module Ramaze::Helper::Identity

Public Instance Methods

openid_begin() click to toggle source

We land here from the #openid_login_form and if we can find a matching OpenID server we redirect the user to it, the browser will return to #openid_complete when the authentication is complete.

# File lib/ramaze/helper/identity.rb, line 39
def openid_begin
  # The OpenID URL pointing to a user's OpenID page,
  # for example: http://username.myopenid.com)
  url = request['url']
  redirect_referrer if url.to_s.empty?
  session[:openid] ||= {}
  session[:openid][:entry] = request.referrer

  openid_request = openid_consumer.begin(url)

  # We want these communications to be a secure as the server can
  # support!
  papereq = OpenID::PAPE::Request.new
  papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT)
  papereq.max_auth_age = 2*60*60
  openid_request.add_extension(papereq)

  # Request information about the person
  sregreq = OpenID::SReg::Request.new
  sregreq.request_fields(['fullname', 'nickname', 'dob', 'email',
                         'gender', 'postcode', 'country', 'language',
                         'timezone'])
  openid_request.add_extension(sregreq)
  openid_request.return_to_args['did_pape'] = 'y'

  root      = "http://#{request.http_host}/"
  return_to = request.domain(rs(:openid_complete)).to_s
  immediate = false

  if openid_request.send_redirect?(root, return_to, immediate)
    redirect_url =
      openid_request.redirect_url(root, return_to, immediate)
    raw_redirect redirect_url
  else
    # what the hell is @form_text ?
  end

rescue OpenID::OpenIDError => ex
  flash[:error] = "Discovery failed for #{url}: #{ex}"
  raw_redirect rs(:/)
end
openid_complete() click to toggle source

After having authenticated at the OpenID server browsers are redirected back here and on success we set the session[:identity] and a little default flash message. Then we redirect to wherever session[:entry] points us to, which was set on #openid_begin to the referrer

TODO:

- maybe using StackHelper, but this is a really minimal overlap?
# File lib/ramaze/helper/identity.rb, line 88
def openid_complete
  openid_response = openid_consumer.complete(request.params, request.url)

  case openid_response.status
  when OpenID::Consumer::FAILURE
    flash[:error] = "OpenID - Verification failed: #{openid_response.message}"
  when OpenID::Consumer::SUCCESS
    # Backwards compatibility
    session[:openid][:identity] = openid_response.identity_url
    session[:openid][:sreg] = OpenID::SReg::Response.from_success_response(openid_response)

    # Forward compatibility :)
    session[:openid_identity] = openid_response.identity_url
    session[:openid_sreg] = OpenID::SReg::Response.from_success_response(openid_response)

    flash[:success] = 'OpenID - Verification done.'
  end

  session.delete(:_openid_consumer_service)

  raw_redirect session[:openid][:entry]
end
openid_login_form(caption="login") click to toggle source

Simple form for use or overwriting. Has to provide the same functionality when overwritten or directly embedded into a page.

# File lib/ramaze/helper/identity.rb, line 27
      def openid_login_form(caption="login")
        %Q{
<form method="GET" action="#{rs(:openid_begin)}">
  Identity URL: <input type="text" name="url" />
  <input type="submit" value="#{caption}"/>
</form>
        }
      end

Private Instance Methods

openid_consumer() click to toggle source

Fetch/Create a OpenID::Consumer for current session.

# File lib/ramaze/helper/identity.rb, line 114
def openid_consumer
  OpenID::Consumer.new(session, Ramaze::OpenIDStore)
end