Class: OpenID::GoogleDiscovery
- Inherits:
-
Object
- Object
- OpenID::GoogleDiscovery
- Defined in:
- lib/gapps_openid.rb
Overview
Handles the bulk of Google’s modified discovery prototcol See groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains
Constant Summary collapse
- NAMESPACES =
{ 'xrds' => 'xri://$xrd*($v*2.0)', 'xrd' => 'xri://$xrds', 'openid' => 'http://namespace.google.com/openid/xmlns' }
Instance Method Summary collapse
-
#discover_site(domain) ⇒ Object
Handles discovery for a domain.
-
#discover_user(domain, claimed_id) ⇒ Object
Handles discovery for a user’s claimed ID.
-
#fetch_host_meta(domain) ⇒ Object
Kickstart the discovery process by checking against Google’s well-known location for hosted domains.
-
#fetch_xrds(authority, url, cache = true) ⇒ Object
Fetches the XRDS and verifies the signature and authority for the doc.
- #get_cache(key) ⇒ Object
-
#get_user_xrds_url(xrds, claimed_id) ⇒ Object
Process the URITemplate in the XRDS to derive the location of the claimed id’s XRDS.
-
#perform_discovery(uri) ⇒ Object
Main entry point for discovery.
- #put_cache(key, item) ⇒ Object
Instance Method Details
#discover_site(domain) ⇒ Object
Handles discovery for a domain
114 115 116 117 118 119 120 121 122 123 124 125 126 127 |
# File 'lib/gapps_openid.rb', line 114 def discover_site(domain) OpenID.logger.debug("Discovering domain #{domain}") unless OpenID.logger.nil? url = (domain) if url.nil? OpenID.logger.debug("#{domain} is not a Google Apps domain, aborting") unless OpenID.logger.nil? return nil # Not a Google Apps domain end xrds = fetch_xrds(domain, url) unless xrds.nil? endpoints = OpenID::OpenIDServiceEndpoint.from_xrds(domain, xrds) return [domain, OpenID.get_op_or_user_services(endpoints)] end return nil end |
#discover_user(domain, claimed_id) ⇒ Object
Handles discovery for a user’s claimed ID.
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
# File 'lib/gapps_openid.rb', line 97 def discover_user(domain, claimed_id) OpenID.logger.debug("Discovering user identity #{claimed_id} for domain #{domain}") unless OpenID.logger.nil? url = (domain) if url.nil? OpenID.logger.debug("#{domain} is not a Google Apps domain, aborting") unless OpenID.logger.nil? return nil # Not a Google Apps domain end xrds = fetch_xrds(domain, url) user_url, = get_user_xrds_url(xrds, claimed_id) user_xrds = fetch_xrds(, user_url, false) return if user_xrds.nil? endpoints = OpenID::OpenIDServiceEndpoint.from_xrds(claimed_id, user_xrds) return [claimed_id, OpenID.get_op_or_user_services(endpoints)] end |
#fetch_host_meta(domain) ⇒ Object
Kickstart the discovery process by checking against Google’s well-known location for hosted domains. This gives us the location of the site’s XRDS doc
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
# File 'lib/gapps_openid.rb', line 131 def (domain) cached_value = get_cache(domain) return cached_value unless cached_value.nil? = "https://www.google.com/accounts/o8/.well-known/host-meta?hd=#{CGI::escape(domain)}" http_resp = OpenID.fetch() if http_resp.code != "200" and http_resp.code != "206" OpenID.logger.debug("Received #{http_resp.code} when fetching #{}") unless OpenID.logger.nil? return nil end matches = /Link: <(.*)>/.match( http_resp.body ) if matches.nil? OpenID.logger.debug("No link tag found at #{}") unless OpenID.logger.nil? return nil end put_cache(domain, matches[1]) return matches[1] end |
#fetch_xrds(authority, url, cache = true) ⇒ Object
Fetches the XRDS and verifies the signature and authority for the doc
151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 |
# File 'lib/gapps_openid.rb', line 151 def fetch_xrds(, url, cache=true) return if url.nil? OpenID.logger.debug("Retrieving XRDS from #{url}") unless OpenID.logger.nil? cached_xrds = get_cache(url) return cached_xrds unless cached_xrds.nil? http_resp = OpenID.fetch(url) if http_resp.code != "200" and http_resp.code != "206" OpenID.logger.debug("Received #{http_resp.code} when fetching #{url}") unless OpenID.logger.nil? return nil end body = http_resp.body signature = http_resp["Signature"] signed_by = SimpleSign.verify(body, signature) if !signed_by.casecmp() or !signed_by.casecmp('hosted-id.google.com') OpenID.logger.warn("Expected signature from #{} but found #{signed_by}") unless OpenID.logger.nil? return false # Signed, but not by the right domain. end # Everything is OK if cache put_cache(url, body) end return body end |
#get_cache(key) ⇒ Object
199 200 201 202 |
# File 'lib/gapps_openid.rb', line 199 def get_cache(key) return nil if OpenID.cache.nil? return OpenID.cache.read("__GAPPS_OPENID__#{key}") end |
#get_user_xrds_url(xrds, claimed_id) ⇒ Object
Process the URITemplate in the XRDS to derive the location of the claimed id’s XRDS
181 182 183 184 185 186 187 188 189 190 191 192 |
# File 'lib/gapps_openid.rb', line 181 def get_user_xrds_url(xrds, claimed_id) types_to_match = ['http://www.iana.org/assignments/relation/describedby'] services = OpenID::Yadis::apply_filter(claimed_id, xrds) services.each do | service | if service.match_types(types_to_match) template = REXML::XPath.first(service.service_element, '//openid:URITemplate', NAMESPACES) = REXML::XPath.first(service.service_element, '//openid:NextAuthority', NAMESPACES) url = template.text.gsub('{%uri}', CGI::escape(claimed_id)) return [url, .text] end end end |
#perform_discovery(uri) ⇒ Object
Main entry point for discovery. Attempts to detect whether or not the URI is a raw domain name (‘mycompany.com’) vs. a user’s claimed ID (‘mycompany.com/openid?id=12345’) and performs the site or user discovery appropriately
81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/gapps_openid.rb', line 81 def perform_discovery(uri) OpenID.logger.debug("Performing discovery for #{uri}") unless OpenID.logger.nil? begin parsed_uri = URI::parse(uri) if parsed_uri.scheme.nil? return discover_site(uri) end return discover_user(parsed_uri.host, uri) rescue Exception => e # If we fail, just return nothing and fallback on default discovery mechanisms OpenID.logger.warn("Unexpected exception performing discovery for id #{uri}: #{e}") unless OpenID.logger.nil? return nil end end |