Module: Ramaze::Helper::Identity

Defined in:
lib/ramaze/helper/identity.rb

Instance Method Summary collapse

Instance Method Details

#openid_beginObject

We land here from the openid_login_form and if we can find a matching OpenID server we redirect the user to it, the browser will return to openid_complete when the authentication is complete.



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'lib/ramaze/helper/identity.rb', line 39

def openid_begin
  # The OpenID URL pointing to a user's OpenID page,
  # for example: http://username.myopenid.com)
  url = request['url']
  redirect_referrer if url.to_s.empty?
  session[:openid] ||= {}
  session[:openid][:entry] = request.referrer

  openid_request = openid_consumer.begin(url)

  # We want these communications to be a secure as the server can
  # support!
  papereq = OpenID::PAPE::Request.new
  papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT)
  papereq.max_auth_age = 2*60*60
  openid_request.add_extension(papereq)

  # Request information about the person
  sregreq = OpenID::SReg::Request.new
  sregreq.request_fields(['fullname', 'nickname', 'dob', 'email',
                         'gender', 'postcode', 'country', 'language',
                         'timezone'])
  openid_request.add_extension(sregreq)
  openid_request.return_to_args['did_pape'] = 'y'

  root      = "http://#{request.http_host}/"
  return_to = request.domain(rs(:openid_complete)).to_s
  immediate = false

  if openid_request.send_redirect?(root, return_to, immediate)
    redirect_url =
      openid_request.redirect_url(root, return_to, immediate)
    raw_redirect redirect_url
  else
    # what the hell is @form_text ?
  end

rescue OpenID::OpenIDError => ex
  flash[:error] = "Discovery failed for #{url}: #{ex}"
  raw_redirect rs(:/)
end

#openid_completeObject

After having authenticated at the OpenID server browsers are redirected back here and on success we set the session[:identity] and a little default flash message. Then we redirect to wherever session[:entry] points us to, which was set on openid_begin to the referrer

TODO:

- maybe using StackHelper, but this is a really minimal overlap?


88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# File 'lib/ramaze/helper/identity.rb', line 88

def openid_complete
  openid_response = openid_consumer.complete(request.params, request.url)

  case openid_response.status
  when OpenID::Consumer::FAILURE
    flash[:error] = "OpenID - Verification failed: #{openid_response.message}"
  when OpenID::Consumer::SUCCESS
    # Backwards compatibility
    session[:openid][:identity] = openid_response.identity_url
    session[:openid][:sreg] = OpenID::SReg::Response.from_success_response(openid_response)

    # Forward compatibility :)
    session[:openid_identity] = openid_response.identity_url
    session[:openid_sreg] = OpenID::SReg::Response.from_success_response(openid_response)

    flash[:success] = 'OpenID - Verification done.'
  end

  session.delete(:_openid_consumer_service)

  raw_redirect session[:openid][:entry]
end

#openid_login_form(caption = "login") ⇒ Object

Simple form for use or overwriting. Has to provide the same functionality when overwritten or directly embedded into a page.



27
28
29
30
31
32
33
34
# File 'lib/ramaze/helper/identity.rb', line 27

def (caption="login")
  %{
<form method="GET" action="#{rs(:openid_begin)}">
  Identity URL: <input type="text" name="url" />
  <input type="submit" value="#{caption}"/>
</form>
  }
end