Class: OpenID::GoogleDiscovery
- Inherits:
-
Object
- Object
- OpenID::GoogleDiscovery
- Defined in:
- lib/warden-googleapps/gapps_openid.rb
Overview
Handles the bulk of Google’s modified discovery prototcol See groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains
Constant Summary collapse
- NAMESPACES =
{ 'xrds' => 'xri://$xrd*($v*2.0)', 'xrd' => 'xri://$xrds', 'openid' => 'http://namespace.google.com/openid/xmlns' }
Instance Method Summary collapse
-
#discover_site(domain) ⇒ Object
Handles discovery for a domain.
-
#discover_user(domain, claimed_id) ⇒ Object
Handles discovery for a user’s claimed ID.
-
#fetch_host_meta(domain) ⇒ Object
Kickstart the discovery process by checking against Google’s well-known location for hosted domains.
-
#fetch_xrds(authority, url, cache = true) ⇒ Object
Fetches the XRDS and verifies the signature and authority for the doc.
- #get_cache(key) ⇒ Object
-
#get_user_xrds_url(xrds, claimed_id) ⇒ Object
Process the URITemplate in the XRDS to derive the location of the claimed id’s XRDS.
-
#perform_discovery(uri) ⇒ Object
Main entry point for discovery.
- #put_cache(key, item) ⇒ Object
Instance Method Details
#discover_site(domain) ⇒ Object
Handles discovery for a domain
111 112 113 114 115 116 117 118 119 120 121 122 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 111 def discover_site(domain) url = (domain) if url.nil? return nil # Not a Google Apps domain end xrds = fetch_xrds(domain, url) unless xrds.nil? endpoints = OpenID::OpenIDServiceEndpoint.from_xrds(domain, xrds) return [domain, OpenID.get_op_or_user_services(endpoints)] end return nil end |
#discover_user(domain, claimed_id) ⇒ Object
Handles discovery for a user’s claimed ID.
96 97 98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 96 def discover_user(domain, claimed_id) url = (domain) if url.nil? return nil # Not a Google Apps domain end xrds = fetch_xrds(domain, url) user_url, = get_user_xrds_url(xrds, claimed_id) user_xrds = fetch_xrds(, user_url, false) return if user_xrds.nil? endpoints = OpenID::OpenIDServiceEndpoint.from_xrds(claimed_id, user_xrds) return [claimed_id, OpenID.get_op_or_user_services(endpoints)] end |
#fetch_host_meta(domain) ⇒ Object
Kickstart the discovery process by checking against Google’s well-known location for hosted domains. This gives us the location of the site’s XRDS doc
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 126 def (domain) cached_value = get_cache(domain) return cached_value unless cached_value.nil? = "https://www.google.com/accounts/o8/.well-known/host-meta?hd=#{CGI::escape(domain)}" http_resp = OpenID.fetch() if http_resp.code != "200" and http_resp.code != "206" return nil end matches = /Link: <(.*)>/.match( http_resp.body ) if matches.nil? return nil end put_cache(domain, matches[1]) return matches[1] end |
#fetch_xrds(authority, url, cache = true) ⇒ Object
Fetches the XRDS and verifies the signature and authority for the doc
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 144 def fetch_xrds(, url, cache=true) return if url.nil? cached_xrds = get_cache(url) return cached_xrds unless cached_xrds.nil? http_resp = OpenID.fetch(url) return if http_resp.code != "200" and http_resp.code != "206" body = http_resp.body signature = http_resp["Signature"] signed_by = SimpleSign.verify(body, signature) if !signed_by.casecmp() or !signed_by.casecmp('hosted-id.google.com') return false # Signed, but not by the right domain. end # Everything is OK if cache put_cache(url, body) end return body end |
#get_cache(key) ⇒ Object
187 188 189 190 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 187 def get_cache(key) return nil if @@cache.nil? return @@cache.read("__GAPPS_OPENID__#{key}") end |
#get_user_xrds_url(xrds, claimed_id) ⇒ Object
Process the URITemplate in the XRDS to derive the location of the claimed id’s XRDS
169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 169 def get_user_xrds_url(xrds, claimed_id) types_to_match = ['http://www.iana.org/assignments/relation/describedby'] services = OpenID::Yadis::apply_filter(claimed_id, xrds) services.each do | service | if service.match_types(types_to_match) template = REXML::XPath.first(service.service_element, '//openid:URITemplate', NAMESPACES) = REXML::XPath.first(service.service_element, '//openid:NextAuthority', NAMESPACES) url = template.text.gsub('{%uri}', CGI::escape(claimed_id)) return [url, .text] end end end |
#perform_discovery(uri) ⇒ Object
Main entry point for discovery. Attempts to detect whether or not the URI is a raw domain name (‘mycompany.com’) vs. a user’s claimed ID (‘mycompany.com/openid?id=12345’) and performs the site or user discovery appropriately
82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 82 def perform_discovery(uri) begin parsed_uri = URI::parse(uri) if parsed_uri.scheme.nil? return discover_site(uri) end return discover_user(parsed_uri.host, uri) rescue # If we fail, just return nothing and fallback on default discovery mechanisms return nil end end |
#put_cache(key, item) ⇒ Object
182 183 184 185 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 182 def put_cache(key, item) return if @@cache.nil? @@cache.write("__GAPPS_OPENID__#{key}", item) end |