require 'rack/openid' require 'omniauth/openid/gapps' require 'omniauth/openid' module OmniAuth module Strategies # OmniAuth strategy for connecting via OpenID. This allows for connection # to a wide variety of sites, some of which are listed [on the OpenID website](http://openid.net/get-an-openid/). class OpenID include OmniAuth::Strategy attr_accessor :options IDENTIFIER_URL_PARAMETER = 'openid_url' AX = { :email => 'http://axschema.org/contact/email', :name => 'http://axschema.org/namePerson', :nickname => 'http://axschema.org/namePerson/friendly', :first_name => 'http://axschema.org/namePerson/first', :last_name => 'http://axschema.org/namePerson/last', :city => 'http://axschema.org/contact/city/home', :state => 'http://axschema.org/contact/state/home', :website => 'http://axschema.org/contact/web/default', :image => 'http://axschema.org/media/image/aspect11' } # Initialize the strategy as a Rack Middleware. # # @param app [Rack Application] Standard Rack middleware application argument. # @param store [OpenID Store] The [OpenID Store](http://github.com/openid/ruby-openid/tree/master/lib/openid/store/) # you wish to use. Defaults to OpenID::MemoryStore. # @option options [Array] :required The identity fields that are required for the OpenID # request. May be an ActiveExchange schema URL or an sreg identifier. # @option options [Array] :optional The optional attributes for the OpenID request. May # be ActiveExchange or sreg. # @option options [Symbol, :open_id] :name The URL segment name for this provider. def initialize(app, store = nil, options = {}) super(app, options[:name] || :open_id) @options = options @options[:required] ||= [AX[:email], AX[:name], AX[:first_name], AX[:last_name], 'email', 'fullname'] @options[:optional] ||= [AX[:nickname], AX[:city], AX[:state], AX[:website], AX[:image], 'postcode', 'nickname'] @store = store end protected def dummy_app lambda{|env| [401, {"WWW-Authenticate" => Rack::OpenID.build_header( :identifier => identifier, :return_to => callback_url, :required => @options[:required], :optional => @options[:optional], :method => 'post' )}, []]} end def callback_url uri = URI.parse(request.url) uri.path += '/callback' uri.to_s end def identifier options[:identifier] || request[IDENTIFIER_URL_PARAMETER] end def request_phase identifier ? start : get_identifier end def start openid = Rack::OpenID.new(dummy_app, @store) response = openid.call(env) case env['rack.openid.response'] when Rack::OpenID::MissingResponse, Rack::OpenID::TimeoutResponse fail!(:connection_failed) else response end end def get_identifier OmniAuth::Form.build('OpenID Authentication') do label_field('OpenID Identifier', IDENTIFIER_URL_PARAMETER) input_field('url', IDENTIFIER_URL_PARAMETER) end.to_response end def callback_phase env['REQUEST_METHOD'] = 'GET' openid = Rack::OpenID.new(lambda{|env| [200,{},[]]}, @store) openid.call(env) @openid_response = env.delete('rack.openid.response') if @openid_response && @openid_response.status == :success super else fail!(:invalid_credentials) end end def auth_hash OmniAuth::Utils.deep_merge(super(), { 'uid' => @openid_response.display_identifier, 'user_info' => user_info(@openid_response) }) end def user_info(response) sreg_user_info(response).merge(ax_user_info(response)) end def sreg_user_info(response) sreg = ::OpenID::SReg::Response.from_success_response(response) return {} unless sreg { 'email' => sreg['email'], 'name' => sreg['fullname'], 'location' => sreg['postcode'], 'nickname' => sreg['nickname'] }.reject{|k,v| v.nil? || v == ''} end def ax_user_info(response) ax = ::OpenID::AX::FetchResponse.from_success_response(response) return {} unless ax { 'email' => ax.get_single(AX[:email]), 'first_name' => ax.get_single(AX[:first_name]), 'last_name' => ax.get_single(AX[:last_name]), 'name' => (ax.get_single(AX[:name]) || [ax.get_single(AX[:first_name]), ax.get_single(AX[:last_name])].join(' ')), 'location' => ("#{ax.get_single(AX[:city])}, #{ax.get_single(AX[:state])}" if Array(ax.get_single(AX[:city])).any? && Array(ax.get_single(AX[:state])).any?), 'nickname' => ax.get_single(AX[:nickname]), 'urls' => ({'Website' => Array(ax.get_single(AX[:website])).first} if Array(ax.get_single(AX[:website])).any?) }.inject({}){|h,(k,v)| h[k] = Array(v).first; h}.reject{|k,v| v.nil? || v == ''} end end end end