
+cryptographically safe. See
+http://www.cosine.org/2007/08/07/security-ruby-kernel-rand/
+for more information. max is the largest possible value of such
+a random number, where the result will be less than max.
Generate a random string of the given length, composed of the
+specified characters. If chars is nil, generate a string
+composed of characters in the range 0..255.
+
+
+
+
+
+
+
+
+
+
+
+
+
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+
+
+
# File 'lib/openid/cryptutil.rb', line 60
+
+defself.random_string(length,chars=nil)
+ s=""
+
+ ifchars.nil?
+ length.times{s+=rand(256).chr}
+ else
+ length.times{s+=chars[rand(chars.length)]}
+ end
+ s
+end
+
+
+
+
+
+
+
+
+ .sha1(text) ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+37
+38
+39
+
+
+
# File 'lib/openid/cryptutil.rb', line 37
+
+defself.sha1(text)
+ Digest::SHA1.digest(text)
+end
+
+
+
+
+
+
+
+
+ .sha256(text) ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+47
+48
+49
+
+
+
# File 'lib/openid/cryptutil.rb', line 47
+
+defself.sha256(text)
+ Digest::SHA256.digest(text)
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/DiffieHellman.html b/docs/OpenID/DiffieHellman.html
new file mode 100644
index 00000000..5f76b72d
--- /dev/null
+++ b/docs/OpenID/DiffieHellman.html
@@ -0,0 +1,743 @@
+
+
+
+
+
+
+ Class: OpenID::DiffieHellman
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Add the arguments from this extension to the provided
+message, or create a new message containing only those
+arguments. Returns the message with added extension args.
# File 'lib/openid/fetchers.rb', line 72
+
+defbody=(s)
+ @_response.instance_variable_set(:@body,s)
+ # XXX Hack to work around ruby's HTTP library behavior. @body
+# is only returned if it has been read from the response
+# object's socket, but since we're not using a socket in this
+# case, we need to set the @read flag to true to avoid a bug in
+# Net::HTTPResponse.stream_check when @socket is nil.
+@_response.instance_variable_set(:@read,true)
+end
Construct a Message from a parsed KVForm message.
+Raises InvalidNamespaceError if you try to instantiate a Message
+with a namespace not in the above allowed list
+
+
+
+
+
+
+
+
+
+
+
+
+
+150
+151
+152
+153
+154
+
+
+
# File 'lib/openid/message.rb', line 150
+
+defself.from_openid_args(openid_args)
+ m=Message.new
+ m._from_openid_args(openid_args)
+ m
+end
+
+
+
+
+
+
+
+
+ .from_post_args(args) ⇒ Object
+
+
+
+
+
+
+
+
Construct a Message containing a set of POST arguments.
+Raises InvalidNamespaceError if you try to instantiate a Message
+with a namespace not in the above allowed list
# File 'lib/openid/message.rb', line 125
+
+defself.from_post_args(args)
+ m=Message.new
+ openid_args={}
+ args.eachdo|key,value|
+ ifvalue.is_a?(Array)
+ raiseArgumentError,"Query dict must have one value for each key, "+
+ "not lists of values. Query is #{args.inspect}"
+ end
+
+ prefix,rest=key.split(".",2)
+
+ ifprefix!="openid"orrest.nil?
+ m.set_arg(BARE_NS,key,value)
+ else
+ openid_args[rest]=value
+ end
+ end
+
+ m._from_openid_args(openid_args)
+ m
+end
Registers a (namespace URI, alias) mapping in a global namespace
+alias map. Raises NamespaceAliasRegistrationError if either the
+namespace URI or alias has already been registered with a
+different value. This function is required if you want to use a
+namespace with an OpenID 1 message.
# File 'lib/openid/message.rb', line 197
+
+def_get_default_namespace(mystery_alias)
+ # only try to map an alias to a default if it's an
+# OpenID 1.x namespace
+@@registered_aliases[mystery_alias]ifis_openid1
+end
+
+
+
+
+
+
+
+
+ #copy ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+229
+230
+231
+
+
+
# File 'lib/openid/message.rb', line 229
+
+defcopy
+ Marshal.load(Marshal.dump(self))
+end
# File 'lib/openid/message.rb', line 381
+
+defget_arg(namespace,key,default=nil)
+ namespace=_fix_ns(namespace)
+ @args.fetch([namespace,key])do
+ raiseKeyNotFound,"<#{namespace}>#{key} not in this message"ifdefault==NO_DEFAULT
+
+ default
+ end
+end
+
+
+
+
+
+
+
+
+ #get_args(namespace) ⇒ Object
+
+
+
+
+
+
+
+
Get the arguments that are defined for this namespace URI.
# File 'lib/openid/message.rb', line 260
+
+defto_args
+ post_args=to_post_args
+ kvargs={}
+ post_args.eachdo|k,v|
+ if!k.start_with?("openid.")
+ raiseArgumentError,
+ "This message can only be encoded as a POST, because it contains arguments that are not prefixed with 'openid.'"
+ else
+ kvargs[k[7..-1]]=v
+ end
+ end
+ kvargs
+end
Generate a KVForm string that contains the parameters in this message.
+This will fail is the message contains arguments outside of the
+âopenid.â prefix.
+
+
+
+
+
+
+
+
+
+
+
+
+
+315
+316
+317
+
+
+
# File 'lib/openid/message.rb', line 315
+
+defto_kvform
+ Util.dict_to_kv(to_args)
+end
+
+
+
+
+
+
+
+
+ #to_post_args ⇒ Object
+
+
+
+
+
+
+
+
Return all arguments with âopenid.â in from of namespaced arguments.
# File 'lib/openid/message.rb', line 512
+
+defadd(namespace_uri)
+ # see if this namepace is already mapped to an alias
+_alias=@namespace_to_alias[namespace_uri]
+ return_aliasif_alias
+
+ # Fall back to generating a numberical alias
+i=0
+ whiletrue
+ _alias="ext"+i.to_s
+ begin
+ add_alias(namespace_uri,_alias)
+ rescueIndexError
+ i+=1
+ else
+ return_alias
+ end
+ end
+
+ raiseStandardError,"Unreachable"
+end
# File 'lib/openid/message.rb', line 471
+
+defadd_alias(namespace_uri,desired_alias,implicit=false)
+ # Check that desired_alias is not an openid protocol field as
+# per the spec.
+Util.truthy_assert(
+ !OPENID_PROTOCOL_FIELDS.include?(desired_alias),
+ "#{desired_alias} is not an allowed namespace alias",
+ )
+
+ # check that there is not a namespace already defined for the
+# desired alias
+current_namespace_uri=@alias_to_namespace.fetch(desired_alias,nil)
+ ifcurrent_namespace_uriandcurrent_namespace_uri!=namespace_uri
+ raiseIndexError,
+ "Cannot map #{namespace_uri} to alias #{desired_alias}. #{current_namespace_uri} is already mapped to alias #{desired_alias}"
+ end
+
+ # Check that desired_alias does not contain a period as per the
+# spec.
+ifdesired_alias.is_a?(String)
+ Util.truthy_assert(
+ desired_alias.index(".").nil?,
+ "#{desired_alias} must not contain a dot",
+ )
+ end
+
+ # check that there is not already a (different) alias for this
+# namespace URI.
+_alias=@namespace_to_alias[namespace_uri]
+ if_aliasand_alias!=desired_alias
+ raiseIndexError,
+ "Cannot map #{namespace_uri} to alias #{desired_alias}. It is already mapped to alias #{_alias}"
+ end
+
+ @alias_to_namespace[desired_alias]=namespace_uri
+ @namespace_to_alias[namespace_uri]=desired_alias
+ @implicit_namespaces<<namespace_uriifimplicit
+ desired_alias
+end
+
+
+
+
+
+
+
+
+ #aliases ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+550
+551
+552
+553
+
+
+
# File 'lib/openid/message.rb', line 550
+
+defaliases
+ # Return an iterator over the aliases
+@alias_to_namespace.keys
+end
+
+
+
+
+
+
+
+
+ #each(&block) ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+537
+538
+539
+
+
+
# File 'lib/openid/message.rb', line 537
+
+defeach(&block)
+ @namespace_to_alias.each(&block)
+end
# File 'lib/openid/store/nonce.rb', line 42
+
+defself.check_timestamp(nonce_str,allowed_skew=nil,now=nil)
+ allowed_skew=skewifallowed_skew.nil?
+ begin
+ stamp,=split_nonce(nonce_str)
+ rescueArgumentError# bad timestamp
+returnfalse
+ end
+ now||=Time.now.to_i
+
+ # times before this are too old
+past=now-allowed_skew
+
+ # times newer than this are too far in the future
+future=now+allowed_skew
+
+ (past<=stampandstamp<=future)
+end
+
+
+
+
+
+
+
+
+ .mk_nonce(time = nil) ⇒ Object
+
+
+
+
+
+
+
+
generate a nonce with the specified timestamp (defaults to now)
Exceptions that are raised by the library are subclasses of this
+exception type, so if you want to catch all exceptions raised by
+the library, you can catch OpenIDError
# File 'lib/openid/consumer/discovery.rb', line 155
+
+defself.from_basic_service_endpoint(endpoint)
+ # Create a new instance of this class from the endpoint object
+# passed in.
+#
+# @return: nil or OpenIDServiceEndpoint for this endpoint object"""
+
+ type_uris=endpoint.match_types(OPENID_TYPE_URIS)
+
+ # If any Type URIs match and there is an endpoint URI specified,
+# then this is an OpenID endpoint
+if(!type_uris.nil?and!type_uris.empty?)and!endpoint.uri.nil?
+ openid_endpoint=new
+ openid_endpoint.parse_service(
+ endpoint.yadis_url,
+ endpoint.uri,
+ endpoint.type_uris,
+ endpoint.service_element,
+ )
+ else
+ openid_endpoint=nil
+ end
+
+ openid_endpoint
+end
# File 'lib/openid/consumer/discovery.rb', line 239
+
+defself.from_op_endpoint_url(op_endpoint_url)
+ # Construct an OP-Identifier OpenIDServiceEndpoint object for
+# a given OP Endpoint URL
+#
+# @param op_endpoint_url: The URL of the endpoint
+# @rtype: OpenIDServiceEndpoint
+service=new
+ service.server_url=op_endpoint_url
+ service.type_uris=[OPENID_IDP_2_0_TYPE]
+ service
+end
# File 'lib/openid/consumer/discovery.rb', line 145
+
+defself.from_session_value(value)
+ returnvalueunlessvalue.is_a?(Hash)
+
+ new.tapdo|endpoint|
+ value.eachdo|name,val|
+ endpoint.instance_variable_set(name,val)
+ end
+ end
+end
+
+
+
+
+
+
+
+
+ .from_xrds(uri, xrds) ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+210
+211
+212
+213
+214
+215
+216
+217
+
+
+
# File 'lib/openid/consumer/discovery.rb', line 210
+
+defself.from_xrds(uri,xrds)
+ # Parse the given document as XRDS looking for OpenID services.
+#
+# @rtype: [OpenIDServiceEndpoint]
+#
+# @raises L{XRDSError}: When the XRDS does not parse.
+Yadis.apply_filter(uri,xrds,self)
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ #==(other) ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+141
+142
+143
+
+
+
# File 'lib/openid/consumer/discovery.rb', line 141
+
+def==(other)
+ to_session_value==other.to_session_value
+end
+
+
+
+
+
+
+
+
+ #compatibility_mode ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+100
+101
+102
+
+
+
# File 'lib/openid/consumer/discovery.rb', line 100
+
+defcompatibility_mode
+ preferred_namespace!=OPENID_2_0_MESSAGE_NS
+end
+
+
+
+
+
+
+
+
+ #get_local_id ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+127
+128
+129
+130
+131
+132
+133
+134
+135
+
+
+
# File 'lib/openid/consumer/discovery.rb', line 127
+
+defget_local_id
+ # Return the identifier that should be sent as the
+# openid.identity parameter to the server.
+if@local_id.nil?and@canonical_id.nil?
+ @claimed_id
+ else
+ (@local_idor@canonical_id)
+ end
+end
+
+
+
+
+
+
+
+
+ #is_op_identifier ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+104
+105
+106
+
+
+
# File 'lib/openid/consumer/discovery.rb', line 104
+
+defis_op_identifier
+ @type_uris.member?(OPENID_IDP_2_0_TYPE)
+end
# File 'lib/openid/consumer/discovery.rb', line 108
+
+defparse_service(yadis_url,uri,type_uris,service_element)
+ # Set the state of this object based on the contents of the
+# service element.
+@type_uris=type_uris
+ @server_url=uri
+ @used_yadis=true
+
+ returnifis_op_identifier
+
+ # XXX: This has crappy implications for Service elements that
+# contain both 'server' and 'signon' Types. But that's a
+# pathological configuration anyway, so I don't think I care.
+@local_id=OpenID.find_op_local_identifier(
+ service_element,
+ @type_uris,
+ )
+ @claimed_id=yadis_url
+end
# File 'lib/openid/consumer/discovery.rb', line 90
+
+defsupports_type(type_uri)
+ # Does this endpoint support this type?
+#
+# I consider C{/server} endpoints to implicitly support C{/signon}.
+(
+ @type_uris.member?(type_uri)or
+ (type_uri==OPENID_2_0_TYPEandis_op_identifier)
+ )
+end
Add an acceptable authentication policy URI to this request This method is intended to be used by the relying party to add acceptable authentication types to the request.
Given a list of authentication policy URIs that a provider supports, this method returns the subset of those types that are preferred by the relying party.
Add an acceptable authentication policy URI to this request
+This method is intended to be used by the relying party to add
+acceptable authentication types to the request.
Given a list of authentication policy URIs that a provider
+supports, this method returns the subset of those types
+that are preferred by the relying party.
+
+
+
+
+
+
+
+
+
+
+
+
+
+76
+77
+78
+
+
+
# File 'lib/openid/extensions/pape.rb', line 76
+
+defpreferred_types(supported_types)
+ @preferred_auth_policies.select{|uri|supported_types.member?(uri)}
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/PAPE/Response.html b/docs/OpenID/PAPE/Response.html
new file mode 100644
index 00000000..85bf9831
--- /dev/null
+++ b/docs/OpenID/PAPE/Response.html
@@ -0,0 +1,886 @@
+
+
+
+
+
+
+ Class: OpenID::PAPE::Response
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
parse the provider authentication policy arguments into the internal state of this object if strict is specified, raise an exception when bad data is encountered.
# File 'lib/openid/extensions/pape.rb', line 146
+
+defget_extension_args
+ ns_args={}
+ ns_args["auth_policies"]=if@auth_policies.empty?
+ "none"
+ else
+ @auth_policies.join("")
+ end
+ if@nist_auth_level
+ unless(0..4).member?(@nist_auth_level)
+ raiseArgumentError,"nist_auth_level must be an integer 0 through 4, not #{@nist_auth_level.inspect}"
+ end
+
+ ns_args["nist_auth_level"]=@nist_auth_level.to_s
+ end
+
+ if@auth_time
+ raiseArgumentError,"auth_time must be in RFC3339 format"unlessTIME_VALIDATOR.match?(@auth_time)
+
+ ns_args["auth_time"]=@auth_time
+ end
+ ns_args
+end
parse the provider authentication policy arguments into the
+internal state of this object
+if strict is specified, raise an exception when bad data is
+encountered
# File 'lib/openid/extensions/pape.rb', line 114
+
+defparse_extension_args(args,strict=false)
+ policies_str=args["auth_policies"]
+ @auth_policies=policies_str.split("")ifpolicies_strandpolicies_str!="none"
+
+ nist_level_str=args["nist_auth_level"]
+ ifnist_level_str
+ # special handling of zero to handle to_i behavior
+ifnist_level_str.strip=="0"
+ nist_level=0
+ else
+ nist_level=nist_level_str.to_i
+ # if it's zero here we have a bad value
+nist_level=nilifnist_level==0
+ end
+ ifnist_levelandnist_level>=0andnist_level<5
+ @nist_auth_level=nist_level
+ elsifstrict
+ raiseArgumentError,"nist_auth_level must be an integer 0 through 4, not #{nist_level_str.inspect}"
+ end
+ end
+
+ auth_time_str=args["auth_time"]
+ returnunlessauth_time_str
+
+ # validate time string
+ifTIME_VALIDATOR.match?(auth_time_str)
+ @auth_time=auth_time_str
+ elsifstrict
+ raiseArgumentError,"auth_time must be in RFC3339 format"
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/ProtocolError.html b/docs/OpenID/ProtocolError.html
new file mode 100644
index 00000000..ac7f93c7
--- /dev/null
+++ b/docs/OpenID/ProtocolError.html
@@ -0,0 +1,146 @@
+
+
+
+
+
+
+ Exception: OpenID::ProtocolError
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/trustroot.rb', line 15
+
+defto_s
+ "Attempting to verify #{@relying_party_url} resulted in "+
+ "redirect to #{@rp_url_after_redirects}"
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/SReg.html b/docs/OpenID/SReg.html
new file mode 100644
index 00000000..33ade47e
--- /dev/null
+++ b/docs/OpenID/SReg.html
@@ -0,0 +1,156 @@
+
+
+
+
+
+
+ Module: OpenID::SReg
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
The simple registration namespace was not found and could not
+be created using the expected name (thereâs another extension
+using the name âsregâ)
+
+
This is not illegal, for OpenID 2, although it probably
+indicates a problem, since itâs not expected that other extensions
+will re-use the alias that is in use for OpenID 1.
+
+
If this is an OpenID 1 request, then there is no recourse. This
+should not happen unless some code has modified the namespaces for
+the message that is being processed.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/SReg/Request.html b/docs/OpenID/SReg/Request.html
new file mode 100644
index 00000000..b423867d
--- /dev/null
+++ b/docs/OpenID/SReg/Request.html
@@ -0,0 +1,1228 @@
+
+
+
+
+
+
+ Class: OpenID::SReg::Request
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Create a simple registration request that contains the fields that were requested in the OpenID request with the given arguments Takes an OpenID::CheckIDRequest, returns an OpenID::Sreg::Request return nil if the extension was not requested.
Request the specified field from the OpenID user field_name: the unqualified simple registration field name required: whether the given field should be presented to the user as being a required to successfully complete the request strict: whether to raise an exception when a field is added to a request more than once Raises ArgumentError if the field_name is not a simple registration field, or if strict is set and a field is added more than once.
Create a simple registration request that contains the
+fields that were requested in the OpenID request with the
+given arguments
+Takes an OpenID::CheckIDRequest, returns an OpenID::Sreg::Request
+return nil if the extension was not requested.
# File 'lib/openid/extensions/sreg.rb', line 98
+
+defself.from_openid_request(request)
+ # Since we're going to mess with namespace URI mapping, don't
+# mutate the object that was passed in.
+message=request.message.copy
+ ns_uri=OpenID.get_sreg_ns(message)
+ args=message.get_args(ns_uri)
+ returnifargs=={}
+
+ req=new(nil,nil,nil,ns_uri)
+ req.parse_extension_args(args)
+ req
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ #all_requested_fields ⇒ Object
+
+
+
+
+
+
+
+
A list of all of the simple registration fields that were
+requested, whether they were required or optional.
+
+
+
+
+
+
+
+
+
+
+
+
+
+147
+148
+149
+
+
+
# File 'lib/openid/extensions/sreg.rb', line 147
+
+defall_requested_fields
+ @required+@optional
+end
+
+
+
+
+
+
+
+
+ #get_extension_args ⇒ Object
+
+
+
+
+
+
+
+
Get a hash of unqualified simple registration arguments
+representing this request.
+This method is essentially the inverse of parse_extension_args.
+This method serializes the simple registration request fields.
Parse the unqualified simple registration request
+parameters and add them to this object.
+
+
This method is essentially the inverse of
+getExtensionArgs. This method restores the serialized simple
+registration request fields.
+
+
If you are extracting arguments from a standard OpenID
+checkid_* request, you probably want to use fromOpenIDRequest,
+which will extract the sreg namespace and arguments from the
+OpenID request. This method is intended for cases where the
+OpenID server needs more control over how the arguments are
+parsed than that method provides.
Request the specified field from the OpenID user
+field_name: the unqualified simple registration field name
+required: whether the given field should be presented
+ to the user as being a required to successfully complete
+ the request
+strict: whether to raise an exception when a field is
+ added to a request more than once
+Raises ArgumentError if the field_name is not a simple registration
+field, or if strict is set and a field is added more than once
Represents the data returned in a simple registration response
+inside of an OpenID id_res response. This object will be
+created by the OpenID server, added to the id_res response
+object, and then extracted from the id_res message by the Consumer.
Create an Response object from an OpenID::Consumer::SuccessResponse from consumer.complete If you set the signed_only parameter to false, unsigned data from the id_res message from the server will be processed.
Create an Response object from an
+OpenID::Consumer::SuccessResponse from consumer.complete
+If you set the signed_only parameter to false, unsigned data from
+the id_res message from the server will be processed.
These parameters are assigned directly as class attributes.
+
+
Parameters:
+assoc_handle:: the association handle for this request
+signed:: The signed message
+invalidate_handle:: An association handle that the relying
+ party is checking to see if it is invalid
# File 'lib/openid/server.rb', line 83
+
+defself.from_message(message,_op_endpoint=UNUSED)
+ assoc_handle=message.get_arg(OPENID_NS,"assoc_handle")
+ invalidate_handle=message.get_arg(OPENID_NS,"invalidate_handle")
+
+ signed=message.copy
+ # openid.mode is currently check_authentication because
+# that's the mode of this request. But the signature
+# was made on something with a different openid.mode.
+# http://article.gmane.org/gmane.comp.web.openid.general/537
+signed.set_arg(OPENID_NS,"mode","id_res")ifsigned.has_key?(OPENID_NS,"mode")
+
+ obj=new(assoc_handle,signed,invalidate_handle)
+ obj.message=message
+ obj.sig=message.get_arg(OPENID_NS,"sig")
+
+ if!obj.assoc_handleor
+ !obj.sig
+ msg=format(
+ "%s request missing required parameter from message %s",
+ obj.mode,
+ message,
+ )
+ raiseProtocolError.new(message,msg)
+ end
+
+ obj
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ #answer(signatory) ⇒ Object
+
+
+
+
+
+
+
+
Respond to this request.
+
+
Given a Signatory, I can check the validity of the signature
+and the invalidate_handle. I return a response with an
+is_valid (and, if appropriate invalidate_handle) field.
Does the relying party publish the return_to URL for this response under the realm? It is up to the provider to set a policy for what kinds of realms should be allowed.
Provided in smart mode requests, a handle for a previously
+established association. nil for dumb mode requests.
+
+
+
+
+
+
+
+
+
+
+
+
+
+437
+438
+439
+
+
+
# File 'lib/openid/server.rb', line 437
+
+defassoc_handle
+ @assoc_handle
+end
+
+
+
+
+
+
+
+
+
+
+ #claimed_id ⇒ Object
+
+
+
+
+
+
+
+
The claimed identifier. Not present in OpenID 1.x
+messages.
+
+
+
+
+
+
+
+
+
+
+
+
+
+451
+452
+453
+
+
+
# File 'lib/openid/server.rb', line 451
+
+defclaimed_id
+ @claimed_id
+end
+
+
+
+
+
+
+
+
+
+
+ #identity ⇒ Object
+
+
+
+
+
+
+
+
The OP-local identifier being checked.
+
+
+
+
+
+
+
+
+
+
+
+
+
+447
+448
+449
+
+
+
# File 'lib/openid/server.rb', line 447
+
+defidentity
+ @identity
+end
+
+
+
+
+
+
+
+
+
+
+ #immediate ⇒ Object
+
+
+
+
+
+
+
+
Is this an immediate-mode request?
+
+
+
+
+
+
+
+
+
+
+
+
+
+440
+441
+442
+
+
+
# File 'lib/openid/server.rb', line 440
+
+defimmediate
+ @immediate
+end
+
+
+
+
+
+
+
+
+
+
+ #mode ⇒ Object
+
+
+
+
+
+
+
+
mode:: +checkid_immediate+ or +checkid_setup+
+
+
+
+
+
+
+
+
+
+
+
+
+
+459
+460
+461
+
+
+
# File 'lib/openid/server.rb', line 459
+
+defmode
+ @mode
+end
+
+
+
+
+
+
+
+
+
+
+ #op_endpoint ⇒ Object
+
+
+
+
+
+
+
+
Returns the value of attribute op_endpoint.
+
+
+
+
+
+
+
+
+
+
+
+
+
+461
+462
+463
+
+
+
# File 'lib/openid/server.rb', line 461
+
+defop_endpoint
+ @op_endpoint
+end
+
+
+
+
+
+
+
+
+
+
+ #return_to ⇒ Object
+
+
+
+
+
+
+
+
The URL to send the user agent back to to reply to this
+request.
+
+
+
+
+
+
+
+
+
+
+
+
+
+444
+445
+446
+
+
+
# File 'lib/openid/server.rb', line 444
+
+defreturn_to
+ @return_to
+end
+
+
+
+
+
+
+
+
+
+
+ #trust_root ⇒ Object
+
+
+
+
+
+
+
+
This URL identifies the party making the request, and the user
+will use that to make her decision about what answer she
+trusts them to have. Referred to as ârealmâ in OpenID 2.0.
+
+
+
+
+
+
+
+
+
+
+
+
+
+456
+457
+458
+
+
+
# File 'lib/openid/server.rb', line 456
+
+deftrust_root
+ @trust_root
+end
# File 'lib/openid/server.rb', line 512
+
+defself.from_message(message,op_endpoint)
+ obj=allocate
+ obj.message=message
+ obj.op_endpoint=op_endpoint
+ mode=message.get_arg(OPENID_NS,"mode")
+ ifmode=="checkid_immediate"
+ obj.immediate=true
+ obj.mode="checkid_immediate"
+ else
+ obj.immediate=false
+ obj.mode="checkid_setup"
+ end
+
+ obj.return_to=message.get_arg(OPENID_NS,"return_to")
+ ifmessage.is_openid1and!obj.return_to
+ msg=format(
+ "Missing required field 'return_to' from %s",
+ message,
+ )
+ raiseProtocolError.new(message,msg)
+ end
+
+ obj.identity=message.get_arg(OPENID_NS,"identity")
+ obj.claimed_id=message.get_arg(OPENID_NS,"claimed_id")
+ ifmessage.is_openid1
+ unlessobj.identity
+ s="OpenID 1 message did not contain openid.identity"
+ raiseProtocolError.new(message,s)
+ end
+ elsifobj.identityand!obj.claimed_id
+ s=("OpenID 2.0 message contained openid.identity but not "+
+ "claimed_id")
+ raiseProtocolError.new(message,s)
+ elsifobj.claimed_idand!obj.identity
+ s=("OpenID 2.0 message contained openid.claimed_id but not "+
+ "identity")
+ raiseProtocolError.new(message,s)
+ end
+
+ # There's a case for making self.trust_root be a TrustRoot
+# here. But if TrustRoot isn't currently part of the "public"
+# API, I'm not sure it's worth doing.
+trust_root_param=ifmessage.is_openid1
+ "trust_root"
+ else
+ "realm"
+ end
+ trust_root=message.get_arg(OPENID_NS,trust_root_param)
+ trust_root=obj.return_toiftrust_root.nil?||trust_root.empty?
+ obj.trust_root=trust_root
+
+ if!message.is_openid1and!obj.return_toand!obj.trust_root
+ raiseProtocolError.new(message,"openid.realm required when "+
+ "openid.return_to absent")
+ end
+
+ obj.assoc_handle=message.get_arg(OPENID_NS,"assoc_handle")
+
+ # Using TrustRoot.parse here is a bit misleading, as we're not
+# parsing return_to as a trust root at all. However, valid
+# URLs are valid trust roots, so we can use this to get an
+# idea if it is a valid URL. Not all trust roots are valid
+# return_to URLs, however (particularly ones with wildcards),
+# so this is still a little sketchy.
+ifobj.return_toand
+ !TrustRoot::TrustRoot.parse(obj.return_to)
+ raiseMalformedReturnURL.new(message,obj.return_to)
+ end
+
+ # I first thought that checking to see if the return_to is
+# within the trust_root is premature here, a
+# logic-not-decoding thing. But it was argued that this is
+# really part of data validation. A request with an invalid
+# trust_root/return_to is broken regardless of application,
+# right?
+raiseUntrustedReturnURL.new(message,obj.return_to,obj.trust_root)unlessobj.trust_root_valid
+
+ obj
+end
allow:: Allow this user to claim this identity, and allow the
+ consumer to have this information?
+
+
server_url:: DEPRECATED. Passing op_endpoint to the
+ #Server constructor makes this optional.
+
+
When an OpenID 1.x immediate mode request does
+ not succeed, it gets back a URL where the request
+ may be carried out in a not-so-immediate fashion.
+ Pass my URL in here (the fully qualified address
+ of this server's endpoint, i.e.
+ <tt>http://example.com/server</tt>), and I will
+ use it as a base for the URL for a new request.
+
+ Optional for requests where
+ #CheckIDRequest.immediate is false or +allow+ is
+ true.
+
+
+
identity:: The OP-local identifier to answer with. Only for use
+ when the relying party requested identifier selection.
+
+
claimed_id:: The claimed identifier to answer with,
+ for use with identifier selection in the case where the
+ claimed identifier and the OP-local identifier differ,
+ i.e. when the claimed_id uses delegation.
+
+
If +identity+ is provided but this is not,
+ +claimed_id+ will default to the value of +identity+.
+ When answering requests that did not ask for identifier
+ selection, the response +claimed_id+ will default to
+ that of the request.
+
+ This parameter is new in OpenID 2.0.
+
+
+
Returns an OpenIDResponse object containing a OpenID id_res message.
+
+
Raises NoReturnToError if the return_to is missing.
+
+
Version 2.0 deprecates +server_url+ and adds +claimed_id+.
# File 'lib/openid/server.rb', line 819
+
+defcancel_url
+ # Get the URL to cancel this request.
+#
+# Useful for creating a "Cancel" button on a web form so that
+# operation can be carried out directly without another trip
+# through the server.
+#
+# (Except you may want to make another trip through the
+# server so that it knows that the user did make a decision.)
+#
+# Returns a URL as a string.
+raiseNoReturnToErrorunless@return_to
+
+ if@immediate
+ raiseArgumentError.new("Cancel is not an appropriate response to "+
+ "immediate mode requests.")
+ end
+
+ response=Message.new(@message.get_openid_namespace)
+ response.set_arg(OPENID_NS,"mode","cancel")
+ response.to_url(@return_to)
+end
# File 'lib/openid/server.rb', line 786
+
+defencode_to_url(server_url)
+ # Encode this request as a URL to GET.
+#
+# server_url:: The URL of the OpenID server to make this
+# request of.
+raiseNoReturnToErrorunless@return_to
+
+ # Imported from the alternate reality where these classes are
+# used in both the client and server code, so Requests are
+# Encodable too. That's right, code imported from alternate
+# realities all for the love of you, id_res/user_setup_url.
+q={
+ "mode"=>@mode,
+ "identity"=>@identity,
+ "claimed_id"=>@claimed_id,
+ "return_to"=>@return_to,
+ }
+
+ if@trust_root
+ if@message.is_openid1
+ q["trust_root"]=@trust_root
+ else
+ q["realm"]=@trust_root
+ end
+ end
+
+ q["assoc_handle"]=@assoc_handleif@assoc_handle
+
+ response=Message.new(@message.get_openid_namespace)
+ response.update_args(@message.get_openid_namespace,q)
+ response.to_url(server_url)
+end
+
+
+
+
+
+
+
+
+ #id_select ⇒ Object
+
+
+
+
+
+
+
+
Is the identifier to be selected by the IDP?
+
+
+
+
+
+
+
+
+
+
+
+
+
+593
+594
+595
+596
+
+
+
# File 'lib/openid/server.rb', line 593
+
+defid_select
+ # So IDPs don't have to import the constant
+@identity==IDENTIFIER_SELECT
+end
+
+
+
+
+
+
+
+
+ #return_to_verified ⇒ Object
+
+
+
+
+
+
+
+
Does the relying party publish the return_to URL for this
+response under the realm? It is up to the provider to set a
+policy for what kinds of realms should be allowed. This
+return_to URL verification reduces vulnerability to
+data-theft attacks based on open proxies,
+corss-site-scripting, or open redirectors.
+
+
This check should only be performed after making sure that
+the return_to URL matches the realm.
+
+
Raises DiscoveryFailure if the realm
+URL does not support Yadis discovery (and so does not
+support the verification process).
+
+
Returns true if the realm publishes a document with the
+return_to URL listed
+
+
+
+
+
+
+
+
+
+
+
+
+
+626
+627
+628
+
+
+
# File 'lib/openid/server.rb', line 626
+
+defreturn_to_verified
+ TrustRoot.verify_return_to(@trust_root,@return_to)
+end
If you donât like WebResponses, you can do
+your own handling of OpenIDResponses with
+OpenIDResponse.whichEncoding,
+OpenIDResponse.encodeToURL, and
+OpenIDResponse.encodeToKVForm.
Attributes:
+signed:: A list of the names of the fields which should be signed.
+
+
Implementerâs note: In a more symmetric client/server
+implementation, there would be more types of #OpenIDResponse
+object and they would have validated attributes according to
+the type of response. But as it is, Response objects in a
+server are basically write-only, their only job is to go out
+over the wire, so this is just a loose wrapper around
+#OpenIDResponse.fields.
# File 'lib/openid/server.rb', line 876
+
+definitialize(request)
+ # Make a response to an OpenIDRequest.
+@request=request
+ @fields=Message.new(request.namespace)
+end
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ #fields ⇒ Object
+
+
+
+
+
+
+
+
An #OpenID::Message with the data to be returned.
+Keys are parameter names with no
+leading openid. e.g. identity and mac_key
+never openid.identity.
+
+
+
+
+
+
+
+
+
+
+
+
+
+874
+875
+876
+
+
+
# File 'lib/openid/server.rb', line 874
+
+deffields
+ @fields
+end
+
+
+
+
+
+
+
+
+
+
+ #request ⇒ Object
+
+
+
+
+
+
+
+
The #OpenIDRequest I respond to.
+
+
+
+
+
+
+
+
+
+
+
+
+
+868
+869
+870
+
+
+
# File 'lib/openid/server.rb', line 868
+
+defrequest
+ @request
+end
# File 'lib/openid/server.rb', line 938
+
+defadd_extension(extension_response)
+ # Add an extension response to this response message.
+#
+# extension_response:: An object that implements the
+# #OpenID::Extension interface for adding arguments to an OpenID
+# message.
+extension_response.to_message(@fields)
+end
+
+
+
+
+
+
+
+
+ #copy ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+959
+960
+961
+
+
+
# File 'lib/openid/server.rb', line 959
+
+defcopy
+ Marshal.load(Marshal.dump(self))
+end
# File 'lib/openid/server.rb', line 947
+
+defencode_to_kvform
+ # Encode a response in key-value colon/newline format.
+#
+# This is a machine-readable format used to respond to
+# messages which came directly from the consumer and not
+# through the user agent.
+#
+# see: OpenID Specs,
+# <a href="http://openid.net/specs.bml#keyvalue">Key-Value Colon/Newline format</a>
+@fields.to_kvform
+end
+
+
+
+
+
+
+
+
+ #encode_to_url ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+932
+933
+934
+935
+936
+
+
+
# File 'lib/openid/server.rb', line 932
+
+defencode_to_url
+ # Encode a response as a URL for the user agent to GET.
+# You will generally use this URL with a HTTP redirect.
+@fields.to_url(@request.return_to)
+end
+
+
+
+
+
+
+
+
+ #needs_signing ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+912
+913
+914
+915
+
+
+
# File 'lib/openid/server.rb', line 912
+
+defneeds_signing
+ # Does this response require signing?
+@fields.get_arg(OPENID_NS,"mode")=="id_res"
+end
+
+
+
+
+
+
+
+
+ #render_as_form ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+906
+907
+908
+909
+910
+
+
+
# File 'lib/openid/server.rb', line 906
+
+defrender_as_form
+ # Returns true if this response's encoding is
+# ENCODE_HTML_FORM. Convenience method for server authors.
+which_encoding==ENCODE_HTML_FORM
+end
form_tag_attrs is a hash of attributes to be added to the form
+tag. âaccept-charsetâ and âenctypeâ have defaults that can be
+overridden. If a value is supplied for âactionâ or âmethodâ,
+it will be replaced.
+Returns the form markup for this response.
+
+
+
+
+
+
+
+
+
+
+
+
+
+896
+897
+898
+
+
+
# File 'lib/openid/server.rb', line 896
+
+defto_form_markup(form_tag_attrs=nil)
+ @fields.to_form_markup(@request.return_to,form_tag_attrs)
+end
# File 'lib/openid/server.rb', line 919
+
+defwhich_encoding
+ # How should I be encoded?
+# returns one of ENCODE_URL or ENCODE_KVFORM.
+returnENCODE_KVFORMunlessBROWSER_REQUEST_MODES.member?(@request.mode)
+
+ if@fields.is_openid2and
+ encode_to_url.length>OPENID1_URL_LIMIT
+ ENCODE_HTML_FORM
+ else
+ ENCODE_URL
+ end
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Server/PlainTextServerSession.html b/docs/OpenID/Server/PlainTextServerSession.html
new file mode 100644
index 00000000..28d7d594
--- /dev/null
+++ b/docs/OpenID/Server/PlainTextServerSession.html
@@ -0,0 +1,437 @@
+
+
+
+
+
+
+ Class: OpenID::Server::PlainTextServerSession
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/server.rb', line 1487
+
+defwhich_encoding
+ ifhas_return_to
+ if@openid_message.is_openid2and
+ encode_to_url.length>OPENID1_URL_LIMIT
+ returnENCODE_HTML_FORM
+ else
+ returnENCODE_URL
+ end
+ end
+
+ returnif@openid_message.nil?
+
+ mode=@openid_message.get_arg(OPENID_NS,"mode")
+ returnENCODE_KVFORMifmode&&!BROWSER_REQUEST_MODES.member?(mode)
+
+ # If your request was so broken that you didn't manage to
+# include an openid.mode, I'm not going to worry too much
+# about returning you something you can't parse.
+nil
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Server/Server.html b/docs/OpenID/Server/Server.html
new file mode 100644
index 00000000..a6f7643c
--- /dev/null
+++ b/docs/OpenID/Server/Server.html
@@ -0,0 +1,1076 @@
+
+
+
+
+
+
+ Class: OpenID::Server::Server
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Some types of requests (those which are not checkid requests)
+may be handed to my handleRequest method, and I will take care
+of it and return a response.
+
+
For your convenience, I also provide an interface to
+Decoder.decode and SigningEncoder.encode through my methods
+decodeRequest and encodeResponse.
+
+
All my state is encapsulated in an store, which means Iâm not
+generally pickleable but I am easy to reconstruct.
Encode a response to a WebResponse, signing it first if
+appropriate.
+
+
Raises EncodingError when I canât figure out how to encode this
+message.
+
+
Raises AlreadySigned When this response is already signed.
+
+
+
+
+
+
+
+
+
+
+
+
+
+1417
+1418
+1419
+
+
+
# File 'lib/openid/server.rb', line 1417
+
+defencode_response(response)
+ @encoder.encode(response)
+end
+
+
+
+
+
+
+
+
+ #handle_request(request) ⇒ Object
+
+
+
+
+
+
+
+
Handle a request.
+
+
Give me a request, I will give you a response. Unless itâs a
+type of request I cannot handle myself, in which case I will
+raise RuntimeError. In that case, you can handle it yourself,
+or add a method to me for handling that request type.
# File 'lib/openid/server.rb', line 1355
+
+defhandle_request(request)
+ begin
+ handler=method("openid_"+request.mode)
+ rescueNameError
+ raiseformat(
+ "%s has no handler for a request of mode %s.",
+ self,
+ request.mode,
+ ).to_s
+ end
+
+ handler.call(request)
+end
keys have a bogus server URL in them because the filestore
+really does expect that key to be a URL. This seems a little
+silly for the server store, since I expect there to be only
+one server URL.
# File 'lib/openid/server.rb', line 1116
+
+defget_association(assoc_handle,dumb,check_expiration=true)
+ # Hmm. We've created an interface that deals almost entirely
+# with assoc_handles. The only place outside the Signatory
+# that uses this (and thus the only place that ever sees
+# Association objects) is when creating a response to an
+# association request, as it must have the association's
+# secret.
+
+ raiseArgumentError.new("assoc_handle must not be None")unlessassoc_handle
+
+ key=ifdumb
+ @@_dumb_key
+ else
+ @@_normal_key
+ end
+
+ assoc=@store.get_association(key,assoc_handle)
+ ifassocandassoc.expires_in<=0
+ Util.log(format(
+ "requested %sdumb key %s is expired (by %s seconds)",
+ (!dumb)?"not-":"",
+ assoc_handle,
+ assoc.expires_in,
+ ))
+ ifcheck_expiration
+ @store.remove_association(key,assoc_handle)
+ assoc=nil
+ end
+ end
+
+ assoc
+end
I take an OpenIDResponse, create a signature for everything in
+its signed list, and return a new copy of the response object
+with that signature included.
# File 'lib/openid/server.rb', line 1059
+
+defsign(response)
+ signed_response=response.copy
+ assoc_handle=response.request.assoc_handle
+ ifassoc_handle
+ # normal mode disabling expiration check because even if the
+# association is expired, we still need to know some
+# properties of the association so that we may preserve
+# those properties when creating the fallback association.
+assoc=get_association(assoc_handle,false,false)
+
+ if!assocorassoc.expires_in<=0
+ # fall back to dumb mode
+signed_response.fields.set_arg(
+ OPENID_NS,"invalidate_handle",assoc_handle
+ )
+ assoc_type=assoc?assoc.assoc_type:"HMAC-SHA1"
+ ifassocandassoc.expires_in<=0
+ # now do the clean-up that the disabled checkExpiration
+# code didn't get to do.
+invalidate(assoc_handle,false)
+ end
+ assoc=create_association(true,assoc_type)
+ end
+ else
+ # dumb mode.
+assoc=create_association(true)
+ end
+
+ begin
+ signed_response.fields=assoc.sign_message(signed_response.fields)
+ rescueKVFormError=>e
+ raiseEncodingError,e
+ end
+ signed_response
+end
# File 'lib/openid/server.rb', line 1223
+
+defencode(response)
+ # the is_a? is a bit of a kludge... it means there isn't
+# really an adapter to make the interfaces quite match.
+if!response.is_a?(Exception)andresponse.needs_signing
+ unless@signatory
+ raiseArgumentError.new(
+ format(
+ "Must have a store to sign this request: %s",
+ response,
+ ),
+ response,
+ )
+ end
+
+ raiseAlreadySigned.new(response)ifresponse.fields.has_key?(OPENID_NS,"sig")
+
+ response=@signatory.sign(response)
+ end
+
+ super
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Server/UntrustedReturnURL.html b/docs/OpenID/Server/UntrustedReturnURL.html
new file mode 100644
index 00000000..a4d9e688
--- /dev/null
+++ b/docs/OpenID/Server/UntrustedReturnURL.html
@@ -0,0 +1,453 @@
+
+
+
+
+
+
+ Exception: OpenID::Server::UntrustedReturnURL
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/server.rb', line 979
+
+definitialize(code=HTTP_OK,headers=nil,body="")
+ # Construct me.
+#
+# These parameters are assigned directly as class attributes,
+# see my class documentation for their
+# descriptions.
+@code=code
+ @headers=headers||{}
+ @body=body
+end
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ #body ⇒ Object
+
+
+
+
+
+
+
+
The body of this response.
+
+
+
+
+
+
+
+
+
+
+
+
+
+977
+978
+979
+
+
+
# File 'lib/openid/server.rb', line 977
+
+defbody
+ @body
+end
+
+
+
+
+
+
+
+
+
+
+ #code ⇒ Object
+
+
+
+
+
+
+
+
The HTTP code of this response as an integer.
+
+
+
+
+
+
+
+
+
+
+
+
+
+971
+972
+973
+
+
+
# File 'lib/openid/server.rb', line 971
+
+defcode
+ @code
+end
+
+
+
+
+
+
+
+
+
+
+ #headers ⇒ Object
+
+
+
+
+
+
+
+
#Hash of headers to include in this response.
+
+
+
+
+
+
+
+
+
+
+
+
+
+974
+975
+976
+
+
+
# File 'lib/openid/server.rb', line 974
+
+defheaders
+ @headers
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/ServerError.html b/docs/OpenID/ServerError.html
new file mode 100644
index 00000000..b29d70e5
--- /dev/null
+++ b/docs/OpenID/ServerError.html
@@ -0,0 +1,529 @@
+
+
+
+
+
+
+ Exception: OpenID::ServerError
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Stores for Associations and nonces. Used by both the Consumer and
+the Server. If you have a database abstraction layer or other
+state storage in your application or framework already, you can
+implement the store interface.
# File 'lib/openid/store/filesystem.rb', line 77
+
+defget_association(server_url,handle=nil)
+ # the filename with empty handle is the prefix for the associations
+# for a given server url
+filename=get_association_filename(server_url,handle)
+ return_get_association(filename)ifhandle
+
+ assoc_filenames=Dir.glob(filename.to_s+"*")
+
+ assocs=assoc_filenames.collectdo|f|
+ _get_association(f)
+ end
+
+ assocs=assocs.find_all{|a|!a.nil?}
+ assocs=assocs.sort_by{|a|a.issued}
+
+ returnifassocs.empty?
+
+ assocs[-1]
+end
Create a unique filename for a given server url and handle. The
+filename that is returned will contain the domain name from the
+server URL for ease of human inspection of the data dir.
Remove expired nonces and associations from the store Not called during normal library operation, this method is for store admins to keep their storage from filling up with expired data.
Remove expired associations from the store Not called during normal library operation, this method is for store admins to keep their storage from filling up with expired data.
Remove expired nonces from the store Discards any nonce that is old enough that it wouldnât pass use_nonce Not called during normal library operation, this method is for store admins to keep their storage from filling up with expired data.
Return true if the nonce has not been used before, and store it for a while to make sure someone doesnât try to use the same value again.
+
+
+
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ #cleanup ⇒ Object
+
+
+
+
+
+
+
+
Remove expired nonces and associations from the store
+Not called during normal library operation, this method is for store
+admins to keep their storage from filling up with expired data
+
+
+
+
+
+
+
+
+
+
+
+
+
+68
+69
+70
+
+
+
# File 'lib/openid/store/interface.rb', line 68
+
+defcleanup
+ [cleanup_nonces,cleanup_associations]
+end
+
+
+
+
+
+
+
+
+ #cleanup_associations ⇒ Object
+
+
+
+
+
+
+
+
Remove expired associations from the store
+Not called during normal library operation, this method is for store
+admins to keep their storage from filling up with expired data
+
+
+
+
+
+
+
Raises:
+
+
+
+
+
+ (NotImplementedError)
+
+
+
+
+
+
+
+
+
+
+
+
+
+61
+62
+63
+
+
+
# File 'lib/openid/store/interface.rb', line 61
+
+defcleanup_associations
+ raiseNotImplementedError
+end
+
+
+
+
+
+
+
+
+ #cleanup_nonces ⇒ Object
+
+
+
+
+
+
+
+
Remove expired nonces from the store
+Discards any nonce that is old enough that it wouldnât pass use_nonce
+Not called during normal library operation, this method is for store
+admins to keep their storage from filling up with expired data
+
+
+
+
+
+
+
Raises:
+
+
+
+
+
+ (NotImplementedError)
+
+
+
+
+
+
+
+
+
+
+
+
+
+54
+55
+56
+
+
+
# File 'lib/openid/store/interface.rb', line 54
+
+defcleanup_nonces
+ raiseNotImplementedError
+end
Returns a Association object from storage that matches
+the server_url. Returns nil if no such association is found or if
+the one matching association is expired. (Is allowed to GC expired
+associations when found.)
+
+
+
+
+
+
+
Raises:
+
+
+
+
+
+ (NotImplementedError)
+
+
+
+
+
+
+
+
+
+
+
+
+
+27
+28
+29
+
+
+
# File 'lib/openid/store/interface.rb', line 27
+
+defget_association(server_url,handle=nil)
+ raiseNotImplementedError
+end
Put a Association object into storage.
+When implementing a store, donât assume that there are any limitations
+on the character set of the server_url. In particular, expect to see
+unescaped non-url-safe characters in the server_url field.
+
+
+
+
+
+
+
Raises:
+
+
+
+
+
+ (NotImplementedError)
+
+
+
+
+
+
+
+
+
+
+
+
+
+19
+20
+21
+
+
+
# File 'lib/openid/store/interface.rb', line 19
+
+defstore_association(server_url,association)
+ raiseNotImplementedError
+end
Return true if the nonce has not been used before, and store it
+for a while to make sure someone doesnât try to use the same value
+again. Return false if the nonce has already been used or if the
+timestamp is not current.
+You can use OpenID::Store::Nonce::SKEW for your timestamp window.
+server_url: URL of the server from which the nonce originated
+timestamp: time the nonce was created in seconds since unix epoch
+salt: A random string that makes two nonces issued by a server in
+ the same second unique
+
+
+
+
+
+
+
Raises:
+
+
+
+
+
+ (NotImplementedError)
+
+
+
+
+
+
+
+
+
+
+
+
+
+46
+47
+48
+
+
+
# File 'lib/openid/store/interface.rb', line 46
+
+defuse_nonce(server_url,timestamp,salt)
+ raiseNotImplementedError
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Store/Memcache.html b/docs/OpenID/Store/Memcache.html
new file mode 100644
index 00000000..ee84db18
--- /dev/null
+++ b/docs/OpenID/Store/Memcache.html
@@ -0,0 +1,806 @@
+
+
+
+
+
+
+ Class: OpenID::Store::Memcache
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Returns a Association object from storage that matches
+the server_url. Returns nil if no such association is found or if
+the one matching association is expired. (Is allowed to GC expired
+associations when found.)
Put a Association object into storage.
+When implementing a store, donât assume that there are any limitations
+on the character set of the server_url. In particular, expect to see
+unescaped non-url-safe characters in the server_url field.
+
+
+
+
+
+
+
+
+
+
+
+
+
+23
+24
+25
+26
+27
+28
+29
+
+
+
# File 'lib/openid/store/memcache.rb', line 23
+
+defstore_association(server_url,association)
+ serialized=serialize(association)
+ [nil,association.handle].eachdo|handle|
+ key=assoc_key(server_url,handle)
+ @cache_client.set(key,serialized,expiry(association.lifetime))
+ end
+end
Return true if the nonce has not been used before, and store it
+for a while to make sure someone doesnât try to use the same value
+again. Return false if the nonce has already been used or if the
+timestamp is not current.
+You can use OpenID::Store::Nonce::SKEW for your timestamp window.
+server_url: URL of the server from which the nonce originated
+timestamp: time the nonce was created in seconds since unix epoch
+salt: A random string that makes two nonces issued by a server in
+ the same second unique
+
+
+
+
+
+
+
+
+
+
+
+
+
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+
+
+
# File 'lib/openid/store/memcache.rb', line 60
+
+defuse_nonce(server_url,timestamp,salt)
+ returnfalseif(timestamp-Time.now.to_i).abs>Nonce.skew
+
+ ts=timestamp.to_s# base 10 seconds since epoch
+nonce_key=key_prefix+"N"+server_url+"|"+ts+"|"+salt
+ result=@cache_client.add(nonce_key,"",expiry(Nonce.skew+5))
+ return!!(result=~/^STORED/)ifresult.is_a?(String)
+
+ !!result
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Store/Memory.html b/docs/OpenID/Store/Memory.html
new file mode 100644
index 00000000..99a4a0c0
--- /dev/null
+++ b/docs/OpenID/Store/Memory.html
@@ -0,0 +1,618 @@
+
+
+
+
+
+
+ Class: OpenID::Store::Memory
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
An in-memory implementation of Store. This class is mainly used
+for testing, though it may be useful for long-running single
+process apps. Note that this store is NOT thread-safe.
+
+
You should probably be looking at OpenID::Store::Filesystem
# File 'lib/openid/trustroot.rb', line 332
+
+defself.return_to_matches(allowed_return_to_urls,return_to)
+ allowed_return_to_urls.eachdo|allowed_return_to|
+ # A return_to pattern works the same as a realm, except that
+# it's not allowed to use a wildcard. We'll model this by
+# parsing it as a realm, and not trying to match it if it has
+# a wildcard.
+
+ return_realm=TrustRoot.parse(allowed_return_to)
+ if!return_realm.nil?and
+
+ # Does not have a wildcard
+!return_realm.wildcardand
+
+ # Matches the return_to that we passed in with it
+return_realm.validate_url(return_to)# Parses as a trust root
+
+ returntrue
+ end
+ end
+
+ # No URL in the list matched
+false
+end
Verify that a return_to URL is valid for the given realm.
+
+
This function builds a discovery URL, performs Yadis discovery
+on it, makes sure that the URL does not redirect, parses out
+the return_to URLs, and finally checks to see if the current
+return_to URL matches the return_to.
+
+
raises DiscoveryFailure when Yadis discovery fails returns
+true if the return_to URL is valid for the realm
# File 'lib/openid/trustroot.rb', line 382
+
+defself.verify_return_to(realm_str,return_to,_vrfy=nil)
+ # _vrfy parameter is there to make testing easier
+_vrfy=method(:get_allowed_return_urls)if_vrfy.nil?
+
+ raiseArgumentError,"_vrfy must be a Proc or Method"unless_vrfy.is_a?(Proc)or_vrfy.is_a?(Method)
+
+ realm=TrustRoot.parse(realm_str)
+ ifrealm.nil?
+ # The realm does not parse as a URL pattern
+returnfalse
+ end
+
+ begin
+ allowable_urls=_vrfy.call(realm.build_discovery_url)
+ rescueRealmVerificationRedirected=>e
+ Util.log(e.to_s)
+ returnfalse
+ end
+
+ returntrueifreturn_to_matches(allowable_urls,return_to)
+
+ Util.log("Failed to validate return_to #{return_to} for "+
+ "realm #{realm_str}, was not in #{allowable_urls}")
+ false
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/TrustRoot/TrustRoot.html b/docs/OpenID/TrustRoot/TrustRoot.html
new file mode 100644
index 00000000..965cfbfe
--- /dev/null
+++ b/docs/OpenID/TrustRoot/TrustRoot.html
@@ -0,0 +1,1429 @@
+
+
+
+
+
+
+ Class: OpenID::TrustRoot::TrustRoot
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/trustroot.rb', line 454
+
+defparse(trust_root)
+ trust_root=trust_root.dup
+ unparsed=trust_root.dup
+
+ # look for wildcard
+wildcard=!trust_root.index("://*.").nil?
+ trust_root.sub!("*.","")ifwildcard
+ # handle http://*/ case
+if!wildcardandEMPTY_RE.match(trust_root)
+ proto=trust_root.split(":")[0]
+ port=(proto=="http")?80:443
+ returnnew(unparsed,proto,true,"",port,"/")
+ end
+
+ parts=TrustRoot._parse_url(trust_root)
+ returnifparts.nil?
+
+ proto,host,port,path=parts
+ returnifhost[0]=="."
+
+ # check for URI fragment
+returnifpathand!path.index("#").nil?
+
+ returnunless%w[httphttps].member?(proto)
+
+ new(unparsed,proto,wildcard,host,port,path)
+end
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ #build_discovery_url ⇒ Object
+
+
+
+
+
+
+
+
Return a discovery URL for this realm.
+
+
This function does not check to make sure that the realm is
+valid. Its behaviour on invalid inputs is undefined.
+
+
return_to:: The relying party return URL of the OpenID
+authentication request
+
+
Returns the URL upon which relying party discovery should be
+run in order to verify the return_to URL
+
+
+
+
+
+
+
+
+
+
+
+
+
+507
+508
+509
+510
+511
+512
+513
+514
+
+
+
# File 'lib/openid/trustroot.rb', line 507
+
+defbuild_discovery_url
+ return@unparsedunlesswildcard
+
+ # Use "www." in place of the star
+www_domain="www."+@host
+ port=(!@port.nil?and![80,443].member?(@port))?(":"+@port.to_s):""
+ "#{@proto}://#{www_domain}#{port}#{@path}"
+end
# File 'lib/openid/trustroot.rb', line 525
+
+defsane?
+ returnfalseif@host.nil?||@host.empty?
+ returntrueif@host=="localhost"
+
+ host_parts=@host.split(".")
+
+ # a note: Something changed in the way Ruby parsed URIs,
+# where it used to be very strict (probably incorrectly so),
+# and now it is much more permissive (and probably more standards compliant).
+# Handle cases Ruby used to consider "insane" here to prevent them from being considered "sane".
+wild_check=host_parts[-2,2]
+ returnfalseifwild_check&.detect{|wild|wild["*"]}
+
+ # a note: ruby string split does not put an empty string at
+# the end of the list if the split element is last. for
+# example, 'foo.com.'.split('.') => ['foo','com']. Mentioned
+# because the python code differs here.
+
+ returnfalseifhost_parts.length==0
+
+ # no adjacent dots
+returnfalseifhost_parts.member?("")
+
+ # last part must be a tld
+tld=host_parts[-1]
+ returnfalseunlessTOP_LEVEL_DOMAINS.member?(tld)
+
+ returnfalseifhost_parts.length==1
+
+ if@wildcard&&(tld.length==2andhost_parts[-2].length<=3)
+ # It's a 2-letter tld with a short second to last segment
+# so there needs to be more than two segments specified
+# (e.g. *.co.uk is insane)
+returnhost_parts.length>2
+ end
+
+ true
+end
# File 'lib/openid/trustroot.rb', line 564
+
+defvalidate_url(url)
+ parts=TrustRoot._parse_url(url)
+ returnfalseifparts.nil?
+
+ proto,host,port,path=parts
+
+ returnfalseunlessproto==@proto
+ returnfalseunlessport==@port
+ returnfalseunlesshost.index("*").nil?
+
+ if!@wildcard
+ returnfalseifhost!=@host
+ elsif(@host!="")and
+ !host.end_with?("."+@host)and
+ (host!=@host)
+ returnfalse
+ end
+
+ ifpath!=@path
+ path_len=@path.length
+ trust_prefix=@path[0...path_len]
+ url_prefix=path[0...path_len]
+
+ # must be equal up to the length of the path, at least
+returnfalseiftrust_prefix!=url_prefix
+
+ # These characters must be on the boundary between the end
+# of the trust root's path and the start of the URL's path.
+allowed=if!@path.index("?").nil?
+ "&"
+ else
+ "?/"
+ end
+
+ return(!allowed.index(@path[-1]).nil?or
+ !allowed.index(path[path_len]).nil?)
+ end
+
+ true
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/TypeURIMismatch.html b/docs/OpenID/TypeURIMismatch.html
new file mode 100644
index 00000000..9ab0eb48
--- /dev/null
+++ b/docs/OpenID/TypeURIMismatch.html
@@ -0,0 +1,372 @@
+
+
+
+
+
+
+ Exception: OpenID::TypeURIMismatch
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/kvform.rb', line 48
+
+defself.kv_to_seq(data,strict=false)
+ # After one parse, seq_to_kv and kv_to_seq are inverses, with no
+# warnings:
+#
+# seq = kv_to_seq(s)
+# seq_to_kv(kv_to_seq(seq)) == seq
+err=lambda{|msg|
+ msg="kv_to_seq warning: #{msg}: #{data.inspect}"
+ raiseKVFormError,msgifstrict
+
+ Util.log(msg)
+ }
+
+ lines=data.split("\n")
+ return[]ifdata.empty?
+
+ ifdata[-1].chr!="\n"
+ err.call("Does not end in a newline")
+ # We don't expect the last element of lines to be an empty
+# string because split() doesn't behave that way.
+end
+
+ pairs=[]
+ line_num=0
+ lines.eachdo|line|
+ line_num+=1
+
+ # Ignore blank lines
+nextifline.strip==""
+
+ pair=line.split(":",2)
+ ifpair.length==2
+ k,v=pair
+ k_s=k.strip
+ ifk_s!=k
+ msg="In line #{line_num}, ignoring leading or trailing whitespace in key #{k.inspect}"
+ err.call(msg)
+ end
+
+ err.call("In line #{line_num}, got empty key")ifk_s.empty?
+
+ v_s=v.strip
+ ifv_s!=v
+ msg="In line #{line_num}, ignoring leading or trailing whitespace in value #{v.inspect}"
+ err.call(msg)
+ end
+
+ pairs<<[k_s,v_s]
+ else
+ err.call("Line #{line_num} does not contain a colon")
+ end
+ end
+
+ pairs
+end
+
+
+
+
+
+
+
+
+ .log(message) ⇒ Object
+
+
+
+
+
+
+
+
change the message below to do whatever you like for logging
+
+
+
+
+
+
+
+
+
+
+
+
+
+90
+91
+92
+
+
+
# File 'lib/openid/util.rb', line 90
+
+defself.log(message)
+ logger.info(message)
+end
+
+
+
+
+
+
+
+
+ .logger ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+85
+86
+87
+
+
+
# File 'lib/openid/util.rb', line 85
+
+defself.logger
+ @@logger
+end
+
+
+
+
+
+
+
+
+ .logger=(logger) ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+81
+82
+83
+
+
+
# File 'lib/openid/util.rb', line 81
+
+defself.logger=(logger)
+ @@logger=logger
+end
# File 'lib/openid/kvform.rb', line 6
+
+defself.seq_to_kv(seq,strict=false)
+ # Represent a sequence of pairs of strings as newline-terminated
+# key:value pairs. The pairs are generated in the order given.
+#
+# @param seq: The pairs
+#
+# returns a string representation of the sequence
+err=lambda{|msg|
+ msg="seq_to_kv warning: #{msg}: #{seq.inspect}"
+ raiseKVFormError,msgifstrict
+
+ Util.log(msg)
+ }
+
+ lines=[]
+ seq.eachdo|k,v|
+ unlessk.is_a?(String)
+ err.call("Converting key to string: #{k.inspect}")
+ k=k.to_s
+ end
+
+ raiseKVFormError,"Invalid input for seq_to_kv: key contains newline: #{k.inspect}"unlessk.index("\n").nil?
+
+ raiseKVFormError,"Invalid input for seq_to_kv: key contains colon: #{k.inspect}"unlessk.index(":").nil?
+
+ err.call("Key has whitespace at beginning or end: #{k.inspect}")ifk.strip!=k
+
+ unlessv.is_a?(String)
+ err.call("Converting value to string: #{v.inspect}")
+ v=v.to_s
+ end
+
+ raiseKVFormError,"Invalid input for seq_to_kv: value contains newline: #{v.inspect}"unlessv.index("\n").nil?
+
+ err.call("Value has whitespace at beginning or end: #{v.inspect}")ifv.strip!=v
+
+ lines<<k+":"+v+"\n"
+ end
+
+ lines.join("")
+end
+
+
+
+
+
+
+
+
+ .to_base64(s) ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+35
+36
+37
+
+
+
# File 'lib/openid/util.rb', line 35
+
+defself.to_base64(s)
+ [s].pack("m").delete("\n")
+end
# File 'lib/openid/yadis/services.rb', line 29
+
+defself.apply_filter(normalized_uri,xrd_data,flt=nil)
+ # Generate an iterable of endpoint objects given this input data,
+# presumably from the result of performing the Yadis protocol.
+
+ flt=Yadis.make_filter(flt)
+ et=Yadis.parseXRDS(xrd_data)
+
+ endpoints=[]
+ each_service(et)do|service_element|
+ endpoints+=flt.get_service_endpoints(normalized_uri,service_element)
+ end
+
+ endpoints
+end
uri: The identity URI as a well-formed http or https URI. The
+well-formedness and the protocol are not checked, but the
+results of this function are undefined if those properties do
+not hold.
+
+
returns a DiscoveryResult object
+
+
Raises DiscoveryFailure when the HTTP response does not have
+a 200 code.
# File 'lib/openid/yadis/discovery.rb', line 70
+
+defself.discover(uri)
+ result=DiscoveryResult.new(uri)
+ begin
+ resp=OpenID.fetch(uri,nil,{"Accept"=>YADIS_ACCEPT_HEADER})
+ rescueException
+ raiseDiscoveryFailure.new("Failed to fetch identity URL #{uri} : #{$!}",$!)
+ end
+ ifresp.code!="200"andresp.code!="206"
+ raiseDiscoveryFailure.new(
+ 'HTTP Response status from identity URL host is not "200".' \
+ "Got status #{resp.code.inspect} for #{resp.final_url}",
+ resp,
+ )
+ end
+
+ # Note the URL after following redirects
+result.normalized_uri=resp.final_url
+
+ # Attempt to find out where to go to discover the document or if
+# we already have it
+result.content_type=resp["content-type"]
+
+ result.xrds_uri=where_is_yadis?(resp)
+
+ ifresult.xrds_uriandresult.used_yadis_location?
+ begin
+ resp=OpenID.fetch(result.xrds_uri)
+ rescueStandardError
+ raiseDiscoveryFailure.new("Failed to fetch Yadis URL #{result.xrds_uri} : #{$!}",$!)
+ end
+ ifresp.code!="200"andresp.code!="206"
+ exc=DiscoveryFailure.new(
+ 'HTTP Response status from Yadis host is not "200". '+
+ "Got status #{resp.code.inspect} for #{resp.final_url}",
+ resp,
+ )
+ exc.identity_url=result.normalized_uri
+ raiseexc
+ end
+
+ result.content_type=resp["content-type"]
+ end
+
+ result.response_text=resp.body
+ result
+end
# File 'lib/openid/yadis/accept.rb', line 127
+
+defself.get_acceptable(accept_header,have_types)
+ # Parse the accept header and return a list of available types
+# in preferred order. If a type is unacceptable, it will not be
+# in the resulting list.
+#
+# This is a convenience wrapper around matchTypes and
+# parse_accept_header
+#
+# (str, [str]) -> [str]
+accepted=parse_accept_header(accept_header)
+ preferred=match_types(accepted,have_types)
+ preferred.collect{|mtype,_|mtype}
+end
# File 'lib/openid/yadis/services.rb', line 7
+
+defself.get_service_endpoints(input_url,flt=nil)
+ # Perform the Yadis protocol on the input URL and return an
+# iterable of resulting endpoint objects.
+#
+# @param flt: A filter object or something that is convertable
+# to a filter object (using mkFilter) that will be used to
+# generate endpoint objects. This defaults to generating
+# BasicEndpoint objects.
+result=Yadis.discover(input_url)
+ begin
+ endpoints=Yadis.apply_filter(
+ result.normalized_uri,
+ result.response_text,
+ flt,
+ )
+ rescueXRDSError=>e
+ raiseDiscoveryFailure.new(e.to_s,nil)
+ end
+
+ [result.normalized_uri,endpoints]
+end
# File 'lib/openid/yadis/parsehtml.rb', line 9
+
+defself.html_yadis_location(html)
+ parser=HTMLTokenizer.new(html)
+
+ # to keep track of whether or not we are in the head element
+in_head=false
+
+ begin
+ whileel=parser.getTag(
+ "head",
+ "/head",
+ "meta",
+ "body",
+ "/body",
+ "html",
+ "script",
+ )
+
+ # we are leaving head or have reached body, so we bail
+returnif["/head","body","/body"].member?(el.tag_name)
+
+ ifel.tag_name=="head"&&!(el.to_s[-2]=="/")
+ in_head=true# tag ends with a /: a short tag
+end
+ nextunlessin_head
+
+ ifel.tag_name=="script"&&!(el.to_s[-2]=="/")
+ parser.getTag("/script")# tag ends with a /: a short tag
+end
+
+ returnifel.tag_name=="html"
+
+ nextunlessel.tag_name=="meta"and(equiv=el.attr_hash["http-equiv"])
+ if%w[x-xrds-locationx-yadis-location].member?(equiv.downcase)&&
+ el.attr_hash.member?("content")
+ returnCGI.unescapeHTML(el.attr_hash["content"])
+ end
+ end
+ rescueHTMLTokenizerError# just stop parsing if there's an error
+end
+end
parts should be a filter, an endpoint, a callable, or a list of
+any of these.
+
+
+
+
+
+
+
+
+
+
+
+
+
+143
+144
+145
+146
+147
+148
+149
+150
+
+
+
# File 'lib/openid/yadis/filters.rb', line 143
+
+defself.make_filter(parts)
+ # Convert the parts into a list, and pass to mk_compound_filter
+parts=[BasicServiceEndpoint]ifparts.nil?
+
+ returnmk_compound_filter(parts)ifparts.is_a?(Array)
+
+ mk_compound_filter([parts])
+end
# File 'lib/openid/yadis/filters.rb', line 157
+
+defself.mk_compound_filter(parts)
+ raiseTypeError,"#{parts.inspect} is not iterable"unlessparts.respond_to?(:each)
+
+ # Separate into a list of callables and a list of filter objects
+transformers=[]
+ filters=[]
+ parts.eachdo|subfilter|
+ if!subfilter.is_a?(Array)
+ # If it's not an iterable
+ifsubfilter.respond_to?(:get_service_endpoints)
+ # It's a full filter
+filters<<subfilter
+ elsifsubfilter.respond_to?(:from_basic_service_endpoint)
+ # It's an endpoint object, so put its endpoint conversion
+# attribute into the list of endpoint transformers
+transformers<<subfilter.method(:from_basic_service_endpoint)
+ elsifsubfilter.respond_to?(:call)
+ # It's a proc, so add it to the list of endpoint
+# transformers
+transformers<<subfilter
+ else
+ raise@@filter_type_error
+ end
+ else
+ filters<<mk_compound_filter(subfilter)
+ end
+ end
+
+ filters<<TransformFilterMaker.new(transformers)iftransformers.length>0
+
+ returnfilters[0]iffilters.length==1
+
+ CompoundFilter.new(filters)
+end
# File 'lib/openid/yadis/discovery.rb', line 124
+
+defself.where_is_yadis?(resp)
+ # Attempt to find out where to go to discover the document or if
+# we already have it
+content_type=resp["content-type"]
+
+ # According to the spec, the content-type header must be an
+# exact match, or else we have to look for an indirection.
+if!content_type.nil?and!content_type.to_s.empty?and
+ content_type.split(";",2)[0].downcase==YADIS_CONTENT_TYPE
+ returnresp.final_url
+ else
+ # Try the header
+yadis_loc=resp[YADIS_HEADER_NAME.downcase]
+
+ ifyadis_loc.nil?
+ # Parse as HTML if the header is missing.
+#
+# XXX: do we want to do something with content-type, like
+# have a whitelist or a blacklist (for detecting that it's
+# HTML)?
+yadis_loc=Yadis.html_yadis_location(resp.body)
+ end
+ end
+
+ yadis_loc
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Yadis/BasicServiceEndpoint.html b/docs/OpenID/Yadis/BasicServiceEndpoint.html
new file mode 100644
index 00000000..3e5d4862
--- /dev/null
+++ b/docs/OpenID/Yadis/BasicServiceEndpoint.html
@@ -0,0 +1,725 @@
+
+
+
+
+
+
+ Class: OpenID::Yadis::BasicServiceEndpoint
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Generic endpoint object that contains parsed service
+information, as well as a reference to the service element
+from which it was generated. If there is more than one
+xrd:Type or xrd:URI in the xrd:Service, this object represents
+just one of those pairs.
+
+
This object can be used as a filter, because it implements
+fromBasicServiceEndpoint.
+
+
The simplest kind of filter you can write implements
+fromBasicServiceEndpoint, which takes one of these objects.
A hack to make both this class and its instances respond to
+this message since Ruby doesnât support static methods.
+
+
+
+
+
+
+
+
+
+
+
+
+
+47
+48
+49
+
+
+
# File 'lib/openid/yadis/filters.rb', line 47
+
+deffrom_basic_service_endpoint(endpoint)
+ self.class.from_basic_service_endpoint(endpoint)
+end
+
+
+
+
+
+
+
+
+ #match_types(type_uris) ⇒ Object
+
+
+
+
+
+
+
+
Query this endpoint to see if it has any of the given type
+URIs. This is useful for implementing other endpoint classes
+that e.g. need to check for the presence of multiple
+versions of a single protocol.
+
+
+
+
+
+
+
+
+
+
+
+
+
+32
+33
+34
+
+
+
# File 'lib/openid/yadis/filters.rb', line 32
+
+defmatch_types(type_uris)
+ @type_uris&type_uris
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Yadis/CompoundFilter.html b/docs/OpenID/Yadis/CompoundFilter.html
new file mode 100644
index 00000000..50a510a2
--- /dev/null
+++ b/docs/OpenID/Yadis/CompoundFilter.html
@@ -0,0 +1,360 @@
+
+
+
+
+
+
+ Class: OpenID::Yadis::CompoundFilter
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/yadis/discovery.rb', line 36
+
+definitialize(request_uri)
+ # Initialize the state of the object
+#
+# sets all attributes to None except the request_uri
+@request_uri=request_uri
+ @normalized_uri=nil
+ @xrds_uri=nil
+ @content_type=nil
+ @response_text=nil
+end
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ #content_type ⇒ Object
+
+
+
+
+
+
+
+
The content-type returned with the response_text
+
+
+
+
+
+
+
+
+
+
+
+
+
+29
+30
+31
+
+
+
# File 'lib/openid/yadis/discovery.rb', line 29
+
+defcontent_type
+ @content_type
+end
+
+
+
+
+
+
+
+
+
+
+ #normalize_uri ⇒ Object
+
+
+
+
+
+
+
+
The result of following redirects from the request_uri
+
+
+
+
+
+
+
+
+
+
+
+
+
+22
+23
+24
+
+
+
# File 'lib/openid/yadis/discovery.rb', line 22
+
+defnormalize_uri
+ @normalize_uri
+end
+
+
+
+
+
+
+
+
+
+
+ #normalized_uri ⇒ Object
+
+
+
+
+
+
+
+
Returns the value of attribute normalized_uri.
+
+
+
+
+
+
+
+
+
+
+
+
+
+34
+35
+36
+
+
+
# File 'lib/openid/yadis/discovery.rb', line 34
+
+defnormalized_uri
+ @normalized_uri
+end
+
+
+
+
+
+
+
+
+
+
+ #request_uri ⇒ Object
+
+
+
+
+
+
+
+
Returns the value of attribute request_uri.
+
+
+
+
+
+
+
+
+
+
+
+
+
+34
+35
+36
+
+
+
# File 'lib/openid/yadis/discovery.rb', line 34
+
+defrequest_uri
+ @request_uri
+end
+
+
+
+
+
+
+
+
+
+
+ #response_text ⇒ Object
+
+
+
+
+
+
+
+
The document returned from the xrds_uri
+
+
+
+
+
+
+
+
+
+
+
+
+
+32
+33
+34
+
+
+
# File 'lib/openid/yadis/discovery.rb', line 32
+
+defresponse_text
+ @response_text
+end
+
+
+
+
+
+
+
+
+
+
+ #xrds_uri ⇒ Object
+
+
+
+
+
+
+
+
The URI from which the response text was returned (set to
+nil if there was no XRDS document found)
+
+
+
+
+
+
+
+
+
+
+
+
+
+26
+27
+28
+
+
+
# File 'lib/openid/yadis/discovery.rb', line 26
+
+defxrds_uri
+ @xrds_uri
+end
+
+
+
+
+
+
+
+
+
+
Instance Method Details
+
+
+
+
+
+ #is_xrds ⇒ Object
+
+
+
+
+
+
+
+
Is the response text supposed to be an XRDS document?
Take a list of basic filters and makes a filter that
+transforms the basic filter into a top-level filter. This is
+mostly useful for the implementation of make_filter, which
+should only be needed for special cases or internal use by
+this library.
+
+
This object is useful for creating simple filters for services
+that use one URI and are specified by one Type (we expect most
+Types will fit this paradigm).
+
+
Creates a BasicServiceEndpoint object and apply the filter
+functions to it until one of them returns a value.
filter_functions are the endpoint transformer
+Procs to apply to the basic endpoint. These are called in
+turn until one of them does not return nil, and the result
+of that transformer is returned.
+
+
+
+
+
+
+
+
+
+
+
+
+
+73
+74
+75
+
+
+
# File 'lib/openid/yadis/filters.rb', line 73
+
+definitialize(filter_procs)
+ @filter_procs=filter_procs
+end
+
+
+
+
+
+
+
+
+
Instance Attribute Details
+
+
+
+
+
+
+ #filter_procs ⇒ Object(readonly)
+
+
+
+
+
+
+
+
Returns the value of attribute filter_procs.
+
+
+
+
+
+
+
+
+
+
+
+
+
+65
+66
+67
+
+
+
# File 'lib/openid/yadis/filters.rb', line 65
+
+deffilter_procs
+ @filter_procs
+end
# File 'lib/openid/yadis/filters.rb', line 97
+
+defapply_filters(endpoint)
+ # Apply filter procs to an endpoint until one of them returns
+# non-nil.
+@filter_procs.eachdo|filter_proc|
+ e=filter_proc.call(endpoint)
+ unlesse.nil?
+ # Once one of the filters has returned an endpoint, do not
+# apply any more.
+returne
+ end
+ end
+
+ nil
+end
# File 'lib/openid/yadis/filters.rb', line 79
+
+defget_service_endpoints(yadis_url,service_element)
+ endpoints=[]
+
+ # Do an expansion of the service element by xrd:Type and
+# xrd:URI
+Yadis.expand_service(service_element).eachdo|type_uris,uri,_|
+ # Create a basic endpoint object to represent this
+# yadis_url, Service, Type, URI combination
+endpoint=BasicServiceEndpoint.new(
+ yadis_url,type_uris,uri,service_element
+ )
+
+ e=apply_filters(endpoint)
+ endpoints<<eunlesse.nil?
+ end
+ endpoints
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Yadis/XRDSError.html b/docs/OpenID/Yadis/XRDSError.html
new file mode 100644
index 00000000..b3d2ac12
--- /dev/null
+++ b/docs/OpenID/Yadis/XRDSError.html
@@ -0,0 +1,130 @@
+
+
+
+
+
+
+ Exception: OpenID::Yadis::XRDSError
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/yadis/xri.rb', line 52
+
+defself.iri_to_uri(iri)
+ iri.dup
+ # for char in ucschar or iprivate
+# convert each char to %HH%HH%HH (as many %HH as octets)
+end
Transform an XRI reference to an IRI reference. Note this is
+not not idempotent, so do not apply this to an identifier more
+than once. XRI Syntax section 2.3.1
Transform an XRI reference to a URI reference. Note this is not
+not idempotent, so do not apply this to an identifier more than
+once. XRI Syntax section 2.3.1
+
+
+
+
+
+
+
+
+
+
+
+
+
+47
+48
+49
+
+
+
# File 'lib/openid/yadis/xri.rb', line 47
+
+defself.to_uri_normal(xri)
+ iri_to_uri(to_iri_normal(xri))
+end
+
+
+
+
+
+
+
+
+ .urlencode(args) ⇒ Object
+
+
+
+
+
+
+
+
+
+
+
+62
+63
+64
+65
+66
+67
+68
+
+
+
# File 'lib/openid/yadis/xrires.rb', line 62
+
+defself.urlencode(args)
+ a=[]
+ args.eachdo|key,val|
+ a<<(CGI.escape(key)+"="+CGI.escape(val))
+ end
+ a.join("&")
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Yadis/XRI/ProxyResolver.html b/docs/OpenID/Yadis/XRI/ProxyResolver.html
new file mode 100644
index 00000000..fea49567
--- /dev/null
+++ b/docs/OpenID/Yadis/XRI/ProxyResolver.html
@@ -0,0 +1,416 @@
+
+
+
+
+
+
+ Class: OpenID::Yadis::XRI::ProxyResolver
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
# File 'lib/openid/yadis/xrires.rb', line 40
+
+defquery(xri)
+ # these can be query args or http headers, needn't be both.
+# headers = {'Accept' => 'application/xrds+xml;sep=true'}
+url=query_url(xri)
+ begin
+ response=OpenID.fetch(url)
+ rescueStandardError
+ raiseXRIHTTPError,"Could not fetch #{xri}, #{$!}"
+ end
+ raiseXRIHTTPError,"Could not fetch #{xri}"ifresponse.nil?
+
+ xrds=Yadis.parseXRDS(response.body)
+ canonical_id=Yadis.get_canonical_id(xri,xrds)
+
+ [canonical_id,Yadis.services(xrds)]
+ # TODO:
+# * If we do get hits for multiple service_types, we're almost
+# certainly going to have duplicated service entries and
+# broken priority ordering.
+end
# File 'lib/openid/yadis/xrires.rb', line 23
+
+defquery_url(xri,service_type=nil)
+ # URI normal form has a leading xri://, but we need to strip
+# that off again for the QXRI. This is under discussion for
+# XRI Resolution WD 11.
+qxri=XRI.to_uri_normal(xri)[6..-1]
+ hxri=@proxy_url+qxri
+ args={"_xrd_r"=>"application/xrds+xml"}
+ ifservice_type
+ args["_xrd_t"]=service_type
+ else
+ # don't perform service endpoint selection
+args["_xrd_r"]+=";sep=false"
+ end
+
+ XRI.append_args(hxri,args)
+end
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/OpenID/Yadis/XRI/XRIHTTPError.html b/docs/OpenID/Yadis/XRI/XRIHTTPError.html
new file mode 100644
index 00000000..b549f2cd
--- /dev/null
+++ b/docs/OpenID/Yadis/XRI/XRIHTTPError.html
@@ -0,0 +1,124 @@
+
+
+
+
+
+
+ Exception: OpenID::Yadis::XRI::XRIHTTPError
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+
We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
+
+
Our Standards
+
+
Examples of behavior that contributes to a positive environment for our community include:
+
+
+
Demonstrating empathy and kindness toward other people
+
Being respectful of differing opinions, viewpoints, and experiences
+
Giving and gracefully accepting constructive feedback
+
Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
+
Focusing on what is best not just for us as individuals, but for the overall community
+
+
+
Examples of unacceptable behavior include:
+
+
+
The use of sexualized language or imagery, and sexual attention or
+advances of any kind
+
Trolling, insulting or derogatory comments, and personal or political attacks
+
Public or private harassment
+
Publishing othersâ private information, such as a physical or email
+address, without their explicit permission
+
Other conduct which could reasonably be considered inappropriate in a
+professional setting
+
+
+
Enforcement Responsibilities
+
+
Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
+
+
Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
+
+
Scope
+
+
This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+
Enforcement
+
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at peter.boling@gmail.com. All complaints will be reviewed and investigated promptly and fairly.
+
+
All community leaders are obligated to respect the privacy and security of the reporter of any incident.
+
+
Enforcement Guidelines
+
+
Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
+
+
1. Correction
+
+
Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
+
+
Consequence: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
+
+
2. Warning
+
+
Community Impact: A violation through a single incident or series of actions.
+
+
Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
+
+
3. Temporary Ban
+
+
Community Impact: A serious violation of community standards, including sustained inappropriate behavior.
+
+
Consequence: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
+
+
4. Permanent Ban
+
+
Community Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
+
+
Consequence: A permanent ban from any sort of public interaction within the community.
+
+
Attribution
+
+
This Code of Conduct is adapted from the Contributor Covenant, version 2.0,
+available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
new file mode 100644
index 00000000..28756029
--- /dev/null
+++ b/docs/file.CONTRIBUTING.html
@@ -0,0 +1,135 @@
+
+
+
+
+
+
+ File: CONTRIBUTING
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Bug reports and pull requests are welcome on GitHub at https://github.com/oauth-xx/ruby-openid2
+. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
+the code of conduct.
+
+
To submit a patch, please fork the project and create a patch with tests.
+Once youâre happy with it send a pull request.
+
+
Release
+
+
One-time, Per-developer, Setup
+
+
IMPORTANT: Your public key for signing gems will need to be picked up by the line in the
+gemspec defining the spec.cert_chain (check the relevant ENV variables there),
+in order to sign the new release.
+See: RubyGems Security Guide
+
+
To release a new version:
+
+
+
Run bin/setup && bin/rake as a tests, coverage, & linting sanity check
+
Update the version number in version.rb
+
+
Run bin/setup && bin/rake again as a secondary check, and to update Gemfile.lock
+
+
Run git commit -am "đ Prepare release v<VERSION>" to commit the changes
+
Run git push to trigger the final CI pipeline before release, & merge PRs
+
The code in lib/hmac/ is Copyright 2001 by Daiki Ueno, and distributed under the terms of the Ruby license. See http://www.ruby-lang.org/en/LICENSE.txt
lib/openid/yadis/htmltokenizer.rb is Copyright 2004 by Ben Giddings and distributed under the terms of the Ruby license.
The remainder of this package is Copyright (c) 2006-2012 by JanRain, Inc., Copyright (c) 2024 Peter Boling, and distributed under the terms of license below:
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/file.README.html b/docs/file.README.html
new file mode 100644
index 00000000..17283959
--- /dev/null
+++ b/docs/file.README.html
@@ -0,0 +1,262 @@
+
+
+
+
+
+
+ File: README
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
The best way to start is to look at the rails_openid example.
+You can run it with:
+
+
cdexamples/rails_openid
+script/server
+
+
+
If you are writing an OpenID Relying Party, a good place to start is:
+examples/rails_openid/app/controllers/consumer_controller.rb
+
+
And if you are writing an OpenID provider:
+examples/rails_openid/app/controllers/server_controller.rb
+
+
The library code is quite well documented, so donât be squeamish, and
+look at the library itself if thereâs anything you donât understand in
+the examples.
Everyone interacting in this projectâs codebases, issue trackers,
+chat rooms and mailing lists is expected to follow the code of conduct.
+
+
đ Versioning
+
+
This Library adheres to Semantic Versioning 2.0.0.
+Violations of this scheme should be reported as bugs.
+Specifically, if a minor or patch version is released that breaks backward compatibility,
+a new version should be immediately released that restores compatibility.
+Breaking changes to the public API will only be introduced with new major versions.
+
+
To get a better understanding of how SemVer is intended to work over a projectâs lifetime,
+read this article from the creator of SemVer:
As a result of this policy, you can (and should) specify a dependency on these libraries using
+the Pessimistic Version Constraint with two digits of precision.
Apache Software License. For more information see the LICENSE file.
+
+
đ¤ One more thing
+
+
You made it to the bottom of the page,
+so perhaps youâll indulge me for another 20 seconds.
+I maintain many dozens of gems, including this one,
+because I want Ruby to be a great place for people to solve problems, big and small.
+Please consider supporting my efforts via the giant yellow link below,
+or one of the others at the head of this README.
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
new file mode 100644
index 00000000..b410532f
--- /dev/null
+++ b/docs/file.SECURITY.html
@@ -0,0 +1,102 @@
+
+
+
+
+
+
+ File: SECURITY
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Peter Boling is the primary maintainer of this gem. Please find a way
+to contact him directly to report the issue. Include as much relevant information as
+possible.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/file.UPGRADE.html b/docs/file.UPGRADE.html
new file mode 100644
index 00000000..ab88e4a9
--- /dev/null
+++ b/docs/file.UPGRADE.html
@@ -0,0 +1,202 @@
+
+
+
+
+
+
+ File: UPGRADE
+
+ — Documentation by YARD 0.9.37
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
The flow is largely the same, however there are a number of significant
+changes. The consumer example is helpful to look at:
+examples/rails_openid/app/controllers/consumer_controller.rb
+
+
Stores
+
+
You will need to require the file for the store that you are using.
+For the filesystem store, this is âopenid/stores/filesystemâ
+They are also now in modules. The filesystem store is
+ OpenID::Store::Filesystem
+The format has changed, and you should remove your old store directory.
+
+
The ActiveRecord store (examples/active_record_openid_store) still needs
+to be put in a plugin directory for your rails app. Thereâs a migration
+that needs to be run; examine the README in that directory.
+
+
Also, note that the stores now can be garbage collected with the method
+ store.cleanup
+
+
Starting the OpenID transaction
+
+
The OpenIDRequest object no longer has status codes. Instead,
+consumer.begin raises an OpenID::OpenIDError if there is a problem
+initiating the transaction, so youâll want something along the lines of:
+
+
begin
+ openid_request=consumer.begin(params[:openid_identifier])
+rescueOpenID::OpenIDError=>e
+ # display error e
+return
+end
+#success case
+
+
+
Data regarding the OpenID server once lived in
+ openid_request.service
+
+
The corresponding object in the 2.0 lib can be retrieved with
+ openid_request.endpoint
+
+
Getting the unverified identifier: Where you once had
+ openid_request.identity_url
+you will now want
+ openid_request.endpoint.claimed_id
+which might be different from what you get at the end of the transaction,
+since it is now possible for users to enter their serverâs url directly.
+
+
Arguments on the return_to URL are now verified, so if you want to add
+additional arguments to the return_to url, use
+ openid_request.return_to_args['param'] = value
+
+
Generating the redirect is the same as before, but add any extensions
+first.
+
+
If you need to set up an SSL certificate authority list for the fetcher,
+use the âca_fileâ attr_accessor on the OpenID::StandardFetcher. This has
+changed from âca_pathâ in the 1.x.x series library. That is, set
+OpenID.fetcher.ca_file = '/path/to/ca.list'
+before calling consumer.begin.
+
+
Requesting Simple Registration Data
+
+
Youâll need to require the code for the extension
+
+
require'openid/extensions/sreg'
+
+
+
The new code for adding an SReg request now looks like:
The code for adding other extensions is similar. Code for the Attribute
+Exchange (AX) and Provider Authentication Policy Extension (PAPE) are
+included with the library, and additional extensions can be implemented
+subclassing OpenID::Extension.
+
+
Completing the transaction
+
+
The return_to and its arguments are verified, so you need to pass in
+the base URL and the arguments. With Rails, the params method mashes
+together parameters from GET, POST, and the path, so youâll need to pull
+off the path âparametersâ with something like
The best way to start is to look at the rails_openid example.
+You can run it with:
+
+
cdexamples/rails_openid
+script/server
+
+
+
If you are writing an OpenID Relying Party, a good place to start is:
+examples/rails_openid/app/controllers/consumer_controller.rb
+
+
And if you are writing an OpenID provider:
+examples/rails_openid/app/controllers/server_controller.rb
+
+
The library code is quite well documented, so donât be squeamish, and
+look at the library itself if thereâs anything you donât understand in
+the examples.
Everyone interacting in this projectâs codebases, issue trackers,
+chat rooms and mailing lists is expected to follow the code of conduct.
+
+
đ Versioning
+
+
This Library adheres to Semantic Versioning 2.0.0.
+Violations of this scheme should be reported as bugs.
+Specifically, if a minor or patch version is released that breaks backward compatibility,
+a new version should be immediately released that restores compatibility.
+Breaking changes to the public API will only be introduced with new major versions.
+
+
To get a better understanding of how SemVer is intended to work over a projectâs lifetime,
+read this article from the creator of SemVer:
As a result of this policy, you can (and should) specify a dependency on these libraries using
+the Pessimistic Version Constraint with two digits of precision.
Apache Software License. For more information see the LICENSE file.
+
+
đ¤ One more thing
+
+
You made it to the bottom of the page,
+so perhaps youâll indulge me for another 20 seconds.
+I maintain many dozens of gems, including this one,
+because I want Ruby to be a great place for people to solve problems, big and small.
+Please consider supporting my efforts via the giant yellow link below,
+or one of the others at the head of this README.
