| Module | OpenidServerSystem |
| In: |
lib/openid_server_system.rb
|
This module is mainly a wrapper for the OpenID::Server functionality provided by the ruby-openid gem. Included in your server controller it gives you some helpful methods to access and answer OpenID requests.
Adds Attribute Exchange data (Hash) to an OpenID response. See: rakuto.blogspot.com/2008/03/ruby-fetch-and-store-some-attributes.html
# File lib/openid_server_system.rb, line 65
65: def add_ax(resp, data)
66: ax_resp = OpenID::AX::FetchResponse.new
67: ax_args = data.reverse_merge('mode' => 'fetch_response')
68: ax_resp.parse_extension_args(ax_args)
69: resp.add_extension(ax_resp)
70: resp
71: end
Adds PAPE information for your server to an OpenID response.
# File lib/openid_server_system.rb, line 74
74: def add_pape(resp, policies = [], nist_auth_level = 0, auth_time = nil)
75: if papereq = OpenID::PAPE::Request.from_openid_request(openid_request)
76: paperesp = OpenID::PAPE::Response.new
77: policies.each { |p| paperesp.add_policy_uri(p) }
78: paperesp.nist_auth_level = nist_auth_level
79: paperesp.auth_time = auth_time.utc.iso8601
80: resp.add_extension(paperesp)
81: end
82: resp
83: end
Attribute Exchange fetch request reader
# File lib/openid_server_system.rb, line 42
42: def ax_fetch_request
43: @ax_fetch_request ||= OpenID::AX::FetchRequest.from_openid_request(openid_request)
44: end
Attribute Exchange store request reader
# File lib/openid_server_system.rb, line 47
47: def ax_store_request
48: @ax_store_request ||= OpenID::AX::StoreRequest.from_openid_request(openid_request)
49: end
Answers check auth and associate requests.
# File lib/openid_server_system.rb, line 86
86: def handle_non_checkid_request
87: resp = openid_server.handle_request(openid_request)
88: render_openid_response(resp)
89: end
OpenID parameter reader, use this to access only OpenID request parameters from inside your server controller
# File lib/openid_server_system.rb, line 22
22: def openid_params
23: @openid_params ||= params.clone.delete_if { |k,v| k.index('openid.') != 0 }
24: end
OpenID request accessor
# File lib/openid_server_system.rb, line 27
27: def openid_request
28: @openid_request ||= openid_server.decode_request(openid_params)
29: end
Sets the current OpenID request and resets all dependent requests
# File lib/openid_server_system.rb, line 32
32: def openid_request=(req)
33: @openid_request, @sreg_request, @ax_fetch_request, @ax_store_request = req, nil, nil, nil
34: end
OpenID server reader, use this to access the server functionality from inside your server controller
# File lib/openid_server_system.rb, line 16
16: def openid_server
17: @openid_server ||= OpenID::Server::Server.new(openid_store, endpoint_url)
18: end
OpenID store reader, used inside this module to procide access to the storage machanism
# File lib/openid_server_system.rb, line 10
10: def openid_store
11: @openid_store ||= ActiveRecordStore.new
12: end
PAPE request reader
# File lib/openid_server_system.rb, line 52
52: def pape_request
53: @pape_request ||= OpenID::PAPE::Request.from_openid_request(openid_request)
54: end
If the request contains a max_auth_age, the last authentication date must meet this requirement, otherwise the user has to reauthenticate: openid.net/specs/openid-provider-authentication-policy-extension-1_0-02.html#anchor9
# File lib/openid_server_system.rb, line 105
105: def pape_requirements_met?(auth_time)
106: return true unless pape_request && pape_request.max_auth_age
107: (Time.now - auth_time).to_i <= pape_request.max_auth_age
108: end
Renders the final response output
# File lib/openid_server_system.rb, line 92
92: def render_openid_response(resp)
93: signed_response = openid_server.signatory.sign(resp) if resp.needs_signing
94: web_response = openid_server.encode_response(resp)
95: case web_response.code
96: when OpenID::Server::HTTP_OK then render(:text => web_response.body, :status => 200)
97: when OpenID::Server::HTTP_REDIRECT then redirect_to(web_response.headers['location'])
98: else render(:text => web_response.body, :status => 400)
99: end
100: end