Class: OpenID::TrustRoot::TrustRoot
- Inherits:
-
Object
- Object
- OpenID::TrustRoot::TrustRoot
- Defined in:
- lib/openid/trustroot.rb
Constant Summary collapse
- @@empty_re =
Regexp.new('^http[s]*:\/\/\*\/$')
Instance Attribute Summary collapse
-
#host ⇒ Object
readonly
Returns the value of attribute host.
-
#path ⇒ Object
readonly
Returns the value of attribute path.
-
#port ⇒ Object
readonly
Returns the value of attribute port.
-
#proto ⇒ Object
readonly
Returns the value of attribute proto.
-
#unparsed ⇒ Object
readonly
Returns the value of attribute unparsed.
-
#wildcard ⇒ Object
readonly
Returns the value of attribute wildcard.
Class Method Summary collapse
- ._build_path(path, query = nil, frag = nil) ⇒ Object
- ._parse_url(url) ⇒ Object
- .check_sanity(trust_root_string) ⇒ Object
-
.check_url(trust_root, url) ⇒ Object
quick func for validating a url against a trust root.
- .parse(trust_root) ⇒ Object
Instance Method Summary collapse
-
#build_discovery_url ⇒ Object
Return a discovery URL for this realm.
-
#initialize(unparsed, proto, wildcard, host, port, path) ⇒ TrustRoot
constructor
A new instance of TrustRoot.
- #sane? ⇒ Boolean
- #validate_url(url) ⇒ Object
Constructor Details
#initialize(unparsed, proto, wildcard, host, port, path) ⇒ TrustRoot
Returns a new instance of TrustRoot.
261 262 263 264 265 266 267 268 |
# File 'lib/openid/trustroot.rb', line 261 def initialize(unparsed, proto, wildcard, host, port, path) @unparsed = unparsed @proto = proto @wildcard = wildcard @host = host @port = port @path = path end |
Instance Attribute Details
#host ⇒ Object (readonly)
Returns the value of attribute host.
152 153 154 |
# File 'lib/openid/trustroot.rb', line 152 def host @host end |
#path ⇒ Object (readonly)
Returns the value of attribute path.
152 153 154 |
# File 'lib/openid/trustroot.rb', line 152 def path @path end |
#port ⇒ Object (readonly)
Returns the value of attribute port.
152 153 154 |
# File 'lib/openid/trustroot.rb', line 152 def port @port end |
#proto ⇒ Object (readonly)
Returns the value of attribute proto.
152 153 154 |
# File 'lib/openid/trustroot.rb', line 152 def proto @proto end |
#unparsed ⇒ Object (readonly)
Returns the value of attribute unparsed.
152 153 154 |
# File 'lib/openid/trustroot.rb', line 152 def unparsed @unparsed end |
#wildcard ⇒ Object (readonly)
Returns the value of attribute wildcard.
152 153 154 |
# File 'lib/openid/trustroot.rb', line 152 def wildcard @wildcard end |
Class Method Details
._build_path(path, query = nil, frag = nil) ⇒ Object
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 |
# File 'lib/openid/trustroot.rb', line 156 def TrustRoot._build_path(path, query=nil, frag=nil) s = path.dup frag = nil if frag == '' query = nil if query == '' if query s << "?" << query end if frag s << "#" << frag end return s end |
._parse_url(url) ⇒ Object
173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'lib/openid/trustroot.rb', line 173 def TrustRoot._parse_url(url) begin url = URINorm.urinorm(url) rescue URI::InvalidURIError nil end begin parsed = URI::DEFAULT_PARSER.parse(url) rescue URI::InvalidURIError return nil end path = TrustRoot._build_path(parsed.path, parsed.query, parsed.fragment) return [parsed.scheme || '', parsed.host || '', parsed.port || '', path || ''] end |
.check_sanity(trust_root_string) ⇒ Object
224 225 226 227 228 229 230 231 |
# File 'lib/openid/trustroot.rb', line 224 def TrustRoot.check_sanity(trust_root_string) trust_root = TrustRoot.parse(trust_root_string) if trust_root.nil? return false else return trust_root.sane? end end |
.check_url(trust_root, url) ⇒ Object
quick func for validating a url against a trust root. See the TrustRoot class if you need more control.
235 236 237 238 |
# File 'lib/openid/trustroot.rb', line 235 def self.check_url(trust_root, url) tr = self.parse(trust_root) return (!tr.nil? and tr.validate_url(url)) end |
.parse(trust_root) ⇒ Object
194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 |
# File 'lib/openid/trustroot.rb', line 194 def TrustRoot.parse(trust_root) trust_root = trust_root.dup unparsed = trust_root.dup # look for wildcard wildcard = (not trust_root.index('://*.').nil?) trust_root.sub!('*.', '') if wildcard # handle http://*/ case if not wildcard and @@empty_re.match(trust_root) proto = trust_root.split(':')[0] port = proto == 'http' ? 80 : 443 return new(unparsed, proto, true, '', port, '/') end parts = TrustRoot._parse_url(trust_root) return nil if parts.nil? proto, host, port, path = parts return nil if host[0] == '.' # check for URI fragment if path and !path.index('#').nil? return nil end return nil unless ['http', 'https'].member?(proto) return new(unparsed, proto, wildcard, host, port, path) end |
Instance Method Details
#build_discovery_url ⇒ Object
Return a discovery URL for this realm.
This function does not check to make sure that the realm is valid. Its behaviour on invalid inputs is undefined.
- return_to
-
The relying party return URL of the OpenID
authentication request
Returns the URL upon which relying party discovery should be run in order to verify the return_to URL
250 251 252 253 254 255 256 257 258 259 |
# File 'lib/openid/trustroot.rb', line 250 def build_discovery_url if self.wildcard # Use "www." in place of the star www_domain = 'www.' + @host port = (!@port.nil? and ![80, 443].member?(@port)) ? (":" + @port.to_s) : '' return "#{@proto}://#{www_domain}#{port}#{@path}" else return @unparsed end end |
#sane? ⇒ Boolean
270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 |
# File 'lib/openid/trustroot.rb', line 270 def sane? return true if @host == 'localhost' host_parts = @host.split('.') # a note: ruby string split does not put an empty string at # the end of the list if the split element is last. for # example, 'foo.com.'.split('.') => ['foo','com']. Mentioned # because the python code differs here. return false if host_parts.length == 0 # no adjacent dots return false if host_parts.member?('') # last part must be a tld tld = host_parts[-1] return false unless TOP_LEVEL_DOMAINS.member?(tld) return false if host_parts.length == 1 if @wildcard if tld.length == 2 and host_parts[-2].length <= 3 # It's a 2-letter tld with a short second to last segment # so there needs to be more than two segments specified # (e.g. *.co.uk is insane) return host_parts.length > 2 end end return true end |
#validate_url(url) ⇒ Object
303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 |
# File 'lib/openid/trustroot.rb', line 303 def validate_url(url) parts = TrustRoot._parse_url(url) return false if parts.nil? proto, host, port, path = parts return false unless proto == @proto return false unless port == @port return false unless host.index('*').nil? if !@wildcard if host != @host return false end elsif ((@host != '') and (!host.end_with?('.' + @host)) and (host != @host)) return false end if path != @path path_len = @path.length trust_prefix = @path[0...path_len] url_prefix = path[0...path_len] # must be equal up to the length of the path, at least if trust_prefix != url_prefix return false end # These characters must be on the boundary between the end # of the trust root's path and the start of the URL's path. if !@path.index('?').nil? allowed = '&' else allowed = '?/' end return (!allowed.index(@path[-1]).nil? or !allowed.index(path[path_len]).nil?) end return true end |