Class: OpenID::GoogleDiscovery
- Inherits:
-
Object
- Object
- OpenID::GoogleDiscovery
- Defined in:
- lib/warden-googleapps/gapps_openid.rb
Overview
Handles the bulk of Google’s modified discovery prototcol See groups.google.com/group/google-federated-login-api/web/openid-discovery-for-hosted-domains
Constant Summary collapse
- NAMESPACES =
{ 'xrds' => 'xri://$xrd*($v*2.0)', 'xrd' => 'xri://$xrds', 'openid' => 'http://namespace.google.com/openid/xmlns' }
Instance Method Summary collapse
-
#discover_site(domain) ⇒ Object
Handles discovery for a domain.
-
#discover_user(domain, claimed_id) ⇒ Object
Handles discovery for a user’s claimed ID.
-
#fetch_host_meta(domain) ⇒ Object
Kickstart the discovery process by checking against Google’s well-known location for hosted domains.
-
#fetch_xrds(authority, url, cache = true) ⇒ Object
Fetches the XRDS and verifies the signature and authority for the doc.
- #get_cache(key) ⇒ Object
-
#get_user_xrds_url(xrds, claimed_id) ⇒ Object
Process the URITemplate in the XRDS to derive the location of the claimed id’s XRDS.
-
#perform_discovery(uri) ⇒ Object
Main entry point for discovery.
- #put_cache(key, item) ⇒ Object
Instance Method Details
#discover_site(domain) ⇒ Object
Handles discovery for a domain
113 114 115 116 117 118 119 120 121 122 123 124 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 113 def discover_site(domain) url = (domain) if url.nil? return nil # Not a Google Apps domain end xrds = fetch_xrds(domain, url) unless xrds.nil? endpoints = OpenID::OpenIDServiceEndpoint.from_xrds(domain, xrds) return [domain, OpenID.get_op_or_user_services(endpoints)] end return nil end |
#discover_user(domain, claimed_id) ⇒ Object
Handles discovery for a user’s claimed ID.
98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 98 def discover_user(domain, claimed_id) url = (domain) if url.nil? return nil # Not a Google Apps domain end xrds = fetch_xrds(domain, url) user_url, = get_user_xrds_url(xrds, claimed_id) user_xrds = fetch_xrds(, user_url, false) return if user_xrds.nil? endpoints = OpenID::OpenIDServiceEndpoint.from_xrds(claimed_id, user_xrds) return [claimed_id, OpenID.get_op_or_user_services(endpoints)] end |
#fetch_host_meta(domain) ⇒ Object
Kickstart the discovery process by checking against Google’s well-known location for hosted domains. This gives us the location of the site’s XRDS doc
128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 128 def (domain) cached_value = get_cache(domain) return cached_value unless cached_value.nil? = "https://www.google.com/accounts/o8/.well-known/host-meta?hd=#{CGI::escape(domain)}" http_resp = OpenID.fetch() if http_resp.code != "200" and http_resp.code != "206" return nil end matches = /Link: <(.*)>/.match( http_resp.body ) if matches.nil? return nil end put_cache(domain, matches[1]) return matches[1] end |
#fetch_xrds(authority, url, cache = true) ⇒ Object
Fetches the XRDS and verifies the signature and authority for the doc
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 146 def fetch_xrds(, url, cache=true) return if url.nil? cached_xrds = get_cache(url) return cached_xrds unless cached_xrds.nil? http_resp = OpenID.fetch(url) return if http_resp.code != "200" and http_resp.code != "206" body = http_resp.body signature = http_resp["Signature"] signed_by = SimpleSign.verify(body, signature) if !signed_by.casecmp() or !signed_by.casecmp('hosted-id.google.com') return false # Signed, but not by the right domain. end # Everything is OK if cache put_cache(url, body) end return body end |
#get_cache(key) ⇒ Object
189 190 191 192 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 189 def get_cache(key) return nil if @@cache.nil? return @@cache.read("__GAPPS_OPENID__#{key}") end |
#get_user_xrds_url(xrds, claimed_id) ⇒ Object
Process the URITemplate in the XRDS to derive the location of the claimed id’s XRDS
171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 171 def get_user_xrds_url(xrds, claimed_id) types_to_match = ['http://www.iana.org/assignments/relation/describedby'] services = OpenID::Yadis::apply_filter(claimed_id, xrds) services.each do | service | if service.match_types(types_to_match) template = REXML::XPath.first(service.service_element, '//openid:URITemplate', NAMESPACES) = REXML::XPath.first(service.service_element, '//openid:NextAuthority', NAMESPACES) url = template.text.gsub('{%uri}', CGI::escape(claimed_id)) return [url, .text] end end end |
#perform_discovery(uri) ⇒ Object
Main entry point for discovery. Attempts to detect whether or not the URI is a raw domain name (‘mycompany.com’) vs. a user’s claimed ID (‘mycompany.com/openid?id=12345’) and performs the site or user discovery appropriately
84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 84 def perform_discovery(uri) begin parsed_uri = URI::parse(uri) if parsed_uri.scheme.nil? return discover_site(uri) end return discover_user(parsed_uri.host, uri) rescue # If we fail, just return nothing and fallback on default discovery mechanisms return nil end end |
#put_cache(key, item) ⇒ Object
184 185 186 187 |
# File 'lib/warden-googleapps/gapps_openid.rb', line 184 def put_cache(key, item) return if @@cache.nil? @@cache.write("__GAPPS_OPENID__#{key}", item) end |