diff --git a/config/environment.rb b/config/environment.rb index fdac6b4f03..70d0c55aab 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -54,4 +54,6 @@ Rails::Initializer.run do |config| # Define your email configuration in email.yml instead. # It will automatically turn deliveries on config.action_mailer.perform_deliveries = false + + config.gem 'ruby-openid', :lib => 'openid' end diff --git a/vendor/gems/ruby-openid-2.1.4/.specification b/vendor/gems/ruby-openid-2.1.4/.specification new file mode 100644 index 0000000000..489cda032d --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/.specification @@ -0,0 +1,290 @@ +--- !ruby/object:Gem::Specification +name: ruby-openid +version: !ruby/object:Gem::Version + version: 2.1.4 +platform: ruby +authors: +- JanRain, Inc +autorequire: openid +bindir: bin +cert_chain: +date: 2008-12-19 00:00:00 -08:00 +default_executable: +dependencies: [] + +description: +email: openid@janrain.com +executables: [] + +extensions: [] + +extra_rdoc_files: +- README +- INSTALL +- LICENSE +- UPGRADE +files: +- examples/README +- examples/active_record_openid_store +- examples/rails_openid +- examples/discover +- examples/active_record_openid_store/lib +- examples/active_record_openid_store/test +- examples/active_record_openid_store/init.rb +- examples/active_record_openid_store/README +- examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb +- examples/active_record_openid_store/XXX_upgrade_open_id_store.rb +- examples/active_record_openid_store/lib/association.rb +- examples/active_record_openid_store/lib/nonce.rb +- examples/active_record_openid_store/lib/open_id_setting.rb +- examples/active_record_openid_store/lib/openid_ar_store.rb +- examples/active_record_openid_store/test/store_test.rb +- examples/rails_openid/app +- examples/rails_openid/components +- examples/rails_openid/config +- examples/rails_openid/db +- examples/rails_openid/doc +- examples/rails_openid/lib +- examples/rails_openid/log +- examples/rails_openid/public +- examples/rails_openid/script +- examples/rails_openid/test +- examples/rails_openid/vendor +- examples/rails_openid/Rakefile +- examples/rails_openid/README +- examples/rails_openid/app/controllers +- examples/rails_openid/app/helpers +- examples/rails_openid/app/models +- examples/rails_openid/app/views +- examples/rails_openid/app/controllers/application.rb +- examples/rails_openid/app/controllers/login_controller.rb +- examples/rails_openid/app/controllers/server_controller.rb +- examples/rails_openid/app/controllers/consumer_controller.rb +- examples/rails_openid/app/helpers/application_helper.rb +- examples/rails_openid/app/helpers/login_helper.rb +- examples/rails_openid/app/helpers/server_helper.rb +- examples/rails_openid/app/views/layouts +- examples/rails_openid/app/views/login +- examples/rails_openid/app/views/server +- examples/rails_openid/app/views/consumer +- examples/rails_openid/app/views/layouts/server.rhtml +- examples/rails_openid/app/views/login/index.rhtml +- examples/rails_openid/app/views/server/decide.rhtml +- examples/rails_openid/app/views/consumer/index.rhtml +- examples/rails_openid/config/environments +- examples/rails_openid/config/database.yml +- examples/rails_openid/config/boot.rb +- examples/rails_openid/config/environment.rb +- examples/rails_openid/config/routes.rb +- examples/rails_openid/config/environments/development.rb +- examples/rails_openid/config/environments/production.rb +- examples/rails_openid/config/environments/test.rb +- examples/rails_openid/doc/README_FOR_APP +- examples/rails_openid/lib/tasks +- examples/rails_openid/public/images +- examples/rails_openid/public/javascripts +- examples/rails_openid/public/stylesheets +- examples/rails_openid/public/dispatch.cgi +- examples/rails_openid/public/404.html +- examples/rails_openid/public/500.html +- examples/rails_openid/public/dispatch.fcgi +- examples/rails_openid/public/dispatch.rb +- examples/rails_openid/public/favicon.ico +- examples/rails_openid/public/robots.txt +- examples/rails_openid/public/images/openid_login_bg.gif +- examples/rails_openid/public/javascripts/controls.js +- examples/rails_openid/public/javascripts/dragdrop.js +- examples/rails_openid/public/javascripts/effects.js +- examples/rails_openid/public/javascripts/prototype.js +- examples/rails_openid/script/performance +- examples/rails_openid/script/process +- examples/rails_openid/script/console +- examples/rails_openid/script/about +- examples/rails_openid/script/breakpointer +- examples/rails_openid/script/destroy +- examples/rails_openid/script/generate +- examples/rails_openid/script/plugin +- examples/rails_openid/script/runner +- examples/rails_openid/script/server +- examples/rails_openid/script/performance/benchmarker +- examples/rails_openid/script/performance/profiler +- examples/rails_openid/script/process/spawner +- examples/rails_openid/script/process/reaper +- examples/rails_openid/script/process/spinner +- examples/rails_openid/test/fixtures +- examples/rails_openid/test/functional +- examples/rails_openid/test/mocks +- examples/rails_openid/test/unit +- examples/rails_openid/test/test_helper.rb +- examples/rails_openid/test/functional/login_controller_test.rb +- examples/rails_openid/test/functional/server_controller_test.rb +- examples/rails_openid/test/mocks/development +- examples/rails_openid/test/mocks/test +- lib/openid +- lib/hmac +- lib/openid.rb +- lib/openid/cryptutil.rb +- lib/openid/extras.rb +- lib/openid/urinorm.rb +- lib/openid/util.rb +- lib/openid/trustroot.rb +- lib/openid/message.rb +- lib/openid/yadis +- lib/openid/consumer +- lib/openid/fetchers.rb +- lib/openid/dh.rb +- lib/openid/kvform.rb +- lib/openid/association.rb +- lib/openid/store +- lib/openid/kvpost.rb +- lib/openid/extensions +- lib/openid/protocolerror.rb +- lib/openid/server.rb +- lib/openid/extension.rb +- lib/openid/consumer.rb +- lib/openid/yadis/htmltokenizer.rb +- lib/openid/yadis/parsehtml.rb +- lib/openid/yadis/filters.rb +- lib/openid/yadis/xrds.rb +- lib/openid/yadis/accept.rb +- lib/openid/yadis/constants.rb +- lib/openid/yadis/discovery.rb +- lib/openid/yadis/xri.rb +- lib/openid/yadis/xrires.rb +- lib/openid/yadis/services.rb +- lib/openid/consumer/html_parse.rb +- lib/openid/consumer/idres.rb +- lib/openid/consumer/associationmanager.rb +- lib/openid/consumer/discovery.rb +- lib/openid/consumer/discovery_manager.rb +- lib/openid/consumer/checkid_request.rb +- lib/openid/consumer/responses.rb +- lib/openid/store/filesystem.rb +- lib/openid/store/interface.rb +- lib/openid/store/nonce.rb +- lib/openid/store/memory.rb +- lib/openid/extensions/sreg.rb +- lib/openid/extensions/ax.rb +- lib/openid/extensions/pape.rb +- lib/hmac/hmac.rb +- lib/hmac/sha1.rb +- lib/hmac/sha2.rb +- test/data +- test/test_association.rb +- test/test_urinorm.rb +- test/testutil.rb +- test/test_util.rb +- test/test_message.rb +- test/test_cryptutil.rb +- test/test_extras.rb +- test/util.rb +- test/test_trustroot.rb +- test/test_parsehtml.rb +- test/test_fetchers.rb +- test/test_dh.rb +- test/test_kvform.rb +- test/test_openid_yadis.rb +- test/test_linkparse.rb +- test/test_stores.rb +- test/test_filters.rb +- test/test_xrds.rb +- test/test_nonce.rb +- test/test_accept.rb +- test/test_kvpost.rb +- test/test_associationmanager.rb +- test/discoverdata.rb +- test/test_server.rb +- test/test_yadis_discovery.rb +- test/test_sreg.rb +- test/test_idres.rb +- test/test_ax.rb +- test/test_xri.rb +- test/test_xrires.rb +- test/test_discover.rb +- test/test_consumer.rb +- test/test_pape.rb +- test/test_checkid_request.rb +- test/test_discovery_manager.rb +- test/test_responses.rb +- test/test_extension.rb +- test/data/test_xrds +- test/data/urinorm.txt +- test/data/n2b64 +- test/data/trustroot.txt +- test/data/dh.txt +- test/data/test1-parsehtml.txt +- test/data/linkparse.txt +- test/data/accept.txt +- test/data/test_discover +- test/data/example-xrds.xml +- test/data/test1-discover.txt +- test/data/test_xrds/ref.xrds +- test/data/test_xrds/README +- test/data/test_xrds/delegated-20060809-r1.xrds +- test/data/test_xrds/delegated-20060809-r2.xrds +- test/data/test_xrds/delegated-20060809.xrds +- test/data/test_xrds/no-xrd.xml +- test/data/test_xrds/not-xrds.xml +- test/data/test_xrds/prefixsometimes.xrds +- test/data/test_xrds/sometimesprefix.xrds +- test/data/test_xrds/spoof1.xrds +- test/data/test_xrds/spoof2.xrds +- test/data/test_xrds/spoof3.xrds +- test/data/test_xrds/status222.xrds +- test/data/test_xrds/valid-populated-xrds.xml +- test/data/test_xrds/=j3h.2007.11.14.xrds +- test/data/test_xrds/subsegments.xrds +- test/data/test_discover/openid2_xrds.xml +- test/data/test_discover/openid.html +- test/data/test_discover/openid2.html +- test/data/test_discover/openid2_xrds_no_local_id.xml +- test/data/test_discover/openid_1_and_2.html +- test/data/test_discover/openid_1_and_2_xrds.xml +- test/data/test_discover/openid_and_yadis.html +- test/data/test_discover/openid_1_and_2_xrds_bad_delegate.xml +- test/data/test_discover/openid_no_delegate.html +- test/data/test_discover/yadis_0entries.xml +- test/data/test_discover/yadis_2_bad_local_id.xml +- test/data/test_discover/yadis_2entries_delegate.xml +- test/data/test_discover/yadis_2entries_idp.xml +- test/data/test_discover/yadis_another_delegate.xml +- test/data/test_discover/yadis_idp.xml +- test/data/test_discover/yadis_idp_delegate.xml +- test/data/test_discover/yadis_no_delegate.xml +- test/data/test_discover/malformed_meta_tag.html +- NOTICE +- CHANGELOG +- README +- INSTALL +- LICENSE +- UPGRADE +- admin/runtests.rb +has_rdoc: true +homepage: http://openidenabled.com/ruby-openid/ +post_install_message: +rdoc_options: +- --main +- README +require_paths: +- lib +required_ruby_version: !ruby/object:Gem::Requirement + requirements: + - - ">" + - !ruby/object:Gem::Version + version: 0.0.0 + version: +required_rubygems_version: !ruby/object:Gem::Requirement + requirements: + - - ">=" + - !ruby/object:Gem::Version + version: "0" + version: +requirements: [] + +rubyforge_project: +rubygems_version: 1.3.1 +signing_key: +specification_version: 1 +summary: A library for consuming and serving OpenID identities. +test_files: +- admin/runtests.rb diff --git a/vendor/gems/ruby-openid-2.1.4/CHANGELOG b/vendor/gems/ruby-openid-2.1.4/CHANGELOG new file mode 100644 index 0000000000..123db5898b --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/CHANGELOG @@ -0,0 +1,11 @@ +Fri Dec 19 11:50:10 PST 2008 cygnus@janrain.com + tagged 2.1.4 + +Fri Dec 19 11:48:25 PST 2008 cygnus@janrain.com + * Version: 2.1.4 + +Fri Dec 19 11:42:47 PST 2008 cygnus@janrain.com + * Normalize XRIs when doing discovery in accordance with the OpenID 2 spec + +Tue Dec 16 13:14:07 PST 2008 cygnus@janrain.com + tagged 2.1.3 diff --git a/vendor/gems/ruby-openid-2.1.4/INSTALL b/vendor/gems/ruby-openid-2.1.4/INSTALL new file mode 100644 index 0000000000..89f1b9bd49 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/INSTALL @@ -0,0 +1,47 @@ += Ruby OpenID Library Installation + +== Rubygems Installation + +Rubygems is a tool for installing ruby libraries and their +dependancies. If you have rubygems installed, simply: + + gem install ruby-openid + +== Manual Installation + +Unpack the archive and run setup.rb to install: + + ruby setup.rb + +setup.rb installs the library into your system ruby. If don't want to +add openid to you system ruby, you may instead add the *lib* directory of +the extracted tarball to your RUBYLIB environment variable: + + $ export RUBYLIB=${RUBYLIB}:/path/to/ruby-openid/lib + + +== Testing the Installation + +Make sure everything installed ok: + $> irb + irb$> require "openid" + => true + +Or, if you installed via rubygems: + + $> irb + irb$> require "rubygems" + => true + irb$> require_gem "ruby-openid" + => true + +== Run the test suite + +Go into the test directory and execute the *runtests.rb* script. + +== Next steps + +* Run consumer.rb in the examples directory. +* Get started writing your own consumer using OpenID::Consumer +* Write your own server with OpenID::Server +* Use the OpenIDLoginGenerator! Read example/README for more info. diff --git a/vendor/gems/ruby-openid-2.1.4/LICENSE b/vendor/gems/ruby-openid-2.1.4/LICENSE new file mode 100644 index 0000000000..c1c57734d2 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/LICENSE @@ -0,0 +1,210 @@ +The code in lib/hmac/ is Copyright 2001 by Daiki Ueno, and distributed under +the terms of the Ruby license. See http://www.ruby-lang.org/en/LICENSE.txt + +lib/openid/yadis/htmltokenizer.rb is Copyright 2004 by Ben Giddings and +distributed under the terms of the Ruby license. + +The remainder of this package is Copyright 2006-2008 by JanRain, Inc. and +distributed under the terms of license below: + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/gems/ruby-openid-2.1.4/NOTICE b/vendor/gems/ruby-openid-2.1.4/NOTICE new file mode 100644 index 0000000000..62df93be60 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/NOTICE @@ -0,0 +1,2 @@ +This product includes software developed by JanRain, +available from http://openidenabled.com/ diff --git a/vendor/gems/ruby-openid-2.1.4/README b/vendor/gems/ruby-openid-2.1.4/README new file mode 100644 index 0000000000..c6e833b436 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/README @@ -0,0 +1,82 @@ +=Ruby OpenID + +A Ruby library for verifying and serving OpenID identities. + +==Features +* Easy to use API for verifying OpenID identites - OpenID::Consumer +* Support for serving OpenID identites - OpenID::Server +* Does not depend on underlying web framework +* Supports multiple storage mechanisms (Filesystem, ActiveRecord, Memory) +* Example code to help you get started, including: + * Ruby on Rails based consumer and server + * OpenIDLoginGenerator for quickly getting creating a rails app that uses + OpenID for authentication + * ActiveRecordOpenIDStore plugin +* Comprehensive test suite +* Supports both OpenID 1 and OpenID 2 transparently + +==Installing +Before running the examples or writing your own code you'll need to install +the library. See the INSTALL file or use rubygems: + + gem install ruby-openid + +Check the installation: + + $ irb + irb> require 'rubygems' + irb> require_gem 'ruby-openid' + => true + +The library is known to work with Ruby 1.8.4 on Unix, Max OSX and +Win32. Examples have been tested with Rails 1.1 and 1.2, and 2.0. + +==Getting Started +The best way to start is to look at the rails_openid example. +You can run it with: + cd examples/rails_openid + script/server + +If you are writing an OpenID Relying Party, a good place to start is: +examples/rails_openid/app/controllers/consumer_controller.rb + +And if you are writing an OpenID provider: +examples/rails_openid/app/controllers/server_controller.rb + +The library code is quite well documented, so don't be squeamish, and +look at the library itself if there's anything you don't understand in +the examples. + +==Homepage +http://openidenabled.com/ruby-openid/ + +See also: +http://openid.net/ +http://openidenabled.com/ + +==Community +Discussion regarding the Ruby OpenID library and other JanRain OpenID +libraries takes place on the the OpenID mailing list on +openidenabled.com. + +http://lists.openidenabled.com/mailman/listinfo/dev + +Please join this list to discuss, ask implementation questions, report +bugs, etc. Also check out the openid channel on the freenode IRC +network. + +If you have a bugfix or feature you'd like to contribute, don't +hesitate to send it to us. For more detailed information on how to +contribute, see + + http://openidenabled.com/contribute/ + +==Author +Copyright 2006-2008, JanRain, Inc. + +Contact openid@janrain.com or visit the OpenID channel on pibb.com: + +http://pibb.com/go/openid + +==License +Apache Software License. For more information see the LICENSE file. diff --git a/vendor/gems/ruby-openid-2.1.4/UPGRADE b/vendor/gems/ruby-openid-2.1.4/UPGRADE new file mode 100644 index 0000000000..b80e823217 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/UPGRADE @@ -0,0 +1,127 @@ += Upgrading from the OpenID 1.x series library + +== Consumer Upgrade + +The flow is largely the same, however there are a number of significant +changes. The consumer example is helpful to look at: +examples/rails_openid/app/controllers/consumer_controller.rb + + +=== Stores + +You will need to require the file for the store that you are using. +For the filesystem store, this is 'openid/stores/filesystem' +They are also now in modules. The filesystem store is + OpenID::Store::Filesystem +The format has changed, and you should remove your old store directory. + +The ActiveRecord store ( examples/active_record_openid_store ) still needs +to be put in a plugin directory for your rails app. There's a migration +that needs to be run; examine the README in that directory. + +Also, note that the stores now can be garbage collected with the method + store.cleanup + + +=== Starting the OpenID transaction + +The OpenIDRequest object no longer has status codes. Instead, +consumer.begin raises an OpenID::OpenIDError if there is a problem +initiating the transaction, so you'll want something along the lines of: + + begin + openid_request = consumer.begin(params[:openid_identifier]) + rescue OpenID::OpenIDError => e + # display error e + return + end + #success case + +Data regarding the OpenID server once lived in + openid_request.service + +The corresponding object in the 2.0 lib can be retrieved with + openid_request.endpoint + +Getting the unverified identifier: Where you once had + openid_request.identity_url +you will now want + openid_request.endpoint.claimed_id +which might be different from what you get at the end of the transaction, +since it is now possible for users to enter their server's url directly. + +Arguments on the return_to URL are now verified, so if you want to add +additional arguments to the return_to url, use + openid_request.return_to_args['param'] = value + +Generating the redirect is the same as before, but add any extensions +first. + +If you need to set up an SSL certificate authority list for the fetcher, +use the 'ca_file' attr_accessor on the OpenID::StandardFetcher. This has +changed from 'ca_path' in the 1.x.x series library. That is, set +OpenID.fetcher.ca_file = '/path/to/ca.list' +before calling consumer.begin. + +=== Requesting Simple Registration Data + +You'll need to require the code for the extension + require 'openid/extensions/sreg' + +The new code for adding an SReg request now looks like: + + sreg_request = OpenID::SReg::Request.new + sreg_request.request_fields(['email', 'dob'], true) # required + sreg_request.request_fields(['nickname', 'fullname'], false) # optional + sreg_request.policy_url = policy_url + openid_request.add_extension(sreg_request) + +The code for adding other extensions is similar. Code for the Attribute +Exchange (AX) and Provider Authentication Policy Extension (PAPE) are +included with the library, and additional extensions can be implemented +subclassing OpenID::Extension. + + +=== Completing the transaction + +The return_to and its arguments are verified, so you need to pass in +the base URL and the arguments. With Rails, the params method mashes +together parameters from GET, POST, and the path, so you'll need to pull +off the path "parameters" with something like + + return_to = url_for(:only_path => false, + :controller => 'openid', + :action => 'complete') + parameters = params.reject{|k,v| request.path_parameters[k] } + openid_response = consumer.complete(parameters, return_to) + +The response still uses the status codes, but they are now namespaced +slightly differently, for example OpenID::Consumer::SUCCESS + +In the case of failure, the error message is now found in + openid_response.message + +The identifier to display to the user can be found in + openid_response.endpoint.display_identifier + +The Simple Registration response can be read from the OpenID response +with + sreg_response = OpenID::SReg::Response.from_success_response(openid_response) + nickname = sreg_response['nickname'] + # etc. + + +== Server Upgrade + +The server code is mostly the same as before, with the exception of +extensions. Also, you must pass in the endpoint URL to the server +constructor: + @server = OpenID::Server.new(store, server_url) + +I recommend looking at +examples/rails_openid/app/controllers/server_controller.rb +for an example of the new way of doing extensions. + +-- +Dag Arneson, JanRain Inc. +Please direct questions to openid@janrain.com diff --git a/vendor/gems/ruby-openid-2.1.4/admin/runtests.rb b/vendor/gems/ruby-openid-2.1.4/admin/runtests.rb new file mode 100644 index 0000000000..50abe04497 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/admin/runtests.rb @@ -0,0 +1,36 @@ +#!/usr/bin/ruby + +require "logger" +require "stringio" +require "pathname" + +require 'test/unit/collector/dir' +require 'test/unit/ui/console/testrunner' + +def main + old_verbose = $VERBOSE + $VERBOSE = true + + tests_dir = Pathname.new(__FILE__).dirname.dirname.join('test') + + # Collect tests from everything named test_*.rb. + c = Test::Unit::Collector::Dir.new + + if c.respond_to?(:base=) + # In order to supress warnings from ruby 1.8.6 about accessing + # undefined member + c.base = tests_dir + suite = c.collect + else + # Because base is not defined in ruby < 1.8.6 + suite = c.collect(tests_dir) + end + + + result = Test::Unit::UI::Console::TestRunner.run(suite) + result.passed? +ensure + $VERBOSE = old_verbose +end + +exit(main) diff --git a/vendor/gems/ruby-openid-2.1.4/examples/README b/vendor/gems/ruby-openid-2.1.4/examples/README new file mode 100644 index 0000000000..71aa30d7e8 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/README @@ -0,0 +1,32 @@ +This directory contains several examples that demonstrate use of the +OpenID library. Make sure you have properly installed the library +before running the examples. These examples are a great place to +start in integrating OpenID into your application. + +==Rails example + +The rails_openid contains a fully functional OpenID server and relying +party, and acts as a starting point for implementing your own +production rails server. You'll need the latest version of Ruby on +Rails installed, and then: + + cd rails_openid + ./script/server + +Open a web browser to http://localhost:3000/ and follow the instructions. + +The relevant code to work from when writing your Rails OpenID Relying +Party is: + rails_openid/app/controllers/consumer_controller.rb +If you are working on an OpenID provider, check out + rails_openid/app/controllers/server_controller.rb + +Since the library and examples are Apache-licensed, don't be shy about +copy-and-paste. + +==Rails ActiveRecord OpenIDStore plugin + +For various reasons you may want or need to deploy your ruby openid +consumer/server using an SQL based store. The active_record_openid_store +is a plugin that makes using an SQL based store simple. Follow the +README inside the plugin's dir for usage. diff --git a/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/README b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/README new file mode 100644 index 0000000000..117872980a --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/README @@ -0,0 +1,58 @@ +=Active Record OpenID Store Plugin + +A store is required by an OpenID server and optionally by the consumer +to store associations, nonces, and auth key information across +requests and processes. If rails is distributed across several +machines, they must must all have access to the same OpenID store +data, so the FilesystemStore won't do. + +This directory contains a plugin for connecting your +OpenID enabled rails app to an ActiveRecord based OpenID store. + +==Install + +1) Copy this directory and all it's contents into your +RAILS_ROOT/vendor/plugins directory. You structure should look like +this: + + RAILS_ROOT/vendor/plugins/active_record_openid_store/ + +2) Copy the migration, XXX_add_open_id_store_to_db.rb to your + RAILS_ROOT/db/migrate directory. Rename the XXX portion of the + file to next sequential migration number. + +3) Run the migration: + + rake migrate + +4) Change your app to use the ActiveRecordOpenIDStore: + + store = ActiveRecordOpenIDStore.new + consumer = OpenID::Consumer.new(session, store) + +5) That's it! All your OpenID state will now be stored in the database. + +==Upgrade + +If you are upgrading from the 1.x ActiveRecord store, replace your old +RAILS_ROOT/vendor/plugins/active_record_openid_store/ directory with +the new one and run the migration XXX_upgrade_open_id_store.rb. + +==What about garbage collection? + +You may garbage collect unused nonces and expired associations using +the gc instance method of ActiveRecordOpenIDStore. Hook it up to a +task in your app's Rakefile like so: + + desc 'GC OpenID store' + task :gc_openid_store => :environment do + ActiveRecordOpenIDStore.new.cleanup + end + +Run it by typing: + + rake gc_openid_store + + +==Questions? +Contact Dag Arneson: dag at janrain dot com diff --git a/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb new file mode 100644 index 0000000000..996254531a --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb @@ -0,0 +1,24 @@ +# Use this migration to create the tables for the ActiveRecord store +class AddOpenIdStoreToDb < ActiveRecord::Migration + def self.up + create_table "open_id_associations", :force => true do |t| + t.column "server_url", :binary, :null => false + t.column "handle", :string, :null => false + t.column "secret", :binary, :null => false + t.column "issued", :integer, :null => false + t.column "lifetime", :integer, :null => false + t.column "assoc_type", :string, :null => false + end + + create_table "open_id_nonces", :force => true do |t| + t.column :server_url, :string, :null => false + t.column :timestamp, :integer, :null => false + t.column :salt, :string, :null => false + end + end + + def self.down + drop_table "open_id_associations" + drop_table "open_id_nonces" + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/XXX_upgrade_open_id_store.rb b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/XXX_upgrade_open_id_store.rb new file mode 100644 index 0000000000..273d285bd3 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/XXX_upgrade_open_id_store.rb @@ -0,0 +1,26 @@ +# Use this migration to upgrade the old 1.1 ActiveRecord store schema +# to the new 2.0 schema. +class UpgradeOpenIdStore < ActiveRecord::Migration + def self.up + drop_table "open_id_settings" + drop_table "open_id_nonces" + create_table "open_id_nonces", :force => true do |t| + t.column :server_url, :string, :null => false + t.column :timestamp, :integer, :null => false + t.column :salt, :string, :null => false + end + end + + def self.down + drop_table "open_id_nonces" + create_table "open_id_nonces", :force => true do |t| + t.column "nonce", :string + t.column "created", :integer + end + + create_table "open_id_settings", :force => true do |t| + t.column "setting", :string + t.column "value", :binary + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/init.rb b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/init.rb new file mode 100644 index 0000000000..b625179e20 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/init.rb @@ -0,0 +1,8 @@ +# might using the ruby-openid gem +begin + require 'rubygems' +rescue LoadError + nil +end +require 'openid' +require 'openid_ar_store' diff --git a/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/association.rb b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/association.rb new file mode 100644 index 0000000000..09eda8b575 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/association.rb @@ -0,0 +1,10 @@ +require 'openid/association' +require 'time' + +class Association < ActiveRecord::Base + set_table_name 'open_id_associations' + def from_record + OpenID::Association.new(handle, secret, Time.at(issued), lifetime, assoc_type) + end +end + diff --git a/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/nonce.rb b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/nonce.rb new file mode 100644 index 0000000000..fcf5153025 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/nonce.rb @@ -0,0 +1,3 @@ +class Nonce < ActiveRecord::Base + set_table_name 'open_id_nonces' +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/open_id_setting.rb b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/open_id_setting.rb new file mode 100644 index 0000000000..030e4c256f --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/open_id_setting.rb @@ -0,0 +1,4 @@ +class OpenIdSetting < ActiveRecord::Base + + validates_uniqueness_of :setting +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/openid_ar_store.rb b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/openid_ar_store.rb new file mode 100644 index 0000000000..276569c5a2 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/lib/openid_ar_store.rb @@ -0,0 +1,57 @@ +require 'association' +require 'nonce' +require 'openid/store/interface' + +# not in OpenID module to avoid namespace conflict +class ActiveRecordStore < OpenID::Store::Interface + def store_association(server_url, assoc) + remove_association(server_url, assoc.handle) + Association.create!(:server_url => server_url, + :handle => assoc.handle, + :secret => assoc.secret, + :issued => assoc.issued.to_i, + :lifetime => assoc.lifetime, + :assoc_type => assoc.assoc_type) + end + + def get_association(server_url, handle=nil) + assocs = if handle.blank? + Association.find_all_by_server_url(server_url) + else + Association.find_all_by_server_url_and_handle(server_url, handle) + end + + assocs.reverse.each do |assoc| + a = assoc.from_record + if a.expires_in == 0 + assoc.destroy + else + return a + end + end if assocs.any? + + return nil + end + + def remove_association(server_url, handle) + Association.delete_all(['server_url = ? AND handle = ?', server_url, handle]) > 0 + end + + def use_nonce(server_url, timestamp, salt) + return false if Nonce.find_by_server_url_and_timestamp_and_salt(server_url, timestamp, salt) + return false if (timestamp - Time.now.to_i).abs > OpenID::Nonce.skew + Nonce.create!(:server_url => server_url, :timestamp => timestamp, :salt => salt) + return true + end + + def cleanup_nonces + now = Time.now.to_i + Nonce.delete_all(["timestamp > ? OR timestamp < ?", now + OpenID::Nonce.skew, now - OpenID::Nonce.skew]) + end + + def cleanup_associations + now = Time.now.to_i + Association.delete_all(['issued + lifetime > ?',now]) + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/test/store_test.rb b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/test/store_test.rb new file mode 100644 index 0000000000..8e1986c6ed --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/active_record_openid_store/test/store_test.rb @@ -0,0 +1,212 @@ +$:.unshift(File.dirname(__FILE__) + '/../lib') +require 'test/unit' +RAILS_ENV = "test" +require File.expand_path(File.join(File.dirname(__FILE__), '../../../../config/environment.rb')) + +module StoreTestCase + @@allowed_handle = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~' + @@allowed_nonce = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" + + def _gen_nonce + OpenID::CryptUtil.random_string(8, @@allowed_nonce) + end + + def _gen_handle(n) + OpenID::CryptUtil.random_string(n, @@allowed_handle) + end + + def _gen_secret(n, chars=nil) + OpenID::CryptUtil.random_string(n, chars) + end + + def _gen_assoc(issued, lifetime=600) + secret = _gen_secret(20) + handle = _gen_handle(128) + OpenID::Association.new(handle, secret, Time.now + issued, lifetime, + 'HMAC-SHA1') + end + + def _check_retrieve(url, handle=nil, expected=nil) + ret_assoc = @store.get_association(url, handle) + + if expected.nil? + assert_nil(ret_assoc) + else + assert_equal(expected, ret_assoc) + assert_equal(expected.handle, ret_assoc.handle) + assert_equal(expected.secret, ret_assoc.secret) + end + end + + def _check_remove(url, handle, expected) + present = @store.remove_association(url, handle) + assert_equal(expected, present) + end + + def test_store + server_url = "http://www.myopenid.com/openid" + assoc = _gen_assoc(issued=0) + + # Make sure that a missing association returns no result + _check_retrieve(server_url) + + # Check that after storage, getting returns the same result + @store.store_association(server_url, assoc) + _check_retrieve(server_url, nil, assoc) + + # more than once + _check_retrieve(server_url, nil, assoc) + + # Storing more than once has no ill effect + @store.store_association(server_url, assoc) + _check_retrieve(server_url, nil, assoc) + + # Removing an association that does not exist returns not present + _check_remove(server_url, assoc.handle + 'x', false) + + # Removing an association that does not exist returns not present + _check_remove(server_url + 'x', assoc.handle, false) + + # Removing an association that is present returns present + _check_remove(server_url, assoc.handle, true) + + # but not present on subsequent calls + _check_remove(server_url, assoc.handle, false) + + # Put assoc back in the store + @store.store_association(server_url, assoc) + + # More recent and expires after assoc + assoc2 = _gen_assoc(issued=1) + @store.store_association(server_url, assoc2) + + # After storing an association with a different handle, but the + # same server_url, the handle with the later expiration is returned. + _check_retrieve(server_url, nil, assoc2) + + # We can still retrieve the older association + _check_retrieve(server_url, assoc.handle, assoc) + + # Plus we can retrieve the association with the later expiration + # explicitly + _check_retrieve(server_url, assoc2.handle, assoc2) + + # More recent, and expires earlier than assoc2 or assoc. Make sure + # that we're picking the one with the latest issued date and not + # taking into account the expiration. + assoc3 = _gen_assoc(issued=2, lifetime=100) + @store.store_association(server_url, assoc3) + + _check_retrieve(server_url, nil, assoc3) + _check_retrieve(server_url, assoc.handle, assoc) + _check_retrieve(server_url, assoc2.handle, assoc2) + _check_retrieve(server_url, assoc3.handle, assoc3) + + _check_remove(server_url, assoc2.handle, true) + + _check_retrieve(server_url, nil, assoc3) + _check_retrieve(server_url, assoc.handle, assoc) + _check_retrieve(server_url, assoc2.handle, nil) + _check_retrieve(server_url, assoc3.handle, assoc3) + + _check_remove(server_url, assoc2.handle, false) + _check_remove(server_url, assoc3.handle, true) + + _check_retrieve(server_url, nil, assoc) + _check_retrieve(server_url, assoc.handle, assoc) + _check_retrieve(server_url, assoc2.handle, nil) + _check_retrieve(server_url, assoc3.handle, nil) + + _check_remove(server_url, assoc2.handle, false) + _check_remove(server_url, assoc.handle, true) + _check_remove(server_url, assoc3.handle, false) + + _check_retrieve(server_url, nil, nil) + _check_retrieve(server_url, assoc.handle, nil) + _check_retrieve(server_url, assoc2.handle, nil) + _check_retrieve(server_url, assoc3.handle, nil) + + _check_remove(server_url, assoc2.handle, false) + _check_remove(server_url, assoc.handle, false) + _check_remove(server_url, assoc3.handle, false) + + assocValid1 = _gen_assoc(-3600, 7200) + assocValid2 = _gen_assoc(-5) + assocExpired1 = _gen_assoc(-7200, 3600) + assocExpired2 = _gen_assoc(-7200, 3600) + + @store.cleanup_associations + @store.store_association(server_url + '1', assocValid1) + @store.store_association(server_url + '1', assocExpired1) + @store.store_association(server_url + '2', assocExpired2) + @store.store_association(server_url + '3', assocValid2) + + cleaned = @store.cleanup_associations() + assert_equal(2, cleaned, "cleaned up associations") + end + + def _check_use_nonce(nonce, expected, server_url, msg='') + stamp, salt = OpenID::Nonce::split_nonce(nonce) + actual = @store.use_nonce(server_url, stamp, salt) + assert_equal(expected, actual, msg) + end + + def test_nonce + server_url = "http://www.myopenid.com/openid" + [server_url, ''].each{|url| + nonce1 = OpenID::Nonce::mk_nonce + + _check_use_nonce(nonce1, true, url, "#{url}: nonce allowed by default") + _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed twice") + _check_use_nonce(nonce1, false, url, "#{url}: nonce not allowed third time") + + # old nonces shouldn't pass + old_nonce = OpenID::Nonce::mk_nonce(3600) + _check_use_nonce(old_nonce, false, url, "Old nonce #{old_nonce.inspect} passed") + + } + + now = Time.now.to_i + old_nonce1 = OpenID::Nonce::mk_nonce(now - 20000) + old_nonce2 = OpenID::Nonce::mk_nonce(now - 10000) + recent_nonce = OpenID::Nonce::mk_nonce(now - 600) + + orig_skew = OpenID::Nonce.skew + OpenID::Nonce.skew = 0 + count = @store.cleanup_nonces + OpenID::Nonce.skew = 1000000 + ts, salt = OpenID::Nonce::split_nonce(old_nonce1) + assert(@store.use_nonce(server_url, ts, salt), "oldnonce1") + ts, salt = OpenID::Nonce::split_nonce(old_nonce2) + assert(@store.use_nonce(server_url, ts, salt), "oldnonce2") + ts, salt = OpenID::Nonce::split_nonce(recent_nonce) + assert(@store.use_nonce(server_url, ts, salt), "recent_nonce") + + + OpenID::Nonce.skew = 1000 + cleaned = @store.cleanup_nonces + assert_equal(2, cleaned, "Cleaned #{cleaned} nonces") + + OpenID::Nonce.skew = 100000 + ts, salt = OpenID::Nonce::split_nonce(old_nonce1) + assert(@store.use_nonce(server_url, ts, salt), "oldnonce1 after cleanup") + ts, salt = OpenID::Nonce::split_nonce(old_nonce2) + assert(@store.use_nonce(server_url, ts, salt), "oldnonce2 after cleanup") + ts, salt = OpenID::Nonce::split_nonce(recent_nonce) + assert(!@store.use_nonce(server_url, ts, salt), "recent_nonce after cleanup") + + OpenID::Nonce.skew = orig_skew + + end +end + + +class TestARStore < Test::Unit::TestCase + include StoreTestCase + + def setup + @store = ActiveRecordStore.new + end + +end + diff --git a/vendor/gems/ruby-openid-2.1.4/examples/discover b/vendor/gems/ruby-openid-2.1.4/examples/discover new file mode 100644 index 0000000000..ab985a496c --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/discover @@ -0,0 +1,49 @@ +#!/usr/bin/env ruby +require "openid/consumer/discovery" +require 'openid/fetchers' + +OpenID::fetcher_use_env_http_proxy + +$names = [[:server_url, "Server URL "], + [:local_id, "Local ID "], + [:canonical_id, "Canonical ID"], + ] + +def show_services(user_input, normalized, services) + puts " Claimed identifier: #{normalized}" + if services.empty? + puts " No OpenID services found" + puts + else + puts " Discovered services:" + n = 0 + services.each do |service| + n += 1 + puts " #{n}." + $names.each do |meth, name| + val = service.send(meth) + if val + printf(" %s: %s\n", name, val) + end + end + puts " Type URIs:" + for type_uri in service.type_uris + puts " * #{type_uri}" + end + puts + end + end +end + +ARGV.each do |openid_identifier| + puts "=" * 50 + puts "Running discovery on #{openid_identifier}" + begin + normalized_identifier, services = OpenID.discover(openid_identifier) + rescue OpenID::DiscoveryFailure => why + puts "Discovery failed: #{why.message}" + puts + else + show_services(openid_identifier, normalized_identifier, services) + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/README b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/README new file mode 100644 index 0000000000..cd9d0ffe58 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/README @@ -0,0 +1,153 @@ +== Welcome to Rails + +Rails is a web-application and persistence framework that includes everything +needed to create database-backed web-applications according to the +Model-View-Control pattern of separation. This pattern splits the view (also +called the presentation) into "dumb" templates that are primarily responsible +for inserting pre-built data in between HTML tags. The model contains the +"smart" domain objects (such as Account, Product, Person, Post) that holds all +the business logic and knows how to persist themselves to a database. The +controller handles the incoming requests (such as Save New Account, Update +Product, Show Post) by manipulating the model and directing data to the view. + +In Rails, the model is handled by what's called an object-relational mapping +layer entitled Active Record. This layer allows you to present the data from +database rows as objects and embellish these data objects with business logic +methods. You can read more about Active Record in +link:files/vendor/rails/activerecord/README.html. + +The controller and view are handled by the Action Pack, which handles both +layers by its two parts: Action View and Action Controller. These two layers +are bundled in a single package due to their heavy interdependence. This is +unlike the relationship between the Active Record and Action Pack that is much +more separate. Each of these packages can be used independently outside of +Rails. You can read more about Action Pack in +link:files/vendor/rails/actionpack/README.html. + + +== Getting started + +1. Run the WEBrick servlet: ruby script/server (run with --help for options) + ...or if you have lighttpd installed: ruby script/lighttpd (it's faster) +2. Go to http://localhost:3000/ and get "Congratulations, you've put Ruby on Rails!" +3. Follow the guidelines on the "Congratulations, you've put Ruby on Rails!" screen + + +== Example for Apache conf + + + ServerName rails + DocumentRoot /path/application/public/ + ErrorLog /path/application/log/server.log + + + Options ExecCGI FollowSymLinks + AllowOverride all + Allow from all + Order allow,deny + + + +NOTE: Be sure that CGIs can be executed in that directory as well. So ExecCGI +should be on and ".cgi" should respond. All requests from 127.0.0.1 go +through CGI, so no Apache restart is necessary for changes. All other requests +go through FCGI (or mod_ruby), which requires a restart to show changes. + + +== Debugging Rails + +Have "tail -f" commands running on both the server.log, production.log, and +test.log files. Rails will automatically display debugging and runtime +information to these files. Debugging info will also be shown in the browser +on requests from 127.0.0.1. + + +== Breakpoints + +Breakpoint support is available through the script/breakpointer client. This +means that you can break out of execution at any point in the code, investigate +and change the model, AND then resume execution! Example: + + class WeblogController < ActionController::Base + def index + @posts = Post.find_all + breakpoint "Breaking out from the list" + end + end + +So the controller will accept the action, run the first line, then present you +with a IRB prompt in the breakpointer window. Here you can do things like: + +Executing breakpoint "Breaking out from the list" at .../webrick_server.rb:16 in 'breakpoint' + + >> @posts.inspect + => "[#nil, \"body\"=>nil, \"id\"=>\"1\"}>, + #\"Rails you know!\", \"body\"=>\"Only ten..\", \"id\"=>\"2\"}>]" + >> @posts.first.title = "hello from a breakpoint" + => "hello from a breakpoint" + +...and even better is that you can examine how your runtime objects actually work: + + >> f = @posts.first + => #nil, "body"=>nil, "id"=>"1"}> + >> f. + Display all 152 possibilities? (y or n) + +Finally, when you're ready to resume execution, you press CTRL-D + + +== Console + +You can interact with the domain model by starting the console through script/console. +Here you'll have all parts of the application configured, just like it is when the +application is running. You can inspect domain models, change values, and save to the +database. Starting the script without arguments will launch it in the development environment. +Passing an argument will specify a different environment, like console production. + + +== Description of contents + +app + Holds all the code that's specific to this particular application. + +app/controllers + Holds controllers that should be named like weblog_controller.rb for + automated URL mapping. All controllers should descend from + ActionController::Base. + +app/models + Holds models that should be named like post.rb. + Most models will descend from ActiveRecord::Base. + +app/views + Holds the template files for the view that should be named like + weblog/index.rhtml for the WeblogController#index action. All views use eRuby + syntax. This directory can also be used to keep stylesheets, images, and so on + that can be symlinked to public. + +app/helpers + Holds view helpers that should be named like weblog_helper.rb. + +config + Configuration files for the Rails environment, the routing map, the database, and other dependencies. + +components + Self-contained mini-applications that can bundle together controllers, models, and views. + +lib + Application specific libraries. Basically, any kind of custom code that doesn't + belong under controllers, models, or helpers. This directory is in the load path. + +public + The directory available for the web server. Contains subdirectories for images, stylesheets, + and javascripts. Also contains the dispatchers and the default HTML files. + +script + Helper scripts for automation and generation. + +test + Unit and functional tests along with fixtures. + +vendor + External libraries that the application depends on. Also includes the plugins subdirectory. + This directory is in the load path. diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/Rakefile b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/Rakefile new file mode 100644 index 0000000000..cffd19f0c1 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/Rakefile @@ -0,0 +1,10 @@ +# Add your own tasks in files placed in lib/tasks ending in .rake, +# for example lib/tasks/switchtower.rake, and they will automatically be available to Rake. + +require(File.join(File.dirname(__FILE__), 'config', 'boot')) + +require 'rake' +require 'rake/testtask' +require 'rake/rdoctask' + +require 'tasks/rails' \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/application.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/application.rb new file mode 100644 index 0000000000..537de40d7e --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/application.rb @@ -0,0 +1,4 @@ +# Filters added to this controller will be run for all controllers in the application. +# Likewise, all the methods added will be available for all controllers. +class ApplicationController < ActionController::Base +end \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/consumer_controller.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/consumer_controller.rb new file mode 100644 index 0000000000..37dd3bbd49 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/consumer_controller.rb @@ -0,0 +1,122 @@ +require 'pathname' + +require "openid" +require 'openid/extensions/sreg' +require 'openid/extensions/pape' +require 'openid/store/filesystem' + +class ConsumerController < ApplicationController + layout nil + + def index + # render an openid form + end + + def start + begin + identifier = params[:openid_identifier] + if identifier.nil? + flash[:error] = "Enter an OpenID identifier" + redirect_to :action => 'index' + return + end + oidreq = consumer.begin(identifier) + rescue OpenID::OpenIDError => e + flash[:error] = "Discovery failed for #{identifier}: #{e}" + redirect_to :action => 'index' + return + end + if params[:use_sreg] + sregreq = OpenID::SReg::Request.new + # required fields + sregreq.request_fields(['email','nickname'], true) + # optional fields + sregreq.request_fields(['dob', 'fullname'], false) + oidreq.add_extension(sregreq) + oidreq.return_to_args['did_sreg'] = 'y' + end + if params[:use_pape] + papereq = OpenID::PAPE::Request.new + papereq.add_policy_uri(OpenID::PAPE::AUTH_PHISHING_RESISTANT) + papereq.max_auth_age = 2*60*60 + oidreq.add_extension(papereq) + oidreq.return_to_args['did_pape'] = 'y' + end + if params[:force_post] + oidreq.return_to_args['force_post']='x'*2048 + end + return_to = url_for :action => 'complete', :only_path => false + realm = url_for :action => 'index', :only_path => false + + if oidreq.send_redirect?(realm, return_to, params[:immediate]) + redirect_to oidreq.redirect_url(realm, return_to, params[:immediate]) + else + render :text => oidreq.html_markup(realm, return_to, params[:immediate], {'id' => 'openid_form'}) + end + end + + def complete + # FIXME - url_for some action is not necessarily the current URL. + current_url = url_for(:action => 'complete', :only_path => false) + parameters = params.reject{|k,v|request.path_parameters[k]} + oidresp = consumer.complete(parameters, current_url) + case oidresp.status + when OpenID::Consumer::FAILURE + if oidresp.display_identifier + flash[:error] = ("Verification of #{oidresp.display_identifier}"\ + " failed: #{oidresp.message}") + else + flash[:error] = "Verification failed: #{oidresp.message}" + end + when OpenID::Consumer::SUCCESS + flash[:success] = ("Verification of #{oidresp.display_identifier}"\ + " succeeded.") + if params[:did_sreg] + sreg_resp = OpenID::SReg::Response.from_success_response(oidresp) + sreg_message = "Simple Registration data was requested" + if sreg_resp.empty? + sreg_message << ", but none was returned." + else + sreg_message << ". The following data were sent:" + sreg_resp.data.each {|k,v| + sreg_message << "
#{k}: #{v}" + } + end + flash[:sreg_results] = sreg_message + end + if params[:did_pape] + pape_resp = OpenID::PAPE::Response.from_success_response(oidresp) + pape_message = "A phishing resistant authentication method was requested" + if pape_resp.auth_policies.member? OpenID::PAPE::AUTH_PHISHING_RESISTANT + pape_message << ", and the server reported one." + else + pape_message << ", but the server did not report one." + end + if pape_resp.auth_time + pape_message << "
Authentication time: #{pape_resp.auth_time} seconds" + end + if pape_resp.nist_auth_level + pape_message << "
NIST Auth Level: #{pape_resp.nist_auth_level}" + end + flash[:pape_results] = pape_message + end + when OpenID::Consumer::SETUP_NEEDED + flash[:alert] = "Immediate request failed - Setup Needed" + when OpenID::Consumer::CANCEL + flash[:alert] = "OpenID transaction cancelled." + else + end + redirect_to :action => 'index' + end + + private + + def consumer + if @consumer.nil? + dir = Pathname.new(RAILS_ROOT).join('db').join('cstore') + store = OpenID::Store::Filesystem.new(dir) + @consumer = OpenID::Consumer.new(session, store) + end + return @consumer + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/login_controller.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/login_controller.rb new file mode 100644 index 0000000000..ff7c257b5e --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/login_controller.rb @@ -0,0 +1,45 @@ +# Controller for handling the login, logout process for "users" of our +# little server. Users have no password. This is just an example. + +require 'openid' + +class LoginController < ApplicationController + + layout 'server' + + def base_url + url_for(:controller => 'login', :action => nil, :only_path => false) + end + + def index + response.headers['X-XRDS-Location'] = url_for(:controller => "server", + :action => "idp_xrds", + :only_path => false) + @base_url = base_url + # just show the login page + end + + def submit + user = params[:username] + + # if we get a user, log them in by putting their username in + # the session hash. + unless user.nil? + session[:username] = user unless user.nil? + session[:approvals] = [] + flash[:notice] = "Your OpenID URL is #{base_url}user/#{user}

Proceed to step 2 below." + else + flash[:error] = "Sorry, couldn't log you in. Try again." + end + + redirect_to :action => 'index' + end + + def logout + # delete the username from the session hash + session[:username] = nil + session[:approvals] = nil + redirect_to :action => 'index' + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/server_controller.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/server_controller.rb new file mode 100644 index 0000000000..af0b1a7c69 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/controllers/server_controller.rb @@ -0,0 +1,265 @@ +require 'pathname' + +# load the openid library, first trying rubygems +#begin +# require "rubygems" +# require_gem "ruby-openid", ">= 1.0" +#rescue LoadError +require "openid" +require "openid/consumer/discovery" +require 'openid/extensions/sreg' +require 'openid/extensions/pape' +require 'openid/store/filesystem' +#end + +class ServerController < ApplicationController + + include ServerHelper + include OpenID::Server + layout nil + + def index + begin + oidreq = server.decode_request(params) + rescue ProtocolError => e + # invalid openid request, so just display a page with an error message + render :text => e.to_s, :status => 500 + return + end + + # no openid.mode was given + unless oidreq + render :text => "This is an OpenID server endpoint." + return + end + + oidresp = nil + + if oidreq.kind_of?(CheckIDRequest) + + identity = oidreq.identity + + if oidreq.id_select + if oidreq.immediate + oidresp = oidreq.answer(false) + elsif session[:username].nil? + # The user hasn't logged in. + show_decision_page(oidreq) + return + else + # Else, set the identity to the one the user is using. + identity = url_for_user + end + end + + if oidresp + nil + elsif self.is_authorized(identity, oidreq.trust_root) + oidresp = oidreq.answer(true, nil, identity) + + # add the sreg response if requested + add_sreg(oidreq, oidresp) + # ditto pape + add_pape(oidreq, oidresp) + + elsif oidreq.immediate + server_url = url_for :action => 'index' + oidresp = oidreq.answer(false, server_url) + + else + show_decision_page(oidreq) + return + end + + else + oidresp = server.handle_request(oidreq) + end + + self.render_response(oidresp) + end + + def show_decision_page(oidreq, message="Do you trust this site with your identity?") + session[:last_oidreq] = oidreq + @oidreq = oidreq + + if message + flash[:notice] = message + end + + render :template => 'server/decide', :layout => 'server' + end + + def user_page + # Yadis content-negotiation: we want to return the xrds if asked for. + accept = request.env['HTTP_ACCEPT'] + + # This is not technically correct, and should eventually be updated + # to do real Accept header parsing and logic. Though I expect it will work + # 99% of the time. + if accept and accept.include?('application/xrds+xml') + user_xrds + return + end + + # content negotiation failed, so just render the user page + xrds_url = url_for(:controller=>'user',:action=>params[:username])+'/xrds' + identity_page = < + + +

OpenID identity page for #{params[:username]}

+ +EOS + + # Also add the Yadis location header, so that they don't have + # to parse the html unless absolutely necessary. + response.headers['X-XRDS-Location'] = xrds_url + render :text => identity_page + end + + def user_xrds + types = [ + OpenID::OPENID_2_0_TYPE, + OpenID::OPENID_1_0_TYPE, + OpenID::SREG_URI, + ] + + render_xrds(types) + end + + def idp_xrds + types = [ + OpenID::OPENID_IDP_2_0_TYPE, + ] + + render_xrds(types) + end + + def decision + oidreq = session[:last_oidreq] + session[:last_oidreq] = nil + + if params[:yes].nil? + redirect_to oidreq.cancel_url + return + else + id_to_send = params[:id_to_send] + + identity = oidreq.identity + if oidreq.id_select + if id_to_send and id_to_send != "" + session[:username] = id_to_send + session[:approvals] = [] + identity = url_for_user + else + msg = "You must enter a username to in order to send " + + "an identifier to the Relying Party." + show_decision_page(oidreq, msg) + return + end + end + + if session[:approvals] + session[:approvals] << oidreq.trust_root + else + session[:approvals] = [oidreq.trust_root] + end + oidresp = oidreq.answer(true, nil, identity) + add_sreg(oidreq, oidresp) + add_pape(oidreq, oidresp) + return self.render_response(oidresp) + end + end + + protected + + def server + if @server.nil? + server_url = url_for :action => 'index', :only_path => false + dir = Pathname.new(RAILS_ROOT).join('db').join('openid-store') + store = OpenID::Store::Filesystem.new(dir) + @server = Server.new(store, server_url) + end + return @server + end + + def approved(trust_root) + return false if session[:approvals].nil? + return session[:approvals].member?(trust_root) + end + + def is_authorized(identity_url, trust_root) + return (session[:username] and (identity_url == url_for_user) and self.approved(trust_root)) + end + + def render_xrds(types) + type_str = "" + + types.each { |uri| + type_str += "#{uri}\n " + } + + yadis = < + + + + #{type_str} + #{url_for(:controller => 'server', :only_path => false)} + + + +EOS + + response.headers['content-type'] = 'application/xrds+xml' + render :text => yadis + end + + def add_sreg(oidreq, oidresp) + # check for Simple Registration arguments and respond + sregreq = OpenID::SReg::Request.from_openid_request(oidreq) + + return if sregreq.nil? + # In a real application, this data would be user-specific, + # and the user should be asked for permission to release + # it. + sreg_data = { + 'nickname' => session[:username], + 'fullname' => 'Mayor McCheese', + 'email' => 'mayor@example.com' + } + + sregresp = OpenID::SReg::Response.extract_response(sregreq, sreg_data) + oidresp.add_extension(sregresp) + end + + def add_pape(oidreq, oidresp) + papereq = OpenID::PAPE::Request.from_openid_request(oidreq) + return if papereq.nil? + paperesp = OpenID::PAPE::Response.new + paperesp.nist_auth_level = 0 # we don't even do auth at all! + oidresp.add_extension(paperesp) + end + + def render_response(oidresp) + if oidresp.needs_signing + signed_response = server.signatory.sign(oidresp) + end + web_response = server.encode_response(oidresp) + + case web_response.code + when HTTP_OK + render :text => web_response.body, :status => 200 + + when HTTP_REDIRECT + redirect_to web_response.headers['location'] + + else + render :text => web_response.body, :status => 400 + end + end + + +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/helpers/application_helper.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/helpers/application_helper.rb new file mode 100644 index 0000000000..22a7940eb2 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/helpers/application_helper.rb @@ -0,0 +1,3 @@ +# Methods added to this helper will be available to all templates in the application. +module ApplicationHelper +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/helpers/login_helper.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/helpers/login_helper.rb new file mode 100644 index 0000000000..a0418e32bd --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/helpers/login_helper.rb @@ -0,0 +1,2 @@ +module LoginHelper +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/helpers/server_helper.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/helpers/server_helper.rb new file mode 100644 index 0000000000..409b21048e --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/helpers/server_helper.rb @@ -0,0 +1,9 @@ + +module ServerHelper + + def url_for_user + url_for :controller => 'user', :action => session[:username] + end + +end + diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/consumer/index.rhtml b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/consumer/index.rhtml new file mode 100644 index 0000000000..0cecbe8e50 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/consumer/index.rhtml @@ -0,0 +1,81 @@ + + +Rails OpenID Example Relying Party + + + +

Rails OpenID Example Relying Party

+ <% if flash[:alert] %> +
+ <%= h(flash[:alert]) %> +
+ <% end %> + <% if flash[:error] %> +
+ <%= h(flash[:error]) %> +
+ <% end %> + <% if flash[:success] %> +
+ <%= h(flash[:success]) %> +
+ <% end %> + <% if flash[:sreg_results] %> +
+ <%= flash[:sreg_results] %> +
+ <% end %> + <% if flash[:pape_results] %> +
+ <%= flash[:pape_results] %> +
+ <% end %> +
+
'> + Identifier: + +
+
+
+
+ +
+
+ + diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/layouts/server.rhtml b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/layouts/server.rhtml new file mode 100644 index 0000000000..3dd5d78625 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/layouts/server.rhtml @@ -0,0 +1,68 @@ + + OpenID Server Example + + + + + + <% if session[:username] %> +
+ Welcome, <%= session[:username] %> | <%= link_to('Log out', :controller => 'login', :action => 'logout') %>
+ <%= @base_url %>user/<%= session[:username] %> +
+ <% end %> + +

Ruby OpenID Server Example

+ +
+ + <% if flash[:notice] or flash[:error] %> +
+ <%= flash[:error] or flash[:notice] %> +
+ <% end %> + + <%= @content_for_layout %> + + + + diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/login/index.rhtml b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/login/index.rhtml new file mode 100644 index 0000000000..9990a57585 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/login/index.rhtml @@ -0,0 +1,56 @@ + + +<% if session[:username].nil? %> + +
+
+Type a username: + + +
+ +
+ +<% end %> + +

Welcome to the Ruby OpenID example. This code is a starting point +for developers wishing to implement an OpenID provider or relying +party. We've used the Rails +platform to demonstrate, but the library code is not Rails specific.

+ +

To use the example provider

+

+

    + +
  1. Enter a username in the form above. You will be "Logged In" + to the server, at which point you may authenticate using an OpenID + consumer. Your OpenID URL will be displayed after you log + in.

    The server will automatically create an identity page for + you at <%= @base_url %>user/name

  2. + +
  3. Because WEBrick can only handle one thing at a time, you'll need to + run another instance of the example on another port if you want to use + a relying party to use with this example provider:

    +
    + script/server --port=3001 +
    + +

    (The RP needs to be able to access the provider, so unless you're + running this example on a public IP, you can't use the live example + at openidenabled.com on + your local provider.)

    +
  4. + +
  5. Point your browser to this new instance and follow the directions + below.
  6. + +
+ +

+ +

To use the example relying party

+ +

Visit /consumer +and enter your OpenID.

+

+ diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/server/decide.rhtml b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/server/decide.rhtml new file mode 100644 index 0000000000..5322b48a48 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/app/views/server/decide.rhtml @@ -0,0 +1,26 @@ +
+ + + + + <% if @oidreq.id_select %> + + + + + + + + <% else %> + + <% end %> +
Site:<%= @oidreq.trust_root %>
+ You entered the server identifier at the relying party. + You'll need to send an identifier of your choosing. Enter a + username below. +
Identity to send:
Identity:<%= @oidreq.identity %>
+ + + + +
diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/boot.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/boot.rb new file mode 100644 index 0000000000..9fcd50fe3f --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/boot.rb @@ -0,0 +1,19 @@ +# Don't change this file. Configuration is done in config/environment.rb and config/environments/*.rb + +unless defined?(RAILS_ROOT) + root_path = File.join(File.dirname(__FILE__), '..') + unless RUBY_PLATFORM =~ /mswin32/ + require 'pathname' + root_path = Pathname.new(root_path).cleanpath(true).to_s + end + RAILS_ROOT = root_path +end + +if File.directory?("#{RAILS_ROOT}/vendor/rails") + require "#{RAILS_ROOT}/vendor/rails/railties/lib/initializer" +else + require 'rubygems' + require 'initializer' +end + +Rails::Initializer.run(:set_load_path) diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environment.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environment.rb new file mode 100644 index 0000000000..0a78bf8385 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environment.rb @@ -0,0 +1,54 @@ +# Be sure to restart your web server when you modify this file. + +# Uncomment below to force Rails into production mode when +# you don't control web/app server and can't set it the proper way +# ENV['RAILS_ENV'] ||= 'production' + +# Bootstrap the Rails environment, frameworks, and default configuration +require File.join(File.dirname(__FILE__), 'boot') + +Rails::Initializer.run do |config| + # Settings in config/environments/* take precedence those specified here + + # Skip frameworks you're not going to use + # config.frameworks -= [ :action_web_service, :action_mailer ] + + # Add additional load paths for your own custom dirs + # config.load_paths += %W( #{RAILS_ROOT}/extras ) + + # Force all environments to use the same logger level + # (by default production uses :info, the others :debug) + # config.log_level = :debug + + # Use the database for sessions instead of the file system + # (create the session table with 'rake create_sessions_table') + # config.action_controller.session_store = :active_record_store + + # Enable page/fragment caching by setting a file-based store + # (remember to create the caching directory and make it readable to the application) + # config.action_controller.fragment_cache_store = :file_store, "#{RAILS_ROOT}/cache" + + # Activate observers that should always be running + # config.active_record.observers = :cacher, :garbage_collector + + # Make Active Record use UTC-base instead of local time + # config.active_record.default_timezone = :utc + + # Use Active Record's schema dumper instead of SQL when creating the test database + # (enables use of different database adapters for development and test environments) + # config.active_record.schema_format = :ruby + + # See Rails::Configuration for more options +end + +# Add new inflection rules using the following format +# (all these examples are active by default): +# Inflector.inflections do |inflect| +# inflect.plural /^(ox)$/i, '\1en' +# inflect.singular /^(ox)en/i, '\1' +# inflect.irregular 'person', 'people' +# inflect.uncountable %w( fish sheep ) +# end + +# Include your application configuration below +ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:session_key] = '_session_id_2' diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environments/development.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environments/development.rb new file mode 100644 index 0000000000..04b779200a --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environments/development.rb @@ -0,0 +1,19 @@ +# Settings specified here will take precedence over those in config/environment.rb + +# In the development environment your application's code is reloaded on +# every request. This slows down response time but is perfect for development +# since you don't have to restart the webserver when you make code changes. +config.cache_classes = false + +# Log error messages when you accidentally call methods on nil. +config.whiny_nils = true + +# Enable the breakpoint server that script/breakpointer connects to +config.breakpoint_server = true + +# Show full error reports and disable caching +config.action_controller.consider_all_requests_local = true +config.action_controller.perform_caching = false + +# Don't care if the mailer can't send +config.action_mailer.raise_delivery_errors = false diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environments/production.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environments/production.rb new file mode 100644 index 0000000000..c9a4396c4e --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environments/production.rb @@ -0,0 +1,19 @@ +# Settings specified here will take precedence over those in config/environment.rb + +# The production environment is meant for finished, "live" apps. +# Code is not reloaded between requests +config.cache_classes = true + +# Use a different logger for distributed setups +# config.logger = SyslogLogger.new + + +# Full error reports are disabled and caching is turned on +config.action_controller.consider_all_requests_local = false +config.action_controller.perform_caching = true + +# Enable serving of images, stylesheets, and javascripts from an asset server +# config.action_controller.asset_host = "http://assets.example.com" + +# Disable delivery errors if you bad email addresses should just be ignored +# config.action_mailer.raise_delivery_errors = false diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environments/test.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environments/test.rb new file mode 100644 index 0000000000..6a4cddbd25 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/environments/test.rb @@ -0,0 +1,19 @@ +# Settings specified here will take precedence over those in config/environment.rb + +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! +config.cache_classes = true + +# Log error messages when you accidentally call methods on nil. +config.whiny_nils = true + +# Show full error reports and disable caching +config.action_controller.consider_all_requests_local = true +config.action_controller.perform_caching = false + +# Tell ActionMailer not to deliver emails to the real world. +# The :test delivery method accumulates sent emails in the +# ActionMailer::Base.deliveries array. +config.action_mailer.delivery_method = :test \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/routes.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/routes.rb new file mode 100644 index 0000000000..d5ceed2069 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/config/routes.rb @@ -0,0 +1,24 @@ +ActionController::Routing::Routes.draw do |map| + # Add your own custom routes here. + # The priority is based upon order of creation: first created -> highest priority. + + # Here's a sample route: + # map.connect 'products/:id', :controller => 'catalog', :action => 'view' + # Keep in mind you can assign values other than :controller and :action + + # You can have the root of your site routed by hooking up '' + # -- just remember to delete public/index.html. + # map.connect '', :controller => "welcome" + + map.connect '', :controller => 'login' + map.connect 'server/xrds', :controller => 'server', :action => 'idp_xrds' + map.connect 'user/:username', :controller => 'server', :action => 'user_page' + map.connect 'user/:username/xrds', :controller => 'server', :action => 'user_xrds' + + # Allow downloading Web Service WSDL as a file with an extension + # instead of a file named 'wsdl' + map.connect ':controller/service.wsdl', :action => 'wsdl' + + # Install the default route as the lowest priority. + map.connect ':controller/:action/:id' +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/doc/README_FOR_APP b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/doc/README_FOR_APP new file mode 100644 index 0000000000..ac6c149122 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/doc/README_FOR_APP @@ -0,0 +1,2 @@ +Use this README file to introduce your application and point to useful places in the API for learning more. +Run "rake appdoc" to generate API documentation for your models and controllers. \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/404.html b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/404.html new file mode 100644 index 0000000000..0e1845619d --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/404.html @@ -0,0 +1,8 @@ + + + +

File not found

+

Change this error message for pages not found in public/404.html

+ + \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/500.html b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/500.html new file mode 100644 index 0000000000..a1001a008d --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/500.html @@ -0,0 +1,8 @@ + + + +

Application error (Apache)

+

Change this error message for exceptions thrown outside of an action (like in Dispatcher setups or broken Ruby code) in public/500.html

+ + \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/dispatch.cgi b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/dispatch.cgi new file mode 100644 index 0000000000..dfe5dc30e7 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/dispatch.cgi @@ -0,0 +1,12 @@ +#!/usr/bin/ruby1.8 + +#!/usr/local/bin/ruby + +require File.dirname(__FILE__) + "/../config/environment" unless defined?(RAILS_ROOT) + +# If you're using RubyGems and mod_ruby, this require should be changed to an absolute path one, like: +# "/usr/local/lib/ruby/gems/1.8/gems/rails-0.8.0/lib/dispatcher" -- otherwise performance is severely impaired +require "dispatcher" + +ADDITIONAL_LOAD_PATHS.reverse.each { |dir| $:.unshift(dir) if File.directory?(dir) } if defined?(Apache::RubyRun) +Dispatcher.dispatch \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/dispatch.fcgi b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/dispatch.fcgi new file mode 100644 index 0000000000..d02c35b8b8 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/dispatch.fcgi @@ -0,0 +1,26 @@ +#!/usr/bin/ruby1.8 + +#!/usr/local/bin/ruby +# +# You may specify the path to the FastCGI crash log (a log of unhandled +# exceptions which forced the FastCGI instance to exit, great for debugging) +# and the number of requests to process before running garbage collection. +# +# By default, the FastCGI crash log is RAILS_ROOT/log/fastcgi.crash.log +# and the GC period is nil (turned off). A reasonable number of requests +# could range from 10-100 depending on the memory footprint of your app. +# +# Example: +# # Default log path, normal GC behavior. +# RailsFCGIHandler.process! +# +# # Default log path, 50 requests between GC. +# RailsFCGIHandler.process! nil, 50 +# +# # Custom log path, normal GC behavior. +# RailsFCGIHandler.process! '/var/log/myapp_fcgi_crash.log' +# +require File.dirname(__FILE__) + "/../config/environment" +require 'fcgi_handler' + +RailsFCGIHandler.process! diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/dispatch.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/dispatch.rb new file mode 100644 index 0000000000..dfe5dc30e7 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/dispatch.rb @@ -0,0 +1,12 @@ +#!/usr/bin/ruby1.8 + +#!/usr/local/bin/ruby + +require File.dirname(__FILE__) + "/../config/environment" unless defined?(RAILS_ROOT) + +# If you're using RubyGems and mod_ruby, this require should be changed to an absolute path one, like: +# "/usr/local/lib/ruby/gems/1.8/gems/rails-0.8.0/lib/dispatcher" -- otherwise performance is severely impaired +require "dispatcher" + +ADDITIONAL_LOAD_PATHS.reverse.each { |dir| $:.unshift(dir) if File.directory?(dir) } if defined?(Apache::RubyRun) +Dispatcher.dispatch \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/favicon.ico b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/favicon.ico new file mode 100644 index 0000000000..e69de29bb2 diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/images/openid_login_bg.gif b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/images/openid_login_bg.gif new file mode 100644 index 0000000000..cde836c893 Binary files /dev/null and b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/images/openid_login_bg.gif differ diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/controls.js b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/controls.js new file mode 100644 index 0000000000..9742b69188 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/controls.js @@ -0,0 +1,750 @@ +// Copyright (c) 2005 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) +// (c) 2005 Ivan Krstic (http://blogs.law.harvard.edu/ivan) +// (c) 2005 Jon Tirsen (http://www.tirsen.com) +// Contributors: +// Richard Livsey +// Rahul Bhargava +// Rob Wills +// +// See scriptaculous.js for full license. + +// Autocompleter.Base handles all the autocompletion functionality +// that's independent of the data source for autocompletion. This +// includes drawing the autocompletion menu, observing keyboard +// and mouse events, and similar. +// +// Specific autocompleters need to provide, at the very least, +// a getUpdatedChoices function that will be invoked every time +// the text inside the monitored textbox changes. This method +// should get the text for which to provide autocompletion by +// invoking this.getToken(), NOT by directly accessing +// this.element.value. This is to allow incremental tokenized +// autocompletion. Specific auto-completion logic (AJAX, etc) +// belongs in getUpdatedChoices. +// +// Tokenized incremental autocompletion is enabled automatically +// when an autocompleter is instantiated with the 'tokens' option +// in the options parameter, e.g.: +// new Ajax.Autocompleter('id','upd', '/url/', { tokens: ',' }); +// will incrementally autocomplete with a comma as the token. +// Additionally, ',' in the above example can be replaced with +// a token array, e.g. { tokens: [',', '\n'] } which +// enables autocompletion on multiple tokens. This is most +// useful when one of the tokens is \n (a newline), as it +// allows smart autocompletion after linebreaks. + +var Autocompleter = {} +Autocompleter.Base = function() {}; +Autocompleter.Base.prototype = { + baseInitialize: function(element, update, options) { + this.element = $(element); + this.update = $(update); + this.hasFocus = false; + this.changed = false; + this.active = false; + this.index = 0; + this.entryCount = 0; + + if (this.setOptions) + this.setOptions(options); + else + this.options = options || {}; + + this.options.paramName = this.options.paramName || this.element.name; + this.options.tokens = this.options.tokens || []; + this.options.frequency = this.options.frequency || 0.4; + this.options.minChars = this.options.minChars || 1; + this.options.onShow = this.options.onShow || + function(element, update){ + if(!update.style.position || update.style.position=='absolute') { + update.style.position = 'absolute'; + Position.clone(element, update, {setHeight: false, offsetTop: element.offsetHeight}); + } + Effect.Appear(update,{duration:0.15}); + }; + this.options.onHide = this.options.onHide || + function(element, update){ new Effect.Fade(update,{duration:0.15}) }; + + if (typeof(this.options.tokens) == 'string') + this.options.tokens = new Array(this.options.tokens); + + this.observer = null; + + this.element.setAttribute('autocomplete','off'); + + Element.hide(this.update); + + Event.observe(this.element, "blur", this.onBlur.bindAsEventListener(this)); + Event.observe(this.element, "keypress", this.onKeyPress.bindAsEventListener(this)); + }, + + show: function() { + if(Element.getStyle(this.update, 'display')=='none') this.options.onShow(this.element, this.update); + if(!this.iefix && + (navigator.appVersion.indexOf('MSIE')>0) && + (navigator.userAgent.indexOf('Opera')<0) && + (Element.getStyle(this.update, 'position')=='absolute')) { + new Insertion.After(this.update, + ''); + this.iefix = $(this.update.id+'_iefix'); + } + if(this.iefix) setTimeout(this.fixIEOverlapping.bind(this), 50); + }, + + fixIEOverlapping: function() { + Position.clone(this.update, this.iefix); + this.iefix.style.zIndex = 1; + this.update.style.zIndex = 2; + Element.show(this.iefix); + }, + + hide: function() { + this.stopIndicator(); + if(Element.getStyle(this.update, 'display')!='none') this.options.onHide(this.element, this.update); + if(this.iefix) Element.hide(this.iefix); + }, + + startIndicator: function() { + if(this.options.indicator) Element.show(this.options.indicator); + }, + + stopIndicator: function() { + if(this.options.indicator) Element.hide(this.options.indicator); + }, + + onKeyPress: function(event) { + if(this.active) + switch(event.keyCode) { + case Event.KEY_TAB: + case Event.KEY_RETURN: + this.selectEntry(); + Event.stop(event); + case Event.KEY_ESC: + this.hide(); + this.active = false; + Event.stop(event); + return; + case Event.KEY_LEFT: + case Event.KEY_RIGHT: + return; + case Event.KEY_UP: + this.markPrevious(); + this.render(); + if(navigator.appVersion.indexOf('AppleWebKit')>0) Event.stop(event); + return; + case Event.KEY_DOWN: + this.markNext(); + this.render(); + if(navigator.appVersion.indexOf('AppleWebKit')>0) Event.stop(event); + return; + } + else + if(event.keyCode==Event.KEY_TAB || event.keyCode==Event.KEY_RETURN) + return; + + this.changed = true; + this.hasFocus = true; + + if(this.observer) clearTimeout(this.observer); + this.observer = + setTimeout(this.onObserverEvent.bind(this), this.options.frequency*1000); + }, + + onHover: function(event) { + var element = Event.findElement(event, 'LI'); + if(this.index != element.autocompleteIndex) + { + this.index = element.autocompleteIndex; + this.render(); + } + Event.stop(event); + }, + + onClick: function(event) { + var element = Event.findElement(event, 'LI'); + this.index = element.autocompleteIndex; + this.selectEntry(); + this.hide(); + }, + + onBlur: function(event) { + // needed to make click events working + setTimeout(this.hide.bind(this), 250); + this.hasFocus = false; + this.active = false; + }, + + render: function() { + if(this.entryCount > 0) { + for (var i = 0; i < this.entryCount; i++) + this.index==i ? + Element.addClassName(this.getEntry(i),"selected") : + Element.removeClassName(this.getEntry(i),"selected"); + + if(this.hasFocus) { + this.show(); + this.active = true; + } + } else { + this.active = false; + this.hide(); + } + }, + + markPrevious: function() { + if(this.index > 0) this.index-- + else this.index = this.entryCount-1; + }, + + markNext: function() { + if(this.index < this.entryCount-1) this.index++ + else this.index = 0; + }, + + getEntry: function(index) { + return this.update.firstChild.childNodes[index]; + }, + + getCurrentEntry: function() { + return this.getEntry(this.index); + }, + + selectEntry: function() { + this.active = false; + this.updateElement(this.getCurrentEntry()); + }, + + updateElement: function(selectedElement) { + if (this.options.updateElement) { + this.options.updateElement(selectedElement); + return; + } + + var value = Element.collectTextNodesIgnoreClass(selectedElement, 'informal'); + var lastTokenPos = this.findLastToken(); + if (lastTokenPos != -1) { + var newValue = this.element.value.substr(0, lastTokenPos + 1); + var whitespace = this.element.value.substr(lastTokenPos + 1).match(/^\s+/); + if (whitespace) + newValue += whitespace[0]; + this.element.value = newValue + value; + } else { + this.element.value = value; + } + this.element.focus(); + + if (this.options.afterUpdateElement) + this.options.afterUpdateElement(this.element, selectedElement); + }, + + updateChoices: function(choices) { + if(!this.changed && this.hasFocus) { + this.update.innerHTML = choices; + Element.cleanWhitespace(this.update); + Element.cleanWhitespace(this.update.firstChild); + + if(this.update.firstChild && this.update.firstChild.childNodes) { + this.entryCount = + this.update.firstChild.childNodes.length; + for (var i = 0; i < this.entryCount; i++) { + var entry = this.getEntry(i); + entry.autocompleteIndex = i; + this.addObservers(entry); + } + } else { + this.entryCount = 0; + } + + this.stopIndicator(); + + this.index = 0; + this.render(); + } + }, + + addObservers: function(element) { + Event.observe(element, "mouseover", this.onHover.bindAsEventListener(this)); + Event.observe(element, "click", this.onClick.bindAsEventListener(this)); + }, + + onObserverEvent: function() { + this.changed = false; + if(this.getToken().length>=this.options.minChars) { + this.startIndicator(); + this.getUpdatedChoices(); + } else { + this.active = false; + this.hide(); + } + }, + + getToken: function() { + var tokenPos = this.findLastToken(); + if (tokenPos != -1) + var ret = this.element.value.substr(tokenPos + 1).replace(/^\s+/,'').replace(/\s+$/,''); + else + var ret = this.element.value; + + return /\n/.test(ret) ? '' : ret; + }, + + findLastToken: function() { + var lastTokenPos = -1; + + for (var i=0; i lastTokenPos) + lastTokenPos = thisTokenPos; + } + return lastTokenPos; + } +} + +Ajax.Autocompleter = Class.create(); +Object.extend(Object.extend(Ajax.Autocompleter.prototype, Autocompleter.Base.prototype), { + initialize: function(element, update, url, options) { + this.baseInitialize(element, update, options); + this.options.asynchronous = true; + this.options.onComplete = this.onComplete.bind(this); + this.options.defaultParams = this.options.parameters || null; + this.url = url; + }, + + getUpdatedChoices: function() { + entry = encodeURIComponent(this.options.paramName) + '=' + + encodeURIComponent(this.getToken()); + + this.options.parameters = this.options.callback ? + this.options.callback(this.element, entry) : entry; + + if(this.options.defaultParams) + this.options.parameters += '&' + this.options.defaultParams; + + new Ajax.Request(this.url, this.options); + }, + + onComplete: function(request) { + this.updateChoices(request.responseText); + } + +}); + +// The local array autocompleter. Used when you'd prefer to +// inject an array of autocompletion options into the page, rather +// than sending out Ajax queries, which can be quite slow sometimes. +// +// The constructor takes four parameters. The first two are, as usual, +// the id of the monitored textbox, and id of the autocompletion menu. +// The third is the array you want to autocomplete from, and the fourth +// is the options block. +// +// Extra local autocompletion options: +// - choices - How many autocompletion choices to offer +// +// - partialSearch - If false, the autocompleter will match entered +// text only at the beginning of strings in the +// autocomplete array. Defaults to true, which will +// match text at the beginning of any *word* in the +// strings in the autocomplete array. If you want to +// search anywhere in the string, additionally set +// the option fullSearch to true (default: off). +// +// - fullSsearch - Search anywhere in autocomplete array strings. +// +// - partialChars - How many characters to enter before triggering +// a partial match (unlike minChars, which defines +// how many characters are required to do any match +// at all). Defaults to 2. +// +// - ignoreCase - Whether to ignore case when autocompleting. +// Defaults to true. +// +// It's possible to pass in a custom function as the 'selector' +// option, if you prefer to write your own autocompletion logic. +// In that case, the other options above will not apply unless +// you support them. + +Autocompleter.Local = Class.create(); +Autocompleter.Local.prototype = Object.extend(new Autocompleter.Base(), { + initialize: function(element, update, array, options) { + this.baseInitialize(element, update, options); + this.options.array = array; + }, + + getUpdatedChoices: function() { + this.updateChoices(this.options.selector(this)); + }, + + setOptions: function(options) { + this.options = Object.extend({ + choices: 10, + partialSearch: true, + partialChars: 2, + ignoreCase: true, + fullSearch: false, + selector: function(instance) { + var ret = []; // Beginning matches + var partial = []; // Inside matches + var entry = instance.getToken(); + var count = 0; + + for (var i = 0; i < instance.options.array.length && + ret.length < instance.options.choices ; i++) { + + var elem = instance.options.array[i]; + var foundPos = instance.options.ignoreCase ? + elem.toLowerCase().indexOf(entry.toLowerCase()) : + elem.indexOf(entry); + + while (foundPos != -1) { + if (foundPos == 0 && elem.length != entry.length) { + ret.push("
  • " + elem.substr(0, entry.length) + "" + + elem.substr(entry.length) + "
  • "); + break; + } else if (entry.length >= instance.options.partialChars && + instance.options.partialSearch && foundPos != -1) { + if (instance.options.fullSearch || /\s/.test(elem.substr(foundPos-1,1))) { + partial.push("
  • " + elem.substr(0, foundPos) + "" + + elem.substr(foundPos, entry.length) + "" + elem.substr( + foundPos + entry.length) + "
  • "); + break; + } + } + + foundPos = instance.options.ignoreCase ? + elem.toLowerCase().indexOf(entry.toLowerCase(), foundPos + 1) : + elem.indexOf(entry, foundPos + 1); + + } + } + if (partial.length) + ret = ret.concat(partial.slice(0, instance.options.choices - ret.length)) + return "
      " + ret.join('') + "
    "; + } + }, options || {}); + } +}); + +// AJAX in-place editor +// +// see documentation on http://wiki.script.aculo.us/scriptaculous/show/Ajax.InPlaceEditor + +// Use this if you notice weird scrolling problems on some browsers, +// the DOM might be a bit confused when this gets called so do this +// waits 1 ms (with setTimeout) until it does the activation +Field.scrollFreeActivate = function(field) { + setTimeout(function() { + Field.activate(field); + }, 1); +} + +Ajax.InPlaceEditor = Class.create(); +Ajax.InPlaceEditor.defaultHighlightColor = "#FFFF99"; +Ajax.InPlaceEditor.prototype = { + initialize: function(element, url, options) { + this.url = url; + this.element = $(element); + + this.options = Object.extend({ + okText: "ok", + cancelText: "cancel", + savingText: "Saving...", + clickToEditText: "Click to edit", + okText: "ok", + rows: 1, + onComplete: function(transport, element) { + new Effect.Highlight(element, {startcolor: this.options.highlightcolor}); + }, + onFailure: function(transport) { + alert("Error communicating with the server: " + transport.responseText.stripTags()); + }, + callback: function(form) { + return Form.serialize(form); + }, + handleLineBreaks: true, + loadingText: 'Loading...', + savingClassName: 'inplaceeditor-saving', + loadingClassName: 'inplaceeditor-loading', + formClassName: 'inplaceeditor-form', + highlightcolor: Ajax.InPlaceEditor.defaultHighlightColor, + highlightendcolor: "#FFFFFF", + externalControl: null, + ajaxOptions: {} + }, options || {}); + + if(!this.options.formId && this.element.id) { + this.options.formId = this.element.id + "-inplaceeditor"; + if ($(this.options.formId)) { + // there's already a form with that name, don't specify an id + this.options.formId = null; + } + } + + if (this.options.externalControl) { + this.options.externalControl = $(this.options.externalControl); + } + + this.originalBackground = Element.getStyle(this.element, 'background-color'); + if (!this.originalBackground) { + this.originalBackground = "transparent"; + } + + this.element.title = this.options.clickToEditText; + + this.onclickListener = this.enterEditMode.bindAsEventListener(this); + this.mouseoverListener = this.enterHover.bindAsEventListener(this); + this.mouseoutListener = this.leaveHover.bindAsEventListener(this); + Event.observe(this.element, 'click', this.onclickListener); + Event.observe(this.element, 'mouseover', this.mouseoverListener); + Event.observe(this.element, 'mouseout', this.mouseoutListener); + if (this.options.externalControl) { + Event.observe(this.options.externalControl, 'click', this.onclickListener); + Event.observe(this.options.externalControl, 'mouseover', this.mouseoverListener); + Event.observe(this.options.externalControl, 'mouseout', this.mouseoutListener); + } + }, + enterEditMode: function(evt) { + if (this.saving) return; + if (this.editing) return; + this.editing = true; + this.onEnterEditMode(); + if (this.options.externalControl) { + Element.hide(this.options.externalControl); + } + Element.hide(this.element); + this.createForm(); + this.element.parentNode.insertBefore(this.form, this.element); + Field.scrollFreeActivate(this.editField); + // stop the event to avoid a page refresh in Safari + if (evt) { + Event.stop(evt); + } + return false; + }, + createForm: function() { + this.form = document.createElement("form"); + this.form.id = this.options.formId; + Element.addClassName(this.form, this.options.formClassName) + this.form.onsubmit = this.onSubmit.bind(this); + + this.createEditField(); + + if (this.options.textarea) { + var br = document.createElement("br"); + this.form.appendChild(br); + } + + okButton = document.createElement("input"); + okButton.type = "submit"; + okButton.value = this.options.okText; + this.form.appendChild(okButton); + + cancelLink = document.createElement("a"); + cancelLink.href = "#"; + cancelLink.appendChild(document.createTextNode(this.options.cancelText)); + cancelLink.onclick = this.onclickCancel.bind(this); + this.form.appendChild(cancelLink); + }, + hasHTMLLineBreaks: function(string) { + if (!this.options.handleLineBreaks) return false; + return string.match(/
    /i); + }, + convertHTMLLineBreaks: function(string) { + return string.replace(/
    /gi, "\n").replace(//gi, "\n").replace(/<\/p>/gi, "\n").replace(/

    /gi, ""); + }, + createEditField: function() { + var text; + if(this.options.loadTextURL) { + text = this.options.loadingText; + } else { + text = this.getText(); + } + + if (this.options.rows == 1 && !this.hasHTMLLineBreaks(text)) { + this.options.textarea = false; + var textField = document.createElement("input"); + textField.type = "text"; + textField.name = "value"; + textField.value = text; + textField.style.backgroundColor = this.options.highlightcolor; + var size = this.options.size || this.options.cols || 0; + if (size != 0) textField.size = size; + this.editField = textField; + } else { + this.options.textarea = true; + var textArea = document.createElement("textarea"); + textArea.name = "value"; + textArea.value = this.convertHTMLLineBreaks(text); + textArea.rows = this.options.rows; + textArea.cols = this.options.cols || 40; + this.editField = textArea; + } + + if(this.options.loadTextURL) { + this.loadExternalText(); + } + this.form.appendChild(this.editField); + }, + getText: function() { + return this.element.innerHTML; + }, + loadExternalText: function() { + Element.addClassName(this.form, this.options.loadingClassName); + this.editField.disabled = true; + new Ajax.Request( + this.options.loadTextURL, + Object.extend({ + asynchronous: true, + onComplete: this.onLoadedExternalText.bind(this) + }, this.options.ajaxOptions) + ); + }, + onLoadedExternalText: function(transport) { + Element.removeClassName(this.form, this.options.loadingClassName); + this.editField.disabled = false; + this.editField.value = transport.responseText.stripTags(); + }, + onclickCancel: function() { + this.onComplete(); + this.leaveEditMode(); + return false; + }, + onFailure: function(transport) { + this.options.onFailure(transport); + if (this.oldInnerHTML) { + this.element.innerHTML = this.oldInnerHTML; + this.oldInnerHTML = null; + } + return false; + }, + onSubmit: function() { + // onLoading resets these so we need to save them away for the Ajax call + var form = this.form; + var value = this.editField.value; + + // do this first, sometimes the ajax call returns before we get a chance to switch on Saving... + // which means this will actually switch on Saving... *after* we've left edit mode causing Saving... + // to be displayed indefinitely + this.onLoading(); + + new Ajax.Updater( + { + success: this.element, + // don't update on failure (this could be an option) + failure: null + }, + this.url, + Object.extend({ + parameters: this.options.callback(form, value), + onComplete: this.onComplete.bind(this), + onFailure: this.onFailure.bind(this) + }, this.options.ajaxOptions) + ); + // stop the event to avoid a page refresh in Safari + if (arguments.length > 1) { + Event.stop(arguments[0]); + } + return false; + }, + onLoading: function() { + this.saving = true; + this.removeForm(); + this.leaveHover(); + this.showSaving(); + }, + showSaving: function() { + this.oldInnerHTML = this.element.innerHTML; + this.element.innerHTML = this.options.savingText; + Element.addClassName(this.element, this.options.savingClassName); + this.element.style.backgroundColor = this.originalBackground; + Element.show(this.element); + }, + removeForm: function() { + if(this.form) { + if (this.form.parentNode) Element.remove(this.form); + this.form = null; + } + }, + enterHover: function() { + if (this.saving) return; + this.element.style.backgroundColor = this.options.highlightcolor; + if (this.effect) { + this.effect.cancel(); + } + Element.addClassName(this.element, this.options.hoverClassName) + }, + leaveHover: function() { + if (this.options.backgroundColor) { + this.element.style.backgroundColor = this.oldBackground; + } + Element.removeClassName(this.element, this.options.hoverClassName) + if (this.saving) return; + this.effect = new Effect.Highlight(this.element, { + startcolor: this.options.highlightcolor, + endcolor: this.options.highlightendcolor, + restorecolor: this.originalBackground + }); + }, + leaveEditMode: function() { + Element.removeClassName(this.element, this.options.savingClassName); + this.removeForm(); + this.leaveHover(); + this.element.style.backgroundColor = this.originalBackground; + Element.show(this.element); + if (this.options.externalControl) { + Element.show(this.options.externalControl); + } + this.editing = false; + this.saving = false; + this.oldInnerHTML = null; + this.onLeaveEditMode(); + }, + onComplete: function(transport) { + this.leaveEditMode(); + this.options.onComplete.bind(this)(transport, this.element); + }, + onEnterEditMode: function() {}, + onLeaveEditMode: function() {}, + dispose: function() { + if (this.oldInnerHTML) { + this.element.innerHTML = this.oldInnerHTML; + } + this.leaveEditMode(); + Event.stopObserving(this.element, 'click', this.onclickListener); + Event.stopObserving(this.element, 'mouseover', this.mouseoverListener); + Event.stopObserving(this.element, 'mouseout', this.mouseoutListener); + if (this.options.externalControl) { + Event.stopObserving(this.options.externalControl, 'click', this.onclickListener); + Event.stopObserving(this.options.externalControl, 'mouseover', this.mouseoverListener); + Event.stopObserving(this.options.externalControl, 'mouseout', this.mouseoutListener); + } + } +}; + +// Delayed observer, like Form.Element.Observer, +// but waits for delay after last key input +// Ideal for live-search fields + +Form.Element.DelayedObserver = Class.create(); +Form.Element.DelayedObserver.prototype = { + initialize: function(element, delay, callback) { + this.delay = delay || 0.5; + this.element = $(element); + this.callback = callback; + this.timer = null; + this.lastValue = $F(this.element); + Event.observe(this.element,'keyup',this.delayedListener.bindAsEventListener(this)); + }, + delayedListener: function(event) { + if(this.lastValue == $F(this.element)) return; + if(this.timer) clearTimeout(this.timer); + this.timer = setTimeout(this.onTimerEvent.bind(this), this.delay * 1000); + this.lastValue = $F(this.element); + }, + onTimerEvent: function() { + this.timer = null; + this.callback(this.element, $F(this.element)); + } +}; \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/dragdrop.js b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/dragdrop.js new file mode 100644 index 0000000000..92d1f73162 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/dragdrop.js @@ -0,0 +1,584 @@ +// Copyright (c) 2005 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) +// +// See scriptaculous.js for full license. + +/*--------------------------------------------------------------------------*/ + +var Droppables = { + drops: [], + + remove: function(element) { + this.drops = this.drops.reject(function(d) { return d.element==$(element) }); + }, + + add: function(element) { + element = $(element); + var options = Object.extend({ + greedy: true, + hoverclass: null + }, arguments[1] || {}); + + // cache containers + if(options.containment) { + options._containers = []; + var containment = options.containment; + if((typeof containment == 'object') && + (containment.constructor == Array)) { + containment.each( function(c) { options._containers.push($(c)) }); + } else { + options._containers.push($(containment)); + } + } + + if(options.accept) options.accept = [options.accept].flatten(); + + Element.makePositioned(element); // fix IE + options.element = element; + + this.drops.push(options); + }, + + isContained: function(element, drop) { + var parentNode = element.parentNode; + return drop._containers.detect(function(c) { return parentNode == c }); + }, + + isAffected: function(point, element, drop) { + return ( + (drop.element!=element) && + ((!drop._containers) || + this.isContained(element, drop)) && + ((!drop.accept) || + (Element.classNames(element).detect( + function(v) { return drop.accept.include(v) } ) )) && + Position.within(drop.element, point[0], point[1]) ); + }, + + deactivate: function(drop) { + if(drop.hoverclass) + Element.removeClassName(drop.element, drop.hoverclass); + this.last_active = null; + }, + + activate: function(drop) { + if(drop.hoverclass) + Element.addClassName(drop.element, drop.hoverclass); + this.last_active = drop; + }, + + show: function(point, element) { + if(!this.drops.length) return; + + if(this.last_active) this.deactivate(this.last_active); + this.drops.each( function(drop) { + if(Droppables.isAffected(point, element, drop)) { + if(drop.onHover) + drop.onHover(element, drop.element, Position.overlap(drop.overlap, drop.element)); + if(drop.greedy) { + Droppables.activate(drop); + throw $break; + } + } + }); + }, + + fire: function(event, element) { + if(!this.last_active) return; + Position.prepare(); + + if (this.isAffected([Event.pointerX(event), Event.pointerY(event)], element, this.last_active)) + if (this.last_active.onDrop) + this.last_active.onDrop(element, this.last_active.element, event); + }, + + reset: function() { + if(this.last_active) + this.deactivate(this.last_active); + } +} + +var Draggables = { + drags: [], + observers: [], + + register: function(draggable) { + if(this.drags.length == 0) { + this.eventMouseUp = this.endDrag.bindAsEventListener(this); + this.eventMouseMove = this.updateDrag.bindAsEventListener(this); + this.eventKeypress = this.keyPress.bindAsEventListener(this); + + Event.observe(document, "mouseup", this.eventMouseUp); + Event.observe(document, "mousemove", this.eventMouseMove); + Event.observe(document, "keypress", this.eventKeypress); + } + this.drags.push(draggable); + }, + + unregister: function(draggable) { + this.drags = this.drags.reject(function(d) { return d==draggable }); + if(this.drags.length == 0) { + Event.stopObserving(document, "mouseup", this.eventMouseUp); + Event.stopObserving(document, "mousemove", this.eventMouseMove); + Event.stopObserving(document, "keypress", this.eventKeypress); + } + }, + + activate: function(draggable) { + window.focus(); // allows keypress events if window isn't currently focused, fails for Safari + this.activeDraggable = draggable; + }, + + deactivate: function(draggbale) { + this.activeDraggable = null; + }, + + updateDrag: function(event) { + if(!this.activeDraggable) return; + var pointer = [Event.pointerX(event), Event.pointerY(event)]; + // Mozilla-based browsers fire successive mousemove events with + // the same coordinates, prevent needless redrawing (moz bug?) + if(this._lastPointer && (this._lastPointer.inspect() == pointer.inspect())) return; + this._lastPointer = pointer; + this.activeDraggable.updateDrag(event, pointer); + }, + + endDrag: function(event) { + if(!this.activeDraggable) return; + this._lastPointer = null; + this.activeDraggable.endDrag(event); + }, + + keyPress: function(event) { + if(this.activeDraggable) + this.activeDraggable.keyPress(event); + }, + + addObserver: function(observer) { + this.observers.push(observer); + this._cacheObserverCallbacks(); + }, + + removeObserver: function(element) { // element instead of observer fixes mem leaks + this.observers = this.observers.reject( function(o) { return o.element==element }); + this._cacheObserverCallbacks(); + }, + + notify: function(eventName, draggable, event) { // 'onStart', 'onEnd', 'onDrag' + if(this[eventName+'Count'] > 0) + this.observers.each( function(o) { + if(o[eventName]) o[eventName](eventName, draggable, event); + }); + }, + + _cacheObserverCallbacks: function() { + ['onStart','onEnd','onDrag'].each( function(eventName) { + Draggables[eventName+'Count'] = Draggables.observers.select( + function(o) { return o[eventName]; } + ).length; + }); + } +} + +/*--------------------------------------------------------------------------*/ + +var Draggable = Class.create(); +Draggable.prototype = { + initialize: function(element) { + var options = Object.extend({ + handle: false, + starteffect: function(element) { + new Effect.Opacity(element, {duration:0.2, from:1.0, to:0.7}); + }, + reverteffect: function(element, top_offset, left_offset) { + var dur = Math.sqrt(Math.abs(top_offset^2)+Math.abs(left_offset^2))*0.02; + element._revert = new Effect.MoveBy(element, -top_offset, -left_offset, {duration:dur}); + }, + endeffect: function(element) { + new Effect.Opacity(element, {duration:0.2, from:0.7, to:1.0}); + }, + zindex: 1000, + revert: false, + snap: false // false, or xy or [x,y] or function(x,y){ return [x,y] } + }, arguments[1] || {}); + + this.element = $(element); + + if(options.handle && (typeof options.handle == 'string')) + this.handle = Element.childrenWithClassName(this.element, options.handle)[0]; + if(!this.handle) this.handle = $(options.handle); + if(!this.handle) this.handle = this.element; + + Element.makePositioned(this.element); // fix IE + + this.delta = this.currentDelta(); + this.options = options; + this.dragging = false; + + this.eventMouseDown = this.initDrag.bindAsEventListener(this); + Event.observe(this.handle, "mousedown", this.eventMouseDown); + + Draggables.register(this); + }, + + destroy: function() { + Event.stopObserving(this.handle, "mousedown", this.eventMouseDown); + Draggables.unregister(this); + }, + + currentDelta: function() { + return([ + parseInt(this.element.style.left || '0'), + parseInt(this.element.style.top || '0')]); + }, + + initDrag: function(event) { + if(Event.isLeftClick(event)) { + // abort on form elements, fixes a Firefox issue + var src = Event.element(event); + if(src.tagName && ( + src.tagName=='INPUT' || + src.tagName=='SELECT' || + src.tagName=='BUTTON' || + src.tagName=='TEXTAREA')) return; + + if(this.element._revert) { + this.element._revert.cancel(); + this.element._revert = null; + } + + var pointer = [Event.pointerX(event), Event.pointerY(event)]; + var pos = Position.cumulativeOffset(this.element); + this.offset = [0,1].map( function(i) { return (pointer[i] - pos[i]) }); + + Draggables.activate(this); + Event.stop(event); + } + }, + + startDrag: function(event) { + this.dragging = true; + + if(this.options.zindex) { + this.originalZ = parseInt(Element.getStyle(this.element,'z-index') || 0); + this.element.style.zIndex = this.options.zindex; + } + + if(this.options.ghosting) { + this._clone = this.element.cloneNode(true); + Position.absolutize(this.element); + this.element.parentNode.insertBefore(this._clone, this.element); + } + + Draggables.notify('onStart', this, event); + if(this.options.starteffect) this.options.starteffect(this.element); + }, + + updateDrag: function(event, pointer) { + if(!this.dragging) this.startDrag(event); + Position.prepare(); + Droppables.show(pointer, this.element); + Draggables.notify('onDrag', this, event); + this.draw(pointer); + if(this.options.change) this.options.change(this); + + // fix AppleWebKit rendering + if(navigator.appVersion.indexOf('AppleWebKit')>0) window.scrollBy(0,0); + Event.stop(event); + }, + + finishDrag: function(event, success) { + this.dragging = false; + + if(this.options.ghosting) { + Position.relativize(this.element); + Element.remove(this._clone); + this._clone = null; + } + + if(success) Droppables.fire(event, this.element); + Draggables.notify('onEnd', this, event); + + var revert = this.options.revert; + if(revert && typeof revert == 'function') revert = revert(this.element); + + var d = this.currentDelta(); + if(revert && this.options.reverteffect) { + this.options.reverteffect(this.element, + d[1]-this.delta[1], d[0]-this.delta[0]); + } else { + this.delta = d; + } + + if(this.options.zindex) + this.element.style.zIndex = this.originalZ; + + if(this.options.endeffect) + this.options.endeffect(this.element); + + Draggables.deactivate(this); + Droppables.reset(); + }, + + keyPress: function(event) { + if(!event.keyCode==Event.KEY_ESC) return; + this.finishDrag(event, false); + Event.stop(event); + }, + + endDrag: function(event) { + if(!this.dragging) return; + this.finishDrag(event, true); + Event.stop(event); + }, + + draw: function(point) { + var pos = Position.cumulativeOffset(this.element); + var d = this.currentDelta(); + pos[0] -= d[0]; pos[1] -= d[1]; + + var p = [0,1].map(function(i){ return (point[i]-pos[i]-this.offset[i]) }.bind(this)); + + if(this.options.snap) { + if(typeof this.options.snap == 'function') { + p = this.options.snap(p[0],p[1]); + } else { + if(this.options.snap instanceof Array) { + p = p.map( function(v, i) { + return Math.round(v/this.options.snap[i])*this.options.snap[i] }.bind(this)) + } else { + p = p.map( function(v) { + return Math.round(v/this.options.snap)*this.options.snap }.bind(this)) + } + }} + + var style = this.element.style; + if((!this.options.constraint) || (this.options.constraint=='horizontal')) + style.left = p[0] + "px"; + if((!this.options.constraint) || (this.options.constraint=='vertical')) + style.top = p[1] + "px"; + if(style.visibility=="hidden") style.visibility = ""; // fix gecko rendering + } +} + +/*--------------------------------------------------------------------------*/ + +var SortableObserver = Class.create(); +SortableObserver.prototype = { + initialize: function(element, observer) { + this.element = $(element); + this.observer = observer; + this.lastValue = Sortable.serialize(this.element); + }, + + onStart: function() { + this.lastValue = Sortable.serialize(this.element); + }, + + onEnd: function() { + Sortable.unmark(); + if(this.lastValue != Sortable.serialize(this.element)) + this.observer(this.element) + } +} + +var Sortable = { + sortables: new Array(), + + options: function(element){ + element = $(element); + return this.sortables.detect(function(s) { return s.element == element }); + }, + + destroy: function(element){ + element = $(element); + this.sortables.findAll(function(s) { return s.element == element }).each(function(s){ + Draggables.removeObserver(s.element); + s.droppables.each(function(d){ Droppables.remove(d) }); + s.draggables.invoke('destroy'); + }); + this.sortables = this.sortables.reject(function(s) { return s.element == element }); + }, + + create: function(element) { + element = $(element); + var options = Object.extend({ + element: element, + tag: 'li', // assumes li children, override with tag: 'tagname' + dropOnEmpty: false, + tree: false, // fixme: unimplemented + overlap: 'vertical', // one of 'vertical', 'horizontal' + constraint: 'vertical', // one of 'vertical', 'horizontal', false + containment: element, // also takes array of elements (or id's); or false + handle: false, // or a CSS class + only: false, + hoverclass: null, + ghosting: false, + format: null, + onChange: Prototype.emptyFunction, + onUpdate: Prototype.emptyFunction + }, arguments[1] || {}); + + // clear any old sortable with same element + this.destroy(element); + + // build options for the draggables + var options_for_draggable = { + revert: true, + ghosting: options.ghosting, + constraint: options.constraint, + handle: options.handle }; + + if(options.starteffect) + options_for_draggable.starteffect = options.starteffect; + + if(options.reverteffect) + options_for_draggable.reverteffect = options.reverteffect; + else + if(options.ghosting) options_for_draggable.reverteffect = function(element) { + element.style.top = 0; + element.style.left = 0; + }; + + if(options.endeffect) + options_for_draggable.endeffect = options.endeffect; + + if(options.zindex) + options_for_draggable.zindex = options.zindex; + + // build options for the droppables + var options_for_droppable = { + overlap: options.overlap, + containment: options.containment, + hoverclass: options.hoverclass, + onHover: Sortable.onHover, + greedy: !options.dropOnEmpty + } + + // fix for gecko engine + Element.cleanWhitespace(element); + + options.draggables = []; + options.droppables = []; + + // make it so + + // drop on empty handling + if(options.dropOnEmpty) { + Droppables.add(element, + {containment: options.containment, onHover: Sortable.onEmptyHover, greedy: false}); + options.droppables.push(element); + } + + (this.findElements(element, options) || []).each( function(e) { + // handles are per-draggable + var handle = options.handle ? + Element.childrenWithClassName(e, options.handle)[0] : e; + options.draggables.push( + new Draggable(e, Object.extend(options_for_draggable, { handle: handle }))); + Droppables.add(e, options_for_droppable); + options.droppables.push(e); + }); + + // keep reference + this.sortables.push(options); + + // for onupdate + Draggables.addObserver(new SortableObserver(element, options.onUpdate)); + + }, + + // return all suitable-for-sortable elements in a guaranteed order + findElements: function(element, options) { + if(!element.hasChildNodes()) return null; + var elements = []; + $A(element.childNodes).each( function(e) { + if(e.tagName && e.tagName.toUpperCase()==options.tag.toUpperCase() && + (!options.only || (Element.hasClassName(e, options.only)))) + elements.push(e); + if(options.tree) { + var grandchildren = this.findElements(e, options); + if(grandchildren) elements.push(grandchildren); + } + }); + + return (elements.length>0 ? elements.flatten() : null); + }, + + onHover: function(element, dropon, overlap) { + if(overlap>0.5) { + Sortable.mark(dropon, 'before'); + if(dropon.previousSibling != element) { + var oldParentNode = element.parentNode; + element.style.visibility = "hidden"; // fix gecko rendering + dropon.parentNode.insertBefore(element, dropon); + if(dropon.parentNode!=oldParentNode) + Sortable.options(oldParentNode).onChange(element); + Sortable.options(dropon.parentNode).onChange(element); + } + } else { + Sortable.mark(dropon, 'after'); + var nextElement = dropon.nextSibling || null; + if(nextElement != element) { + var oldParentNode = element.parentNode; + element.style.visibility = "hidden"; // fix gecko rendering + dropon.parentNode.insertBefore(element, nextElement); + if(dropon.parentNode!=oldParentNode) + Sortable.options(oldParentNode).onChange(element); + Sortable.options(dropon.parentNode).onChange(element); + } + } + }, + + onEmptyHover: function(element, dropon) { + if(element.parentNode!=dropon) { + var oldParentNode = element.parentNode; + dropon.appendChild(element); + Sortable.options(oldParentNode).onChange(element); + Sortable.options(dropon).onChange(element); + } + }, + + unmark: function() { + if(Sortable._marker) Element.hide(Sortable._marker); + }, + + mark: function(dropon, position) { + // mark on ghosting only + var sortable = Sortable.options(dropon.parentNode); + if(sortable && !sortable.ghosting) return; + + if(!Sortable._marker) { + Sortable._marker = $('dropmarker') || document.createElement('DIV'); + Element.hide(Sortable._marker); + Element.addClassName(Sortable._marker, 'dropmarker'); + Sortable._marker.style.position = 'absolute'; + document.getElementsByTagName("body").item(0).appendChild(Sortable._marker); + } + var offsets = Position.cumulativeOffset(dropon); + Sortable._marker.style.left = offsets[0] + 'px'; + Sortable._marker.style.top = offsets[1] + 'px'; + + if(position=='after') + if(sortable.overlap == 'horizontal') + Sortable._marker.style.left = (offsets[0]+dropon.clientWidth) + 'px'; + else + Sortable._marker.style.top = (offsets[1]+dropon.clientHeight) + 'px'; + + Element.show(Sortable._marker); + }, + + serialize: function(element) { + element = $(element); + var sortableOptions = this.options(element); + var options = Object.extend({ + tag: sortableOptions.tag, + only: sortableOptions.only, + name: element.id, + format: sortableOptions.format || /^[^_]*_(.*)$/ + }, arguments[1] || {}); + return $(this.findElements(element, options) || []).map( function(item) { + return (encodeURIComponent(options.name) + "[]=" + + encodeURIComponent(item.id.match(options.format) ? item.id.match(options.format)[1] : '')); + }).join("&"); + } +} \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/effects.js b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/effects.js new file mode 100644 index 0000000000..414398ce47 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/effects.js @@ -0,0 +1,854 @@ +// Copyright (c) 2005 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) +// Contributors: +// Justin Palmer (http://encytemedia.com/) +// Mark Pilgrim (http://diveintomark.org/) +// Martin Bialasinki +// +// See scriptaculous.js for full license. + +/* ------------- element ext -------------- */ + +// converts rgb() and #xxx to #xxxxxx format, +// returns self (or first argument) if not convertable +String.prototype.parseColor = function() { + var color = '#'; + if(this.slice(0,4) == 'rgb(') { + var cols = this.slice(4,this.length-1).split(','); + var i=0; do { color += parseInt(cols[i]).toColorPart() } while (++i<3); + } else { + if(this.slice(0,1) == '#') { + if(this.length==4) for(var i=1;i<4;i++) color += (this.charAt(i) + this.charAt(i)).toLowerCase(); + if(this.length==7) color = this.toLowerCase(); + } + } + return(color.length==7 ? color : (arguments[0] || this)); +} + +Element.collectTextNodesIgnoreClass = function(element, ignoreclass) { + var children = $(element).childNodes; + var text = ''; + var classtest = new RegExp('^([^ ]+ )*' + ignoreclass+ '( [^ ]+)*$','i'); + + for (var i = 0; i < children.length; i++) { + if(children[i].nodeType==3) { + text+=children[i].nodeValue; + } else { + if((!children[i].className.match(classtest)) && children[i].hasChildNodes()) + text += Element.collectTextNodesIgnoreClass(children[i], ignoreclass); + } + } + + return text; +} + +Element.setStyle = function(element, style) { + element = $(element); + for(k in style) element.style[k.camelize()] = style[k]; +} + +Element.setContentZoom = function(element, percent) { + Element.setStyle(element, {fontSize: (percent/100) + 'em'}); + if(navigator.appVersion.indexOf('AppleWebKit')>0) window.scrollBy(0,0); +} + +Element.getOpacity = function(element){ + var opacity; + if (opacity = Element.getStyle(element, 'opacity')) + return parseFloat(opacity); + if (opacity = (Element.getStyle(element, 'filter') || '').match(/alpha\(opacity=(.*)\)/)) + if(opacity[1]) return parseFloat(opacity[1]) / 100; + return 1.0; +} + +Element.setOpacity = function(element, value){ + element= $(element); + if (value == 1){ + Element.setStyle(element, { opacity: + (/Gecko/.test(navigator.userAgent) && !/Konqueror|Safari|KHTML/.test(navigator.userAgent)) ? + 0.999999 : null }); + if(/MSIE/.test(navigator.userAgent)) + Element.setStyle(element, {filter: Element.getStyle(element,'filter').replace(/alpha\([^\)]*\)/gi,'')}); + } else { + if(value < 0.00001) value = 0; + Element.setStyle(element, {opacity: value}); + if(/MSIE/.test(navigator.userAgent)) + Element.setStyle(element, + { filter: Element.getStyle(element,'filter').replace(/alpha\([^\)]*\)/gi,'') + + 'alpha(opacity='+value*100+')' }); + } +} + +Element.getInlineOpacity = function(element){ + return $(element).style.opacity || ''; +} + +Element.childrenWithClassName = function(element, className) { + return $A($(element).getElementsByTagName('*')).select( + function(c) { return Element.hasClassName(c, className) }); +} + +Array.prototype.call = function() { + var args = arguments; + this.each(function(f){ f.apply(this, args) }); +} + +/*--------------------------------------------------------------------------*/ + +var Effect = { + tagifyText: function(element) { + var tagifyStyle = 'position:relative'; + if(/MSIE/.test(navigator.userAgent)) tagifyStyle += ';zoom:1'; + element = $(element); + $A(element.childNodes).each( function(child) { + if(child.nodeType==3) { + child.nodeValue.toArray().each( function(character) { + element.insertBefore( + Builder.node('span',{style: tagifyStyle}, + character == ' ' ? String.fromCharCode(160) : character), + child); + }); + Element.remove(child); + } + }); + }, + multiple: function(element, effect) { + var elements; + if(((typeof element == 'object') || + (typeof element == 'function')) && + (element.length)) + elements = element; + else + elements = $(element).childNodes; + + var options = Object.extend({ + speed: 0.1, + delay: 0.0 + }, arguments[2] || {}); + var masterDelay = options.delay; + + $A(elements).each( function(element, index) { + new effect(element, Object.extend(options, { delay: index * options.speed + masterDelay })); + }); + } +}; + +var Effect2 = Effect; // deprecated + +/* ------------- transitions ------------- */ + +Effect.Transitions = {} + +Effect.Transitions.linear = function(pos) { + return pos; +} +Effect.Transitions.sinoidal = function(pos) { + return (-Math.cos(pos*Math.PI)/2) + 0.5; +} +Effect.Transitions.reverse = function(pos) { + return 1-pos; +} +Effect.Transitions.flicker = function(pos) { + return ((-Math.cos(pos*Math.PI)/4) + 0.75) + Math.random()/4; +} +Effect.Transitions.wobble = function(pos) { + return (-Math.cos(pos*Math.PI*(9*pos))/2) + 0.5; +} +Effect.Transitions.pulse = function(pos) { + return (Math.floor(pos*10) % 2 == 0 ? + (pos*10-Math.floor(pos*10)) : 1-(pos*10-Math.floor(pos*10))); +} +Effect.Transitions.none = function(pos) { + return 0; +} +Effect.Transitions.full = function(pos) { + return 1; +} + +/* ------------- core effects ------------- */ + +Effect.Queue = { + effects: [], + _each: function(iterator) { + this.effects._each(iterator); + }, + interval: null, + add: function(effect) { + var timestamp = new Date().getTime(); + + switch(effect.options.queue) { + case 'front': + // move unstarted effects after this effect + this.effects.findAll(function(e){ return e.state=='idle' }).each( function(e) { + e.startOn += effect.finishOn; + e.finishOn += effect.finishOn; + }); + break; + case 'end': + // start effect after last queued effect has finished + timestamp = this.effects.pluck('finishOn').max() || timestamp; + break; + } + + effect.startOn += timestamp; + effect.finishOn += timestamp; + this.effects.push(effect); + if(!this.interval) + this.interval = setInterval(this.loop.bind(this), 40); + }, + remove: function(effect) { + this.effects = this.effects.reject(function(e) { return e==effect }); + if(this.effects.length == 0) { + clearInterval(this.interval); + this.interval = null; + } + }, + loop: function() { + var timePos = new Date().getTime(); + this.effects.invoke('loop', timePos); + } +} +Object.extend(Effect.Queue, Enumerable); + +Effect.Base = function() {}; +Effect.Base.prototype = { + position: null, + setOptions: function(options) { + this.options = Object.extend({ + transition: Effect.Transitions.sinoidal, + duration: 1.0, // seconds + fps: 25.0, // max. 25fps due to Effect.Queue implementation + sync: false, // true for combining + from: 0.0, + to: 1.0, + delay: 0.0, + queue: 'parallel' + }, options || {}); + }, + start: function(options) { + this.setOptions(options || {}); + this.currentFrame = 0; + this.state = 'idle'; + this.startOn = this.options.delay*1000; + this.finishOn = this.startOn + (this.options.duration*1000); + this.event('beforeStart'); + if(!this.options.sync) Effect.Queue.add(this); + }, + loop: function(timePos) { + if(timePos >= this.startOn) { + if(timePos >= this.finishOn) { + this.render(1.0); + this.cancel(); + this.event('beforeFinish'); + if(this.finish) this.finish(); + this.event('afterFinish'); + return; + } + var pos = (timePos - this.startOn) / (this.finishOn - this.startOn); + var frame = Math.round(pos * this.options.fps * this.options.duration); + if(frame > this.currentFrame) { + this.render(pos); + this.currentFrame = frame; + } + } + }, + render: function(pos) { + if(this.state == 'idle') { + this.state = 'running'; + this.event('beforeSetup'); + if(this.setup) this.setup(); + this.event('afterSetup'); + } + if(this.state == 'running') { + if(this.options.transition) pos = this.options.transition(pos); + pos *= (this.options.to-this.options.from); + pos += this.options.from; + this.position = pos; + this.event('beforeUpdate'); + if(this.update) this.update(pos); + this.event('afterUpdate'); + } + }, + cancel: function() { + if(!this.options.sync) Effect.Queue.remove(this); + this.state = 'finished'; + }, + event: function(eventName) { + if(this.options[eventName + 'Internal']) this.options[eventName + 'Internal'](this); + if(this.options[eventName]) this.options[eventName](this); + }, + inspect: function() { + return '#'; + } +} + +Effect.Parallel = Class.create(); +Object.extend(Object.extend(Effect.Parallel.prototype, Effect.Base.prototype), { + initialize: function(effects) { + this.effects = effects || []; + this.start(arguments[1]); + }, + update: function(position) { + this.effects.invoke('render', position); + }, + finish: function(position) { + this.effects.each( function(effect) { + effect.render(1.0); + effect.cancel(); + effect.event('beforeFinish'); + if(effect.finish) effect.finish(position); + effect.event('afterFinish'); + }); + } +}); + +Effect.Opacity = Class.create(); +Object.extend(Object.extend(Effect.Opacity.prototype, Effect.Base.prototype), { + initialize: function(element) { + this.element = $(element); + // make this work on IE on elements without 'layout' + if(/MSIE/.test(navigator.userAgent) && (!this.element.hasLayout)) + Element.setStyle(this.element, {zoom: 1}); + var options = Object.extend({ + from: Element.getOpacity(this.element) || 0.0, + to: 1.0 + }, arguments[1] || {}); + this.start(options); + }, + update: function(position) { + Element.setOpacity(this.element, position); + } +}); + +Effect.MoveBy = Class.create(); +Object.extend(Object.extend(Effect.MoveBy.prototype, Effect.Base.prototype), { + initialize: function(element, toTop, toLeft) { + this.element = $(element); + this.toTop = toTop; + this.toLeft = toLeft; + this.start(arguments[3]); + }, + setup: function() { + // Bug in Opera: Opera returns the "real" position of a static element or + // relative element that does not have top/left explicitly set. + // ==> Always set top and left for position relative elements in your stylesheets + // (to 0 if you do not need them) + Element.makePositioned(this.element); + this.originalTop = parseFloat(Element.getStyle(this.element,'top') || '0'); + this.originalLeft = parseFloat(Element.getStyle(this.element,'left') || '0'); + }, + update: function(position) { + Element.setStyle(this.element, { + top: this.toTop * position + this.originalTop + 'px', + left: this.toLeft * position + this.originalLeft + 'px' + }); + } +}); + +Effect.Scale = Class.create(); +Object.extend(Object.extend(Effect.Scale.prototype, Effect.Base.prototype), { + initialize: function(element, percent) { + this.element = $(element) + var options = Object.extend({ + scaleX: true, + scaleY: true, + scaleContent: true, + scaleFromCenter: false, + scaleMode: 'box', // 'box' or 'contents' or {} with provided values + scaleFrom: 100.0, + scaleTo: percent + }, arguments[2] || {}); + this.start(options); + }, + setup: function() { + this.restoreAfterFinish = this.options.restoreAfterFinish || false; + this.elementPositioning = Element.getStyle(this.element,'position'); + + this.originalStyle = {}; + ['top','left','width','height','fontSize'].each( function(k) { + this.originalStyle[k] = this.element.style[k]; + }.bind(this)); + + this.originalTop = this.element.offsetTop; + this.originalLeft = this.element.offsetLeft; + + var fontSize = Element.getStyle(this.element,'font-size') || '100%'; + ['em','px','%'].each( function(fontSizeType) { + if(fontSize.indexOf(fontSizeType)>0) { + this.fontSize = parseFloat(fontSize); + this.fontSizeType = fontSizeType; + } + }.bind(this)); + + this.factor = (this.options.scaleTo - this.options.scaleFrom)/100; + + this.dims = null; + if(this.options.scaleMode=='box') + this.dims = [this.element.offsetHeight, this.element.offsetWidth]; + if(/^content/.test(this.options.scaleMode)) + this.dims = [this.element.scrollHeight, this.element.scrollWidth]; + if(!this.dims) + this.dims = [this.options.scaleMode.originalHeight, + this.options.scaleMode.originalWidth]; + }, + update: function(position) { + var currentScale = (this.options.scaleFrom/100.0) + (this.factor * position); + if(this.options.scaleContent && this.fontSize) + Element.setStyle(this.element, {fontSize: this.fontSize * currentScale + this.fontSizeType }); + this.setDimensions(this.dims[0] * currentScale, this.dims[1] * currentScale); + }, + finish: function(position) { + if (this.restoreAfterFinish) Element.setStyle(this.element, this.originalStyle); + }, + setDimensions: function(height, width) { + var d = {}; + if(this.options.scaleX) d.width = width + 'px'; + if(this.options.scaleY) d.height = height + 'px'; + if(this.options.scaleFromCenter) { + var topd = (height - this.dims[0])/2; + var leftd = (width - this.dims[1])/2; + if(this.elementPositioning == 'absolute') { + if(this.options.scaleY) d.top = this.originalTop-topd + 'px'; + if(this.options.scaleX) d.left = this.originalLeft-leftd + 'px'; + } else { + if(this.options.scaleY) d.top = -topd + 'px'; + if(this.options.scaleX) d.left = -leftd + 'px'; + } + } + Element.setStyle(this.element, d); + } +}); + +Effect.Highlight = Class.create(); +Object.extend(Object.extend(Effect.Highlight.prototype, Effect.Base.prototype), { + initialize: function(element) { + this.element = $(element); + var options = Object.extend({ startcolor: '#ffff99' }, arguments[1] || {}); + this.start(options); + }, + setup: function() { + // Prevent executing on elements not in the layout flow + if(Element.getStyle(this.element, 'display')=='none') { this.cancel(); return; } + // Disable background image during the effect + this.oldStyle = { + backgroundImage: Element.getStyle(this.element, 'background-image') }; + Element.setStyle(this.element, {backgroundImage: 'none'}); + if(!this.options.endcolor) + this.options.endcolor = Element.getStyle(this.element, 'background-color').parseColor('#ffffff'); + if(!this.options.restorecolor) + this.options.restorecolor = Element.getStyle(this.element, 'background-color'); + // init color calculations + this._base = $R(0,2).map(function(i){ return parseInt(this.options.startcolor.slice(i*2+1,i*2+3),16) }.bind(this)); + this._delta = $R(0,2).map(function(i){ return parseInt(this.options.endcolor.slice(i*2+1,i*2+3),16)-this._base[i] }.bind(this)); + }, + update: function(position) { + Element.setStyle(this.element,{backgroundColor: $R(0,2).inject('#',function(m,v,i){ + return m+(Math.round(this._base[i]+(this._delta[i]*position)).toColorPart()); }.bind(this)) }); + }, + finish: function() { + Element.setStyle(this.element, Object.extend(this.oldStyle, { + backgroundColor: this.options.restorecolor + })); + } +}); + +Effect.ScrollTo = Class.create(); +Object.extend(Object.extend(Effect.ScrollTo.prototype, Effect.Base.prototype), { + initialize: function(element) { + this.element = $(element); + this.start(arguments[1] || {}); + }, + setup: function() { + Position.prepare(); + var offsets = Position.cumulativeOffset(this.element); + if(this.options.offset) offsets[1] += this.options.offset; + var max = window.innerHeight ? + window.height - window.innerHeight : + document.body.scrollHeight - + (document.documentElement.clientHeight ? + document.documentElement.clientHeight : document.body.clientHeight); + this.scrollStart = Position.deltaY; + this.delta = (offsets[1] > max ? max : offsets[1]) - this.scrollStart; + }, + update: function(position) { + Position.prepare(); + window.scrollTo(Position.deltaX, + this.scrollStart + (position*this.delta)); + } +}); + +/* ------------- combination effects ------------- */ + +Effect.Fade = function(element) { + var oldOpacity = Element.getInlineOpacity(element); + var options = Object.extend({ + from: Element.getOpacity(element) || 1.0, + to: 0.0, + afterFinishInternal: function(effect) { with(Element) { + if(effect.options.to!=0) return; + hide(effect.element); + setStyle(effect.element, {opacity: oldOpacity}); }} + }, arguments[1] || {}); + return new Effect.Opacity(element,options); +} + +Effect.Appear = function(element) { + var options = Object.extend({ + from: (Element.getStyle(element, 'display') == 'none' ? 0.0 : Element.getOpacity(element) || 0.0), + to: 1.0, + beforeSetup: function(effect) { with(Element) { + setOpacity(effect.element, effect.options.from); + show(effect.element); }} + }, arguments[1] || {}); + return new Effect.Opacity(element,options); +} + +Effect.Puff = function(element) { + element = $(element); + var oldStyle = { opacity: Element.getInlineOpacity(element), position: Element.getStyle(element, 'position') }; + return new Effect.Parallel( + [ new Effect.Scale(element, 200, + { sync: true, scaleFromCenter: true, scaleContent: true, restoreAfterFinish: true }), + new Effect.Opacity(element, { sync: true, to: 0.0 } ) ], + Object.extend({ duration: 1.0, + beforeSetupInternal: function(effect) { with(Element) { + setStyle(effect.effects[0].element, {position: 'absolute'}); }}, + afterFinishInternal: function(effect) { with(Element) { + hide(effect.effects[0].element); + setStyle(effect.effects[0].element, oldStyle); }} + }, arguments[1] || {}) + ); +} + +Effect.BlindUp = function(element) { + element = $(element); + Element.makeClipping(element); + return new Effect.Scale(element, 0, + Object.extend({ scaleContent: false, + scaleX: false, + restoreAfterFinish: true, + afterFinishInternal: function(effect) { with(Element) { + [hide, undoClipping].call(effect.element); }} + }, arguments[1] || {}) + ); +} + +Effect.BlindDown = function(element) { + element = $(element); + var oldHeight = Element.getStyle(element, 'height'); + var elementDimensions = Element.getDimensions(element); + return new Effect.Scale(element, 100, + Object.extend({ scaleContent: false, + scaleX: false, + scaleFrom: 0, + scaleMode: {originalHeight: elementDimensions.height, originalWidth: elementDimensions.width}, + restoreAfterFinish: true, + afterSetup: function(effect) { with(Element) { + makeClipping(effect.element); + setStyle(effect.element, {height: '0px'}); + show(effect.element); + }}, + afterFinishInternal: function(effect) { with(Element) { + undoClipping(effect.element); + setStyle(effect.element, {height: oldHeight}); + }} + }, arguments[1] || {}) + ); +} + +Effect.SwitchOff = function(element) { + element = $(element); + var oldOpacity = Element.getInlineOpacity(element); + return new Effect.Appear(element, { + duration: 0.4, + from: 0, + transition: Effect.Transitions.flicker, + afterFinishInternal: function(effect) { + new Effect.Scale(effect.element, 1, { + duration: 0.3, scaleFromCenter: true, + scaleX: false, scaleContent: false, restoreAfterFinish: true, + beforeSetup: function(effect) { with(Element) { + [makePositioned,makeClipping].call(effect.element); + }}, + afterFinishInternal: function(effect) { with(Element) { + [hide,undoClipping,undoPositioned].call(effect.element); + setStyle(effect.element, {opacity: oldOpacity}); + }} + }) + } + }); +} + +Effect.DropOut = function(element) { + element = $(element); + var oldStyle = { + top: Element.getStyle(element, 'top'), + left: Element.getStyle(element, 'left'), + opacity: Element.getInlineOpacity(element) }; + return new Effect.Parallel( + [ new Effect.MoveBy(element, 100, 0, { sync: true }), + new Effect.Opacity(element, { sync: true, to: 0.0 }) ], + Object.extend( + { duration: 0.5, + beforeSetup: function(effect) { with(Element) { + makePositioned(effect.effects[0].element); }}, + afterFinishInternal: function(effect) { with(Element) { + [hide, undoPositioned].call(effect.effects[0].element); + setStyle(effect.effects[0].element, oldStyle); }} + }, arguments[1] || {})); +} + +Effect.Shake = function(element) { + element = $(element); + var oldStyle = { + top: Element.getStyle(element, 'top'), + left: Element.getStyle(element, 'left') }; + return new Effect.MoveBy(element, 0, 20, + { duration: 0.05, afterFinishInternal: function(effect) { + new Effect.MoveBy(effect.element, 0, -40, + { duration: 0.1, afterFinishInternal: function(effect) { + new Effect.MoveBy(effect.element, 0, 40, + { duration: 0.1, afterFinishInternal: function(effect) { + new Effect.MoveBy(effect.element, 0, -40, + { duration: 0.1, afterFinishInternal: function(effect) { + new Effect.MoveBy(effect.element, 0, 40, + { duration: 0.1, afterFinishInternal: function(effect) { + new Effect.MoveBy(effect.element, 0, -20, + { duration: 0.05, afterFinishInternal: function(effect) { with(Element) { + undoPositioned(effect.element); + setStyle(effect.element, oldStyle); + }}}) }}) }}) }}) }}) }}); +} + +Effect.SlideDown = function(element) { + element = $(element); + Element.cleanWhitespace(element); + // SlideDown need to have the content of the element wrapped in a container element with fixed height! + var oldInnerBottom = Element.getStyle(element.firstChild, 'bottom'); + var elementDimensions = Element.getDimensions(element); + return new Effect.Scale(element, 100, Object.extend({ + scaleContent: false, + scaleX: false, + scaleFrom: 0, + scaleMode: {originalHeight: elementDimensions.height, originalWidth: elementDimensions.width}, + restoreAfterFinish: true, + afterSetup: function(effect) { with(Element) { + makePositioned(effect.element); + makePositioned(effect.element.firstChild); + if(window.opera) setStyle(effect.element, {top: ''}); + makeClipping(effect.element); + setStyle(effect.element, {height: '0px'}); + show(element); }}, + afterUpdateInternal: function(effect) { with(Element) { + setStyle(effect.element.firstChild, {bottom: + (effect.dims[0] - effect.element.clientHeight) + 'px' }); }}, + afterFinishInternal: function(effect) { with(Element) { + undoClipping(effect.element); + undoPositioned(effect.element.firstChild); + undoPositioned(effect.element); + setStyle(effect.element.firstChild, {bottom: oldInnerBottom}); }} + }, arguments[1] || {}) + ); +} + +Effect.SlideUp = function(element) { + element = $(element); + Element.cleanWhitespace(element); + var oldInnerBottom = Element.getStyle(element.firstChild, 'bottom'); + return new Effect.Scale(element, 0, + Object.extend({ scaleContent: false, + scaleX: false, + scaleMode: 'box', + scaleFrom: 100, + restoreAfterFinish: true, + beforeStartInternal: function(effect) { with(Element) { + makePositioned(effect.element); + makePositioned(effect.element.firstChild); + if(window.opera) setStyle(effect.element, {top: ''}); + makeClipping(effect.element); + show(element); }}, + afterUpdateInternal: function(effect) { with(Element) { + setStyle(effect.element.firstChild, {bottom: + (effect.dims[0] - effect.element.clientHeight) + 'px' }); }}, + afterFinishInternal: function(effect) { with(Element) { + [hide, undoClipping].call(effect.element); + undoPositioned(effect.element.firstChild); + undoPositioned(effect.element); + setStyle(effect.element.firstChild, {bottom: oldInnerBottom}); }} + }, arguments[1] || {}) + ); +} + +// Bug in opera makes the TD containing this element expand for a instance after finish +Effect.Squish = function(element) { + return new Effect.Scale(element, window.opera ? 1 : 0, + { restoreAfterFinish: true, + beforeSetup: function(effect) { with(Element) { + makeClipping(effect.element); }}, + afterFinishInternal: function(effect) { with(Element) { + hide(effect.element); + undoClipping(effect.element); }} + }); +} + +Effect.Grow = function(element) { + element = $(element); + var options = Object.extend({ + direction: 'center', + moveTransistion: Effect.Transitions.sinoidal, + scaleTransition: Effect.Transitions.sinoidal, + opacityTransition: Effect.Transitions.full + }, arguments[1] || {}); + var oldStyle = { + top: element.style.top, + left: element.style.left, + height: element.style.height, + width: element.style.width, + opacity: Element.getInlineOpacity(element) }; + + var dims = Element.getDimensions(element); + var initialMoveX, initialMoveY; + var moveX, moveY; + + switch (options.direction) { + case 'top-left': + initialMoveX = initialMoveY = moveX = moveY = 0; + break; + case 'top-right': + initialMoveX = dims.width; + initialMoveY = moveY = 0; + moveX = -dims.width; + break; + case 'bottom-left': + initialMoveX = moveX = 0; + initialMoveY = dims.height; + moveY = -dims.height; + break; + case 'bottom-right': + initialMoveX = dims.width; + initialMoveY = dims.height; + moveX = -dims.width; + moveY = -dims.height; + break; + case 'center': + initialMoveX = dims.width / 2; + initialMoveY = dims.height / 2; + moveX = -dims.width / 2; + moveY = -dims.height / 2; + break; + } + + return new Effect.MoveBy(element, initialMoveY, initialMoveX, { + duration: 0.01, + beforeSetup: function(effect) { with(Element) { + hide(effect.element); + makeClipping(effect.element); + makePositioned(effect.element); + }}, + afterFinishInternal: function(effect) { + new Effect.Parallel( + [ new Effect.Opacity(effect.element, { sync: true, to: 1.0, from: 0.0, transition: options.opacityTransition }), + new Effect.MoveBy(effect.element, moveY, moveX, { sync: true, transition: options.moveTransition }), + new Effect.Scale(effect.element, 100, { + scaleMode: { originalHeight: dims.height, originalWidth: dims.width }, + sync: true, scaleFrom: window.opera ? 1 : 0, transition: options.scaleTransition, restoreAfterFinish: true}) + ], Object.extend({ + beforeSetup: function(effect) { with(Element) { + setStyle(effect.effects[0].element, {height: '0px'}); + show(effect.effects[0].element); }}, + afterFinishInternal: function(effect) { with(Element) { + [undoClipping, undoPositioned].call(effect.effects[0].element); + setStyle(effect.effects[0].element, oldStyle); }} + }, options) + ) + } + }); +} + +Effect.Shrink = function(element) { + element = $(element); + var options = Object.extend({ + direction: 'center', + moveTransistion: Effect.Transitions.sinoidal, + scaleTransition: Effect.Transitions.sinoidal, + opacityTransition: Effect.Transitions.none + }, arguments[1] || {}); + var oldStyle = { + top: element.style.top, + left: element.style.left, + height: element.style.height, + width: element.style.width, + opacity: Element.getInlineOpacity(element) }; + + var dims = Element.getDimensions(element); + var moveX, moveY; + + switch (options.direction) { + case 'top-left': + moveX = moveY = 0; + break; + case 'top-right': + moveX = dims.width; + moveY = 0; + break; + case 'bottom-left': + moveX = 0; + moveY = dims.height; + break; + case 'bottom-right': + moveX = dims.width; + moveY = dims.height; + break; + case 'center': + moveX = dims.width / 2; + moveY = dims.height / 2; + break; + } + + return new Effect.Parallel( + [ new Effect.Opacity(element, { sync: true, to: 0.0, from: 1.0, transition: options.opacityTransition }), + new Effect.Scale(element, window.opera ? 1 : 0, { sync: true, transition: options.scaleTransition, restoreAfterFinish: true}), + new Effect.MoveBy(element, moveY, moveX, { sync: true, transition: options.moveTransition }) + ], Object.extend({ + beforeStartInternal: function(effect) { with(Element) { + [makePositioned, makeClipping].call(effect.effects[0].element) }}, + afterFinishInternal: function(effect) { with(Element) { + [hide, undoClipping, undoPositioned].call(effect.effects[0].element); + setStyle(effect.effects[0].element, oldStyle); }} + }, options) + ); +} + +Effect.Pulsate = function(element) { + element = $(element); + var options = arguments[1] || {}; + var oldOpacity = Element.getInlineOpacity(element); + var transition = options.transition || Effect.Transitions.sinoidal; + var reverser = function(pos){ return transition(1-Effect.Transitions.pulse(pos)) }; + reverser.bind(transition); + return new Effect.Opacity(element, + Object.extend(Object.extend({ duration: 3.0, from: 0, + afterFinishInternal: function(effect) { Element.setStyle(effect.element, {opacity: oldOpacity}); } + }, options), {transition: reverser})); +} + +Effect.Fold = function(element) { + element = $(element); + var oldStyle = { + top: element.style.top, + left: element.style.left, + width: element.style.width, + height: element.style.height }; + Element.makeClipping(element); + return new Effect.Scale(element, 5, Object.extend({ + scaleContent: false, + scaleX: false, + afterFinishInternal: function(effect) { + new Effect.Scale(element, 1, { + scaleContent: false, + scaleY: false, + afterFinishInternal: function(effect) { with(Element) { + [hide, undoClipping].call(effect.element); + setStyle(effect.element, oldStyle); + }} }); + }}, arguments[1] || {})); +} diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/prototype.js b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/prototype.js new file mode 100644 index 0000000000..e9ccd3c885 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/javascripts/prototype.js @@ -0,0 +1,1785 @@ +/* Prototype JavaScript framework, version 1.4.0 + * (c) 2005 Sam Stephenson + * + * THIS FILE IS AUTOMATICALLY GENERATED. When sending patches, please diff + * against the source tree, available from the Prototype darcs repository. + * + * Prototype is freely distributable under the terms of an MIT-style license. + * + * For details, see the Prototype web site: http://prototype.conio.net/ + * +/*--------------------------------------------------------------------------*/ + +var Prototype = { + Version: '1.4.0', + ScriptFragment: '(?:)((\n|\r|.)*?)(?:<\/script>)', + + emptyFunction: function() {}, + K: function(x) {return x} +} + +var Class = { + create: function() { + return function() { + this.initialize.apply(this, arguments); + } + } +} + +var Abstract = new Object(); + +Object.extend = function(destination, source) { + for (property in source) { + destination[property] = source[property]; + } + return destination; +} + +Object.inspect = function(object) { + try { + if (object == undefined) return 'undefined'; + if (object == null) return 'null'; + return object.inspect ? object.inspect() : object.toString(); + } catch (e) { + if (e instanceof RangeError) return '...'; + throw e; + } +} + +Function.prototype.bind = function() { + var __method = this, args = $A(arguments), object = args.shift(); + return function() { + return __method.apply(object, args.concat($A(arguments))); + } +} + +Function.prototype.bindAsEventListener = function(object) { + var __method = this; + return function(event) { + return __method.call(object, event || window.event); + } +} + +Object.extend(Number.prototype, { + toColorPart: function() { + var digits = this.toString(16); + if (this < 16) return '0' + digits; + return digits; + }, + + succ: function() { + return this + 1; + }, + + times: function(iterator) { + $R(0, this, true).each(iterator); + return this; + } +}); + +var Try = { + these: function() { + var returnValue; + + for (var i = 0; i < arguments.length; i++) { + var lambda = arguments[i]; + try { + returnValue = lambda(); + break; + } catch (e) {} + } + + return returnValue; + } +} + +/*--------------------------------------------------------------------------*/ + +var PeriodicalExecuter = Class.create(); +PeriodicalExecuter.prototype = { + initialize: function(callback, frequency) { + this.callback = callback; + this.frequency = frequency; + this.currentlyExecuting = false; + + this.registerCallback(); + }, + + registerCallback: function() { + setInterval(this.onTimerEvent.bind(this), this.frequency * 1000); + }, + + onTimerEvent: function() { + if (!this.currentlyExecuting) { + try { + this.currentlyExecuting = true; + this.callback(); + } finally { + this.currentlyExecuting = false; + } + } + } +} + +/*--------------------------------------------------------------------------*/ + +function $() { + var elements = new Array(); + + for (var i = 0; i < arguments.length; i++) { + var element = arguments[i]; + if (typeof element == 'string') + element = document.getElementById(element); + + if (arguments.length == 1) + return element; + + elements.push(element); + } + + return elements; +} +Object.extend(String.prototype, { + stripTags: function() { + return this.replace(/<\/?[^>]+>/gi, ''); + }, + + stripScripts: function() { + return this.replace(new RegExp(Prototype.ScriptFragment, 'img'), ''); + }, + + extractScripts: function() { + var matchAll = new RegExp(Prototype.ScriptFragment, 'img'); + var matchOne = new RegExp(Prototype.ScriptFragment, 'im'); + return (this.match(matchAll) || []).map(function(scriptTag) { + return (scriptTag.match(matchOne) || ['', ''])[1]; + }); + }, + + evalScripts: function() { + return this.extractScripts().map(eval); + }, + + escapeHTML: function() { + var div = document.createElement('div'); + var text = document.createTextNode(this); + div.appendChild(text); + return div.innerHTML; + }, + + unescapeHTML: function() { + var div = document.createElement('div'); + div.innerHTML = this.stripTags(); + return div.childNodes[0] ? div.childNodes[0].nodeValue : ''; + }, + + toQueryParams: function() { + var pairs = this.match(/^\??(.*)$/)[1].split('&'); + return pairs.inject({}, function(params, pairString) { + var pair = pairString.split('='); + params[pair[0]] = pair[1]; + return params; + }); + }, + + toArray: function() { + return this.split(''); + }, + + camelize: function() { + var oStringList = this.split('-'); + if (oStringList.length == 1) return oStringList[0]; + + var camelizedString = this.indexOf('-') == 0 + ? oStringList[0].charAt(0).toUpperCase() + oStringList[0].substring(1) + : oStringList[0]; + + for (var i = 1, len = oStringList.length; i < len; i++) { + var s = oStringList[i]; + camelizedString += s.charAt(0).toUpperCase() + s.substring(1); + } + + return camelizedString; + }, + + inspect: function() { + return "'" + this.replace('\\', '\\\\').replace("'", '\\\'') + "'"; + } +}); + +String.prototype.parseQuery = String.prototype.toQueryParams; + +var $break = new Object(); +var $continue = new Object(); + +var Enumerable = { + each: function(iterator) { + var index = 0; + try { + this._each(function(value) { + try { + iterator(value, index++); + } catch (e) { + if (e != $continue) throw e; + } + }); + } catch (e) { + if (e != $break) throw e; + } + }, + + all: function(iterator) { + var result = true; + this.each(function(value, index) { + result = result && !!(iterator || Prototype.K)(value, index); + if (!result) throw $break; + }); + return result; + }, + + any: function(iterator) { + var result = true; + this.each(function(value, index) { + if (result = !!(iterator || Prototype.K)(value, index)) + throw $break; + }); + return result; + }, + + collect: function(iterator) { + var results = []; + this.each(function(value, index) { + results.push(iterator(value, index)); + }); + return results; + }, + + detect: function (iterator) { + var result; + this.each(function(value, index) { + if (iterator(value, index)) { + result = value; + throw $break; + } + }); + return result; + }, + + findAll: function(iterator) { + var results = []; + this.each(function(value, index) { + if (iterator(value, index)) + results.push(value); + }); + return results; + }, + + grep: function(pattern, iterator) { + var results = []; + this.each(function(value, index) { + var stringValue = value.toString(); + if (stringValue.match(pattern)) + results.push((iterator || Prototype.K)(value, index)); + }) + return results; + }, + + include: function(object) { + var found = false; + this.each(function(value) { + if (value == object) { + found = true; + throw $break; + } + }); + return found; + }, + + inject: function(memo, iterator) { + this.each(function(value, index) { + memo = iterator(memo, value, index); + }); + return memo; + }, + + invoke: function(method) { + var args = $A(arguments).slice(1); + return this.collect(function(value) { + return value[method].apply(value, args); + }); + }, + + max: function(iterator) { + var result; + this.each(function(value, index) { + value = (iterator || Prototype.K)(value, index); + if (value >= (result || value)) + result = value; + }); + return result; + }, + + min: function(iterator) { + var result; + this.each(function(value, index) { + value = (iterator || Prototype.K)(value, index); + if (value <= (result || value)) + result = value; + }); + return result; + }, + + partition: function(iterator) { + var trues = [], falses = []; + this.each(function(value, index) { + ((iterator || Prototype.K)(value, index) ? + trues : falses).push(value); + }); + return [trues, falses]; + }, + + pluck: function(property) { + var results = []; + this.each(function(value, index) { + results.push(value[property]); + }); + return results; + }, + + reject: function(iterator) { + var results = []; + this.each(function(value, index) { + if (!iterator(value, index)) + results.push(value); + }); + return results; + }, + + sortBy: function(iterator) { + return this.collect(function(value, index) { + return {value: value, criteria: iterator(value, index)}; + }).sort(function(left, right) { + var a = left.criteria, b = right.criteria; + return a < b ? -1 : a > b ? 1 : 0; + }).pluck('value'); + }, + + toArray: function() { + return this.collect(Prototype.K); + }, + + zip: function() { + var iterator = Prototype.K, args = $A(arguments); + if (typeof args.last() == 'function') + iterator = args.pop(); + + var collections = [this].concat(args).map($A); + return this.map(function(value, index) { + iterator(value = collections.pluck(index)); + return value; + }); + }, + + inspect: function() { + return '#'; + } +} + +Object.extend(Enumerable, { + map: Enumerable.collect, + find: Enumerable.detect, + select: Enumerable.findAll, + member: Enumerable.include, + entries: Enumerable.toArray +}); +var $A = Array.from = function(iterable) { + if (!iterable) return []; + if (iterable.toArray) { + return iterable.toArray(); + } else { + var results = []; + for (var i = 0; i < iterable.length; i++) + results.push(iterable[i]); + return results; + } +} + +Object.extend(Array.prototype, Enumerable); + +Array.prototype._reverse = Array.prototype.reverse; + +Object.extend(Array.prototype, { + _each: function(iterator) { + for (var i = 0; i < this.length; i++) + iterator(this[i]); + }, + + clear: function() { + this.length = 0; + return this; + }, + + first: function() { + return this[0]; + }, + + last: function() { + return this[this.length - 1]; + }, + + compact: function() { + return this.select(function(value) { + return value != undefined || value != null; + }); + }, + + flatten: function() { + return this.inject([], function(array, value) { + return array.concat(value.constructor == Array ? + value.flatten() : [value]); + }); + }, + + without: function() { + var values = $A(arguments); + return this.select(function(value) { + return !values.include(value); + }); + }, + + indexOf: function(object) { + for (var i = 0; i < this.length; i++) + if (this[i] == object) return i; + return -1; + }, + + reverse: function(inline) { + return (inline !== false ? this : this.toArray())._reverse(); + }, + + shift: function() { + var result = this[0]; + for (var i = 0; i < this.length - 1; i++) + this[i] = this[i + 1]; + this.length--; + return result; + }, + + inspect: function() { + return '[' + this.map(Object.inspect).join(', ') + ']'; + } +}); +var Hash = { + _each: function(iterator) { + for (key in this) { + var value = this[key]; + if (typeof value == 'function') continue; + + var pair = [key, value]; + pair.key = key; + pair.value = value; + iterator(pair); + } + }, + + keys: function() { + return this.pluck('key'); + }, + + values: function() { + return this.pluck('value'); + }, + + merge: function(hash) { + return $H(hash).inject($H(this), function(mergedHash, pair) { + mergedHash[pair.key] = pair.value; + return mergedHash; + }); + }, + + toQueryString: function() { + return this.map(function(pair) { + return pair.map(encodeURIComponent).join('='); + }).join('&'); + }, + + inspect: function() { + return '#'; + } +} + +function $H(object) { + var hash = Object.extend({}, object || {}); + Object.extend(hash, Enumerable); + Object.extend(hash, Hash); + return hash; +} +ObjectRange = Class.create(); +Object.extend(ObjectRange.prototype, Enumerable); +Object.extend(ObjectRange.prototype, { + initialize: function(start, end, exclusive) { + this.start = start; + this.end = end; + this.exclusive = exclusive; + }, + + _each: function(iterator) { + var value = this.start; + do { + iterator(value); + value = value.succ(); + } while (this.include(value)); + }, + + include: function(value) { + if (value < this.start) + return false; + if (this.exclusive) + return value < this.end; + return value <= this.end; + } +}); + +var $R = function(start, end, exclusive) { + return new ObjectRange(start, end, exclusive); +} + +var Ajax = { + getTransport: function() { + return Try.these( + function() {return new ActiveXObject('Msxml2.XMLHTTP')}, + function() {return new ActiveXObject('Microsoft.XMLHTTP')}, + function() {return new XMLHttpRequest()} + ) || false; + }, + + activeRequestCount: 0 +} + +Ajax.Responders = { + responders: [], + + _each: function(iterator) { + this.responders._each(iterator); + }, + + register: function(responderToAdd) { + if (!this.include(responderToAdd)) + this.responders.push(responderToAdd); + }, + + unregister: function(responderToRemove) { + this.responders = this.responders.without(responderToRemove); + }, + + dispatch: function(callback, request, transport, json) { + this.each(function(responder) { + if (responder[callback] && typeof responder[callback] == 'function') { + try { + responder[callback].apply(responder, [request, transport, json]); + } catch (e) {} + } + }); + } +}; + +Object.extend(Ajax.Responders, Enumerable); + +Ajax.Responders.register({ + onCreate: function() { + Ajax.activeRequestCount++; + }, + + onComplete: function() { + Ajax.activeRequestCount--; + } +}); + +Ajax.Base = function() {}; +Ajax.Base.prototype = { + setOptions: function(options) { + this.options = { + method: 'post', + asynchronous: true, + parameters: '' + } + Object.extend(this.options, options || {}); + }, + + responseIsSuccess: function() { + return this.transport.status == undefined + || this.transport.status == 0 + || (this.transport.status >= 200 && this.transport.status < 300); + }, + + responseIsFailure: function() { + return !this.responseIsSuccess(); + } +} + +Ajax.Request = Class.create(); +Ajax.Request.Events = + ['Uninitialized', 'Loading', 'Loaded', 'Interactive', 'Complete']; + +Ajax.Request.prototype = Object.extend(new Ajax.Base(), { + initialize: function(url, options) { + this.transport = Ajax.getTransport(); + this.setOptions(options); + this.request(url); + }, + + request: function(url) { + var parameters = this.options.parameters || ''; + if (parameters.length > 0) parameters += '&_='; + + try { + this.url = url; + if (this.options.method == 'get' && parameters.length > 0) + this.url += (this.url.match(/\?/) ? '&' : '?') + parameters; + + Ajax.Responders.dispatch('onCreate', this, this.transport); + + this.transport.open(this.options.method, this.url, + this.options.asynchronous); + + if (this.options.asynchronous) { + this.transport.onreadystatechange = this.onStateChange.bind(this); + setTimeout((function() {this.respondToReadyState(1)}).bind(this), 10); + } + + this.setRequestHeaders(); + + var body = this.options.postBody ? this.options.postBody : parameters; + this.transport.send(this.options.method == 'post' ? body : null); + + } catch (e) { + this.dispatchException(e); + } + }, + + setRequestHeaders: function() { + var requestHeaders = + ['X-Requested-With', 'XMLHttpRequest', + 'X-Prototype-Version', Prototype.Version]; + + if (this.options.method == 'post') { + requestHeaders.push('Content-type', + 'application/x-www-form-urlencoded'); + + /* Force "Connection: close" for Mozilla browsers to work around + * a bug where XMLHttpReqeuest sends an incorrect Content-length + * header. See Mozilla Bugzilla #246651. + */ + if (this.transport.overrideMimeType) + requestHeaders.push('Connection', 'close'); + } + + if (this.options.requestHeaders) + requestHeaders.push.apply(requestHeaders, this.options.requestHeaders); + + for (var i = 0; i < requestHeaders.length; i += 2) + this.transport.setRequestHeader(requestHeaders[i], requestHeaders[i+1]); + }, + + onStateChange: function() { + var readyState = this.transport.readyState; + if (readyState != 1) + this.respondToReadyState(this.transport.readyState); + }, + + header: function(name) { + try { + return this.transport.getResponseHeader(name); + } catch (e) {} + }, + + evalJSON: function() { + try { + return eval(this.header('X-JSON')); + } catch (e) {} + }, + + evalResponse: function() { + try { + return eval(this.transport.responseText); + } catch (e) { + this.dispatchException(e); + } + }, + + respondToReadyState: function(readyState) { + var event = Ajax.Request.Events[readyState]; + var transport = this.transport, json = this.evalJSON(); + + if (event == 'Complete') { + try { + (this.options['on' + this.transport.status] + || this.options['on' + (this.responseIsSuccess() ? 'Success' : 'Failure')] + || Prototype.emptyFunction)(transport, json); + } catch (e) { + this.dispatchException(e); + } + + if ((this.header('Content-type') || '').match(/^text\/javascript/i)) + this.evalResponse(); + } + + try { + (this.options['on' + event] || Prototype.emptyFunction)(transport, json); + Ajax.Responders.dispatch('on' + event, this, transport, json); + } catch (e) { + this.dispatchException(e); + } + + /* Avoid memory leak in MSIE: clean up the oncomplete event handler */ + if (event == 'Complete') + this.transport.onreadystatechange = Prototype.emptyFunction; + }, + + dispatchException: function(exception) { + (this.options.onException || Prototype.emptyFunction)(this, exception); + Ajax.Responders.dispatch('onException', this, exception); + } +}); + +Ajax.Updater = Class.create(); + +Object.extend(Object.extend(Ajax.Updater.prototype, Ajax.Request.prototype), { + initialize: function(container, url, options) { + this.containers = { + success: container.success ? $(container.success) : $(container), + failure: container.failure ? $(container.failure) : + (container.success ? null : $(container)) + } + + this.transport = Ajax.getTransport(); + this.setOptions(options); + + var onComplete = this.options.onComplete || Prototype.emptyFunction; + this.options.onComplete = (function(transport, object) { + this.updateContent(); + onComplete(transport, object); + }).bind(this); + + this.request(url); + }, + + updateContent: function() { + var receiver = this.responseIsSuccess() ? + this.containers.success : this.containers.failure; + var response = this.transport.responseText; + + if (!this.options.evalScripts) + response = response.stripScripts(); + + if (receiver) { + if (this.options.insertion) { + new this.options.insertion(receiver, response); + } else { + Element.update(receiver, response); + } + } + + if (this.responseIsSuccess()) { + if (this.onComplete) + setTimeout(this.onComplete.bind(this), 10); + } + } +}); + +Ajax.PeriodicalUpdater = Class.create(); +Ajax.PeriodicalUpdater.prototype = Object.extend(new Ajax.Base(), { + initialize: function(container, url, options) { + this.setOptions(options); + this.onComplete = this.options.onComplete; + + this.frequency = (this.options.frequency || 2); + this.decay = (this.options.decay || 1); + + this.updater = {}; + this.container = container; + this.url = url; + + this.start(); + }, + + start: function() { + this.options.onComplete = this.updateComplete.bind(this); + this.onTimerEvent(); + }, + + stop: function() { + this.updater.onComplete = undefined; + clearTimeout(this.timer); + (this.onComplete || Prototype.emptyFunction).apply(this, arguments); + }, + + updateComplete: function(request) { + if (this.options.decay) { + this.decay = (request.responseText == this.lastText ? + this.decay * this.options.decay : 1); + + this.lastText = request.responseText; + } + this.timer = setTimeout(this.onTimerEvent.bind(this), + this.decay * this.frequency * 1000); + }, + + onTimerEvent: function() { + this.updater = new Ajax.Updater(this.container, this.url, this.options); + } +}); +document.getElementsByClassName = function(className, parentElement) { + var children = ($(parentElement) || document.body).getElementsByTagName('*'); + return $A(children).inject([], function(elements, child) { + if (child.className.match(new RegExp("(^|\\s)" + className + "(\\s|$)"))) + elements.push(child); + return elements; + }); +} + +/*--------------------------------------------------------------------------*/ + +if (!window.Element) { + var Element = new Object(); +} + +Object.extend(Element, { + visible: function(element) { + return $(element).style.display != 'none'; + }, + + toggle: function() { + for (var i = 0; i < arguments.length; i++) { + var element = $(arguments[i]); + Element[Element.visible(element) ? 'hide' : 'show'](element); + } + }, + + hide: function() { + for (var i = 0; i < arguments.length; i++) { + var element = $(arguments[i]); + element.style.display = 'none'; + } + }, + + show: function() { + for (var i = 0; i < arguments.length; i++) { + var element = $(arguments[i]); + element.style.display = ''; + } + }, + + remove: function(element) { + element = $(element); + element.parentNode.removeChild(element); + }, + + update: function(element, html) { + $(element).innerHTML = html.stripScripts(); + setTimeout(function() {html.evalScripts()}, 10); + }, + + getHeight: function(element) { + element = $(element); + return element.offsetHeight; + }, + + classNames: function(element) { + return new Element.ClassNames(element); + }, + + hasClassName: function(element, className) { + if (!(element = $(element))) return; + return Element.classNames(element).include(className); + }, + + addClassName: function(element, className) { + if (!(element = $(element))) return; + return Element.classNames(element).add(className); + }, + + removeClassName: function(element, className) { + if (!(element = $(element))) return; + return Element.classNames(element).remove(className); + }, + + // removes whitespace-only text node children + cleanWhitespace: function(element) { + element = $(element); + for (var i = 0; i < element.childNodes.length; i++) { + var node = element.childNodes[i]; + if (node.nodeType == 3 && !/\S/.test(node.nodeValue)) + Element.remove(node); + } + }, + + empty: function(element) { + return $(element).innerHTML.match(/^\s*$/); + }, + + scrollTo: function(element) { + element = $(element); + var x = element.x ? element.x : element.offsetLeft, + y = element.y ? element.y : element.offsetTop; + window.scrollTo(x, y); + }, + + getStyle: function(element, style) { + element = $(element); + var value = element.style[style.camelize()]; + if (!value) { + if (document.defaultView && document.defaultView.getComputedStyle) { + var css = document.defaultView.getComputedStyle(element, null); + value = css ? css.getPropertyValue(style) : null; + } else if (element.currentStyle) { + value = element.currentStyle[style.camelize()]; + } + } + + if (window.opera && ['left', 'top', 'right', 'bottom'].include(style)) + if (Element.getStyle(element, 'position') == 'static') value = 'auto'; + + return value == 'auto' ? null : value; + }, + + setStyle: function(element, style) { + element = $(element); + for (name in style) + element.style[name.camelize()] = style[name]; + }, + + getDimensions: function(element) { + element = $(element); + if (Element.getStyle(element, 'display') != 'none') + return {width: element.offsetWidth, height: element.offsetHeight}; + + // All *Width and *Height properties give 0 on elements with display none, + // so enable the element temporarily + var els = element.style; + var originalVisibility = els.visibility; + var originalPosition = els.position; + els.visibility = 'hidden'; + els.position = 'absolute'; + els.display = ''; + var originalWidth = element.clientWidth; + var originalHeight = element.clientHeight; + els.display = 'none'; + els.position = originalPosition; + els.visibility = originalVisibility; + return {width: originalWidth, height: originalHeight}; + }, + + makePositioned: function(element) { + element = $(element); + var pos = Element.getStyle(element, 'position'); + if (pos == 'static' || !pos) { + element._madePositioned = true; + element.style.position = 'relative'; + // Opera returns the offset relative to the positioning context, when an + // element is position relative but top and left have not been defined + if (window.opera) { + element.style.top = 0; + element.style.left = 0; + } + } + }, + + undoPositioned: function(element) { + element = $(element); + if (element._madePositioned) { + element._madePositioned = undefined; + element.style.position = + element.style.top = + element.style.left = + element.style.bottom = + element.style.right = ''; + } + }, + + makeClipping: function(element) { + element = $(element); + if (element._overflow) return; + element._overflow = element.style.overflow; + if ((Element.getStyle(element, 'overflow') || 'visible') != 'hidden') + element.style.overflow = 'hidden'; + }, + + undoClipping: function(element) { + element = $(element); + if (element._overflow) return; + element.style.overflow = element._overflow; + element._overflow = undefined; + } +}); + +var Toggle = new Object(); +Toggle.display = Element.toggle; + +/*--------------------------------------------------------------------------*/ + +Abstract.Insertion = function(adjacency) { + this.adjacency = adjacency; +} + +Abstract.Insertion.prototype = { + initialize: function(element, content) { + this.element = $(element); + this.content = content.stripScripts(); + + if (this.adjacency && this.element.insertAdjacentHTML) { + try { + this.element.insertAdjacentHTML(this.adjacency, this.content); + } catch (e) { + if (this.element.tagName.toLowerCase() == 'tbody') { + this.insertContent(this.contentFromAnonymousTable()); + } else { + throw e; + } + } + } else { + this.range = this.element.ownerDocument.createRange(); + if (this.initializeRange) this.initializeRange(); + this.insertContent([this.range.createContextualFragment(this.content)]); + } + + setTimeout(function() {content.evalScripts()}, 10); + }, + + contentFromAnonymousTable: function() { + var div = document.createElement('div'); + div.innerHTML = '' + this.content + '
    '; + return $A(div.childNodes[0].childNodes[0].childNodes); + } +} + +var Insertion = new Object(); + +Insertion.Before = Class.create(); +Insertion.Before.prototype = Object.extend(new Abstract.Insertion('beforeBegin'), { + initializeRange: function() { + this.range.setStartBefore(this.element); + }, + + insertContent: function(fragments) { + fragments.each((function(fragment) { + this.element.parentNode.insertBefore(fragment, this.element); + }).bind(this)); + } +}); + +Insertion.Top = Class.create(); +Insertion.Top.prototype = Object.extend(new Abstract.Insertion('afterBegin'), { + initializeRange: function() { + this.range.selectNodeContents(this.element); + this.range.collapse(true); + }, + + insertContent: function(fragments) { + fragments.reverse(false).each((function(fragment) { + this.element.insertBefore(fragment, this.element.firstChild); + }).bind(this)); + } +}); + +Insertion.Bottom = Class.create(); +Insertion.Bottom.prototype = Object.extend(new Abstract.Insertion('beforeEnd'), { + initializeRange: function() { + this.range.selectNodeContents(this.element); + this.range.collapse(this.element); + }, + + insertContent: function(fragments) { + fragments.each((function(fragment) { + this.element.appendChild(fragment); + }).bind(this)); + } +}); + +Insertion.After = Class.create(); +Insertion.After.prototype = Object.extend(new Abstract.Insertion('afterEnd'), { + initializeRange: function() { + this.range.setStartAfter(this.element); + }, + + insertContent: function(fragments) { + fragments.each((function(fragment) { + this.element.parentNode.insertBefore(fragment, + this.element.nextSibling); + }).bind(this)); + } +}); + +/*--------------------------------------------------------------------------*/ + +Element.ClassNames = Class.create(); +Element.ClassNames.prototype = { + initialize: function(element) { + this.element = $(element); + }, + + _each: function(iterator) { + this.element.className.split(/\s+/).select(function(name) { + return name.length > 0; + })._each(iterator); + }, + + set: function(className) { + this.element.className = className; + }, + + add: function(classNameToAdd) { + if (this.include(classNameToAdd)) return; + this.set(this.toArray().concat(classNameToAdd).join(' ')); + }, + + remove: function(classNameToRemove) { + if (!this.include(classNameToRemove)) return; + this.set(this.select(function(className) { + return className != classNameToRemove; + }).join(' ')); + }, + + toString: function() { + return this.toArray().join(' '); + } +} + +Object.extend(Element.ClassNames.prototype, Enumerable); +var Field = { + clear: function() { + for (var i = 0; i < arguments.length; i++) + $(arguments[i]).value = ''; + }, + + focus: function(element) { + $(element).focus(); + }, + + present: function() { + for (var i = 0; i < arguments.length; i++) + if ($(arguments[i]).value == '') return false; + return true; + }, + + select: function(element) { + $(element).select(); + }, + + activate: function(element) { + element = $(element); + element.focus(); + if (element.select) + element.select(); + } +} + +/*--------------------------------------------------------------------------*/ + +var Form = { + serialize: function(form) { + var elements = Form.getElements($(form)); + var queryComponents = new Array(); + + for (var i = 0; i < elements.length; i++) { + var queryComponent = Form.Element.serialize(elements[i]); + if (queryComponent) + queryComponents.push(queryComponent); + } + + return queryComponents.join('&'); + }, + + getElements: function(form) { + form = $(form); + var elements = new Array(); + + for (tagName in Form.Element.Serializers) { + var tagElements = form.getElementsByTagName(tagName); + for (var j = 0; j < tagElements.length; j++) + elements.push(tagElements[j]); + } + return elements; + }, + + getInputs: function(form, typeName, name) { + form = $(form); + var inputs = form.getElementsByTagName('input'); + + if (!typeName && !name) + return inputs; + + var matchingInputs = new Array(); + for (var i = 0; i < inputs.length; i++) { + var input = inputs[i]; + if ((typeName && input.type != typeName) || + (name && input.name != name)) + continue; + matchingInputs.push(input); + } + + return matchingInputs; + }, + + disable: function(form) { + var elements = Form.getElements(form); + for (var i = 0; i < elements.length; i++) { + var element = elements[i]; + element.blur(); + element.disabled = 'true'; + } + }, + + enable: function(form) { + var elements = Form.getElements(form); + for (var i = 0; i < elements.length; i++) { + var element = elements[i]; + element.disabled = ''; + } + }, + + findFirstElement: function(form) { + return Form.getElements(form).find(function(element) { + return element.type != 'hidden' && !element.disabled && + ['input', 'select', 'textarea'].include(element.tagName.toLowerCase()); + }); + }, + + focusFirstElement: function(form) { + Field.activate(Form.findFirstElement(form)); + }, + + reset: function(form) { + $(form).reset(); + } +} + +Form.Element = { + serialize: function(element) { + element = $(element); + var method = element.tagName.toLowerCase(); + var parameter = Form.Element.Serializers[method](element); + + if (parameter) { + var key = encodeURIComponent(parameter[0]); + if (key.length == 0) return; + + if (parameter[1].constructor != Array) + parameter[1] = [parameter[1]]; + + return parameter[1].map(function(value) { + return key + '=' + encodeURIComponent(value); + }).join('&'); + } + }, + + getValue: function(element) { + element = $(element); + var method = element.tagName.toLowerCase(); + var parameter = Form.Element.Serializers[method](element); + + if (parameter) + return parameter[1]; + } +} + +Form.Element.Serializers = { + input: function(element) { + switch (element.type.toLowerCase()) { + case 'submit': + case 'hidden': + case 'password': + case 'text': + return Form.Element.Serializers.textarea(element); + case 'checkbox': + case 'radio': + return Form.Element.Serializers.inputSelector(element); + } + return false; + }, + + inputSelector: function(element) { + if (element.checked) + return [element.name, element.value]; + }, + + textarea: function(element) { + return [element.name, element.value]; + }, + + select: function(element) { + return Form.Element.Serializers[element.type == 'select-one' ? + 'selectOne' : 'selectMany'](element); + }, + + selectOne: function(element) { + var value = '', opt, index = element.selectedIndex; + if (index >= 0) { + opt = element.options[index]; + value = opt.value; + if (!value && !('value' in opt)) + value = opt.text; + } + return [element.name, value]; + }, + + selectMany: function(element) { + var value = new Array(); + for (var i = 0; i < element.length; i++) { + var opt = element.options[i]; + if (opt.selected) { + var optValue = opt.value; + if (!optValue && !('value' in opt)) + optValue = opt.text; + value.push(optValue); + } + } + return [element.name, value]; + } +} + +/*--------------------------------------------------------------------------*/ + +var $F = Form.Element.getValue; + +/*--------------------------------------------------------------------------*/ + +Abstract.TimedObserver = function() {} +Abstract.TimedObserver.prototype = { + initialize: function(element, frequency, callback) { + this.frequency = frequency; + this.element = $(element); + this.callback = callback; + + this.lastValue = this.getValue(); + this.registerCallback(); + }, + + registerCallback: function() { + setInterval(this.onTimerEvent.bind(this), this.frequency * 1000); + }, + + onTimerEvent: function() { + var value = this.getValue(); + if (this.lastValue != value) { + this.callback(this.element, value); + this.lastValue = value; + } + } +} + +Form.Element.Observer = Class.create(); +Form.Element.Observer.prototype = Object.extend(new Abstract.TimedObserver(), { + getValue: function() { + return Form.Element.getValue(this.element); + } +}); + +Form.Observer = Class.create(); +Form.Observer.prototype = Object.extend(new Abstract.TimedObserver(), { + getValue: function() { + return Form.serialize(this.element); + } +}); + +/*--------------------------------------------------------------------------*/ + +Abstract.EventObserver = function() {} +Abstract.EventObserver.prototype = { + initialize: function(element, callback) { + this.element = $(element); + this.callback = callback; + + this.lastValue = this.getValue(); + if (this.element.tagName.toLowerCase() == 'form') + this.registerFormCallbacks(); + else + this.registerCallback(this.element); + }, + + onElementEvent: function() { + var value = this.getValue(); + if (this.lastValue != value) { + this.callback(this.element, value); + this.lastValue = value; + } + }, + + registerFormCallbacks: function() { + var elements = Form.getElements(this.element); + for (var i = 0; i < elements.length; i++) + this.registerCallback(elements[i]); + }, + + registerCallback: function(element) { + if (element.type) { + switch (element.type.toLowerCase()) { + case 'checkbox': + case 'radio': + Event.observe(element, 'click', this.onElementEvent.bind(this)); + break; + case 'password': + case 'text': + case 'textarea': + case 'select-one': + case 'select-multiple': + Event.observe(element, 'change', this.onElementEvent.bind(this)); + break; + } + } + } +} + +Form.Element.EventObserver = Class.create(); +Form.Element.EventObserver.prototype = Object.extend(new Abstract.EventObserver(), { + getValue: function() { + return Form.Element.getValue(this.element); + } +}); + +Form.EventObserver = Class.create(); +Form.EventObserver.prototype = Object.extend(new Abstract.EventObserver(), { + getValue: function() { + return Form.serialize(this.element); + } +}); +if (!window.Event) { + var Event = new Object(); +} + +Object.extend(Event, { + KEY_BACKSPACE: 8, + KEY_TAB: 9, + KEY_RETURN: 13, + KEY_ESC: 27, + KEY_LEFT: 37, + KEY_UP: 38, + KEY_RIGHT: 39, + KEY_DOWN: 40, + KEY_DELETE: 46, + + element: function(event) { + return event.target || event.srcElement; + }, + + isLeftClick: function(event) { + return (((event.which) && (event.which == 1)) || + ((event.button) && (event.button == 1))); + }, + + pointerX: function(event) { + return event.pageX || (event.clientX + + (document.documentElement.scrollLeft || document.body.scrollLeft)); + }, + + pointerY: function(event) { + return event.pageY || (event.clientY + + (document.documentElement.scrollTop || document.body.scrollTop)); + }, + + stop: function(event) { + if (event.preventDefault) { + event.preventDefault(); + event.stopPropagation(); + } else { + event.returnValue = false; + event.cancelBubble = true; + } + }, + + // find the first node with the given tagName, starting from the + // node the event was triggered on; traverses the DOM upwards + findElement: function(event, tagName) { + var element = Event.element(event); + while (element.parentNode && (!element.tagName || + (element.tagName.toUpperCase() != tagName.toUpperCase()))) + element = element.parentNode; + return element; + }, + + observers: false, + + _observeAndCache: function(element, name, observer, useCapture) { + if (!this.observers) this.observers = []; + if (element.addEventListener) { + this.observers.push([element, name, observer, useCapture]); + element.addEventListener(name, observer, useCapture); + } else if (element.attachEvent) { + this.observers.push([element, name, observer, useCapture]); + element.attachEvent('on' + name, observer); + } + }, + + unloadCache: function() { + if (!Event.observers) return; + for (var i = 0; i < Event.observers.length; i++) { + Event.stopObserving.apply(this, Event.observers[i]); + Event.observers[i][0] = null; + } + Event.observers = false; + }, + + observe: function(element, name, observer, useCapture) { + var element = $(element); + useCapture = useCapture || false; + + if (name == 'keypress' && + (navigator.appVersion.match(/Konqueror|Safari|KHTML/) + || element.attachEvent)) + name = 'keydown'; + + this._observeAndCache(element, name, observer, useCapture); + }, + + stopObserving: function(element, name, observer, useCapture) { + var element = $(element); + useCapture = useCapture || false; + + if (name == 'keypress' && + (navigator.appVersion.match(/Konqueror|Safari|KHTML/) + || element.detachEvent)) + name = 'keydown'; + + if (element.removeEventListener) { + element.removeEventListener(name, observer, useCapture); + } else if (element.detachEvent) { + element.detachEvent('on' + name, observer); + } + } +}); + +/* prevent memory leaks in IE */ +Event.observe(window, 'unload', Event.unloadCache, false); +var Position = { + // set to true if needed, warning: firefox performance problems + // NOT neeeded for page scrolling, only if draggable contained in + // scrollable elements + includeScrollOffsets: false, + + // must be called before calling withinIncludingScrolloffset, every time the + // page is scrolled + prepare: function() { + this.deltaX = window.pageXOffset + || document.documentElement.scrollLeft + || document.body.scrollLeft + || 0; + this.deltaY = window.pageYOffset + || document.documentElement.scrollTop + || document.body.scrollTop + || 0; + }, + + realOffset: function(element) { + var valueT = 0, valueL = 0; + do { + valueT += element.scrollTop || 0; + valueL += element.scrollLeft || 0; + element = element.parentNode; + } while (element); + return [valueL, valueT]; + }, + + cumulativeOffset: function(element) { + var valueT = 0, valueL = 0; + do { + valueT += element.offsetTop || 0; + valueL += element.offsetLeft || 0; + element = element.offsetParent; + } while (element); + return [valueL, valueT]; + }, + + positionedOffset: function(element) { + var valueT = 0, valueL = 0; + do { + valueT += element.offsetTop || 0; + valueL += element.offsetLeft || 0; + element = element.offsetParent; + if (element) { + p = Element.getStyle(element, 'position'); + if (p == 'relative' || p == 'absolute') break; + } + } while (element); + return [valueL, valueT]; + }, + + offsetParent: function(element) { + if (element.offsetParent) return element.offsetParent; + if (element == document.body) return element; + + while ((element = element.parentNode) && element != document.body) + if (Element.getStyle(element, 'position') != 'static') + return element; + + return document.body; + }, + + // caches x/y coordinate pair to use with overlap + within: function(element, x, y) { + if (this.includeScrollOffsets) + return this.withinIncludingScrolloffsets(element, x, y); + this.xcomp = x; + this.ycomp = y; + this.offset = this.cumulativeOffset(element); + + return (y >= this.offset[1] && + y < this.offset[1] + element.offsetHeight && + x >= this.offset[0] && + x < this.offset[0] + element.offsetWidth); + }, + + withinIncludingScrolloffsets: function(element, x, y) { + var offsetcache = this.realOffset(element); + + this.xcomp = x + offsetcache[0] - this.deltaX; + this.ycomp = y + offsetcache[1] - this.deltaY; + this.offset = this.cumulativeOffset(element); + + return (this.ycomp >= this.offset[1] && + this.ycomp < this.offset[1] + element.offsetHeight && + this.xcomp >= this.offset[0] && + this.xcomp < this.offset[0] + element.offsetWidth); + }, + + // within must be called directly before + overlap: function(mode, element) { + if (!mode) return 0; + if (mode == 'vertical') + return ((this.offset[1] + element.offsetHeight) - this.ycomp) / + element.offsetHeight; + if (mode == 'horizontal') + return ((this.offset[0] + element.offsetWidth) - this.xcomp) / + element.offsetWidth; + }, + + clone: function(source, target) { + source = $(source); + target = $(target); + target.style.position = 'absolute'; + var offsets = this.cumulativeOffset(source); + target.style.top = offsets[1] + 'px'; + target.style.left = offsets[0] + 'px'; + target.style.width = source.offsetWidth + 'px'; + target.style.height = source.offsetHeight + 'px'; + }, + + page: function(forElement) { + var valueT = 0, valueL = 0; + + var element = forElement; + do { + valueT += element.offsetTop || 0; + valueL += element.offsetLeft || 0; + + // Safari fix + if (element.offsetParent==document.body) + if (Element.getStyle(element,'position')=='absolute') break; + + } while (element = element.offsetParent); + + element = forElement; + do { + valueT -= element.scrollTop || 0; + valueL -= element.scrollLeft || 0; + } while (element = element.parentNode); + + return [valueL, valueT]; + }, + + clone: function(source, target) { + var options = Object.extend({ + setLeft: true, + setTop: true, + setWidth: true, + setHeight: true, + offsetTop: 0, + offsetLeft: 0 + }, arguments[2] || {}) + + // find page position of source + source = $(source); + var p = Position.page(source); + + // find coordinate system to use + target = $(target); + var delta = [0, 0]; + var parent = null; + // delta [0,0] will do fine with position: fixed elements, + // position:absolute needs offsetParent deltas + if (Element.getStyle(target,'position') == 'absolute') { + parent = Position.offsetParent(target); + delta = Position.page(parent); + } + + // correct by body offsets (fixes Safari) + if (parent == document.body) { + delta[0] -= document.body.offsetLeft; + delta[1] -= document.body.offsetTop; + } + + // set position + if(options.setLeft) target.style.left = (p[0] - delta[0] + options.offsetLeft) + 'px'; + if(options.setTop) target.style.top = (p[1] - delta[1] + options.offsetTop) + 'px'; + if(options.setWidth) target.style.width = source.offsetWidth + 'px'; + if(options.setHeight) target.style.height = source.offsetHeight + 'px'; + }, + + absolutize: function(element) { + element = $(element); + if (element.style.position == 'absolute') return; + Position.prepare(); + + var offsets = Position.positionedOffset(element); + var top = offsets[1]; + var left = offsets[0]; + var width = element.clientWidth; + var height = element.clientHeight; + + element._originalLeft = left - parseFloat(element.style.left || 0); + element._originalTop = top - parseFloat(element.style.top || 0); + element._originalWidth = element.style.width; + element._originalHeight = element.style.height; + + element.style.position = 'absolute'; + element.style.top = top + 'px';; + element.style.left = left + 'px';; + element.style.width = width + 'px';; + element.style.height = height + 'px';; + }, + + relativize: function(element) { + element = $(element); + if (element.style.position == 'relative') return; + Position.prepare(); + + element.style.position = 'relative'; + var top = parseFloat(element.style.top || 0) - (element._originalTop || 0); + var left = parseFloat(element.style.left || 0) - (element._originalLeft || 0); + + element.style.top = top + 'px'; + element.style.left = left + 'px'; + element.style.height = element._originalHeight; + element.style.width = element._originalWidth; + } +} + +// Safari returns margins on body which is incorrect if the child is absolutely +// positioned. For performance reasons, redefine Position.cumulativeOffset for +// KHTML/WebKit only. +if (/Konqueror|Safari|KHTML/.test(navigator.userAgent)) { + Position.cumulativeOffset = function(element) { + var valueT = 0, valueL = 0; + do { + valueT += element.offsetTop || 0; + valueL += element.offsetLeft || 0; + if (element.offsetParent == document.body) + if (Element.getStyle(element, 'position') == 'absolute') break; + + element = element.offsetParent; + } while (element); + + return [valueL, valueT]; + } +} \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/robots.txt b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/robots.txt new file mode 100644 index 0000000000..4ab9e89fe1 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/public/robots.txt @@ -0,0 +1 @@ +# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/about b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/about new file mode 100644 index 0000000000..7b07d46a30 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/about @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../config/boot' +require 'commands/about' \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/breakpointer b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/breakpointer new file mode 100644 index 0000000000..64af76edd4 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/breakpointer @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../config/boot' +require 'commands/breakpointer' \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/console b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/console new file mode 100644 index 0000000000..42f28f7d6d --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/console @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../config/boot' +require 'commands/console' \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/destroy b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/destroy new file mode 100644 index 0000000000..fa0e6fcd0b --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/destroy @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../config/boot' +require 'commands/destroy' \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/generate b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/generate new file mode 100644 index 0000000000..ef976e09f3 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/generate @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../config/boot' +require 'commands/generate' \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/performance/benchmarker b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/performance/benchmarker new file mode 100644 index 0000000000..c842d35d33 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/performance/benchmarker @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../../config/boot' +require 'commands/performance/benchmarker' diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/performance/profiler b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/performance/profiler new file mode 100644 index 0000000000..d855ac8b13 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/performance/profiler @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../../config/boot' +require 'commands/performance/profiler' diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/plugin b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/plugin new file mode 100644 index 0000000000..26ca64c06b --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/plugin @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../config/boot' +require 'commands/plugin' \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/process/reaper b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/process/reaper new file mode 100644 index 0000000000..c77f04535f --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/process/reaper @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../../config/boot' +require 'commands/process/reaper' diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/process/spawner b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/process/spawner new file mode 100644 index 0000000000..7118f3983c --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/process/spawner @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../../config/boot' +require 'commands/process/spawner' diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/process/spinner b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/process/spinner new file mode 100644 index 0000000000..6816b32ef4 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/process/spinner @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../../config/boot' +require 'commands/process/spinner' diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/runner b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/runner new file mode 100644 index 0000000000..ccc30f9d24 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/runner @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../config/boot' +require 'commands/runner' \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/server b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/server new file mode 100644 index 0000000000..dfabcb8812 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/script/server @@ -0,0 +1,3 @@ +#!/usr/bin/env ruby +require File.dirname(__FILE__) + '/../config/boot' +require 'commands/server' \ No newline at end of file diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/test/functional/login_controller_test.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/test/functional/login_controller_test.rb new file mode 100644 index 0000000000..a21d438250 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/test/functional/login_controller_test.rb @@ -0,0 +1,18 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'login_controller' + +# Re-raise errors caught by the controller. +class LoginController; def rescue_action(e) raise e end; end + +class LoginControllerTest < Test::Unit::TestCase + def setup + @controller = LoginController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + end + + # Replace this with your real tests. + def test_truth + assert true + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/test/functional/server_controller_test.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/test/functional/server_controller_test.rb new file mode 100644 index 0000000000..7afd69e64d --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/test/functional/server_controller_test.rb @@ -0,0 +1,18 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'server_controller' + +# Re-raise errors caught by the controller. +class ServerController; def rescue_action(e) raise e end; end + +class ServerControllerTest < Test::Unit::TestCase + def setup + @controller = ServerController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + end + + # Replace this with your real tests. + def test_truth + assert true + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/test/test_helper.rb b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/test/test_helper.rb new file mode 100644 index 0000000000..a299c7f6db --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/examples/rails_openid/test/test_helper.rb @@ -0,0 +1,28 @@ +ENV["RAILS_ENV"] = "test" +require File.expand_path(File.dirname(__FILE__) + "/../config/environment") +require 'test_help' + +class Test::Unit::TestCase + # Transactional fixtures accelerate your tests by wrapping each test method + # in a transaction that's rolled back on completion. This ensures that the + # test database remains unchanged so your fixtures don't have to be reloaded + # between every test method. Fewer database queries means faster tests. + # + # Read Mike Clark's excellent walkthrough at + # http://clarkware.com/cgi/blosxom/2005/10/24#Rails10FastTesting + # + # Every Active Record database supports transactions except MyISAM tables + # in MySQL. Turn off transactional fixtures in this case; however, if you + # don't care one way or the other, switching from MyISAM to InnoDB tables + # is recommended. + self.use_transactional_fixtures = true + + # Instantiated fixtures are slow, but give you @david where otherwise you + # would need people(:david). If you don't want to migrate your existing + # test cases which use the @david style and don't mind the speed hit (each + # instantiated fixtures translates to a database query per test method), + # then set this back to true. + self.use_instantiated_fixtures = false + + # Add more helper methods to be used by all tests here... +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/hmac/hmac.rb b/vendor/gems/ruby-openid-2.1.4/lib/hmac/hmac.rb new file mode 100644 index 0000000000..e8bfa42bca --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/hmac/hmac.rb @@ -0,0 +1,112 @@ +# Copyright (C) 2001 Daiki Ueno +# This library is distributed under the terms of the Ruby license. + +# This module provides common interface to HMAC engines. +# HMAC standard is documented in RFC 2104: +# +# H. Krawczyk et al., "HMAC: Keyed-Hashing for Message Authentication", +# RFC 2104, February 1997 +# +# These APIs are inspired by JCE 1.2's javax.crypto.Mac interface. +# +# + +module HMAC + class Base + def initialize(algorithm, block_size, output_length, key) + @algorithm = algorithm + @block_size = block_size + @output_length = output_length + @status = STATUS_UNDEFINED + @key_xor_ipad = '' + @key_xor_opad = '' + set_key(key) unless key.nil? + end + + private + def check_status + unless @status == STATUS_INITIALIZED + raise RuntimeError, + "The underlying hash algorithm has not yet been initialized." + end + end + + public + def set_key(key) + # If key is longer than the block size, apply hash function + # to key and use the result as a real key. + key = @algorithm.digest(key) if key.size > @block_size + key_xor_ipad = "\x36" * @block_size + key_xor_opad = "\x5C" * @block_size + for i in 0 .. key.size - 1 + key_xor_ipad[i] ^= key[i] + key_xor_opad[i] ^= key[i] + end + @key_xor_ipad = key_xor_ipad + @key_xor_opad = key_xor_opad + @md = @algorithm.new + @status = STATUS_INITIALIZED + end + + def reset_key + @key_xor_ipad.gsub!(/./, '?') + @key_xor_opad.gsub!(/./, '?') + @key_xor_ipad[0..-1] = '' + @key_xor_opad[0..-1] = '' + @status = STATUS_UNDEFINED + end + + def update(text) + check_status + # perform inner H + md = @algorithm.new + md.update(@key_xor_ipad) + md.update(text) + str = md.digest + # perform outer H + md = @algorithm.new + md.update(@key_xor_opad) + md.update(str) + @md = md + end + alias << update + + def digest + check_status + @md.digest + end + + def hexdigest + check_status + @md.hexdigest + end + alias to_s hexdigest + + # These two class methods below are safer than using above + # instance methods combinatorially because an instance will have + # held a key even if it's no longer in use. + def Base.digest(key, text) + begin + hmac = self.new(key) + hmac.update(text) + hmac.digest + ensure + hmac.reset_key + end + end + + def Base.hexdigest(key, text) + begin + hmac = self.new(key) + hmac.update(text) + hmac.hexdigest + ensure + hmac.reset_key + end + end + + private_class_method :new, :digest, :hexdigest + end + + STATUS_UNDEFINED, STATUS_INITIALIZED = 0, 1 +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/hmac/sha1.rb b/vendor/gems/ruby-openid-2.1.4/lib/hmac/sha1.rb new file mode 100644 index 0000000000..d2f0088a3b --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/hmac/sha1.rb @@ -0,0 +1,11 @@ +require 'hmac/hmac' +require 'digest/sha1' + +module HMAC + class SHA1 < Base + def initialize(key = nil) + super(Digest::SHA1, 64, 20, key) + end + public_class_method :new, :digest, :hexdigest + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/hmac/sha2.rb b/vendor/gems/ruby-openid-2.1.4/lib/hmac/sha2.rb new file mode 100644 index 0000000000..0412ba4086 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/hmac/sha2.rb @@ -0,0 +1,25 @@ +require 'hmac/hmac' +require 'digest/sha2' + +module HMAC + class SHA256 < Base + def initialize(key = nil) + super(Digest::SHA256, 64, 32, key) + end + public_class_method :new, :digest, :hexdigest + end + + class SHA384 < Base + def initialize(key = nil) + super(Digest::SHA384, 128, 48, key) + end + public_class_method :new, :digest, :hexdigest + end + + class SHA512 < Base + def initialize(key = nil) + super(Digest::SHA512, 128, 64, key) + end + public_class_method :new, :digest, :hexdigest + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid.rb new file mode 100644 index 0000000000..0a5643451d --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid.rb @@ -0,0 +1,20 @@ +# Copyright 2006-2007 JanRain, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you +# may not use this file except in compliance with the License. You may +# obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. + +module OpenID + VERSION = "2.1.4" +end + +require "openid/consumer" +require 'openid/server' diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/association.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/association.rb new file mode 100644 index 0000000000..fd2cd59916 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/association.rb @@ -0,0 +1,249 @@ +require "openid/kvform" +require "openid/util" +require "openid/cryptutil" +require "openid/message" + +module OpenID + + def self.get_secret_size(assoc_type) + if assoc_type == 'HMAC-SHA1' + return 20 + elsif assoc_type == 'HMAC-SHA256' + return 32 + else + raise ArgumentError("Unsupported association type: #{assoc_type}") + end + end + + # An Association holds the shared secret between a relying party and + # an OpenID provider. + class Association + attr_reader :handle, :secret, :issued, :lifetime, :assoc_type + + FIELD_ORDER = + [:version, :handle, :secret, :issued, :lifetime, :assoc_type,] + + # Load a serialized Association + def self.deserialize(serialized) + parsed = Util.kv_to_seq(serialized) + parsed_fields = parsed.map{|k, v| k.to_sym} + if parsed_fields != FIELD_ORDER + raise ProtocolError, 'Unexpected fields in serialized association'\ + " (Expected #{FIELD_ORDER.inspect}, got #{parsed_fields.inspect})" + end + version, handle, secret64, issued_s, lifetime_s, assoc_type = + parsed.map {|field, value| value} + if version != '2' + raise ProtocolError, "Attempted to deserialize unsupported version "\ + "(#{parsed[0][1].inspect})" + end + + self.new(handle, + Util.from_base64(secret64), + Time.at(issued_s.to_i), + lifetime_s.to_i, + assoc_type) + end + + # Create an Association with an issued time of now + def self.from_expires_in(expires_in, handle, secret, assoc_type) + issued = Time.now + self.new(handle, secret, issued, expires_in, assoc_type) + end + + def initialize(handle, secret, issued, lifetime, assoc_type) + @handle = handle + @secret = secret + @issued = issued + @lifetime = lifetime + @assoc_type = assoc_type + end + + # Serialize the association to a form that's consistent across + # JanRain OpenID libraries. + def serialize + data = { + :version => '2', + :handle => handle, + :secret => Util.to_base64(secret), + :issued => issued.to_i.to_s, + :lifetime => lifetime.to_i.to_s, + :assoc_type => assoc_type, + } + + Util.assert(data.length == FIELD_ORDER.length) + + pairs = FIELD_ORDER.map{|field| [field.to_s, data[field]]} + return Util.seq_to_kv(pairs, strict=true) + end + + # The number of seconds until this association expires + def expires_in(now=nil) + if now.nil? + now = Time.now.to_i + else + now = now.to_i + end + time_diff = (issued.to_i + lifetime) - now + if time_diff < 0 + return 0 + else + return time_diff + end + end + + # Generate a signature for a sequence of [key, value] pairs + def sign(pairs) + kv = Util.seq_to_kv(pairs) + case assoc_type + when 'HMAC-SHA1' + CryptUtil.hmac_sha1(@secret, kv) + when 'HMAC-SHA256' + CryptUtil.hmac_sha256(@secret, kv) + else + raise ProtocolError, "Association has unknown type: "\ + "#{assoc_type.inspect}" + end + end + + # Generate the list of pairs that form the signed elements of the + # given message + def make_pairs(message) + signed = message.get_arg(OPENID_NS, 'signed') + if signed.nil? + raise ProtocolError, 'Missing signed list' + end + signed_fields = signed.split(',', -1) + data = message.to_post_args + signed_fields.map {|field| [field, data.fetch('openid.'+field,'')] } + end + + # Return whether the message's signature passes + def check_message_signature(message) + message_sig = message.get_arg(OPENID_NS, 'sig') + if message_sig.nil? + raise ProtocolError, "#{message} has no sig." + end + calculated_sig = get_message_signature(message) + return calculated_sig == message_sig + end + + # Get the signature for this message + def get_message_signature(message) + Util.to_base64(sign(make_pairs(message))) + end + + def ==(other) + (other.class == self.class and + other.handle == self.handle and + other.secret == self.secret and + + # The internals of the time objects seemed to differ + # in an opaque way when serializing/unserializing. + # I don't think this will be a problem. + other.issued.to_i == self.issued.to_i and + + other.lifetime == self.lifetime and + other.assoc_type == self.assoc_type) + end + + # Add a signature (and a signed list) to a message. + def sign_message(message) + if (message.has_key?(OPENID_NS, 'sig') or + message.has_key?(OPENID_NS, 'signed')) + raise ArgumentError, 'Message already has signed list or signature' + end + + extant_handle = message.get_arg(OPENID_NS, 'assoc_handle') + if extant_handle and extant_handle != self.handle + raise ArgumentError, "Message has a different association handle" + end + + signed_message = message.copy() + signed_message.set_arg(OPENID_NS, 'assoc_handle', self.handle) + message_keys = signed_message.to_post_args.keys() + + signed_list = [] + message_keys.each { |k| + if k.starts_with?('openid.') + signed_list << k[7..-1] + end + } + + signed_list << 'signed' + signed_list.sort! + + signed_message.set_arg(OPENID_NS, 'signed', signed_list.join(',')) + sig = get_message_signature(signed_message) + signed_message.set_arg(OPENID_NS, 'sig', sig) + return signed_message + end + end + + class AssociationNegotiator + attr_reader :allowed_types + + def self.get_session_types(assoc_type) + case assoc_type + when 'HMAC-SHA1' + ['DH-SHA1', 'no-encryption'] + when 'HMAC-SHA256' + ['DH-SHA256', 'no-encryption'] + else + raise ProtocolError, "Unknown association type #{assoc_type.inspect}" + end + end + + def self.check_session_type(assoc_type, session_type) + if !get_session_types(assoc_type).include?(session_type) + raise ProtocolError, "Session type #{session_type.inspect} not "\ + "valid for association type #{assoc_type.inspect}" + end + end + + def initialize(allowed_types) + self.allowed_types=(allowed_types) + end + + def copy + Marshal.load(Marshal.dump(self)) + end + + def allowed_types=(allowed_types) + allowed_types.each do |assoc_type, session_type| + self.class.check_session_type(assoc_type, session_type) + end + @allowed_types = allowed_types + end + + def add_allowed_type(assoc_type, session_type=nil) + if session_type.nil? + session_types = self.class.get_session_types(assoc_type) + else + self.class.check_session_type(assoc_type, session_type) + session_types = [session_type] + end + for session_type in session_types do + @allowed_types << [assoc_type, session_type] + end + end + + def allowed?(assoc_type, session_type) + @allowed_types.include?([assoc_type, session_type]) + end + + def get_allowed_type + @allowed_types.empty? ? nil : @allowed_types[0] + end + end + + DefaultNegotiator = + AssociationNegotiator.new([['HMAC-SHA1', 'DH-SHA1'], + ['HMAC-SHA1', 'no-encryption'], + ['HMAC-SHA256', 'DH-SHA256'], + ['HMAC-SHA256', 'no-encryption']]) + + EncryptedNegotiator = + AssociationNegotiator.new([['HMAC-SHA1', 'DH-SHA1'], + ['HMAC-SHA256', 'DH-SHA256']]) +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer.rb new file mode 100644 index 0000000000..afe025a00b --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer.rb @@ -0,0 +1,395 @@ +require "openid/consumer/idres.rb" +require "openid/consumer/checkid_request.rb" +require "openid/consumer/associationmanager.rb" +require "openid/consumer/responses.rb" +require "openid/consumer/discovery_manager" +require "openid/consumer/discovery" +require "openid/message" +require "openid/yadis/discovery" +require "openid/store/nonce" + +module OpenID + # OpenID support for Relying Parties (aka Consumers). + # + # This module documents the main interface with the OpenID consumer + # library. The only part of the library which has to be used and + # isn't documented in full here is the store required to create an + # Consumer instance. + # + # = OVERVIEW + # + # The OpenID identity verification process most commonly uses the + # following steps, as visible to the user of this library: + # + # 1. The user enters their OpenID into a field on the consumer's + # site, and hits a login button. + # + # 2. The consumer site discovers the user's OpenID provider using + # the Yadis protocol. + # + # 3. The consumer site sends the browser a redirect to the OpenID + # provider. This is the authentication request as described in + # the OpenID specification. + # + # 4. The OpenID provider's site sends the browser a redirect back to + # the consumer site. This redirect contains the provider's + # response to the authentication request. + # + # The most important part of the flow to note is the consumer's site + # must handle two separate HTTP requests in order to perform the + # full identity check. + # + # = LIBRARY DESIGN + # + # This consumer library is designed with that flow in mind. The + # goal is to make it as easy as possible to perform the above steps + # securely. + # + # At a high level, there are two important parts in the consumer + # library. The first important part is this module, which contains + # the interface to actually use this library. The second is + # openid/store/interface.rb, which describes the interface to use if + # you need to create a custom method for storing the state this + # library needs to maintain between requests. + # + # In general, the second part is less important for users of the + # library to know about, as several implementations are provided + # which cover a wide variety of situations in which consumers may + # use the library. + # + # The Consumer class has methods corresponding to the actions + # necessary in each of steps 2, 3, and 4 described in the overview. + # Use of this library should be as easy as creating an Consumer + # instance and calling the methods appropriate for the action the + # site wants to take. + # + # This library automatically detects which version of the OpenID + # protocol should be used for a transaction and constructs the + # proper requests and responses. Users of this library do not need + # to worry about supporting multiple protocol versions; the library + # supports them implicitly. Depending on the version of the + # protocol in use, the OpenID transaction may be more secure. See + # the OpenID specifications for more information. + # + # = SESSIONS, STORES, AND STATELESS MODE + # + # The Consumer object keeps track of two types of state: + # + # 1. State of the user's current authentication attempt. Things + # like the identity URL, the list of endpoints discovered for + # that URL, and in case where some endpoints are unreachable, the + # list of endpoints already tried. This state needs to be held + # from Consumer.begin() to Consumer.complete(), but it is only + # applicable to a single session with a single user agent, and at + # the end of the authentication process (i.e. when an OP replies + # with either id_res. or cancel it may be + # discarded. + # + # 2. State of relationships with servers, i.e. shared secrets + # (associations) with servers and nonces seen on signed messages. + # This information should persist from one session to the next + # and should not be bound to a particular user-agent. + # + # These two types of storage are reflected in the first two + # arguments of Consumer's constructor, session and + # store. session is a dict-like object and we + # hope your web framework provides you with one of these bound to + # the user agent. store is an instance of Store. + # + # Since the store does hold secrets shared between your application + # and the OpenID provider, you should be careful about how you use + # it in a shared hosting environment. If the filesystem or database + # permissions of your web host allow strangers to read from them, do + # not store your data there! If you have no safe place to store + # your data, construct your consumer with nil for the store, and it + # will operate only in stateless mode. Stateless mode may be + # slower, put more load on the OpenID provider, and trusts the + # provider to keep you safe from replay attacks. + # + # Several store implementation are provided, and the interface is + # fully documented so that custom stores can be used as well. See + # the documentation for the Consumer class for more information on + # the interface for stores. The implementations that are provided + # allow the consumer site to store the necessary data in several + # different ways, including several SQL databases and normal files + # on disk. + # + # = IMMEDIATE MODE + # + # In the flow described above, the user may need to confirm to the + # OpenID provider that it's ok to disclose his or her identity. The + # provider may draw pages asking for information from the user + # before it redirects the browser back to the consumer's site. This + # is generally transparent to the consumer site, so it is typically + # ignored as an implementation detail. + # + # There can be times, however, where the consumer site wants to get + # a response immediately. When this is the case, the consumer can + # put the library in immediate mode. In immediate mode, there is an + # extra response possible from the server, which is essentially the + # server reporting that it doesn't have enough information to answer + # the question yet. + # + # = USING THIS LIBRARY + # + # Integrating this library into an application is usually a + # relatively straightforward process. The process should basically + # follow this plan: + # + # Add an OpenID login field somewhere on your site. When an OpenID + # is entered in that field and the form is submitted, it should make + # a request to the your site which includes that OpenID URL. + # + # First, the application should instantiate a Consumer with a + # session for per-user state and store for shared state using the + # store of choice. + # + # Next, the application should call the begin method of + # Consumer instance. This method takes the OpenID URL as entered by + # the user. The begin method returns a CheckIDRequest + # object. + # + # Next, the application should call the redirect_url method on the + # CheckIDRequest object. The parameter return_to is the + # URL that the OpenID server will send the user back to after + # attempting to verify his or her identity. The realm + # parameter is the URL (or URL pattern) that identifies your web + # site to the user when he or she is authorizing it. Send a + # redirect to the resulting URL to the user's browser. + # + # That's the first half of the authentication process. The second + # half of the process is done after the user's OpenID Provider sends + # the user's browser a redirect back to your site to complete their + # login. + # + # When that happens, the user will contact your site at the URL + # given as the return_to URL to the redirect_url call made + # above. The request will have several query parameters added to + # the URL by the OpenID provider as the information necessary to + # finish the request. + # + # Get a Consumer instance with the same session and store as before + # and call its complete() method, passing in all the received query + # arguments and URL currently being handled. + # + # There are multiple possible return types possible from that + # method. These indicate the whether or not the login was + # successful, and include any additional information appropriate for + # their type. + class Consumer + attr_accessor :session_key_prefix + + # Initialize a Consumer instance. + # + # You should create a new instance of the Consumer object with + # every HTTP request that handles OpenID transactions. + # + # session: the session object to use to store request information. + # The session should behave like a hash. + # + # store: an object that implements the interface in Store. + def initialize(session, store) + @session = session + @store = store + @session_key_prefix = 'OpenID::Consumer::' + end + + # Start the OpenID authentication process. See steps 1-2 in the + # overview for the Consumer class. + # + # user_url: Identity URL given by the user. This method performs a + # textual transformation of the URL to try and make sure it is + # normalized. For example, a user_url of example.com will be + # normalized to http://example.com/ normalizing and resolving any + # redirects the server might issue. + # + # anonymous: A boolean value. Whether to make an anonymous + # request of the OpenID provider. Such a request does not ask for + # an authorization assertion for an OpenID identifier, but may be + # used with extensions to pass other data. e.g. "I don't care who + # you are, but I'd like to know your time zone." + # + # Returns a CheckIDRequest object containing the discovered + # information, with a method for building a redirect URL to the + # server, as described in step 3 of the overview. This object may + # also be used to add extension arguments to the request, using + # its add_extension_arg method. + # + # Raises DiscoveryFailure when no OpenID server can be found for + # this URL. + def begin(openid_identifier, anonymous=false) + manager = discovery_manager(openid_identifier) + service = manager.get_next_service(&method(:discover)) + + if service.nil? + raise DiscoveryFailure.new("No usable OpenID services were found "\ + "for #{openid_identifier.inspect}", nil) + else + begin_without_discovery(service, anonymous) + end + end + + # Start OpenID verification without doing OpenID server + # discovery. This method is used internally by Consumer.begin() + # after discovery is performed, and exists to provide an interface + # for library users needing to perform their own discovery. + # + # service: an OpenID service endpoint descriptor. This object and + # factories for it are found in the openid/consumer/discovery.rb + # module. + # + # Returns an OpenID authentication request object. + def begin_without_discovery(service, anonymous) + assoc = association_manager(service).get_association + checkid_request = CheckIDRequest.new(assoc, service) + checkid_request.anonymous = anonymous + + if service.compatibility_mode + rt_args = checkid_request.return_to_args + rt_args[Consumer.openid1_return_to_nonce_name] = Nonce.mk_nonce + rt_args[Consumer.openid1_return_to_claimed_id_name] = + service.claimed_id + end + + self.last_requested_endpoint = service + return checkid_request + end + + # Called to interpret the server's response to an OpenID + # request. It is called in step 4 of the flow described in the + # Consumer overview. + # + # query: A hash of the query parameters for this HTTP request. + # Note that in rails, this is not params but + # params.reject{|k,v|request.path_parameters[k]} + # because controller and action and other + # "path parameters" are included in params. + # + # current_url: Extract the URL of the current request from your + # application's web request framework and specify it here to have it + # checked against the openid.return_to value in the response. Do not + # just pass args['openid.return_to'] here; that will defeat the + # purpose of this check. (See OpenID Authentication 2.0 section 11.1.) + # + # If the return_to URL check fails, the status of the completion will be + # FAILURE. + + # + # Returns a subclass of Response. The type of response is + # indicated by the status attribute, which will be one of + # SUCCESS, CANCEL, FAILURE, or SETUP_NEEDED. + def complete(query, current_url) + message = Message.from_post_args(query) + mode = message.get_arg(OPENID_NS, 'mode', 'invalid') + begin + meth = method('complete_' + mode) + rescue NameError + meth = method(:complete_invalid) + end + response = meth.call(message, current_url) + cleanup_last_requested_endpoint + if [SUCCESS, CANCEL].member?(response.status) + cleanup_session + end + return response + end + + protected + + def session_get(name) + @session[session_key(name)] + end + + def session_set(name, val) + @session[session_key(name)] = val + end + + def session_key(suffix) + @session_key_prefix + suffix + end + + def last_requested_endpoint + session_get('last_requested_endpoint') + end + + def last_requested_endpoint=(endpoint) + session_set('last_requested_endpoint', endpoint) + end + + def cleanup_last_requested_endpoint + @session[session_key('last_requested_endpoint')] = nil + end + + def discovery_manager(openid_identifier) + DiscoveryManager.new(@session, openid_identifier, @session_key_prefix) + end + + def cleanup_session + discovery_manager(nil).cleanup(true) + end + + + def discover(identifier) + OpenID.discover(identifier) + end + + def negotiator + DefaultNegotiator + end + + def association_manager(service) + AssociationManager.new(@store, service.server_url, + service.compatibility_mode, negotiator) + end + + def handle_idres(message, current_url) + IdResHandler.new(message, current_url, @store, last_requested_endpoint) + end + + def complete_invalid(message, unused_return_to) + mode = message.get_arg(OPENID_NS, 'mode', '') + return FailureResponse.new(last_requested_endpoint, + "Invalid openid.mode: #{mode}") + end + + def complete_cancel(unused_message, unused_return_to) + return CancelResponse.new(last_requested_endpoint) + end + + def complete_error(message, unused_return_to) + error = message.get_arg(OPENID_NS, 'error') + contact = message.get_arg(OPENID_NS, 'contact') + reference = message.get_arg(OPENID_NS, 'reference') + + return FailureResponse.new(last_requested_endpoint, + error, contact, reference) + end + + def complete_setup_needed(message, unused_return_to) + if message.is_openid1 + return complete_invalid(message, nil) + else + setup_url = message.get_arg(OPENID2_NS, 'user_setup_url') + return SetupNeededResponse.new(last_requested_endpoint, setup_url) + end + end + + def complete_id_res(message, current_url) + if message.is_openid1 + setup_url = message.get_arg(OPENID1_NS, 'user_setup_url') + if !setup_url.nil? + return SetupNeededResponse.new(last_requested_endpoint, setup_url) + end + end + + begin + idres = handle_idres(message, current_url) + rescue OpenIDError => why + return FailureResponse.new(last_requested_endpoint, why.message) + else + return SuccessResponse.new(idres.endpoint, message, + idres.signed_fields) + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/associationmanager.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/associationmanager.rb new file mode 100644 index 0000000000..51c0f3d25e --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/associationmanager.rb @@ -0,0 +1,340 @@ +require "openid/dh" +require "openid/util" +require "openid/kvpost" +require "openid/cryptutil" +require "openid/protocolerror" +require "openid/association" + +module OpenID + class Consumer + + # A superclass for implementing Diffie-Hellman association sessions. + class DiffieHellmanSession + class << self + attr_reader :session_type, :secret_size, :allowed_assoc_types, + :hashfunc + end + + def initialize(dh=nil) + if dh.nil? + dh = DiffieHellman.from_defaults + end + @dh = dh + end + + # Return the query parameters for requesting an association + # using this Diffie-Hellman association session + def get_request + args = {'dh_consumer_public' => CryptUtil.num_to_base64(@dh.public)} + if (!@dh.using_default_values?) + args['dh_modulus'] = CryptUtil.num_to_base64(@dh.modulus) + args['dh_gen'] = CryptUtil.num_to_base64(@dh.generator) + end + + return args + end + + # Process the response from a successful association request and + # return the shared secret for this association + def extract_secret(response) + dh_server_public64 = response.get_arg(OPENID_NS, 'dh_server_public', + NO_DEFAULT) + enc_mac_key64 = response.get_arg(OPENID_NS, 'enc_mac_key', NO_DEFAULT) + dh_server_public = CryptUtil.base64_to_num(dh_server_public64) + enc_mac_key = Util.from_base64(enc_mac_key64) + return @dh.xor_secret(self.class.hashfunc, + dh_server_public, enc_mac_key) + end + end + + # A Diffie-Hellman association session that uses SHA1 as its hash + # function + class DiffieHellmanSHA1Session < DiffieHellmanSession + @session_type = 'DH-SHA1' + @secret_size = 20 + @allowed_assoc_types = ['HMAC-SHA1'] + @hashfunc = CryptUtil.method(:sha1) + end + + # A Diffie-Hellman association session that uses SHA256 as its hash + # function + class DiffieHellmanSHA256Session < DiffieHellmanSession + @session_type = 'DH-SHA256' + @secret_size = 32 + @allowed_assoc_types = ['HMAC-SHA256'] + @hashfunc = CryptUtil.method(:sha256) + end + + # An association session that does not use encryption + class NoEncryptionSession + class << self + attr_reader :session_type, :allowed_assoc_types + end + @session_type = 'no-encryption' + @allowed_assoc_types = ['HMAC-SHA1', 'HMAC-SHA256'] + + def get_request + return {} + end + + def extract_secret(response) + mac_key64 = response.get_arg(OPENID_NS, 'mac_key', NO_DEFAULT) + return Util.from_base64(mac_key64) + end + end + + # An object that manages creating and storing associations for an + # OpenID provider endpoint + class AssociationManager + def self.create_session(session_type) + case session_type + when 'no-encryption' + NoEncryptionSession.new + when 'DH-SHA1' + DiffieHellmanSHA1Session.new + when 'DH-SHA256' + DiffieHellmanSHA256Session.new + else + raise ArgumentError, "Unknown association session type: "\ + "#{session_type.inspect}" + end + end + + def initialize(store, server_url, compatibility_mode=false, + negotiator=nil) + @store = store + @server_url = server_url + @compatibility_mode = compatibility_mode + @negotiator = negotiator || DefaultNegotiator + end + + def get_association + if @store.nil? + return nil + end + + assoc = @store.get_association(@server_url) + if assoc.nil? || assoc.expires_in <= 0 + assoc = negotiate_association + if !assoc.nil? + @store.store_association(@server_url, assoc) + end + end + + return assoc + end + + def negotiate_association + assoc_type, session_type = @negotiator.get_allowed_type + begin + return request_association(assoc_type, session_type) + rescue ServerError => why + supported_types = extract_supported_association_type(why, assoc_type) + if !supported_types.nil? + # Attempt to create an association from the assoc_type and + # session_type that the server told us it supported. + assoc_type, session_type = supported_types + begin + return request_association(assoc_type, session_type) + rescue ServerError => why + Util.log("Server #{@server_url} refused its suggested " \ + "association type: session_type=#{session_type}, " \ + "assoc_type=#{assoc_type}") + return nil + end + end + end + end + + protected + def extract_supported_association_type(server_error, assoc_type) + # Any error message whose code is not 'unsupported-type' should + # be considered a total failure. + if (server_error.error_code != 'unsupported-type' or + server_error.message.is_openid1) + Util.log("Server error when requesting an association from "\ + "#{@server_url}: #{server_error.error_text}") + return nil + end + + # The server didn't like the association/session type that we + # sent, and it sent us back a message that might tell us how to + # handle it. + Util.log("Unsupported association type #{assoc_type}: "\ + "#{server_error.error_text}") + + # Extract the session_type and assoc_type from the error message + assoc_type = server_error.message.get_arg(OPENID_NS, 'assoc_type') + session_type = server_error.message.get_arg(OPENID_NS, 'session_type') + + if assoc_type.nil? or session_type.nil? + Util.log("Server #{@server_url} responded with unsupported "\ + "association session but did not supply a fallback.") + return nil + elsif !@negotiator.allowed?(assoc_type, session_type) + Util.log("Server sent unsupported session/association type: "\ + "session_type=#{session_type}, assoc_type=#{assoc_type}") + return nil + else + return [assoc_type, session_type] + end + end + + # Make and process one association request to this endpoint's OP + # endpoint URL. Returns an association object or nil if the + # association processing failed. Raises ServerError when the + # remote OpenID server returns an error. + def request_association(assoc_type, session_type) + assoc_session, args = create_associate_request(assoc_type, session_type) + + begin + response = OpenID.make_kv_post(args, @server_url) + return extract_association(response, assoc_session) + rescue HTTPStatusError => why + Util.log("Got HTTP status error when requesting association: #{why}") + return nil + rescue Message::KeyNotFound => why + Util.log("Missing required parameter in response from "\ + "#{@server_url}: #{why}") + return nil + + rescue ProtocolError => why + Util.log("Protocol error processing response from #{@server_url}: "\ + "#{why}") + return nil + end + end + + # Create an association request for the given assoc_type and + # session_type. Returns a pair of the association session object + # and the request message that will be sent to the server. + def create_associate_request(assoc_type, session_type) + assoc_session = self.class.create_session(session_type) + args = { + 'mode' => 'associate', + 'assoc_type' => assoc_type, + } + + if !@compatibility_mode + args['ns'] = OPENID2_NS + end + + # Leave out the session type if we're in compatibility mode + # *and* it's no-encryption. + if !@compatibility_mode || + assoc_session.class.session_type != 'no-encryption' + args['session_type'] = assoc_session.class.session_type + end + + args.merge!(assoc_session.get_request) + message = Message.from_openid_args(args) + return assoc_session, message + end + + # Given an association response message, extract the OpenID 1.X + # session type. Returns the association type for this message + # + # This function mostly takes care of the 'no-encryption' default + # behavior in OpenID 1. + # + # If the association type is plain-text, this function will + # return 'no-encryption' + def get_openid1_session_type(assoc_response) + # If it's an OpenID 1 message, allow session_type to default + # to nil (which signifies "no-encryption") + session_type = assoc_response.get_arg(OPENID1_NS, 'session_type') + + # Handle the differences between no-encryption association + # respones in OpenID 1 and 2: + + # no-encryption is not really a valid session type for + # OpenID 1, but we'll accept it anyway, while issuing a + # warning. + if session_type == 'no-encryption' + Util.log("WARNING: #{@server_url} sent 'no-encryption'"\ + "for OpenID 1.X") + + # Missing or empty session type is the way to flag a + # 'no-encryption' response. Change the session type to + # 'no-encryption' so that it can be handled in the same + # way as OpenID 2 'no-encryption' respones. + elsif session_type == '' || session_type.nil? + session_type = 'no-encryption' + end + + return session_type + end + + def self.extract_expires_in(message) + # expires_in should be a base-10 string. + expires_in_str = message.get_arg(OPENID_NS, 'expires_in', NO_DEFAULT) + if !(/\A\d+\Z/ =~ expires_in_str) + raise ProtocolError, "Invalid expires_in field: #{expires_in_str}" + end + expires_in_str.to_i + end + + # Attempt to extract an association from the response, given the + # association response message and the established association + # session. + def extract_association(assoc_response, assoc_session) + # Extract the common fields from the response, raising an + # exception if they are not found + assoc_type = assoc_response.get_arg(OPENID_NS, 'assoc_type', + NO_DEFAULT) + assoc_handle = assoc_response.get_arg(OPENID_NS, 'assoc_handle', + NO_DEFAULT) + expires_in = self.class.extract_expires_in(assoc_response) + + # OpenID 1 has funny association session behaviour. + if assoc_response.is_openid1 + session_type = get_openid1_session_type(assoc_response) + else + session_type = assoc_response.get_arg(OPENID2_NS, 'session_type', + NO_DEFAULT) + end + + # Session type mismatch + if assoc_session.class.session_type != session_type + if (assoc_response.is_openid1 and session_type == 'no-encryption') + # In OpenID 1, any association request can result in a + # 'no-encryption' association response. Setting + # assoc_session to a new no-encryption session should + # make the rest of this function work properly for + # that case. + assoc_session = NoEncryptionSession.new + else + # Any other mismatch, regardless of protocol version + # results in the failure of the association session + # altogether. + raise ProtocolError, "Session type mismatch. Expected "\ + "#{assoc_session.class.session_type}, got "\ + "#{session_type}" + end + end + + # Make sure assoc_type is valid for session_type + if !assoc_session.class.allowed_assoc_types.member?(assoc_type) + raise ProtocolError, "Unsupported assoc_type for session "\ + "#{assoc_session.class.session_type} "\ + "returned: #{assoc_type}" + end + + # Delegate to the association session to extract the secret + # from the response, however is appropriate for that session + # type. + begin + secret = assoc_session.extract_secret(assoc_response) + rescue Message::KeyNotFound, ArgumentError => why + raise ProtocolError, "Malformed response for "\ + "#{assoc_session.class.session_type} "\ + "session: #{why.message}" + end + + + return Association.from_expires_in(expires_in, assoc_handle, secret, + assoc_type) + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/checkid_request.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/checkid_request.rb new file mode 100644 index 0000000000..eb5d3979df --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/checkid_request.rb @@ -0,0 +1,186 @@ +require "openid/message" +require "openid/util" + +module OpenID + class Consumer + # An object that holds the state necessary for generating an + # OpenID authentication request. This object holds the association + # with the server and the discovered information with which the + # request will be made. + # + # It is separate from the consumer because you may wish to add + # things to the request before sending it on its way to the + # server. It also has serialization options that let you encode + # the authentication request as a URL or as a form POST. + class CheckIDRequest + attr_accessor :return_to_args, :message + attr_reader :endpoint + + # Users of this library should not create instances of this + # class. Instances of this class are created by the library + # when needed. + def initialize(assoc, endpoint) + @assoc = assoc + @endpoint = endpoint + @return_to_args = {} + @message = Message.new(endpoint.preferred_namespace) + @anonymous = false + end + + attr_reader :anonymous + + # Set whether this request should be made anonymously. If a + # request is anonymous, the identifier will not be sent in the + # request. This is only useful if you are making another kind of + # request with an extension in this request. + # + # Anonymous requests are not allowed when the request is made + # with OpenID 1. + def anonymous=(is_anonymous) + if is_anonymous && @message.is_openid1 + raise ArgumentError, ("OpenID1 requests MUST include the "\ + "identifier in the request") + end + @anonymous = is_anonymous + end + + # Add an object that implements the extension interface for + # adding arguments to an OpenID message to this checkid request. + # + # extension_request: an OpenID::Extension object. + def add_extension(extension_request) + extension_request.to_message(@message) + end + + # Add an extension argument to this OpenID authentication + # request. You probably want to use add_extension and the + # OpenID::Extension interface. + # + # Use caution when adding arguments, because they will be + # URL-escaped and appended to the redirect URL, which can easily + # get quite long. + def add_extension_arg(namespace, key, value) + @message.set_arg(namespace, key, value) + end + + # Produce a OpenID::Message representing this request. + # + # Not specifying a return_to URL means that the user will not be + # returned to the site issuing the request upon its completion. + # + # If immediate mode is requested, the OpenID provider is to send + # back a response immediately, useful for behind-the-scenes + # authentication attempts. Otherwise the OpenID provider may + # engage the user before providing a response. This is the + # default case, as the user may need to provide credentials or + # approve the request before a positive response can be sent. + def get_message(realm, return_to=nil, immediate=false) + if !return_to.nil? + return_to = Util.append_args(return_to, @return_to_args) + elsif immediate + raise ArgumentError, ('"return_to" is mandatory when using '\ + '"checkid_immediate"') + elsif @message.is_openid1 + raise ArgumentError, ('"return_to" is mandatory for OpenID 1 '\ + 'requests') + elsif @return_to_args.empty? + raise ArgumentError, ('extra "return_to" arguments were specified, '\ + 'but no return_to was specified') + end + + + message = @message.copy + + mode = immediate ? 'checkid_immediate' : 'checkid_setup' + message.set_arg(OPENID_NS, 'mode', mode) + + realm_key = message.is_openid1 ? 'trust_root' : 'realm' + message.set_arg(OPENID_NS, realm_key, realm) + + if !return_to.nil? + message.set_arg(OPENID_NS, 'return_to', return_to) + end + + if not @anonymous + if @endpoint.is_op_identifier + # This will never happen when we're in OpenID 1 + # compatibility mode, as long as is_op_identifier() + # returns false whenever preferred_namespace returns + # OPENID1_NS. + claimed_id = request_identity = IDENTIFIER_SELECT + else + request_identity = @endpoint.get_local_id + claimed_id = @endpoint.claimed_id + end + + # This is true for both OpenID 1 and 2 + message.set_arg(OPENID_NS, 'identity', request_identity) + + if message.is_openid2 + message.set_arg(OPENID2_NS, 'claimed_id', claimed_id) + end + end + + if @assoc + message.set_arg(OPENID_NS, 'assoc_handle', @assoc.handle) + assoc_log_msg = "with assocication #{@assoc.handle}" + else + assoc_log_msg = 'using stateless mode.' + end + + Util.log("Generated #{mode} request to #{@endpoint.server_url} "\ + "#{assoc_log_msg}") + return message + end + + # Returns a URL with an encoded OpenID request. + # + # The resulting URL is the OpenID provider's endpoint URL with + # parameters appended as query arguments. You should redirect + # the user agent to this URL. + # + # OpenID 2.0 endpoints also accept POST requests, see + # 'send_redirect?' and 'form_markup'. + def redirect_url(realm, return_to=nil, immediate=false) + message = get_message(realm, return_to, immediate) + return message.to_url(@endpoint.server_url) + end + + # Get html for a form to submit this request to the IDP. + # + # form_tag_attrs is a hash of attributes to be added to the form + # tag. 'accept-charset' and 'enctype' have defaults that can be + # overridden. If a value is supplied for 'action' or 'method', + # it will be replaced. + def form_markup(realm, return_to=nil, immediate=false, + form_tag_attrs=nil) + message = get_message(realm, return_to, immediate) + return message.to_form_markup(@endpoint.server_url, form_tag_attrs) + end + + # Get a complete HTML document that autosubmits the request to the IDP + # with javascript. This method wraps form_markup - see that method's + # documentation for help with the parameters. + def html_markup(realm, return_to=nil, immediate=false, + form_tag_attrs=nil) + Util.auto_submit_html(form_markup(realm, + return_to, + immediate, + form_tag_attrs)) + end + + # Should this OpenID authentication request be sent as a HTTP + # redirect or as a POST (form submission)? + # + # This takes the same parameters as redirect_url or form_markup + def send_redirect?(realm, return_to=nil, immediate=false) + if @endpoint.compatibility_mode + return true + else + url = redirect_url(realm, return_to, immediate) + return url.length <= OPENID1_URL_LIMIT + end + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/discovery.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/discovery.rb new file mode 100644 index 0000000000..01fe036560 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/discovery.rb @@ -0,0 +1,498 @@ +# Functions to discover OpenID endpoints from identifiers. + +require 'uri' +require 'openid/util' +require 'openid/fetchers' +require 'openid/urinorm' +require 'openid/message' +require 'openid/yadis/discovery' +require 'openid/yadis/xrds' +require 'openid/yadis/xri' +require 'openid/yadis/services' +require 'openid/yadis/filters' +require 'openid/consumer/html_parse' +require 'openid/yadis/xrires' + +module OpenID + + OPENID_1_0_NS = 'http://openid.net/xmlns/1.0' + OPENID_IDP_2_0_TYPE = 'http://specs.openid.net/auth/2.0/server' + OPENID_2_0_TYPE = 'http://specs.openid.net/auth/2.0/signon' + OPENID_1_1_TYPE = 'http://openid.net/signon/1.1' + OPENID_1_0_TYPE = 'http://openid.net/signon/1.0' + + OPENID_1_0_MESSAGE_NS = OPENID1_NS + OPENID_2_0_MESSAGE_NS = OPENID2_NS + + # Object representing an OpenID service endpoint. + class OpenIDServiceEndpoint + + # OpenID service type URIs, listed in order of preference. The + # ordering of this list affects yadis and XRI service discovery. + OPENID_TYPE_URIS = [ + OPENID_IDP_2_0_TYPE, + + OPENID_2_0_TYPE, + OPENID_1_1_TYPE, + OPENID_1_0_TYPE, + ] + + # the verified identifier. + attr_accessor :claimed_id + + # For XRI, the persistent identifier. + attr_accessor :canonical_id + + attr_accessor :server_url, :type_uris, :local_id, :used_yadis + + def initialize + @claimed_id = nil + @server_url = nil + @type_uris = [] + @local_id = nil + @canonical_id = nil + @used_yadis = false # whether this came from an XRDS + @display_identifier = nil + end + + def display_identifier + return @display_identifier if @display_identifier + + return @claimed_id if @claimed_id.nil? + + begin + parsed_identifier = URI.parse(@claimed_id) + rescue URI::InvalidURIError + raise ProtocolError, "Claimed identifier #{claimed_id} is not a valid URI" + end + + return @claimed_id if not parsed_identifier.fragment + + disp = parsed_identifier + disp.fragment = nil + + return disp.to_s + end + + def display_identifier=(display_identifier) + @display_identifier = display_identifier + end + + def uses_extension(extension_uri) + return @type_uris.member?(extension_uri) + end + + def preferred_namespace + if (@type_uris.member?(OPENID_IDP_2_0_TYPE) or + @type_uris.member?(OPENID_2_0_TYPE)) + return OPENID_2_0_MESSAGE_NS + else + return OPENID_1_0_MESSAGE_NS + end + end + + def supports_type(type_uri) + # Does this endpoint support this type? + # + # I consider C{/server} endpoints to implicitly support C{/signon}. + ( + @type_uris.member?(type_uri) or + (type_uri == OPENID_2_0_TYPE and is_op_identifier()) + ) + end + + def compatibility_mode + return preferred_namespace() != OPENID_2_0_MESSAGE_NS + end + + def is_op_identifier + return @type_uris.member?(OPENID_IDP_2_0_TYPE) + end + + def parse_service(yadis_url, uri, type_uris, service_element) + # Set the state of this object based on the contents of the + # service element. + @type_uris = type_uris + @server_url = uri + @used_yadis = true + + if !is_op_identifier() + # XXX: This has crappy implications for Service elements that + # contain both 'server' and 'signon' Types. But that's a + # pathological configuration anyway, so I don't think I care. + @local_id = OpenID.find_op_local_identifier(service_element, + @type_uris) + @claimed_id = yadis_url + end + end + + def get_local_id + # Return the identifier that should be sent as the + # openid.identity parameter to the server. + if @local_id.nil? and @canonical_id.nil? + return @claimed_id + else + return (@local_id or @canonical_id) + end + end + + def self.from_basic_service_endpoint(endpoint) + # Create a new instance of this class from the endpoint object + # passed in. + # + # @return: nil or OpenIDServiceEndpoint for this endpoint object""" + + type_uris = endpoint.match_types(OPENID_TYPE_URIS) + + # If any Type URIs match and there is an endpoint URI specified, + # then this is an OpenID endpoint + if (!type_uris.nil? and !type_uris.empty?) and !endpoint.uri.nil? + openid_endpoint = self.new + openid_endpoint.parse_service( + endpoint.yadis_url, + endpoint.uri, + endpoint.type_uris, + endpoint.service_element) + else + openid_endpoint = nil + end + + return openid_endpoint + end + + def self.from_html(uri, html) + # Parse the given document as HTML looking for an OpenID + # + # @rtype: [OpenIDServiceEndpoint] + + discovery_types = [ + [OPENID_2_0_TYPE, 'openid2.provider', 'openid2.local_id'], + [OPENID_1_1_TYPE, 'openid.server', 'openid.delegate'], + ] + + link_attrs = OpenID.parse_link_attrs(html) + services = [] + discovery_types.each { |type_uri, op_endpoint_rel, local_id_rel| + + op_endpoint_url = OpenID.find_first_href(link_attrs, op_endpoint_rel) + + if !op_endpoint_url + next + end + + service = self.new + service.claimed_id = uri + service.local_id = OpenID.find_first_href(link_attrs, local_id_rel) + service.server_url = op_endpoint_url + service.type_uris = [type_uri] + + services << service + } + + return services + end + + def self.from_xrds(uri, xrds) + # Parse the given document as XRDS looking for OpenID services. + # + # @rtype: [OpenIDServiceEndpoint] + # + # @raises L{XRDSError}: When the XRDS does not parse. + return Yadis::apply_filter(uri, xrds, self) + end + + def self.from_discovery_result(discoveryResult) + # Create endpoints from a DiscoveryResult. + # + # @type discoveryResult: L{DiscoveryResult} + # + # @rtype: list of L{OpenIDServiceEndpoint} + # + # @raises L{XRDSError}: When the XRDS does not parse. + if discoveryResult.is_xrds() + meth = self.method('from_xrds') + else + meth = self.method('from_html') + end + + return meth.call(discoveryResult.normalized_uri, + discoveryResult.response_text) + end + + def self.from_op_endpoint_url(op_endpoint_url) + # Construct an OP-Identifier OpenIDServiceEndpoint object for + # a given OP Endpoint URL + # + # @param op_endpoint_url: The URL of the endpoint + # @rtype: OpenIDServiceEndpoint + service = self.new + service.server_url = op_endpoint_url + service.type_uris = [OPENID_IDP_2_0_TYPE] + return service + end + + def to_s + return sprintf("<%s server_url=%s claimed_id=%s " + + "local_id=%s canonical_id=%s used_yadis=%s>", + self.class, @server_url, @claimed_id, + @local_id, @canonical_id, @used_yadis) + end + end + + def self.find_op_local_identifier(service_element, type_uris) + # Find the OP-Local Identifier for this xrd:Service element. + # + # This considers openid:Delegate to be a synonym for xrd:LocalID + # if both OpenID 1.X and OpenID 2.0 types are present. If only + # OpenID 1.X is present, it returns the value of + # openid:Delegate. If only OpenID 2.0 is present, it returns the + # value of xrd:LocalID. If there is more than one LocalID tag and + # the values are different, it raises a DiscoveryFailure. This is + # also triggered when the xrd:LocalID and openid:Delegate tags are + # different. + + # XXX: Test this function on its own! + + # Build the list of tags that could contain the OP-Local + # Identifier + local_id_tags = [] + if type_uris.member?(OPENID_1_1_TYPE) or + type_uris.member?(OPENID_1_0_TYPE) + # local_id_tags << Yadis::nsTag(OPENID_1_0_NS, 'openid', 'Delegate') + service_element.add_namespace('openid', OPENID_1_0_NS) + local_id_tags << "openid:Delegate" + end + + if type_uris.member?(OPENID_2_0_TYPE) + # local_id_tags.append(Yadis::nsTag(XRD_NS_2_0, 'xrd', 'LocalID')) + service_element.add_namespace('xrd', Yadis::XRD_NS_2_0) + local_id_tags << "xrd:LocalID" + end + + # Walk through all the matching tags and make sure that they all + # have the same value + local_id = nil + local_id_tags.each { |local_id_tag| + service_element.each_element(local_id_tag) { |local_id_element| + if local_id.nil? + local_id = local_id_element.text + elsif local_id != local_id_element.text + format = 'More than one %s tag found in one service element' + message = sprintf(format, local_id_tag) + raise DiscoveryFailure.new(message, nil) + end + } + } + + return local_id + end + + def self.normalize_xri(xri) + # Normalize an XRI, stripping its scheme if present + m = /^xri:\/\/(.*)/.match(xri) + xri = m[1] if m + return xri + end + + def self.normalize_url(url) + # Normalize a URL, converting normalization failures to + # DiscoveryFailure + begin + normalized = URINorm.urinorm(url) + rescue URI::Error => why + raise DiscoveryFailure.new("Error normalizing #{url}: #{why.message}", nil) + else + defragged = URI::parse(normalized) + defragged.fragment = nil + return defragged.normalize.to_s + end + end + + def self.best_matching_service(service, preferred_types) + # Return the index of the first matching type, or something higher + # if no type matches. + # + # This provides an ordering in which service elements that contain + # a type that comes earlier in the preferred types list come + # before service elements that come later. If a service element + # has more than one type, the most preferred one wins. + preferred_types.each_with_index { |value, index| + if service.type_uris.member?(value) + return index + end + } + + return preferred_types.length + end + + def self.arrange_by_type(service_list, preferred_types) + # Rearrange service_list in a new list so services are ordered by + # types listed in preferred_types. Return the new list. + + # Build a list with the service elements in tuples whose + # comparison will prefer the one with the best matching service + prio_services = [] + + service_list.each_with_index { |s, index| + prio_services << [best_matching_service(s, preferred_types), index, s] + } + + prio_services.sort! + + # Now that the services are sorted by priority, remove the sort + # keys from the list. + (0...prio_services.length).each { |i| + prio_services[i] = prio_services[i][2] + } + + return prio_services + end + + def self.get_op_or_user_services(openid_services) + # Extract OP Identifier services. If none found, return the rest, + # sorted with most preferred first according to + # OpenIDServiceEndpoint.openid_type_uris. + # + # openid_services is a list of OpenIDServiceEndpoint objects. + # + # Returns a list of OpenIDServiceEndpoint objects. + + op_services = arrange_by_type(openid_services, [OPENID_IDP_2_0_TYPE]) + + openid_services = arrange_by_type(openid_services, + OpenIDServiceEndpoint::OPENID_TYPE_URIS) + + if !op_services.empty? + return op_services + else + return openid_services + end + end + + def self.discover_yadis(uri) + # Discover OpenID services for a URI. Tries Yadis and falls back + # on old-style discovery if Yadis fails. + # + # @param uri: normalized identity URL + # @type uri: str + # + # @return: (claimed_id, services) + # @rtype: (str, list(OpenIDServiceEndpoint)) + # + # @raises DiscoveryFailure: when discovery fails. + + # Might raise a yadis.discover.DiscoveryFailure if no document + # came back for that URI at all. I don't think falling back to + # OpenID 1.0 discovery on the same URL will help, so don't bother + # to catch it. + response = Yadis.discover(uri) + + yadis_url = response.normalized_uri + body = response.response_text + + begin + openid_services = OpenIDServiceEndpoint.from_xrds(yadis_url, body) + rescue Yadis::XRDSError + # Does not parse as a Yadis XRDS file + openid_services = [] + end + + if openid_services.empty? + # Either not an XRDS or there are no OpenID services. + + if response.is_xrds + # if we got the Yadis content-type or followed the Yadis + # header, re-fetch the document without following the Yadis + # header, with no Accept header. + return self.discover_no_yadis(uri) + end + + # Try to parse the response as HTML. + # + openid_services = OpenIDServiceEndpoint.from_html(yadis_url, body) + end + + return [yadis_url, self.get_op_or_user_services(openid_services)] + end + + def self.discover_xri(iname) + endpoints = [] + iname = self.normalize_xri(iname) + + begin + canonical_id, services = Yadis::XRI::ProxyResolver.new().query( + iname, OpenIDServiceEndpoint::OPENID_TYPE_URIS) + + if canonical_id.nil? + raise Yadis::XRDSError.new(sprintf('No CanonicalID found for XRI %s', iname)) + end + + flt = Yadis.make_filter(OpenIDServiceEndpoint) + + services.each { |service_element| + endpoints += flt.get_service_endpoints(iname, service_element) + } + rescue Yadis::XRDSError => why + Util.log('xrds error on ' + iname + ': ' + why.to_s) + end + + endpoints.each { |endpoint| + # Is there a way to pass this through the filter to the endpoint + # constructor instead of tacking it on after? + endpoint.canonical_id = canonical_id + endpoint.claimed_id = canonical_id + endpoint.display_identifier = iname + } + + # FIXME: returned xri should probably be in some normal form + return [iname, self.get_op_or_user_services(endpoints)] + end + + def self.discover_no_yadis(uri) + http_resp = OpenID.fetch(uri) + if http_resp.code != "200" and http_resp.code != "206" + raise DiscoveryFailure.new( + "HTTP Response status from identity URL host is not \"200\". "\ + "Got status #{http_resp.code.inspect}", http_resp) + end + + claimed_id = http_resp.final_url + openid_services = OpenIDServiceEndpoint.from_html( + claimed_id, http_resp.body) + return [claimed_id, openid_services] + end + + def self.discover_uri(uri) + # Hack to work around URI parsing for URls with *no* scheme. + if uri.index("://").nil? + uri = 'http://' + uri + end + + begin + parsed = URI::parse(uri) + rescue URI::InvalidURIError => why + raise DiscoveryFailure.new("URI is not valid: #{why.message}", nil) + end + + if !parsed.scheme.nil? and !parsed.scheme.empty? + if !['http', 'https'].member?(parsed.scheme) + raise DiscoveryFailure.new( + "URI scheme #{parsed.scheme} is not HTTP or HTTPS", nil) + end + end + + uri = self.normalize_url(uri) + claimed_id, openid_services = self.discover_yadis(uri) + claimed_id = self.normalize_url(claimed_id) + return [claimed_id, openid_services] + end + + def self.discover(identifier) + if Yadis::XRI::identifier_scheme(identifier) == :xri + normalized_identifier, services = discover_xri(identifier) + else + return discover_uri(identifier) + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/discovery_manager.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/discovery_manager.rb new file mode 100644 index 0000000000..8f838117d1 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/discovery_manager.rb @@ -0,0 +1,123 @@ +module OpenID + class Consumer + + # A set of discovered services, for tracking which providers have + # been attempted for an OpenID identifier + class DiscoveredServices + attr_reader :current + + def initialize(starting_url, yadis_url, services) + @starting_url = starting_url + @yadis_url = yadis_url + @services = services.dup + @current = nil + end + + def next + @current = @services.shift + end + + def for_url?(url) + [@starting_url, @yadis_url].member?(url) + end + + def started? + !@current.nil? + end + + def empty? + @services.empty? + end + end + + # Manages calling discovery and tracking which endpoints have + # already been attempted. + class DiscoveryManager + def initialize(session, url, session_key_suffix=nil) + @url = url + + @session = session + @session_key_suffix = session_key_suffix || 'auth' + end + + def get_next_service + manager = get_manager + if !manager.nil? && manager.empty? + destroy_manager + manager = nil + end + + if manager.nil? + yadis_url, services = yield @url + manager = create_manager(yadis_url, services) + end + + if !manager.nil? + service = manager.next + store(manager) + else + service = nil + end + + return service + end + + def cleanup(force=false) + manager = get_manager(force) + if !manager.nil? + service = manager.current + destroy_manager(force) + else + service = nil + end + return service + end + + protected + + def get_manager(force=false) + manager = load + if force || manager.nil? || manager.for_url?(@url) + return manager + else + return nil + end + end + + def create_manager(yadis_url, services) + manager = get_manager + if !manager.nil? + raise StandardError, "There is already a manager for #{yadis_url}" + end + if services.empty? + return nil + end + manager = DiscoveredServices.new(@url, yadis_url, services) + store(manager) + return manager + end + + def destroy_manager(force=false) + if !get_manager(force).nil? + destroy! + end + end + + def session_key + 'OpenID::Consumer::DiscoveredServices::' + @session_key_suffix + end + + def store(manager) + @session[session_key] = manager + end + + def load + @session[session_key] + end + + def destroy! + @session[session_key] = nil + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/html_parse.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/html_parse.rb new file mode 100644 index 0000000000..579874cafd --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/html_parse.rb @@ -0,0 +1,134 @@ +require "openid/yadis/htmltokenizer" + +module OpenID + + # Stuff to remove before we start looking for tags + REMOVED_RE = / + # Comments + + + # CDATA blocks + | + + # script blocks + | ]*>.*?<\/script> + + /mixu + + def OpenID.openid_unescape(s) + s.gsub('&','&').gsub('<','<').gsub('>','>').gsub('"','"') + end + + def OpenID.unescape_hash(h) + newh = {} + h.map{|k,v| + newh[k]=openid_unescape(v) + } + newh + end + + + def OpenID.parse_link_attrs(html) + stripped = html.gsub(REMOVED_RE,'') + parser = HTMLTokenizer.new(stripped) + + links = [] + # to keep track of whether or not we are in the head element + in_head = false + in_html = false + saw_head = false + + begin + while el = parser.getTag('head', '/head', 'link', 'body', '/body', + 'html', '/html') + + # we are leaving head or have reached body, so we bail + return links if ['/head', 'body', '/body', '/html'].member?(el.tag_name) + + # enforce html > head > link + if el.tag_name == 'html' + in_html = true + end + next unless in_html + if el.tag_name == 'head' + if saw_head + return links #only allow one head + end + saw_head = true + unless el.to_s[-2] == 47 # tag ends with a /: a short tag + in_head = true + end + end + next unless in_head + + return links if el.tag_name == 'html' + + if el.tag_name == 'link' + links << unescape_hash(el.attr_hash) + end + + end + rescue Exception # just stop parsing if there's an error + end + return links + end + + def OpenID.rel_matches(rel_attr, target_rel) + # Does this target_rel appear in the rel_str? + # XXX: TESTME + rels = rel_attr.strip().split() + rels.each { |rel| + rel = rel.downcase + if rel == target_rel + return true + end + } + + return false + end + + def OpenID.link_has_rel(link_attrs, target_rel) + # Does this link have target_rel as a relationship? + + # XXX: TESTME + rel_attr = link_attrs['rel'] + return (rel_attr and rel_matches(rel_attr, target_rel)) + end + + def OpenID.find_links_rel(link_attrs_list, target_rel) + # Filter the list of link attributes on whether it has target_rel + # as a relationship. + + # XXX: TESTME + matchesTarget = lambda { |attrs| link_has_rel(attrs, target_rel) } + result = [] + + link_attrs_list.each { |item| + if matchesTarget.call(item) + result << item + end + } + + return result + end + + def OpenID.find_first_href(link_attrs_list, target_rel) + # Return the value of the href attribute for the first link tag in + # the list that has target_rel as a relationship. + + # XXX: TESTME + matches = find_links_rel(link_attrs_list, target_rel) + if !matches or matches.empty? + return nil + end + + first = matches[0] + return first['href'] + end +end + diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/idres.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/idres.rb new file mode 100644 index 0000000000..ab924e2949 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/idres.rb @@ -0,0 +1,523 @@ +require "openid/message" +require "openid/protocolerror" +require "openid/kvpost" +require "openid/consumer/discovery" +require "openid/urinorm" + +module OpenID + class TypeURIMismatch < ProtocolError + attr_reader :type_uri, :endpoint + + def initialize(type_uri, endpoint) + @type_uri = type_uri + @endpoint = endpoint + end + end + + class Consumer + @openid1_return_to_nonce_name = 'rp_nonce' + @openid1_return_to_claimed_id_name = 'openid1_claimed_id' + + # Set the name of the query parameter that this library will use + # to thread a nonce through an OpenID 1 transaction. It will be + # appended to the return_to URL. + def self.openid1_return_to_nonce_name=(query_arg_name) + @openid1_return_to_nonce_name = query_arg_name + end + + # See openid1_return_to_nonce_name= documentation + def self.openid1_return_to_nonce_name + @openid1_return_to_nonce_name + end + + # Set the name of the query parameter that this library will use + # to thread the requested URL through an OpenID 1 transaction (for + # use when verifying discovered information). It will be appended + # to the return_to URL. + def self.openid1_return_to_claimed_id_name=(query_arg_name) + @openid1_return_to_claimed_id_name = query_arg_name + end + + # See openid1_return_to_claimed_id_name= + def self.openid1_return_to_claimed_id_name + @openid1_return_to_claimed_id_name + end + + # Handles an openid.mode=id_res response. This object is + # instantiated and used by the Consumer. + class IdResHandler + attr_reader :endpoint, :message + + def initialize(message, current_url, store=nil, endpoint=nil) + @store = store # Fer the nonce and invalidate_handle + @message = message + @endpoint = endpoint + @current_url = current_url + @signed_list = nil + + # Start the verification process + id_res + end + + def signed_fields + signed_list.map {|x| 'openid.' + x} + end + + protected + + # This method will raise ProtocolError unless the request is a + # valid id_res response. Once it has been verified, the methods + # 'endpoint', 'message', and 'signed_fields' contain the + # verified information. + def id_res + check_for_fields + verify_return_to + verify_discovery_results + check_signature + check_nonce + end + + def server_url + @endpoint.nil? ? nil : @endpoint.server_url + end + + def openid_namespace + @message.get_openid_namespace + end + + def fetch(field, default=NO_DEFAULT) + @message.get_arg(OPENID_NS, field, default) + end + + def signed_list + if @signed_list.nil? + signed_list_str = fetch('signed', nil) + if signed_list_str.nil? + raise ProtocolError, 'Response missing signed list' + end + + @signed_list = signed_list_str.split(',', -1) + end + @signed_list + end + + def check_for_fields + # XXX: if a field is missing, we should not have to explicitly + # check that it's present, just make sure that the fields are + # actually being used by the rest of the code in + # tests. Although, which fields are signed does need to be + # checked somewhere. + basic_fields = ['return_to', 'assoc_handle', 'sig', 'signed'] + basic_sig_fields = ['return_to', 'identity'] + + case openid_namespace + when OPENID2_NS + require_fields = basic_fields + ['op_endpoint'] + require_sigs = basic_sig_fields + + ['response_nonce', 'claimed_id', 'assoc_handle',] + when OPENID1_NS + require_fields = basic_fields + ['identity'] + require_sigs = basic_sig_fields + else + raise RuntimeError, "check_for_fields doesn't know about "\ + "namespace #{openid_namespace.inspect}" + end + + require_fields.each do |field| + if !@message.has_key?(OPENID_NS, field) + raise ProtocolError, "Missing required field #{field}" + end + end + + require_sigs.each do |field| + # Field is present and not in signed list + if @message.has_key?(OPENID_NS, field) && !signed_list.member?(field) + raise ProtocolError, "#{field.inspect} not signed" + end + end + end + + def verify_return_to + begin + msg_return_to = URI.parse(URINorm::urinorm(fetch('return_to'))) + rescue URI::InvalidURIError + raise ProtocolError, ("return_to is not a valid URI") + end + + verify_return_to_args(msg_return_to) + if !@current_url.nil? + verify_return_to_base(msg_return_to) + end + end + + def verify_return_to_args(msg_return_to) + return_to_parsed_query = {} + if !msg_return_to.query.nil? + CGI.parse(msg_return_to.query).each_pair do |k, vs| + return_to_parsed_query[k] = vs[0] + end + end + query = @message.to_post_args + return_to_parsed_query.each_pair do |rt_key, rt_val| + msg_val = query[rt_key] + if msg_val.nil? + raise ProtocolError, "Message missing return_to argument '#{rt_key}'" + elsif msg_val != rt_val + raise ProtocolError, ("Parameter '#{rt_key}' value "\ + "#{msg_val.inspect} does not match "\ + "return_to's value #{rt_val.inspect}") + end + end + @message.get_args(BARE_NS).each_pair do |bare_key, bare_val| + rt_val = return_to_parsed_query[bare_key] + if not return_to_parsed_query.has_key? bare_key + # This may be caused by your web framework throwing extra + # entries in to your parameters hash that were not GET or + # POST parameters. For example, Rails has been known to + # add "controller" and "action" keys; another server adds + # at least a "format" key. + raise ProtocolError, ("Unexpected parameter (not on return_to): "\ + "'#{bare_key}'=#{rt_val.inspect})") + end + if rt_val != bare_val + raise ProtocolError, ("Parameter '#{bare_key}' value "\ + "#{bare_val.inspect} does not match "\ + "return_to's value #{rt_val.inspect}") + end + end + end + + def verify_return_to_base(msg_return_to) + begin + app_parsed = URI.parse(URINorm::urinorm(@current_url)) + rescue URI::InvalidURIError + raise ProtocolError, "current_url is not a valid URI: #{@current_url}" + end + + [:scheme, :host, :port, :path].each do |meth| + if msg_return_to.send(meth) != app_parsed.send(meth) + raise ProtocolError, "return_to #{meth.to_s} does not match" + end + end + end + + # Raises ProtocolError if the signature is bad + def check_signature + if @store.nil? + assoc = nil + else + assoc = @store.get_association(server_url, fetch('assoc_handle')) + end + + if assoc.nil? + check_auth + else + if assoc.expires_in <= 0 + # XXX: It might be a good idea sometimes to re-start the + # authentication with a new association. Doing it + # automatically opens the possibility for + # denial-of-service by a server that just returns expired + # associations (or really short-lived associations) + raise ProtocolError, "Association with #{server_url} expired" + elsif !assoc.check_message_signature(@message) + raise ProtocolError, "Bad signature in response from #{server_url}" + end + end + end + + def check_auth + Util.log("Using 'check_authentication' with #{server_url}") + begin + request = create_check_auth_request + rescue Message::KeyNotFound => why + raise ProtocolError, "Could not generate 'check_authentication' "\ + "request: #{why.message}" + end + + response = OpenID.make_kv_post(request, server_url) + + process_check_auth_response(response) + end + + def create_check_auth_request + signed_list = @message.get_arg(OPENID_NS, 'signed', NO_DEFAULT).split(',') + + # check that we got all the signed arguments + signed_list.each {|k| + @message.get_aliased_arg(k, NO_DEFAULT) + } + + ca_message = @message.copy + ca_message.set_arg(OPENID_NS, 'mode', 'check_authentication') + + return ca_message + end + + # Process the response message from a check_authentication + # request, invalidating associations if requested. + def process_check_auth_response(response) + is_valid = response.get_arg(OPENID_NS, 'is_valid', 'false') + + invalidate_handle = response.get_arg(OPENID_NS, 'invalidate_handle') + if !invalidate_handle.nil? + Util.log("Received 'invalidate_handle' from server #{server_url}") + if @store.nil? + Util.log('Unexpectedly got "invalidate_handle" without a store!') + else + @store.remove_association(server_url, invalidate_handle) + end + end + + if is_valid != 'true' + raise ProtocolError, ("Server #{server_url} responds that the "\ + "'check_authentication' call is not valid") + end + end + + def check_nonce + case openid_namespace + when OPENID1_NS + nonce = + @message.get_arg(BARE_NS, Consumer.openid1_return_to_nonce_name) + + # We generated the nonce, so it uses the empty string as the + # server URL + server_url = '' + when OPENID2_NS + nonce = @message.get_arg(OPENID2_NS, 'response_nonce') + server_url = self.server_url + else + raise StandardError, 'Not reached' + end + + if nonce.nil? + raise ProtocolError, 'Nonce missing from response' + end + + begin + time, extra = Nonce.split_nonce(nonce) + rescue ArgumentError => why + raise ProtocolError, "Malformed nonce: #{nonce.inspect}" + end + + if !@store.nil? && !@store.use_nonce(server_url, time, extra) + raise ProtocolError, ("Nonce already used or out of range: "\ + "#{nonce.inspect}") + end + end + + def verify_discovery_results + begin + case openid_namespace + when OPENID1_NS + verify_discovery_results_openid1 + when OPENID2_NS + verify_discovery_results_openid2 + else + raise StandardError, "Not reached: #{openid_namespace}" + end + rescue Message::KeyNotFound => why + raise ProtocolError, "Missing required field: #{why.message}" + end + end + + def verify_discovery_results_openid2 + to_match = OpenIDServiceEndpoint.new + to_match.type_uris = [OPENID_2_0_TYPE] + to_match.claimed_id = fetch('claimed_id', nil) + to_match.local_id = fetch('identity', nil) + to_match.server_url = fetch('op_endpoint') + + if to_match.claimed_id.nil? && !to_match.local_id.nil? + raise ProtocolError, ('openid.identity is present without '\ + 'openid.claimed_id') + elsif !to_match.claimed_id.nil? && to_match.local_id.nil? + raise ProtocolError, ('openid.claimed_id is present without '\ + 'openid.identity') + + # This is a response without identifiers, so there's really no + # checking that we can do, so return an endpoint that's for + # the specified `openid.op_endpoint' + elsif to_match.claimed_id.nil? + @endpoint = + OpenIDServiceEndpoint.from_op_endpoint_url(to_match.server_url) + return + end + + if @endpoint.nil? + Util.log('No pre-discovered information supplied') + discover_and_verify(to_match.claimed_id, [to_match]) + else + begin + verify_discovery_single(@endpoint, to_match) + rescue ProtocolError => why + Util.log("Error attempting to use stored discovery "\ + "information: #{why.message}") + Util.log("Attempting discovery to verify endpoint") + discover_and_verify(to_match.claimed_id, [to_match]) + end + end + + if @endpoint.claimed_id != to_match.claimed_id + @endpoint = @endpoint.dup + @endpoint.claimed_id = to_match.claimed_id + end + end + + def verify_discovery_results_openid1 + claimed_id = + @message.get_arg(BARE_NS, Consumer.openid1_return_to_claimed_id_name) + + if claimed_id.nil? + if @endpoint.nil? + raise ProtocolError, ("When using OpenID 1, the claimed ID must "\ + "be supplied, either by passing it through "\ + "as a return_to parameter or by using a "\ + "session, and supplied to the IdResHandler "\ + "when it is constructed.") + else + claimed_id = @endpoint.claimed_id + end + end + + to_match = OpenIDServiceEndpoint.new + to_match.type_uris = [OPENID_1_1_TYPE] + to_match.local_id = fetch('identity') + # Restore delegate information from the initiation phase + to_match.claimed_id = claimed_id + + to_match_1_0 = to_match.dup + to_match_1_0.type_uris = [OPENID_1_0_TYPE] + + if !@endpoint.nil? + begin + begin + verify_discovery_single(@endpoint, to_match) + rescue TypeURIMismatch + verify_discovery_single(@endpoint, to_match_1_0) + end + rescue ProtocolError => why + Util.log('Error attempting to use stored discovery information: ' + + why.message) + Util.log('Attempting discovery to verify endpoint') + else + return @endpoint + end + end + + # Either no endpoint was supplied or OpenID 1.x verification + # of the information that's in the message failed on that + # endpoint. + discover_and_verify(to_match.claimed_id, [to_match, to_match_1_0]) + end + + # Given an endpoint object created from the information in an + # OpenID response, perform discovery and verify the discovery + # results, returning the matching endpoint that is the result of + # doing that discovery. + def discover_and_verify(claimed_id, to_match_endpoints) + Util.log("Performing discovery on #{claimed_id}") + _, services = OpenID.discover(claimed_id) + if services.length == 0 + # XXX: this might want to be something other than + # ProtocolError. In Python, it's DiscoveryFailure + raise ProtocolError, ("No OpenID information found at "\ + "#{claimed_id}") + end + verify_discovered_services(claimed_id, services, to_match_endpoints) + end + + + def verify_discovered_services(claimed_id, services, to_match_endpoints) + # Search the services resulting from discovery to find one + # that matches the information from the assertion + failure_messages = [] + for endpoint in services + for to_match_endpoint in to_match_endpoints + begin + verify_discovery_single(endpoint, to_match_endpoint) + rescue ProtocolError => why + failure_messages << why.message + else + # It matches, so discover verification has + # succeeded. Return this endpoint. + @endpoint = endpoint + return + end + end + end + + Util.log("Discovery verification failure for #{claimed_id}") + failure_messages.each do |failure_message| + Util.log(" * Endpoint mismatch: " + failure_message) + end + + # XXX: is DiscoveryFailure in Python OpenID + raise ProtocolError, ("No matching endpoint found after "\ + "discovering #{claimed_id}") + end + + def verify_discovery_single(endpoint, to_match) + # Every type URI that's in the to_match endpoint has to be + # present in the discovered endpoint. + for type_uri in to_match.type_uris + if !endpoint.uses_extension(type_uri) + raise TypeURIMismatch.new(type_uri, endpoint) + end + end + + # Fragments do not influence discovery, so we can't compare a + # claimed identifier with a fragment to discovered information. + defragged_claimed_id = + case Yadis::XRI.identifier_scheme(endpoint.claimed_id) + when :xri + endpoint.claimed_id + when :uri + begin + parsed = URI.parse(endpoint.claimed_id) + rescue URI::InvalidURIError + endpoint.claimed_id + else + parsed.fragment = nil + parsed.to_s + end + else + raise StandardError, 'Not reached' + end + + if defragged_claimed_id != endpoint.claimed_id + raise ProtocolError, ("Claimed ID does not match (different "\ + "subjects!), Expected "\ + "#{defragged_claimed_id}, got "\ + "#{endpoint.claimed_id}") + end + + if to_match.get_local_id != endpoint.get_local_id + raise ProtocolError, ("local_id mismatch. Expected "\ + "#{to_match.get_local_id}, got "\ + "#{endpoint.get_local_id}") + end + + # If the server URL is nil, this must be an OpenID 1 + # response, because op_endpoint is a required parameter in + # OpenID 2. In that case, we don't actually care what the + # discovered server_url is, because signature checking or + # check_auth should take care of that check for us. + if to_match.server_url.nil? + if to_match.preferred_namespace != OPENID1_NS + raise StandardError, + "The code calling this must ensure that OpenID 2 "\ + "responses have a non-none `openid.op_endpoint' and "\ + "that it is set as the `server_url' attribute of the "\ + "`to_match' endpoint." + end + elsif to_match.server_url != endpoint.server_url + raise ProtocolError, ("OP Endpoint mismatch. Expected"\ + "#{to_match.server_url}, got "\ + "#{endpoint.server_url}") + end + end + + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/responses.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/responses.rb new file mode 100644 index 0000000000..91262398e2 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/consumer/responses.rb @@ -0,0 +1,148 @@ +module OpenID + class Consumer + # Code returned when either the of the + # OpenID::OpenIDConsumer.begin_auth or OpenID::OpenIDConsumer.complete_auth + # methods return successfully. + SUCCESS = :success + + # Code OpenID::OpenIDConsumer.complete_auth + # returns when the value it received indicated an invalid login. + FAILURE = :failure + + # Code returned by OpenIDConsumer.complete_auth when the user + # cancels the operation from the server. + CANCEL = :cancel + + # Code returned by OpenID::OpenIDConsumer.complete_auth when the + # OpenIDConsumer instance is in immediate mode and ther server sends back a + # URL for the user to login with. + SETUP_NEEDED = :setup_needed + + + module Response + attr_reader :endpoint + + def status + self.class::STATUS + end + + # The identity URL that has been authenticated; the Claimed Identifier. + # See also display_identifier. + def identity_url + @endpoint ? @endpoint.claimed_id : nil + end + + # The display identifier is related to the Claimed Identifier, but the + # two are not always identical. The display identifier is something the + # user should recognize as what they entered, whereas the response's + # claimed identifier (in the identity_url attribute) may have extra + # information for better persistence. + # + # URLs will be stripped of their fragments for display. XRIs will + # display the human-readable identifier (i-name) instead of the + # persistent identifier (i-number). + # + # Use the display identifier in your user interface. Use identity_url + # for querying your database or authorization server, or other + # identifier equality comparisons. + def display_identifier + @endpoint ? @endpoint.display_identifier : nil + end + end + + # A successful acknowledgement from the OpenID server that the + # supplied URL is, indeed controlled by the requesting agent. + class SuccessResponse + include Response + + STATUS = SUCCESS + + attr_reader :message, :signed_fields + + def initialize(endpoint, message, signed_fields) + # Don't use :endpoint=, because endpoint should never be nil + # for a successfull transaction. + @endpoint = endpoint + @identity_url = endpoint.claimed_id + @message = message + @signed_fields = signed_fields + end + + # Was this authentication response an OpenID 1 authentication + # response? + def is_openid1 + @message.is_openid1 + end + + # Return whether a particular key is signed, regardless of its + # namespace alias + def signed?(ns_uri, ns_key) + @signed_fields.member?(@message.get_key(ns_uri, ns_key)) + end + + # Return the specified signed field if available, otherwise + # return default + def get_signed(ns_uri, ns_key, default=nil) + if singed?(ns_uri, ns_key) + return @message.get_arg(ns_uri, ns_key, default) + else + return default + end + end + + # Get signed arguments from the response message. Return a dict + # of all arguments in the specified namespace. If any of the + # arguments are not signed, return nil. + def get_signed_ns(ns_uri) + msg_args = @message.get_args(ns_uri) + msg_args.each_key do |key| + if !signed?(ns_uri, key) + return nil + end + end + return msg_args + end + + # Return response arguments in the specified namespace. + # If require_signed is true and the arguments are not signed, + # return nil. + def extension_response(namespace_uri, require_signed) + if require_signed + get_signed_ns(namespace_uri) + else + @message.get_args(namespace_uri) + end + end + end + + class FailureResponse + include Response + STATUS = FAILURE + + attr_reader :message, :contact, :reference + def initialize(endpoint, message, contact=nil, reference=nil) + @endpoint = endpoint + @message = message + @contact = contact + @reference = reference + end + end + + class CancelResponse + include Response + STATUS = CANCEL + def initialize(endpoint) + @endpoint = endpoint + end + end + + class SetupNeededResponse + include Response + STATUS = SETUP_NEEDED + def initialize(endpoint, setup_url) + @endpoint = endpoint + @setup_url = setup_url + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/cryptutil.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/cryptutil.rb new file mode 100644 index 0000000000..d8ffead9b1 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/cryptutil.rb @@ -0,0 +1,97 @@ +require "openid/util" +require "digest/sha1" +require "digest/sha2" +begin + require "digest/hmac" +rescue LoadError + require "hmac/sha1" + require "hmac/sha2" +end + +module OpenID + # This module contains everything needed to perform low-level + # cryptograph and data manipulation tasks. + module CryptUtil + + # Generate a random number, doing a little extra work to make it + # more likely that it's suitable for cryptography. If your system + # doesn't have /dev/urandom then this number is not + # cryptographically safe. See + # + # for more information. max is the largest possible value of such + # a random number, where the result will be less than max. + def CryptUtil.rand(max) + Kernel.srand() + return Kernel.rand(max) + end + + def CryptUtil.sha1(text) + return Digest::SHA1.digest(text) + end + + def CryptUtil.hmac_sha1(key, text) + if Digest.const_defined? :HMAC + Digest::HMAC.new(key,Digest::SHA1).update(text).digest + else + return HMAC::SHA1.digest(key, text) + end + end + + def CryptUtil.sha256(text) + return Digest::SHA256.digest(text) + end + + def CryptUtil.hmac_sha256(key, text) + if Digest.const_defined? :HMAC + Digest::HMAC.new(key,Digest::SHA256).update(text).digest + else + return HMAC::SHA256.digest(key, text) + end + end + + # Generate a random string of the given length, composed of the + # specified characters. If chars is nil, generate a string + # composed of characters in the range 0..255. + def CryptUtil.random_string(length, chars=nil) + s = "" + + unless chars.nil? + length.times { s << chars[rand(chars.length)] } + else + length.times { s << rand(256).chr } + end + return s + end + + # Convert a number to its binary representation; return a string + # of bytes. + def CryptUtil.num_to_binary(n) + bits = n.to_s(2) + prepend = (8 - bits.length % 8) + bits = ('0' * prepend) + bits + return [bits].pack('B*') + end + + # Convert a string of bytes into a number. + def CryptUtil.binary_to_num(s) + # taken from openid-ruby 0.0.1 + s = "\000" * (4 - (s.length % 4)) + s + num = 0 + s.unpack('N*').each do |x| + num <<= 32 + num |= x + end + return num + end + + # Encode a number as a base64-encoded byte string. + def CryptUtil.num_to_base64(l) + return OpenID::Util.to_base64(num_to_binary(l)) + end + + # Decode a base64 byte string to a number. + def CryptUtil.base64_to_num(s) + return binary_to_num(OpenID::Util.from_base64(s)) + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/dh.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/dh.rb new file mode 100644 index 0000000000..cbe531147b --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/dh.rb @@ -0,0 +1,89 @@ +require "openid/util" +require "openid/cryptutil" + +module OpenID + + # Encapsulates a Diffie-Hellman key exchange. This class is used + # internally by both the consumer and server objects. + # + # Read more about Diffie-Hellman on wikipedia: + # http://en.wikipedia.org/wiki/Diffie-Hellman + + class DiffieHellman + + # From the OpenID specification + @@default_mod = 155172898181473697471232257763715539915724801966915404479707795314057629378541917580651227423698188993727816152646631438561595825688188889951272158842675419950341258706556549803580104870537681476726513255747040765857479291291572334510643245094715007229621094194349783925984760375594985848253359305585439638443 + @@default_gen = 2 + + attr_reader :modulus, :generator, :public + + # A new DiffieHellman object, using the modulus and generator from + # the OpenID specification + def DiffieHellman.from_defaults + DiffieHellman.new(@@default_mod, @@default_gen) + end + + def initialize(modulus=nil, generator=nil, priv=nil) + @modulus = modulus.nil? ? @@default_mod : modulus + @generator = generator.nil? ? @@default_gen : generator + set_private(priv.nil? ? OpenID::CryptUtil.rand(@modulus-2) + 1 : priv) + end + + def get_shared_secret(composite) + DiffieHellman.powermod(composite, @private, @modulus) + end + + def xor_secret(algorithm, composite, secret) + dh_shared = get_shared_secret(composite) + packed_dh_shared = OpenID::CryptUtil.num_to_binary(dh_shared) + hashed_dh_shared = algorithm.call(packed_dh_shared) + return DiffieHellman.strxor(secret, hashed_dh_shared) + end + + def using_default_values? + @generator == @@default_gen && @modulus == @@default_mod + end + + private + def set_private(priv) + @private = priv + @public = DiffieHellman.powermod(@generator, @private, @modulus) + end + + def DiffieHellman.strxor(s, t) + if s.length != t.length + raise ArgumentError, "strxor: lengths don't match. " + + "Inputs were #{s.inspect} and #{t.inspect}" + end + + if String.method_defined? :bytes + s.bytes.zip(t.bytes).map{|sb,tb| sb^tb}.pack('C*') + else + indices = 0...(s.length) + chrs = indices.collect {|i| (s[i]^t[i]).chr} + chrs.join("") + end + end + + # This code is taken from this post: + # + # by Eric Lee Green. + def DiffieHellman.powermod(x, n, q) + counter=0 + n_p=n + y_p=1 + z_p=x + while n_p != 0 + if n_p[0]==1 + y_p=(y_p*z_p) % q + end + n_p = n_p >> 1 + z_p = (z_p * z_p) % q + counter += 1 + end + return y_p + end + + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/extension.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/extension.rb new file mode 100644 index 0000000000..f0f02bb5cb --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/extension.rb @@ -0,0 +1,39 @@ +require 'openid/message' + +module OpenID + # An interface for OpenID extensions. + class Extension < Object + + def initialize + @ns_uri = nil + @ns_alias = nil + end + + # Get the string arguments that should be added to an OpenID + # message for this extension. + def get_extension_args + raise NotImplementedError + end + + # Add the arguments from this extension to the provided + # message, or create a new message containing only those + # arguments. Returns the message with added extension args. + def to_message(message = nil) + if message.nil? +# warnings.warn('Passing None to Extension.toMessage is deprecated. ' +# 'Creating a message assuming you want OpenID 2.', +# DeprecationWarning, stacklevel=2) + Message.new(OPENID2_NS) + end + message = Message.new if message.nil? + + implicit = message.is_openid1() + + message.namespaces.add_alias(@ns_uri, @ns_alias, implicit) + # XXX python ignores keyerror if m.ns.getAlias(uri) == alias + + message.update_args(@ns_uri, get_extension_args) + return message + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/extensions/ax.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/extensions/ax.rb new file mode 100644 index 0000000000..55eda8e7c3 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/extensions/ax.rb @@ -0,0 +1,516 @@ +# Implements the OpenID attribute exchange specification, version 1.0 + +require 'openid/extension' +require 'openid/trustroot' +require 'openid/message' + +module OpenID + module AX + + UNLIMITED_VALUES = "unlimited" + MINIMUM_SUPPORTED_ALIAS_LENGTH = 32 + + # check alias for invalid characters, raise AXError if found + def self.check_alias(name) + if name.match(/(,|\.)/) + raise Error, ("Alias #{name.inspect} must not contain a "\ + "comma or period.") + end + end + + # Raised when data does not comply with AX 1.0 specification + class Error < ArgumentError + end + + # Abstract class containing common code for attribute exchange messages + class AXMessage < Extension + attr_accessor :ns_alias, :mode, :ns_uri + + NS_URI = 'http://openid.net/srv/ax/1.0' + def initialize + @ns_alias = 'ax' + @ns_uri = NS_URI + @mode = nil + end + + protected + + # Raise an exception if the mode in the attribute exchange + # arguments does not match what is expected for this class. + def check_mode(ax_args) + actual_mode = ax_args['mode'] + if actual_mode != @mode + raise Error, "Expected mode #{mode.inspect}, got #{actual_mode.inspect}" + end + end + + def new_args + {'mode' => @mode} + end + end + + # Represents a single attribute in an attribute exchange + # request. This should be added to an Request object in order to + # request the attribute. + # + # @ivar required: Whether the attribute will be marked as required + # when presented to the subject of the attribute exchange + # request. + # @type required: bool + # + # @ivar count: How many values of this type to request from the + # subject. Defaults to one. + # @type count: int + # + # @ivar type_uri: The identifier that determines what the attribute + # represents and how it is serialized. For example, one type URI + # representing dates could represent a Unix timestamp in base 10 + # and another could represent a human-readable string. + # @type type_uri: str + # + # @ivar ns_alias: The name that should be given to this alias in the + # request. If it is not supplied, a generic name will be + # assigned. For example, if you want to call a Unix timestamp + # value 'tstamp', set its alias to that value. If two attributes + # in the same message request to use the same alias, the request + # will fail to be generated. + # @type alias: str or NoneType + class AttrInfo < Object + attr_reader :type_uri, :count, :ns_alias + attr_accessor :required + def initialize(type_uri, ns_alias=nil, required=false, count=1) + @type_uri = type_uri + @count = count + @required = required + @ns_alias = ns_alias + end + + def wants_unlimited_values? + @count == UNLIMITED_VALUES + end + end + + # Given a namespace mapping and a string containing a + # comma-separated list of namespace aliases, return a list of type + # URIs that correspond to those aliases. + # namespace_map: OpenID::NamespaceMap + def self.to_type_uris(namespace_map, alias_list_s) + return [] if alias_list_s.nil? + alias_list_s.split(',').inject([]) {|uris, name| + type_uri = namespace_map.get_namespace_uri(name) + raise IndexError, "No type defined for attribute name #{name.inspect}" if type_uri.nil? + uris << type_uri + } + end + + + # An attribute exchange 'fetch_request' message. This message is + # sent by a relying party when it wishes to obtain attributes about + # the subject of an OpenID authentication request. + class FetchRequest < AXMessage + attr_reader :requested_attributes + attr_accessor :update_url + + def initialize(update_url = nil) + super() + @mode = 'fetch_request' + @requested_attributes = {} + @update_url = update_url + end + + # Add an attribute to this attribute exchange request. + # attribute: AttrInfo, the attribute being requested + # Raises IndexError if the requested attribute is already present + # in this request. + def add(attribute) + if @requested_attributes[attribute.type_uri] + raise IndexError, "The attribute #{attribute.type_uri} has already been requested" + end + @requested_attributes[attribute.type_uri] = attribute + end + + # Get the serialized form of this attribute fetch request. + # returns a hash of the arguments + def get_extension_args + aliases = NamespaceMap.new + required = [] + if_available = [] + ax_args = new_args + @requested_attributes.each{|type_uri, attribute| + if attribute.ns_alias + name = aliases.add_alias(type_uri, attribute.ns_alias) + else + name = aliases.add(type_uri) + end + if attribute.required + required << name + else + if_available << name + end + if attribute.count != 1 + ax_args["count.#{name}"] = attribute.count.to_s + end + ax_args["type.#{name}"] = type_uri + } + + unless required.empty? + ax_args['required'] = required.join(',') + end + unless if_available.empty? + ax_args['if_available'] = if_available.join(',') + end + return ax_args + end + + # Get the type URIs for all attributes that have been marked + # as required. + def get_required_attrs + @requested_attributes.inject([]) {|required, (type_uri, attribute)| + if attribute.required + required << type_uri + else + required + end + } + end + + # Extract a FetchRequest from an OpenID message + # message: OpenID::Message + # return a FetchRequest or nil if AX arguments are not present + def self.from_openid_request(oidreq) + message = oidreq.message + ax_args = message.get_args(NS_URI) + return nil if ax_args == {} + req = new + req.parse_extension_args(ax_args) + + if req.update_url + realm = message.get_arg(OPENID_NS, 'realm', + message.get_arg(OPENID_NS, 'return_to')) + if realm.nil? or realm.empty? + raise Error, "Cannot validate update_url #{req.update_url.inspect} against absent realm" + end + tr = TrustRoot::TrustRoot.parse(realm) + unless tr.validate_url(req.update_url) + raise Error, "Update URL #{req.update_url.inspect} failed validation against realm #{realm.inspect}" + end + end + + return req + end + + def parse_extension_args(ax_args) + check_mode(ax_args) + + aliases = NamespaceMap.new + + ax_args.each{|k,v| + if k.index('type.') == 0 + name = k[5..-1] + type_uri = v + aliases.add_alias(type_uri, name) + + count_key = 'count.'+name + count_s = ax_args[count_key] + count = 1 + if count_s + if count_s == UNLIMITED_VALUES + count = count_s + else + count = count_s.to_i + if count <= 0 + raise Error, "Invalid value for count #{count_key.inspect}: #{count_s.inspect}" + end + end + end + add(AttrInfo.new(type_uri, name, false, count)) + end + } + + required = AX.to_type_uris(aliases, ax_args['required']) + required.each{|type_uri| + @requested_attributes[type_uri].required = true + } + if_available = AX.to_type_uris(aliases, ax_args['if_available']) + all_type_uris = required + if_available + + aliases.namespace_uris.each{|type_uri| + unless all_type_uris.member? type_uri + raise Error, "Type URI #{type_uri.inspect} was in the request but not present in 'required' or 'if_available'" + end + } + @update_url = ax_args['update_url'] + end + + # return the list of AttrInfo objects contained in the FetchRequest + def attributes + @requested_attributes.values + end + + # return the list of requested attribute type URIs + def requested_types + @requested_attributes.keys + end + + def member?(type_uri) + ! @requested_attributes[type_uri].nil? + end + + end + + # Abstract class that implements a message that has attribute + # keys and values. It contains the common code between + # fetch_response and store_request. + class KeyValueMessage < AXMessage + attr_reader :data + def initialize + super() + @mode = nil + @data = {} + @data.default = [] + end + + # Add a single value for the given attribute type to the + # message. If there are already values specified for this type, + # this value will be sent in addition to the values already + # specified. + def add_value(type_uri, value) + @data[type_uri] = @data[type_uri] << value + end + + # Set the values for the given attribute type. This replaces + # any values that have already been set for this attribute. + def set_values(type_uri, values) + @data[type_uri] = values + end + + # Get the extension arguments for the key/value pairs + # contained in this message. + def _get_extension_kv_args(aliases = nil) + aliases = NamespaceMap.new if aliases.nil? + + ax_args = new_args + + @data.each{|type_uri, values| + name = aliases.add(type_uri) + ax_args['type.'+name] = type_uri + ax_args['count.'+name] = values.size.to_s + + values.each_with_index{|value, i| + key = "value.#{name}.#{i+1}" + ax_args[key] = value + } + } + return ax_args + end + + # Parse attribute exchange key/value arguments into this object. + + def parse_extension_args(ax_args) + check_mode(ax_args) + aliases = NamespaceMap.new + + ax_args.each{|k, v| + if k.index('type.') == 0 + type_uri = v + name = k[5..-1] + + AX.check_alias(name) + aliases.add_alias(type_uri,name) + end + } + + aliases.each{|type_uri, name| + count_s = ax_args['count.'+name] + count = count_s.to_i + if count_s.nil? + value = ax_args['value.'+name] + if value.nil? + raise IndexError, "Missing #{'value.'+name} in FetchResponse" + elsif value.empty? + values = [] + else + values = [value] + end + elsif count_s.to_i == 0 + values = [] + else + values = (1..count).inject([]){|l,i| + key = "value.#{name}.#{i}" + v = ax_args[key] + raise IndexError, "Missing #{key} in FetchResponse" if v.nil? + l << v + } + end + @data[type_uri] = values + } + end + + # Get a single value for an attribute. If no value was sent + # for this attribute, use the supplied default. If there is more + # than one value for this attribute, this method will fail. + def get_single(type_uri, default = nil) + values = @data[type_uri] + return default if values.empty? + if values.size != 1 + raise Error, "More than one value present for #{type_uri.inspect}" + else + return values[0] + end + end + + # retrieve the list of values for this attribute + def get(type_uri) + @data[type_uri] + end + + # retrieve the list of values for this attribute + def [](type_uri) + @data[type_uri] + end + + # get the number of responses for this attribute + def count(type_uri) + @data[type_uri].size + end + + end + + # A fetch_response attribute exchange message + class FetchResponse < KeyValueMessage + attr_reader :update_url + + def initialize(update_url = nil) + super() + @mode = 'fetch_response' + @update_url = update_url + end + + # Serialize this object into arguments in the attribute + # exchange namespace + # Takes an optional FetchRequest. If specified, the response will be + # validated against this request, and empty responses for requested + # fields with no data will be sent. + def get_extension_args(request = nil) + aliases = NamespaceMap.new + zero_value_types = [] + + if request + # Validate the data in the context of the request (the + # same attributes should be present in each, and the + # counts in the response must be no more than the counts + # in the request) + @data.keys.each{|type_uri| + unless request.member? type_uri + raise IndexError, "Response attribute not present in request: #{type_uri.inspect}" + end + } + + request.attributes.each{|attr_info| + # Copy the aliases from the request so that reading + # the response in light of the request is easier + if attr_info.ns_alias.nil? + aliases.add(attr_info.type_uri) + else + aliases.add_alias(attr_info.type_uri, attr_info.ns_alias) + end + values = @data[attr_info.type_uri] + if values.empty? # @data defaults to [] + zero_value_types << attr_info + end + if attr_info.count != UNLIMITED_VALUES and attr_info.count < values.size + raise Error, "More than the number of requested values were specified for #{attr_info.type_uri.inspect}" + end + } + end + + kv_args = _get_extension_kv_args(aliases) + + # Add the KV args into the response with the args that are + # unique to the fetch_response + ax_args = new_args + + zero_value_types.each{|attr_info| + name = aliases.get_alias(attr_info.type_uri) + kv_args['type.' + name] = attr_info.type_uri + kv_args['count.' + name] = '0' + } + update_url = (request and request.update_url or @update_url) + ax_args['update_url'] = update_url unless update_url.nil? + ax_args.update(kv_args) + return ax_args + end + + def parse_extension_args(ax_args) + super + @update_url = ax_args['update_url'] + end + + # Construct a FetchResponse object from an OpenID library + # SuccessResponse object. + def self.from_success_response(success_response, signed=true) + obj = self.new + if signed + ax_args = success_response.get_signed_ns(obj.ns_uri) + else + ax_args = success_response.message.get_args(obj.ns_uri) + end + + begin + obj.parse_extension_args(ax_args) + return obj + rescue Error => e + return nil + end + end + end + + # A store request attribute exchange message representation + class StoreRequest < KeyValueMessage + def initialize + super + @mode = 'store_request' + end + + def get_extension_args(aliases=nil) + ax_args = new_args + kv_args = _get_extension_kv_args(aliases) + ax_args.update(kv_args) + return ax_args + end + end + + # An indication that the store request was processed along with + # this OpenID transaction. + class StoreResponse < AXMessage + SUCCESS_MODE = 'store_response_success' + FAILURE_MODE = 'store_response_failure' + attr_reader :error_message + + def initialize(succeeded = true, error_message = nil) + super() + if succeeded and error_message + raise Error, "Error message included in a success response" + end + if succeeded + @mode = SUCCESS_MODE + else + @mode = FAILURE_MODE + end + @error_message = error_message + end + + def succeeded? + @mode == SUCCESS_MODE + end + + def get_extension_args + ax_args = new_args + if !succeeded? and error_message + ax_args['error'] = @error_message + end + return ax_args + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/extensions/pape.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/extensions/pape.rb new file mode 100644 index 0000000000..0a7413c1b3 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/extensions/pape.rb @@ -0,0 +1,179 @@ +# An implementation of the OpenID Provider Authentication Policy +# Extension 1.0 +# see: http://openid.net/specs/ + +require 'openid/extension' + +module OpenID + + module PAPE + NS_URI = "http://specs.openid.net/extensions/pape/1.0" + AUTH_MULTI_FACTOR_PHYSICAL = + 'http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical' + AUTH_MULTI_FACTOR = + 'http://schemas.openid.net/pape/policies/2007/06/multi-factor' + AUTH_PHISHING_RESISTANT = + 'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant' + TIME_VALIDATOR = /\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ/ + # A Provider Authentication Policy request, sent from a relying + # party to a provider + class Request < Extension + attr_accessor :preferred_auth_policies, :max_auth_age, :ns_alias, :ns_uri + def initialize(preferred_auth_policies=[], max_auth_age=nil) + @ns_alias = 'pape' + @ns_uri = NS_URI + @preferred_auth_policies = preferred_auth_policies + @max_auth_age = max_auth_age + end + + # Add an acceptable authentication policy URI to this request + # This method is intended to be used by the relying party to add + # acceptable authentication types to the request. + def add_policy_uri(policy_uri) + unless @preferred_auth_policies.member? policy_uri + @preferred_auth_policies << policy_uri + end + end + + def get_extension_args + ns_args = { + 'preferred_auth_policies' => @preferred_auth_policies.join(' ') + } + ns_args['max_auth_age'] = @max_auth_age.to_s if @max_auth_age + return ns_args + end + + # Instantiate a Request object from the arguments in a + # checkid_* OpenID message + # return nil if the extension was not requested. + def self.from_openid_request(oid_req) + pape_req = new + args = oid_req.message.get_args(NS_URI) + if args == {} + return nil + end + pape_req.parse_extension_args(args) + return pape_req + end + + # Set the state of this request to be that expressed in these + # PAPE arguments + def parse_extension_args(args) + @preferred_auth_policies = [] + policies_str = args['preferred_auth_policies'] + if policies_str + policies_str.split(' ').each{|uri| + add_policy_uri(uri) + } + end + + max_auth_age_str = args['max_auth_age'] + if max_auth_age_str + @max_auth_age = max_auth_age_str.to_i + else + @max_auth_age = nil + end + end + + # Given a list of authentication policy URIs that a provider + # supports, this method returns the subset of those types + # that are preferred by the relying party. + def preferred_types(supported_types) + @preferred_auth_policies.select{|uri| supported_types.member? uri} + end + end + + # A Provider Authentication Policy response, sent from a provider + # to a relying party + class Response < Extension + attr_accessor :ns_alias, :auth_policies, :auth_time, :nist_auth_level + def initialize(auth_policies=[], auth_time=nil, nist_auth_level=nil) + @ns_alias = 'pape' + @ns_uri = NS_URI + @auth_policies = auth_policies + @auth_time = auth_time + @nist_auth_level = nist_auth_level + end + + # Add a policy URI to the response + # see http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies + def add_policy_uri(policy_uri) + @auth_policies << policy_uri unless @auth_policies.member?(policy_uri) + end + + # Create a Response object from an OpenID::Consumer::SuccessResponse + def self.from_success_response(success_response) + args = success_response.get_signed_ns(NS_URI) + return nil if args.nil? + pape_resp = new + pape_resp.parse_extension_args(args) + return pape_resp + end + + # parse the provider authentication policy arguments into the + # internal state of this object + # if strict is specified, raise an exception when bad data is + # encountered + def parse_extension_args(args, strict=false) + policies_str = args['auth_policies'] + if policies_str and policies_str != 'none' + @auth_policies = policies_str.split(' ') + end + + nist_level_str = args['nist_auth_level'] + if nist_level_str + # special handling of zero to handle to_i behavior + if nist_level_str.strip == '0' + nist_level = 0 + else + nist_level = nist_level_str.to_i + # if it's zero here we have a bad value + if nist_level == 0 + nist_level = nil + end + end + if nist_level and nist_level >= 0 and nist_level < 5 + @nist_auth_level = nist_level + elsif strict + raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{nist_level_str.inspect}" + end + end + + auth_time_str = args['auth_time'] + if auth_time_str + # validate time string + if auth_time_str =~ TIME_VALIDATOR + @auth_time = auth_time_str + elsif strict + raise ArgumentError, "auth_time must be in RFC3339 format" + end + end + end + + def get_extension_args + ns_args = {} + if @auth_policies.empty? + ns_args['auth_policies'] = 'none' + else + ns_args['auth_policies'] = @auth_policies.join(' ') + end + if @nist_auth_level + unless (0..4).member? @nist_auth_level + raise ArgumentError, "nist_auth_level must be an integer 0 through 4, not #{@nist_auth_level.inspect}" + end + ns_args['nist_auth_level'] = @nist_auth_level.to_s + end + + if @auth_time + unless @auth_time =~ TIME_VALIDATOR + raise ArgumentError, "auth_time must be in RFC3339 format" + end + ns_args['auth_time'] = @auth_time + end + return ns_args + end + + end + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/extensions/sreg.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/extensions/sreg.rb new file mode 100644 index 0000000000..8dc780eb00 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/extensions/sreg.rb @@ -0,0 +1,277 @@ +require 'openid/extension' +require 'openid/util' +require 'openid/message' + +module OpenID + module SReg + DATA_FIELDS = { + 'fullname'=>'Full Name', + 'nickname'=>'Nickname', + 'dob'=>'Date of Birth', + 'email'=>'E-mail Address', + 'gender'=>'Gender', + 'postcode'=>'Postal Code', + 'country'=>'Country', + 'language'=>'Language', + 'timezone'=>'Time Zone', + } + + NS_URI_1_0 = 'http://openid.net/sreg/1.0' + NS_URI_1_1 = 'http://openid.net/extensions/sreg/1.1' + NS_URI = NS_URI_1_1 + + begin + Message.register_namespace_alias(NS_URI_1_1, 'sreg') + rescue NamespaceAliasRegistrationError => e + Util.log(e) + end + + # raise ArgumentError if fieldname is not in the defined sreg fields + def OpenID.check_sreg_field_name(fieldname) + unless DATA_FIELDS.member? fieldname + raise ArgumentError, "#{fieldname} is not a defined simple registration field" + end + end + + # Does the given endpoint advertise support for simple registration? + def OpenID.supports_sreg?(endpoint) + endpoint.uses_extension(NS_URI_1_1) || endpoint.uses_extension(NS_URI_1_0) + end + + # Extract the simple registration namespace URI from the given + # OpenID message. Handles OpenID 1 and 2, as well as both sreg + # namespace URIs found in the wild, as well as missing namespace + # definitions (for OpenID 1) + def OpenID.get_sreg_ns(message) + [NS_URI_1_1, NS_URI_1_0].each{|ns| + if message.namespaces.get_alias(ns) + return ns + end + } + # try to add an alias, since we didn't find one + ns = NS_URI_1_1 + begin + message.namespaces.add_alias(ns, 'sreg') + rescue IndexError + raise NamespaceError + end + return ns + end + + # The simple registration namespace was not found and could not + # be created using the expected name (there's another extension + # using the name 'sreg') + # + # This is not illegal, for OpenID 2, although it probably + # indicates a problem, since it's not expected that other extensions + # will re-use the alias that is in use for OpenID 1. + # + # If this is an OpenID 1 request, then there is no recourse. This + # should not happen unless some code has modified the namespaces for + # the message that is being processed. + class NamespaceError < ArgumentError + end + + # An object to hold the state of a simple registration request. + class Request < Extension + attr_reader :optional, :required, :ns_uri + attr_accessor :policy_url + def initialize(required = nil, optional = nil, policy_url = nil, ns_uri = NS_URI) + super() + + @policy_url = policy_url + @ns_uri = ns_uri + @ns_alias = 'sreg' + @required = [] + @optional = [] + + if required + request_fields(required, true, true) + end + if optional + request_fields(optional, false, true) + end + end + + # Create a simple registration request that contains the + # fields that were requested in the OpenID request with the + # given arguments + # Takes an OpenID::CheckIDRequest, returns an OpenID::Sreg::Request + # return nil if the extension was not requested. + def self.from_openid_request(request) + # Since we're going to mess with namespace URI mapping, don't + # mutate the object that was passed in. + message = request.message.copy + ns_uri = OpenID::get_sreg_ns(message) + args = message.get_args(ns_uri) + return nil if args == {} + req = new(nil,nil,nil,ns_uri) + req.parse_extension_args(args) + return req + end + + # Parse the unqualified simple registration request + # parameters and add them to this object. + # + # This method is essentially the inverse of + # getExtensionArgs. This method restores the serialized simple + # registration request fields. + # + # If you are extracting arguments from a standard OpenID + # checkid_* request, you probably want to use fromOpenIDRequest, + # which will extract the sreg namespace and arguments from the + # OpenID request. This method is intended for cases where the + # OpenID server needs more control over how the arguments are + # parsed than that method provides. + def parse_extension_args(args, strict = false) + required_items = args['required'] + unless required_items.nil? or required_items.empty? + required_items.split(',').each{|field_name| + begin + request_field(field_name, true, strict) + rescue ArgumentError + raise if strict + end + } + end + + optional_items = args['optional'] + unless optional_items.nil? or optional_items.empty? + optional_items.split(',').each{|field_name| + begin + request_field(field_name, false, strict) + rescue ArgumentError + raise if strict + end + } + end + @policy_url = args['policy_url'] + end + + # A list of all of the simple registration fields that were + # requested, whether they were required or optional. + def all_requested_fields + @required + @optional + end + + # Have any simple registration fields been requested? + def were_fields_requested? + !all_requested_fields.empty? + end + + # Request the specified field from the OpenID user + # field_name: the unqualified simple registration field name + # required: whether the given field should be presented + # to the user as being a required to successfully complete + # the request + # strict: whether to raise an exception when a field is + # added to a request more than once + # Raises ArgumentError if the field_name is not a simple registration + # field, or if strict is set and a field is added more than once + def request_field(field_name, required=false, strict=false) + OpenID::check_sreg_field_name(field_name) + + if strict + if (@required + @optional).member? field_name + raise ArgumentError, 'That field has already been requested' + end + else + return if @required.member? field_name + if @optional.member? field_name + if required + @optional.delete field_name + else + return + end + end + end + if required + @required << field_name + else + @optional << field_name + end + end + + # Add the given list of fields to the request. + def request_fields(field_names, required = false, strict = false) + raise ArgumentError unless field_names.respond_to?(:each) and + field_names[0].is_a?(String) + field_names.each{|fn|request_field(fn, required, strict)} + end + + # Get a hash of unqualified simple registration arguments + # representing this request. + # This method is essentially the inverse of parse_extension_args. + # This method serializes the simple registration request fields. + def get_extension_args + args = {} + args['required'] = @required.join(',') unless @required.empty? + args['optional'] = @optional.join(',') unless @optional.empty? + args['policy_url'] = @policy_url unless @policy_url.nil? + return args + end + + def member?(field_name) + all_requested_fields.member?(field_name) + end + + end + + # Represents the data returned in a simple registration response + # inside of an OpenID id_res response. This object will be + # created by the OpenID server, added to the id_res response + # object, and then extracted from the id_res message by the Consumer. + class Response < Extension + attr_reader :ns_uri, :data + + def initialize(data = {}, ns_uri=NS_URI) + @ns_alias = 'sreg' + @data = data + @ns_uri = ns_uri + end + + # Take a Request and a hash of simple registration + # values and create a Response object containing that data. + def self.extract_response(request, data) + arf = request.all_requested_fields + resp_data = data.reject{|k,v| !arf.member?(k) || v.nil? } + new(resp_data, request.ns_uri) + end + + # Create an Response object from an + # OpenID::Consumer::SuccessResponse from consumer.complete + # If you set the signed_only parameter to false, unsigned data from + # the id_res message from the server will be processed. + def self.from_success_response(success_response, signed_only = true) + ns_uri = OpenID::get_sreg_ns(success_response.message) + if signed_only + args = success_response.get_signed_ns(ns_uri) + return nil if args.nil? # No signed args, so fail + else + args = success_response.message.get_args(ns_uri) + end + args.reject!{|k,v| !DATA_FIELDS.member?(k) } + new(args, ns_uri) + end + + # Get the fields to put in the simple registration namespace + # when adding them to an id_res message. + def get_extension_args + return @data + end + + # Read-only hashlike interface. + # Raises an exception if the field name is bad + def [](field_name) + OpenID::check_sreg_field_name(field_name) + data[field_name] + end + + def empty? + @data.empty? + end + # XXX is there more to a hashlike interface I should add? + end + end +end + diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/extras.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/extras.rb new file mode 100644 index 0000000000..0d9560abc7 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/extras.rb @@ -0,0 +1,11 @@ +class String + def starts_with?(other) + head = self[0, other.length] + head == other + end + + def ends_with?(other) + tail = self[-1 * other.length, other.length] + tail == other + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/fetchers.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/fetchers.rb new file mode 100644 index 0000000000..22c87ac33f --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/fetchers.rb @@ -0,0 +1,238 @@ +require 'net/http' +require 'openid' +require 'openid/util' + +begin + require 'net/https' +rescue LoadError + OpenID::Util.log('WARNING: no SSL support found. Will not be able ' + + 'to fetch HTTPS URLs!') + require 'net/http' +end + +MAX_RESPONSE_KB = 1024 + +module Net + class HTTP + def post_connection_check(hostname) + check_common_name = true + cert = @socket.io.peer_cert + cert.extensions.each { |ext| + next if ext.oid != "subjectAltName" + ext.value.split(/,\s+/).each{ |general_name| + if /\ADNS:(.*)/ =~ general_name + check_common_name = false + reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+") + return true if /\A#{reg}\z/i =~ hostname + elsif /\AIP Address:(.*)/ =~ general_name + check_common_name = false + return true if $1 == hostname + end + } + } + if check_common_name + cert.subject.to_a.each{ |oid, value| + if oid == "CN" + reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+") + return true if /\A#{reg}\z/i =~ hostname + end + } + end + raise OpenSSL::SSL::SSLError, "hostname does not match" + end + end +end + +module OpenID + # Our HTTPResponse class extends Net::HTTPResponse with an additional + # method, final_url. + class HTTPResponse + attr_accessor :final_url + + attr_accessor :_response + + def self._from_net_response(response, final_url, headers=nil) + me = self.new + me._response = response + me.final_url = final_url + return me + end + + def method_missing(method, *args) + @_response.send(method, *args) + end + + def body=(s) + @_response.instance_variable_set('@body', s) + # XXX Hack to work around ruby's HTTP library behavior. @body + # is only returned if it has been read from the response + # object's socket, but since we're not using a socket in this + # case, we need to set the @read flag to true to avoid a bug in + # Net::HTTPResponse.stream_check when @socket is nil. + @_response.instance_variable_set('@read', true) + end + end + + class FetchingError < OpenIDError + end + + class HTTPRedirectLimitReached < FetchingError + end + + class SSLFetchingError < FetchingError + end + + @fetcher = nil + + def self.fetch(url, body=nil, headers=nil, + redirect_limit=StandardFetcher::REDIRECT_LIMIT) + return fetcher.fetch(url, body, headers, redirect_limit) + end + + def self.fetcher + if @fetcher.nil? + @fetcher = StandardFetcher.new + end + + return @fetcher + end + + def self.fetcher=(fetcher) + @fetcher = fetcher + end + + # Set the default fetcher to use the HTTP proxy defined in the environment + # variable 'http_proxy'. + def self.fetcher_use_env_http_proxy + proxy_string = ENV['http_proxy'] + return unless proxy_string + + proxy_uri = URI.parse(proxy_string) + @fetcher = StandardFetcher.new(proxy_uri.host, proxy_uri.port, + proxy_uri.user, proxy_uri.password) + end + + class StandardFetcher + + USER_AGENT = "ruby-openid/#{OpenID::VERSION} (#{RUBY_PLATFORM})" + + REDIRECT_LIMIT = 5 + TIMEOUT = 60 + + attr_accessor :ca_file + attr_accessor :timeout + + # I can fetch through a HTTP proxy; arguments are as for Net::HTTP::Proxy. + def initialize(proxy_addr=nil, proxy_port=nil, + proxy_user=nil, proxy_pass=nil) + @ca_file = nil + @proxy = Net::HTTP::Proxy(proxy_addr, proxy_port, proxy_user, proxy_pass) + @timeout = TIMEOUT + end + + def supports_ssl?(conn) + return conn.respond_to?(:use_ssl=) + end + + def make_http(uri) + http = @proxy.new(uri.host, uri.port) + http.read_timeout = @timeout + http.open_timeout = @timeout + return http + end + + def set_verified(conn, verify) + if verify + conn.verify_mode = OpenSSL::SSL::VERIFY_PEER + else + conn.verify_mode = OpenSSL::SSL::VERIFY_NONE + end + end + + def make_connection(uri) + conn = make_http(uri) + + if !conn.is_a?(Net::HTTP) + raise RuntimeError, sprintf("Expected Net::HTTP object from make_http; got %s", + conn.class) + end + + if uri.scheme == 'https' + if supports_ssl?(conn) + + conn.use_ssl = true + + if @ca_file + set_verified(conn, true) + conn.ca_file = @ca_file + else + Util.log("WARNING: making https request to #{uri} without verifying " + + "server certificate; no CA path was specified.") + set_verified(conn, false) + end + else + raise RuntimeError, "SSL support not found; cannot fetch #{uri}" + end + end + + return conn + end + + def fetch(url, body=nil, headers=nil, redirect_limit=REDIRECT_LIMIT) + unparsed_url = url.dup + url = URI::parse(url) + if url.nil? + raise FetchingError, "Invalid URL: #{unparsed_url}" + end + + headers ||= {} + headers['User-agent'] ||= USER_AGENT + + begin + conn = make_connection(url) + response = nil + + response = conn.start { + # Check the certificate against the URL's hostname + if supports_ssl?(conn) and conn.use_ssl? + conn.post_connection_check(url.host) + end + + if body.nil? + conn.request_get(url.request_uri, headers) + else + headers["Content-type"] ||= "application/x-www-form-urlencoded" + conn.request_post(url.request_uri, body, headers) + end + } + rescue RuntimeError => why + raise why + rescue OpenSSL::SSL::SSLError => why + raise SSLFetchingError, "Error connecting to SSL URL #{url}: #{why}" + rescue FetchingError => why + raise why + rescue Exception => why + # Things we've caught here include a Timeout::Error, which descends + # from SignalException. + raise FetchingError, "Error fetching #{url}: #{why}" + end + + case response + when Net::HTTPRedirection + if redirect_limit <= 0 + raise HTTPRedirectLimitReached.new( + "Too many redirects, not fetching #{response['location']}") + end + begin + return fetch(response['location'], body, headers, redirect_limit - 1) + rescue HTTPRedirectLimitReached => e + raise e + rescue FetchingError => why + raise FetchingError, "Error encountered in redirect from #{url}: #{why}" + end + else + return HTTPResponse._from_net_response(response, unparsed_url) + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/kvform.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/kvform.rb new file mode 100644 index 0000000000..c534d203e8 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/kvform.rb @@ -0,0 +1,136 @@ + +module OpenID + + class KVFormError < Exception + end + + module Util + + def Util.seq_to_kv(seq, strict=false) + # Represent a sequence of pairs of strings as newline-terminated + # key:value pairs. The pairs are generated in the order given. + # + # @param seq: The pairs + # + # returns a string representation of the sequence + err = lambda { |msg| + msg = "seq_to_kv warning: #{msg}: #{seq.inspect}" + if strict + raise KVFormError, msg + else + Util.log(msg) + end + } + + lines = [] + seq.each { |k, v| + if !k.is_a?(String) + err.call("Converting key to string: #{k.inspect}") + k = k.to_s + end + + if !k.index("\n").nil? + raise KVFormError, "Invalid input for seq_to_kv: key contains newline: #{k.inspect}" + end + + if !k.index(":").nil? + raise KVFormError, "Invalid input for seq_to_kv: key contains colon: #{k.inspect}" + end + + if k.strip() != k + err.call("Key has whitespace at beginning or end: #{k.inspect}") + end + + if !v.is_a?(String) + err.call("Converting value to string: #{v.inspect}") + v = v.to_s + end + + if !v.index("\n").nil? + raise KVFormError, "Invalid input for seq_to_kv: value contains newline: #{v.inspect}" + end + + if v.strip() != v + err.call("Value has whitespace at beginning or end: #{v.inspect}") + end + + lines << k + ":" + v + "\n" + } + + return lines.join("") + end + + def Util.kv_to_seq(data, strict=false) + # After one parse, seq_to_kv and kv_to_seq are inverses, with no + # warnings: + # + # seq = kv_to_seq(s) + # seq_to_kv(kv_to_seq(seq)) == seq + err = lambda { |msg| + msg = "kv_to_seq warning: #{msg}: #{data.inspect}" + if strict + raise KVFormError, msg + else + Util.log(msg) + end + } + + lines = data.split("\n") + if data.length == 0 + return [] + end + + if data[-1].chr != "\n" + err.call("Does not end in a newline") + # We don't expect the last element of lines to be an empty + # string because split() doesn't behave that way. + end + + pairs = [] + line_num = 0 + lines.each { |line| + line_num += 1 + + # Ignore blank lines + if line.strip() == "" + next + end + + pair = line.split(':', 2) + if pair.length == 2 + k, v = pair + k_s = k.strip() + if k_s != k + msg = "In line #{line_num}, ignoring leading or trailing whitespace in key #{k.inspect}" + err.call(msg) + end + + if k_s.length == 0 + err.call("In line #{line_num}, got empty key") + end + + v_s = v.strip() + if v_s != v + msg = "In line #{line_num}, ignoring leading or trailing whitespace in value #{v.inspect}" + err.call(msg) + end + + pairs << [k_s, v_s] + else + err.call("Line #{line_num} does not contain a colon") + end + } + + return pairs + end + + def Util.dict_to_kv(d) + return seq_to_kv(d.entries.sort) + end + + def Util.kv_to_dict(s) + seq = kv_to_seq(s) + return Hash[*seq.flatten] + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/kvpost.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/kvpost.rb new file mode 100644 index 0000000000..1495afe740 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/kvpost.rb @@ -0,0 +1,58 @@ +require "openid/message" +require "openid/fetchers" + +module OpenID + # Exception that is raised when the server returns a 400 response + # code to a direct request. + class ServerError < OpenIDError + attr_reader :error_text, :error_code, :message + + def initialize(error_text, error_code, message) + super(error_text) + @error_text = error_text + @error_code = error_code + @message = message + end + + def self.from_message(msg) + error_text = msg.get_arg(OPENID_NS, 'error', + '') + error_code = msg.get_arg(OPENID_NS, 'error_code') + return self.new(error_text, error_code, msg) + end + end + + class KVPostNetworkError < OpenIDError + end + class HTTPStatusError < OpenIDError + end + + class Message + def self.from_http_response(response, server_url) + msg = self.from_kvform(response.body) + case response.code.to_i + when 200 + return msg + when 206 + return msg + when 400 + raise ServerError.from_message(msg) + else + error_message = "bad status code from server #{server_url}: "\ + "#{response.code}" + raise HTTPStatusError.new(error_message) + end + end + end + + # Send the message to the server via HTTP POST and receive and parse + # a response in KV Form + def self.make_kv_post(request_message, server_url) + begin + http_response = self.fetch(server_url, request_message.to_url_encoded) + rescue Exception + raise KVPostNetworkError.new("Unable to contact OpenID server: #{$!.to_s}") + end + return Message.from_http_response(http_response, server_url) + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/message.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/message.rb new file mode 100644 index 0000000000..8700378ba1 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/message.rb @@ -0,0 +1,553 @@ +require 'openid/util' +require 'openid/kvform' + +module OpenID + + IDENTIFIER_SELECT = 'http://specs.openid.net/auth/2.0/identifier_select' + + # URI for Simple Registration extension, the only commonly deployed + # OpenID 1.x extension, and so a special case. + SREG_URI = 'http://openid.net/sreg/1.0' + + # The OpenID 1.x namespace URIs + OPENID1_NS = 'http://openid.net/signon/1.0' + OPENID11_NS = 'http://openid.net/signon/1.1' + OPENID1_NAMESPACES = [OPENID1_NS, OPENID11_NS] + + # The OpenID 2.0 namespace URI + OPENID2_NS = 'http://specs.openid.net/auth/2.0' + + # The namespace consisting of pairs with keys that are prefixed with + # "openid." but not in another namespace. + NULL_NAMESPACE = :null_namespace + + # The null namespace, when it is an allowed OpenID namespace + OPENID_NS = :openid_namespace + + # The top-level namespace, excluding all pairs with keys that start + # with "openid." + BARE_NS = :bare_namespace + + # Limit, in bytes, of identity provider and return_to URLs, + # including response payload. See OpenID 1.1 specification, + # Appendix D. + OPENID1_URL_LIMIT = 2047 + + # All OpenID protocol fields. Used to check namespace aliases. + OPENID_PROTOCOL_FIELDS = [ + 'ns', 'mode', 'error', 'return_to', + 'contact', 'reference', 'signed', + 'assoc_type', 'session_type', + 'dh_modulus', 'dh_gen', + 'dh_consumer_public', 'claimed_id', + 'identity', 'realm', 'invalidate_handle', + 'op_endpoint', 'response_nonce', 'sig', + 'assoc_handle', 'trust_root', 'openid', + ] + + # Sentinel used for Message implementation to indicate that getArg + # should raise an exception instead of returning a default. + NO_DEFAULT = :no_default + + # Raised if the generic OpenID namespace is accessed when there + # is no OpenID namespace set for this message. + class UndefinedOpenIDNamespace < Exception; end + + # Raised when an alias or namespace URI has already been registered. + class NamespaceAliasRegistrationError < Exception; end + + # Raised if openid.ns is not a recognized value. + # See Message class variable @@allowed_openid_namespaces + class InvalidOpenIDNamespace < Exception; end + + class Message + attr_reader :namespaces + + # Raised when key lookup fails + class KeyNotFound < IndexError ; end + + # Namespace / alias registration map. See + # register_namespace_alias. + @@registered_aliases = {} + + # Registers a (namespace URI, alias) mapping in a global namespace + # alias map. Raises NamespaceAliasRegistrationError if either the + # namespace URI or alias has already been registered with a + # different value. This function is required if you want to use a + # namespace with an OpenID 1 message. + def Message.register_namespace_alias(namespace_uri, alias_) + if @@registered_aliases[alias_] == namespace_uri + return + end + + if @@registered_aliases.values.include?(namespace_uri) + raise NamespaceAliasRegistrationError, + 'Namespace uri #{namespace_uri} already registered' + end + + if @@registered_aliases.member?(alias_) + raise NamespaceAliasRegistrationError, + 'Alias #{alias_} already registered' + end + + @@registered_aliases[alias_] = namespace_uri + end + + @@allowed_openid_namespaces = [OPENID1_NS, OPENID2_NS, OPENID11_NS] + + # Raises InvalidNamespaceError if you try to instantiate a Message + # with a namespace not in the above allowed list + def initialize(openid_namespace=nil) + @args = {} + @namespaces = NamespaceMap.new + if openid_namespace + implicit = OPENID1_NAMESPACES.member? openid_namespace + self.set_openid_namespace(openid_namespace, implicit) + else + @openid_ns_uri = nil + end + end + + # Construct a Message containing a set of POST arguments. + # Raises InvalidNamespaceError if you try to instantiate a Message + # with a namespace not in the above allowed list + def Message.from_post_args(args) + m = Message.new + openid_args = {} + args.each do |key,value| + if value.is_a?(Array) + raise ArgumentError, "Query dict must have one value for each key, " + + "not lists of values. Query is #{args.inspect}" + end + + prefix, rest = key.split('.', 2) + + if prefix != 'openid' or rest.nil? + m.set_arg(BARE_NS, key, value) + else + openid_args[rest] = value + end + end + + m._from_openid_args(openid_args) + return m + end + + # Construct a Message from a parsed KVForm message. + # Raises InvalidNamespaceError if you try to instantiate a Message + # with a namespace not in the above allowed list + def Message.from_openid_args(openid_args) + m = Message.new + m._from_openid_args(openid_args) + return m + end + + # Raises InvalidNamespaceError if you try to instantiate a Message + # with a namespace not in the above allowed list + def _from_openid_args(openid_args) + ns_args = [] + + # resolve namespaces + openid_args.each { |rest, value| + ns_alias, ns_key = rest.split('.', 2) + if ns_key.nil? + ns_alias = NULL_NAMESPACE + ns_key = rest + end + + if ns_alias == 'ns' + @namespaces.add_alias(value, ns_key) + elsif ns_alias == NULL_NAMESPACE and ns_key == 'ns' + set_openid_namespace(value, false) + else + ns_args << [ns_alias, ns_key, value] + end + } + + # implicitly set an OpenID 1 namespace + unless get_openid_namespace + set_openid_namespace(OPENID1_NS, true) + end + + # put the pairs into the appropriate namespaces + ns_args.each { |ns_alias, ns_key, value| + ns_uri = @namespaces.get_namespace_uri(ns_alias) + unless ns_uri + ns_uri = _get_default_namespace(ns_alias) + unless ns_uri + ns_uri = get_openid_namespace + ns_key = "#{ns_alias}.#{ns_key}" + else + @namespaces.add_alias(ns_uri, ns_alias, true) + end + end + self.set_arg(ns_uri, ns_key, value) + } + end + + def _get_default_namespace(mystery_alias) + # only try to map an alias to a default if it's an + # OpenID 1.x namespace + if is_openid1 + @@registered_aliases[mystery_alias] + end + end + + def set_openid_namespace(openid_ns_uri, implicit) + if !@@allowed_openid_namespaces.include?(openid_ns_uri) + raise InvalidOpenIDNamespace, "Invalid null namespace: #{openid_ns_uri}" + end + @namespaces.add_alias(openid_ns_uri, NULL_NAMESPACE, implicit) + @openid_ns_uri = openid_ns_uri + end + + def get_openid_namespace + return @openid_ns_uri + end + + def is_openid1 + return OPENID1_NAMESPACES.member?(@openid_ns_uri) + end + + def is_openid2 + return @openid_ns_uri == OPENID2_NS + end + + # Create a message from a KVForm string + def Message.from_kvform(kvform_string) + return Message.from_openid_args(Util.kv_to_dict(kvform_string)) + end + + def copy + return Marshal.load(Marshal.dump(self)) + end + + # Return all arguments with "openid." in from of namespaced arguments. + def to_post_args + args = {} + + # add namespace defs to the output + @namespaces.each { |ns_uri, ns_alias| + if @namespaces.implicit?(ns_uri) + next + end + if ns_alias == NULL_NAMESPACE + ns_key = 'openid.ns' + else + ns_key = 'openid.ns.' + ns_alias + end + args[ns_key] = ns_uri + } + + @args.each { |k, value| + ns_uri, ns_key = k + key = get_key(ns_uri, ns_key) + args[key] = value + } + + return args + end + + # Return all namespaced arguments, failing if any non-namespaced arguments + # exist. + def to_args + post_args = self.to_post_args + kvargs = {} + post_args.each { |k,v| + if !k.starts_with?('openid.') + raise ArgumentError, "This message can only be encoded as a POST, because it contains arguments that are not prefixed with 'openid.'" + else + kvargs[k[7..-1]] = v + end + } + return kvargs + end + + # Generate HTML form markup that contains the values in this + # message, to be HTTP POSTed as x-www-form-urlencoded UTF-8. + def to_form_markup(action_url, form_tag_attrs=nil, submit_text='Continue') + form_tag_attr_map = {} + + if form_tag_attrs + form_tag_attrs.each { |name, attr| + form_tag_attr_map[name] = attr + } + end + + form_tag_attr_map['action'] = action_url + form_tag_attr_map['method'] = 'post' + form_tag_attr_map['accept-charset'] = 'UTF-8' + form_tag_attr_map['enctype'] = 'application/x-www-form-urlencoded' + + markup = "

    #{key} not in this message" + else + default + end + } + end + + # Get the arguments that are defined for this namespace URI. + def get_args(namespace) + namespace = _fix_ns(namespace) + args = {} + @args.each { |k,v| + pair_ns, ns_key = k + args[ns_key] = v if pair_ns == namespace + } + return args + end + + # Set multiple key/value pairs in one call. + def update_args(namespace, updates) + namespace = _fix_ns(namespace) + updates.each {|k,v| set_arg(namespace, k, v)} + end + + # Set a single argument in this namespace + def set_arg(namespace, key, value) + namespace = _fix_ns(namespace) + @args[[namespace, key].freeze] = value + if namespace != BARE_NS + @namespaces.add(namespace) + end + end + + # Remove a single argument from this namespace. + def del_arg(namespace, key) + namespace = _fix_ns(namespace) + _key = [namespace, key] + @args.delete(_key) + end + + def ==(other) + other.is_a?(self.class) && @args == other.instance_eval { @args } + end + + def get_aliased_arg(aliased_key, default=nil) + if aliased_key == 'ns' + return get_openid_namespace() + end + + ns_alias, key = aliased_key.split('.', 2) + if ns_alias == 'ns' + uri = @namespaces.get_namespace_uri(key) + if uri.nil? and default == NO_DEFAULT + raise KeyNotFound, "Namespace #{key} not defined when looking "\ + "for #{aliased_key}" + else + return (uri.nil? ? default : uri) + end + end + + if key.nil? + key = aliased_key + ns = nil + else + ns = @namespaces.get_namespace_uri(ns_alias) + end + + if ns.nil? + key = aliased_key + ns = get_openid_namespace + end + + return get_arg(ns, key, default) + end + end + + + # Maintains a bidirectional map between namespace URIs and aliases. + class NamespaceMap + + def initialize + @alias_to_namespace = {} + @namespace_to_alias = {} + @implicit_namespaces = [] + end + + def get_alias(namespace_uri) + @namespace_to_alias[namespace_uri] + end + + def get_namespace_uri(namespace_alias) + @alias_to_namespace[namespace_alias] + end + + # Add an alias from this namespace URI to the alias. + def add_alias(namespace_uri, desired_alias, implicit=false) + # Check that desired_alias is not an openid protocol field as + # per the spec. + Util.assert(!OPENID_PROTOCOL_FIELDS.include?(desired_alias), + "#{desired_alias} is not an allowed namespace alias") + + # check that there is not a namespace already defined for the + # desired alias + current_namespace_uri = @alias_to_namespace.fetch(desired_alias, nil) + if current_namespace_uri and current_namespace_uri != namespace_uri + raise IndexError, "Cannot map #{namespace_uri} to alias #{desired_alias}. #{current_namespace_uri} is already mapped to alias #{desired_alias}" + end + + # Check that desired_alias does not contain a period as per the + # spec. + if desired_alias.is_a?(String) + Util.assert(desired_alias.index('.').nil?, + "#{desired_alias} must not contain a dot") + end + + # check that there is not already a (different) alias for this + # namespace URI. + _alias = @namespace_to_alias[namespace_uri] + if _alias and _alias != desired_alias + raise IndexError, "Cannot map #{namespace_uri} to alias #{desired_alias}. It is already mapped to alias #{_alias}" + end + + @alias_to_namespace[desired_alias] = namespace_uri + @namespace_to_alias[namespace_uri] = desired_alias + @implicit_namespaces << namespace_uri if implicit + return desired_alias + end + + # Add this namespace URI to the mapping, without caring what alias + # it ends up with. + def add(namespace_uri) + # see if this namepace is already mapped to an alias + _alias = @namespace_to_alias[namespace_uri] + return _alias if _alias + + # Fall back to generating a numberical alias + i = 0 + while true + _alias = 'ext' + i.to_s + begin + add_alias(namespace_uri, _alias) + rescue IndexError + i += 1 + else + return _alias + end + end + + raise StandardError, 'Unreachable' + end + + def member?(namespace_uri) + @namespace_to_alias.has_key?(namespace_uri) + end + + def each + @namespace_to_alias.each {|k,v| yield k,v} + end + + def namespace_uris + # Return an iterator over the namespace URIs + return @namespace_to_alias.keys() + end + + def implicit?(namespace_uri) + return @implicit_namespaces.member?(namespace_uri) + end + + def aliases + # Return an iterator over the aliases + return @alias_to_namespace.keys() + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/protocolerror.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/protocolerror.rb new file mode 100644 index 0000000000..2aad0e4a2d --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/protocolerror.rb @@ -0,0 +1,8 @@ +require 'openid/util' + +module OpenID + + # An error in the OpenID protocol + class ProtocolError < OpenIDError + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/server.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/server.rb new file mode 100644 index 0000000000..897b8bdb3d --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/server.rb @@ -0,0 +1,1544 @@ + +require 'openid/cryptutil' +require 'openid/util' +require 'openid/dh' +require 'openid/store/nonce' +require 'openid/trustroot' +require 'openid/association' +require 'openid/message' + +require 'time' + +module OpenID + + module Server + + HTTP_OK = 200 + HTTP_REDIRECT = 302 + HTTP_ERROR = 400 + + BROWSER_REQUEST_MODES = ['checkid_setup', 'checkid_immediate'] + + ENCODE_KVFORM = ['kvform'].freeze + ENCODE_URL = ['URL/redirect'].freeze + ENCODE_HTML_FORM = ['HTML form'].freeze + + UNUSED = nil + + class OpenIDRequest + attr_accessor :message, :mode + + # I represent an incoming OpenID request. + # + # Attributes: + # mode:: The "openid.mode" of this request + def initialize + @mode = nil + @message = nil + end + + def namespace + if @message.nil? + raise RuntimeError, "Request has no message" + else + return @message.get_openid_namespace + end + end + end + + # A request to verify the validity of a previous response. + # + # See OpenID Specs, Verifying Directly with the OpenID Provider + # + class CheckAuthRequest < OpenIDRequest + + # The association handle the response was signed with. + attr_accessor :assoc_handle + + # The message with the signature which wants checking. + attr_accessor :signed + + # An association handle the client is asking about the validity + # of. May be nil. + attr_accessor :invalidate_handle + + attr_accessor :sig + + # Construct me. + # + # These parameters are assigned directly as class attributes. + # + # Parameters: + # assoc_handle:: the association handle for this request + # signed:: The signed message + # invalidate_handle:: An association handle that the relying + # party is checking to see if it is invalid + def initialize(assoc_handle, signed, invalidate_handle=nil) + super() + + @mode = "check_authentication" + @required_fields = ["identity", "return_to", "response_nonce"].freeze + + @sig = nil + @assoc_handle = assoc_handle + @signed = signed + @invalidate_handle = invalidate_handle + end + + # Construct me from an OpenID::Message. + def self.from_message(message, op_endpoint=UNUSED) + assoc_handle = message.get_arg(OPENID_NS, 'assoc_handle') + invalidate_handle = message.get_arg(OPENID_NS, 'invalidate_handle') + + signed = message.copy() + # openid.mode is currently check_authentication because + # that's the mode of this request. But the signature + # was made on something with a different openid.mode. + # http://article.gmane.org/gmane.comp.web.openid.general/537 + if signed.has_key?(OPENID_NS, "mode") + signed.set_arg(OPENID_NS, "mode", "id_res") + end + + obj = self.new(assoc_handle, signed, invalidate_handle) + obj.message = message + obj.sig = message.get_arg(OPENID_NS, 'sig') + + if !obj.assoc_handle or + !obj.sig + msg = sprintf("%s request missing required parameter from message %s", + obj.mode, message) + raise ProtocolError.new(message, msg) + end + + return obj + end + + # Respond to this request. + # + # Given a Signatory, I can check the validity of the signature + # and the invalidate_handle. I return a response with an + # is_valid (and, if appropriate invalidate_handle) field. + def answer(signatory) + is_valid = signatory.verify(@assoc_handle, @signed) + # Now invalidate that assoc_handle so it this checkAuth + # message cannot be replayed. + signatory.invalidate(@assoc_handle, dumb=true) + response = OpenIDResponse.new(self) + valid_str = is_valid ? "true" : "false" + response.fields.set_arg(OPENID_NS, 'is_valid', valid_str) + + if @invalidate_handle + assoc = signatory.get_association(@invalidate_handle, false) + if !assoc + response.fields.set_arg( + OPENID_NS, 'invalidate_handle', @invalidate_handle) + end + end + + return response + end + + def to_s + ih = nil + + if @invalidate_handle + ih = sprintf(" invalidate? %s", @invalidate_handle) + else + ih = "" + end + + s = sprintf("<%s handle: %s sig: %s: signed: %s%s>", + self.class, @assoc_handle, + @sig, @signed, ih) + return s + end + end + + class BaseServerSession + attr_reader :session_type + + def initialize(session_type, allowed_assoc_types) + @session_type = session_type + @allowed_assoc_types = allowed_assoc_types.dup.freeze + end + + def allowed_assoc_type?(typ) + @allowed_assoc_types.member?(typ) + end + end + + # An object that knows how to handle association requests with + # no session type. + # + # See OpenID Specs, Section 8: Establishing Associations + # + class PlainTextServerSession < BaseServerSession + # The session_type for this association session. There is no + # type defined for plain-text in the OpenID specification, so we + # use 'no-encryption'. + attr_reader :session_type + + def initialize + super('no-encryption', ['HMAC-SHA1', 'HMAC-SHA256']) + end + + def self.from_message(unused_request) + return self.new + end + + def answer(secret) + return {'mac_key' => Util.to_base64(secret)} + end + end + + # An object that knows how to handle association requests with the + # Diffie-Hellman session type. + # + # See OpenID Specs, Section 8: Establishing Associations + # + class DiffieHellmanSHA1ServerSession < BaseServerSession + + # The Diffie-Hellman algorithm values for this request + attr_accessor :dh + + # The public key sent by the consumer in the associate request + attr_accessor :consumer_pubkey + + # The session_type for this association session. + attr_reader :session_type + + def initialize(dh, consumer_pubkey) + super('DH-SHA1', ['HMAC-SHA1']) + + @hash_func = CryptUtil.method('sha1') + @dh = dh + @consumer_pubkey = consumer_pubkey + end + + # Construct me from OpenID Message + # + # Raises ProtocolError when parameters required to establish the + # session are missing. + def self.from_message(message) + dh_modulus = message.get_arg(OPENID_NS, 'dh_modulus') + dh_gen = message.get_arg(OPENID_NS, 'dh_gen') + if ((!dh_modulus and dh_gen) or + (!dh_gen and dh_modulus)) + + if !dh_modulus + missing = 'modulus' + else + missing = 'generator' + end + + raise ProtocolError.new(message, + sprintf('If non-default modulus or generator is ' + + 'supplied, both must be supplied. Missing %s', + missing)) + end + + if dh_modulus or dh_gen + dh_modulus = CryptUtil.base64_to_num(dh_modulus) + dh_gen = CryptUtil.base64_to_num(dh_gen) + dh = DiffieHellman.new(dh_modulus, dh_gen) + else + dh = DiffieHellman.from_defaults() + end + + consumer_pubkey = message.get_arg(OPENID_NS, 'dh_consumer_public') + if !consumer_pubkey + raise ProtocolError.new(message, + sprintf("Public key for DH-SHA1 session " + + "not found in message %s", message)) + end + + consumer_pubkey = CryptUtil.base64_to_num(consumer_pubkey) + + return self.new(dh, consumer_pubkey) + end + + def answer(secret) + mac_key = @dh.xor_secret(@hash_func, + @consumer_pubkey, + secret) + return { + 'dh_server_public' => CryptUtil.num_to_base64(@dh.public), + 'enc_mac_key' => Util.to_base64(mac_key), + } + end + end + + class DiffieHellmanSHA256ServerSession < DiffieHellmanSHA1ServerSession + def initialize(*args) + super(*args) + @session_type = 'DH-SHA256' + @hash_func = CryptUtil.method('sha256') + @allowed_assoc_types = ['HMAC-SHA256'].freeze + end + end + + # A request to establish an association. + # + # See OpenID Specs, Section 8: Establishing Associations + # + class AssociateRequest < OpenIDRequest + # An object that knows how to handle association requests of a + # certain type. + attr_accessor :session + + # The type of association. Supported values include HMAC-SHA256 + # and HMAC-SHA1 + attr_accessor :assoc_type + + @@session_classes = { + 'no-encryption' => PlainTextServerSession, + 'DH-SHA1' => DiffieHellmanSHA1ServerSession, + 'DH-SHA256' => DiffieHellmanSHA256ServerSession, + } + + # Construct me. + # + # The session is assigned directly as a class attribute. See my + # class documentation for its description. + def initialize(session, assoc_type) + super() + @session = session + @assoc_type = assoc_type + + @mode = "associate" + end + + # Construct me from an OpenID Message. + def self.from_message(message, op_endpoint=UNUSED) + if message.is_openid1() + session_type = message.get_arg(OPENID_NS, 'session_type') + if session_type == 'no-encryption' + Util.log('Received OpenID 1 request with a no-encryption ' + + 'association session type. Continuing anyway.') + elsif !session_type + session_type = 'no-encryption' + end + else + session_type = message.get_arg(OPENID2_NS, 'session_type') + if !session_type + raise ProtocolError.new(message, + text="session_type missing from request") + end + end + + session_class = @@session_classes[session_type] + + if !session_class + raise ProtocolError.new(message, + sprintf("Unknown session type %s", session_type)) + end + + begin + session = session_class.from_message(message) + rescue ArgumentError => why + # XXX + raise ProtocolError.new(message, + sprintf('Error parsing %s session: %s', + session_type, why)) + end + + assoc_type = message.get_arg(OPENID_NS, 'assoc_type', 'HMAC-SHA1') + if !session.allowed_assoc_type?(assoc_type) + msg = sprintf('Session type %s does not support association type %s', + session_type, assoc_type) + raise ProtocolError.new(message, msg) + end + + obj = self.new(session, assoc_type) + obj.message = message + return obj + end + + # Respond to this request with an association. + # + # assoc:: The association to send back. + # + # Returns a response with the association information, encrypted + # to the consumer's public key if appropriate. + def answer(assoc) + response = OpenIDResponse.new(self) + response.fields.update_args(OPENID_NS, { + 'expires_in' => sprintf('%d', assoc.expires_in()), + 'assoc_type' => @assoc_type, + 'assoc_handle' => assoc.handle, + }) + response.fields.update_args(OPENID_NS, + @session.answer(assoc.secret)) + unless (@session.session_type == 'no-encryption' and + @message.is_openid1) + response.fields.set_arg( + OPENID_NS, 'session_type', @session.session_type) + end + + return response + end + + # Respond to this request indicating that the association type + # or association session type is not supported. + def answer_unsupported(message, preferred_association_type=nil, + preferred_session_type=nil) + if @message.is_openid1() + raise ProtocolError.new(@message) + end + + response = OpenIDResponse.new(self) + response.fields.set_arg(OPENID_NS, 'error_code', 'unsupported-type') + response.fields.set_arg(OPENID_NS, 'error', message) + + if preferred_association_type + response.fields.set_arg( + OPENID_NS, 'assoc_type', preferred_association_type) + end + + if preferred_session_type + response.fields.set_arg( + OPENID_NS, 'session_type', preferred_session_type) + end + + return response + end + end + + # A request to confirm the identity of a user. + # + # This class handles requests for openid modes + # +checkid_immediate+ and +checkid_setup+ . + class CheckIDRequest < OpenIDRequest + + # Provided in smart mode requests, a handle for a previously + # established association. nil for dumb mode requests. + attr_accessor :assoc_handle + + # Is this an immediate-mode request? + attr_accessor :immediate + + # The URL to send the user agent back to to reply to this + # request. + attr_accessor :return_to + + # The OP-local identifier being checked. + attr_accessor :identity + + # The claimed identifier. Not present in OpenID 1.x + # messages. + attr_accessor :claimed_id + + # This URL identifies the party making the request, and the user + # will use that to make her decision about what answer she + # trusts them to have. Referred to as "realm" in OpenID 2.0. + attr_accessor :trust_root + + # mode:: +checkid_immediate+ or +checkid_setup+ + attr_accessor :mode + + attr_accessor :op_endpoint + + # These parameters are assigned directly as attributes, + # see the #CheckIDRequest class documentation for their + # descriptions. + # + # Raises #MalformedReturnURL when the +return_to+ URL is not + # a URL. + def initialize(identity, return_to, op_endpoint, trust_root=nil, + immediate=false, assoc_handle=nil, claimed_id=nil) + @assoc_handle = assoc_handle + @identity = identity + @claimed_id = (claimed_id or identity) + @return_to = return_to + @trust_root = (trust_root or return_to) + @op_endpoint = op_endpoint + @message = nil + + if immediate + @immediate = true + @mode = "checkid_immediate" + else + @immediate = false + @mode = "checkid_setup" + end + + if @return_to and + !TrustRoot::TrustRoot.parse(@return_to) + raise MalformedReturnURL.new(nil, @return_to) + end + + if !trust_root_valid() + raise UntrustedReturnURL.new(nil, @return_to, @trust_root) + end + end + + # Construct me from an OpenID message. + # + # message:: An OpenID checkid_* request Message + # + # op_endpoint:: The endpoint URL of the server that this + # message was sent to. + # + # Raises: + # ProtocolError:: When not all required parameters are present + # in the message. + # + # MalformedReturnURL:: When the +return_to+ URL is not a URL. + # + # UntrustedReturnURL:: When the +return_to+ URL is + # outside the +trust_root+. + def self.from_message(message, op_endpoint) + obj = self.allocate + obj.message = message + obj.op_endpoint = op_endpoint + mode = message.get_arg(OPENID_NS, 'mode') + if mode == "checkid_immediate" + obj.immediate = true + obj.mode = "checkid_immediate" + else + obj.immediate = false + obj.mode = "checkid_setup" + end + + obj.return_to = message.get_arg(OPENID_NS, 'return_to') + if message.is_openid1 and !obj.return_to + msg = sprintf("Missing required field 'return_to' from %s", + message) + raise ProtocolError.new(message, msg) + end + + obj.identity = message.get_arg(OPENID_NS, 'identity') + obj.claimed_id = message.get_arg(OPENID_NS, 'claimed_id') + if message.is_openid1() + if !obj.identity + s = "OpenID 1 message did not contain openid.identity" + raise ProtocolError.new(message, s) + end + else + if obj.identity and not obj.claimed_id + s = ("OpenID 2.0 message contained openid.identity but not " + + "claimed_id") + raise ProtocolError.new(message, s) + elsif obj.claimed_id and not obj.identity + s = ("OpenID 2.0 message contained openid.claimed_id but not " + + "identity") + raise ProtocolError.new(message, s) + end + end + + # There's a case for making self.trust_root be a TrustRoot + # here. But if TrustRoot isn't currently part of the "public" + # API, I'm not sure it's worth doing. + if message.is_openid1 + trust_root_param = 'trust_root' + else + trust_root_param = 'realm' + end + trust_root = message.get_arg(OPENID_NS, trust_root_param) + trust_root = obj.return_to if (trust_root.nil? || trust_root.empty?) + obj.trust_root = trust_root + + if !message.is_openid1 and !obj.return_to and !obj.trust_root + raise ProtocolError.new(message, "openid.realm required when " + + "openid.return_to absent") + end + + obj.assoc_handle = message.get_arg(OPENID_NS, 'assoc_handle') + + # Using TrustRoot.parse here is a bit misleading, as we're not + # parsing return_to as a trust root at all. However, valid + # URLs are valid trust roots, so we can use this to get an + # idea if it is a valid URL. Not all trust roots are valid + # return_to URLs, however (particularly ones with wildcards), + # so this is still a little sketchy. + if obj.return_to and \ + !TrustRoot::TrustRoot.parse(obj.return_to) + raise MalformedReturnURL.new(message, obj.return_to) + end + + # I first thought that checking to see if the return_to is + # within the trust_root is premature here, a + # logic-not-decoding thing. But it was argued that this is + # really part of data validation. A request with an invalid + # trust_root/return_to is broken regardless of application, + # right? + if !obj.trust_root_valid() + raise UntrustedReturnURL.new(message, obj.return_to, obj.trust_root) + end + + return obj + end + + # Is the identifier to be selected by the IDP? + def id_select + # So IDPs don't have to import the constant + return @identity == IDENTIFIER_SELECT + end + + # Is my return_to under my trust_root? + def trust_root_valid + if !@trust_root + return true + end + + tr = TrustRoot::TrustRoot.parse(@trust_root) + if !tr + raise MalformedTrustRoot.new(@message, @trust_root) + end + + if @return_to + return tr.validate_url(@return_to) + else + return true + end + end + + # Does the relying party publish the return_to URL for this + # response under the realm? It is up to the provider to set a + # policy for what kinds of realms should be allowed. This + # return_to URL verification reduces vulnerability to + # data-theft attacks based on open proxies, + # corss-site-scripting, or open redirectors. + # + # This check should only be performed after making sure that + # the return_to URL matches the realm. + # + # Raises DiscoveryFailure if the realm + # URL does not support Yadis discovery (and so does not + # support the verification process). + # + # Returns true if the realm publishes a document with the + # return_to URL listed + def return_to_verified + return TrustRoot.verify_return_to(@trust_root, @return_to) + end + + # Respond to this request. + # + # allow:: Allow this user to claim this identity, and allow the + # consumer to have this information? + # + # server_url:: DEPRECATED. Passing op_endpoint to the + # #Server constructor makes this optional. + # + # When an OpenID 1.x immediate mode request does + # not succeed, it gets back a URL where the request + # may be carried out in a not-so-immediate fashion. + # Pass my URL in here (the fully qualified address + # of this server's endpoint, i.e. + # http://example.com/server), and I will + # use it as a base for the URL for a new request. + # + # Optional for requests where + # #CheckIDRequest.immediate is false or +allow+ is + # true. + # + # identity:: The OP-local identifier to answer with. Only for use + # when the relying party requested identifier selection. + # + # claimed_id:: The claimed identifier to answer with, + # for use with identifier selection in the case where the + # claimed identifier and the OP-local identifier differ, + # i.e. when the claimed_id uses delegation. + # + # If +identity+ is provided but this is not, + # +claimed_id+ will default to the value of +identity+. + # When answering requests that did not ask for identifier + # selection, the response +claimed_id+ will default to + # that of the request. + # + # This parameter is new in OpenID 2.0. + # + # Returns an OpenIDResponse object containing a OpenID id_res message. + # + # Raises NoReturnToError if the return_to is missing. + # + # Version 2.0 deprecates +server_url+ and adds +claimed_id+. + def answer(allow, server_url=nil, identity=nil, claimed_id=nil) + if !@return_to + raise NoReturnToError + end + + if !server_url + if @message.is_openid2 and !@op_endpoint + # In other words, that warning I raised in + # Server.__init__? You should pay attention to it now. + raise RuntimeError, ("#{self} should be constructed with "\ + "op_endpoint to respond to OpenID 2.0 "\ + "messages.") + end + + server_url = @op_endpoint + end + + if allow + mode = 'id_res' + elsif @message.is_openid1 + if @immediate + mode = 'id_res' + else + mode = 'cancel' + end + else + if @immediate + mode = 'setup_needed' + else + mode = 'cancel' + end + end + + response = OpenIDResponse.new(self) + + if claimed_id and @message.is_openid1 + raise VersionError, ("claimed_id is new in OpenID 2.0 and not "\ + "available for #{@message.get_openid_namespace}") + end + + if identity and !claimed_id + claimed_id = identity + end + + if allow + if @identity == IDENTIFIER_SELECT + if !identity + raise ArgumentError, ("This request uses IdP-driven "\ + "identifier selection.You must supply "\ + "an identifier in the response.") + end + + response_identity = identity + response_claimed_id = claimed_id + + elsif @identity + if identity and (@identity != identity) + raise ArgumentError, ("Request was for identity #{@identity}, "\ + "cannot reply with identity #{identity}") + end + + response_identity = @identity + response_claimed_id = @claimed_id + else + if identity + raise ArgumentError, ("This request specified no identity "\ + "and you supplied #{identity}") + end + response_identity = nil + end + + if @message.is_openid1 and !response_identity + raise ArgumentError, ("Request was an OpenID 1 request, so "\ + "response must include an identifier.") + end + + response.fields.update_args(OPENID_NS, { + 'mode' => mode, + 'op_endpoint' => server_url, + 'return_to' => @return_to, + 'response_nonce' => Nonce.mk_nonce(), + }) + + if response_identity + response.fields.set_arg(OPENID_NS, 'identity', response_identity) + if @message.is_openid2 + response.fields.set_arg(OPENID_NS, + 'claimed_id', response_claimed_id) + end + end + else + response.fields.set_arg(OPENID_NS, 'mode', mode) + if @immediate + if @message.is_openid1 and !server_url + raise ArgumentError, ("setup_url is required for allow=false "\ + "in OpenID 1.x immediate mode.") + end + + # Make a new request just like me, but with + # immediate=false. + setup_request = self.class.new(@identity, @return_to, + @op_endpoint, @trust_root, false, + @assoc_handle, @claimed_id) + setup_request.message = Message.new(@message.get_openid_namespace) + setup_url = setup_request.encode_to_url(server_url) + response.fields.set_arg(OPENID_NS, 'user_setup_url', setup_url) + end + end + + return response + end + + def encode_to_url(server_url) + # Encode this request as a URL to GET. + # + # server_url:: The URL of the OpenID server to make this + # request of. + if !@return_to + raise NoReturnToError + end + + # Imported from the alternate reality where these classes are + # used in both the client and server code, so Requests are + # Encodable too. That's right, code imported from alternate + # realities all for the love of you, id_res/user_setup_url. + q = {'mode' => @mode, + 'identity' => @identity, + 'claimed_id' => @claimed_id, + 'return_to' => @return_to} + + if @trust_root + if @message.is_openid1 + q['trust_root'] = @trust_root + else + q['realm'] = @trust_root + end + end + + if @assoc_handle + q['assoc_handle'] = @assoc_handle + end + + response = Message.new(@message.get_openid_namespace) + response.update_args(@message.get_openid_namespace, q) + return response.to_url(server_url) + end + + def cancel_url + # Get the URL to cancel this request. + # + # Useful for creating a "Cancel" button on a web form so that + # operation can be carried out directly without another trip + # through the server. + # + # (Except you may want to make another trip through the + # server so that it knows that the user did make a decision.) + # + # Returns a URL as a string. + if !@return_to + raise NoReturnToError + end + + if @immediate + raise ArgumentError.new("Cancel is not an appropriate response to " + + "immediate mode requests.") + end + + response = Message.new(@message.get_openid_namespace) + response.set_arg(OPENID_NS, 'mode', 'cancel') + return response.to_url(@return_to) + end + + def to_s + return sprintf('<%s id:%s im:%s tr:%s ah:%s>', self.class, + @identity, + @immediate, + @trust_root, + @assoc_handle) + end + end + + # I am a response to an OpenID request. + # + # Attributes: + # signed:: A list of the names of the fields which should be signed. + # + # Implementer's note: In a more symmetric client/server + # implementation, there would be more types of #OpenIDResponse + # object and they would have validated attributes according to + # the type of response. But as it is, Response objects in a + # server are basically write-only, their only job is to go out + # over the wire, so this is just a loose wrapper around + # #OpenIDResponse.fields. + class OpenIDResponse + # The #OpenIDRequest I respond to. + attr_accessor :request + + # An #OpenID::Message with the data to be returned. + # Keys are parameter names with no + # leading openid. e.g. identity and mac_key + # never openid.identity. + attr_accessor :fields + + def initialize(request) + # Make a response to an OpenIDRequest. + @request = request + @fields = Message.new(request.namespace) + end + + def to_s + return sprintf("%s for %s: %s", + self.class, + @request.class, + @fields) + end + + # form_tag_attrs is a hash of attributes to be added to the form + # tag. 'accept-charset' and 'enctype' have defaults that can be + # overridden. If a value is supplied for 'action' or 'method', + # it will be replaced. + # Returns the form markup for this response. + def to_form_markup(form_tag_attrs=nil) + return @fields.to_form_markup(@request.return_to, form_tag_attrs) + end + + # Wraps the form tag from to_form_markup in a complete HTML document + # that uses javascript to autosubmit the form. + def to_html(form_tag_attrs=nil) + return Util.auto_submit_html(to_form_markup(form_tag_attrs)) + end + + def render_as_form + # Returns true if this response's encoding is + # ENCODE_HTML_FORM. Convenience method for server authors. + return self.which_encoding == ENCODE_HTML_FORM + end + + def needs_signing + # Does this response require signing? + return @fields.get_arg(OPENID_NS, 'mode') == 'id_res' + end + + # implements IEncodable + + def which_encoding + # How should I be encoded? + # returns one of ENCODE_URL or ENCODE_KVFORM. + if BROWSER_REQUEST_MODES.member?(@request.mode) + if @fields.is_openid2 and + encode_to_url.length > OPENID1_URL_LIMIT + return ENCODE_HTML_FORM + else + return ENCODE_URL + end + else + return ENCODE_KVFORM + end + end + + def encode_to_url + # Encode a response as a URL for the user agent to GET. + # You will generally use this URL with a HTTP redirect. + return @fields.to_url(@request.return_to) + end + + def add_extension(extension_response) + # Add an extension response to this response message. + # + # extension_response:: An object that implements the + # #OpenID::Extension interface for adding arguments to an OpenID + # message. + extension_response.to_message(@fields) + end + + def encode_to_kvform + # Encode a response in key-value colon/newline format. + # + # This is a machine-readable format used to respond to + # messages which came directly from the consumer and not + # through the user agent. + # + # see: OpenID Specs, + # Key-Value Colon/Newline format + return @fields.to_kvform + end + + def copy + return Marshal.load(Marshal.dump(self)) + end + end + + # I am a response to an OpenID request in terms a web server + # understands. + # + # I generally come from an #Encoder, either directly or from + # #Server.encodeResponse. + class WebResponse + + # The HTTP code of this response as an integer. + attr_accessor :code + + # #Hash of headers to include in this response. + attr_accessor :headers + + # The body of this response. + attr_accessor :body + + def initialize(code=HTTP_OK, headers=nil, body="") + # Construct me. + # + # These parameters are assigned directly as class attributes, + # see my class documentation for their + # descriptions. + @code = code + if headers + @headers = headers + else + @headers = {} + end + @body = body + end + end + + # I sign things. + # + # I also check signatures. + # + # All my state is encapsulated in a store, which means I'm not + # generally pickleable but I am easy to reconstruct. + class Signatory + # The number of seconds a secret remains valid. Defaults to 14 days. + attr_accessor :secret_lifetime + + # keys have a bogus server URL in them because the filestore + # really does expect that key to be a URL. This seems a little + # silly for the server store, since I expect there to be only + # one server URL. + @@_normal_key = 'http://localhost/|normal' + @@_dumb_key = 'http://localhost/|dumb' + + def self._normal_key + @@_normal_key + end + + def self._dumb_key + @@_dumb_key + end + + attr_accessor :store + + # Create a new Signatory. store is The back-end where my + # associations are stored. + def initialize(store) + Util.assert(store) + @store = store + @secret_lifetime = 14 * 24 * 60 * 60 + end + + # Verify that the signature for some data is valid. + def verify(assoc_handle, message) + assoc = get_association(assoc_handle, true) + if !assoc + Util.log(sprintf("failed to get assoc with handle %s to verify " + + "message %s", assoc_handle, message)) + return false + end + + begin + valid = assoc.check_message_signature(message) + rescue StandardError => ex + Util.log(sprintf("Error in verifying %s with %s: %s", + message, assoc, ex)) + return false + end + + return valid + end + + # Sign a response. + # + # I take an OpenIDResponse, create a signature for everything in + # its signed list, and return a new copy of the response object + # with that signature included. + def sign(response) + signed_response = response.copy + assoc_handle = response.request.assoc_handle + if assoc_handle + # normal mode disabling expiration check because even if the + # association is expired, we still need to know some + # properties of the association so that we may preserve + # those properties when creating the fallback association. + assoc = get_association(assoc_handle, false, false) + + if !assoc or assoc.expires_in <= 0 + # fall back to dumb mode + signed_response.fields.set_arg( + OPENID_NS, 'invalidate_handle', assoc_handle) + assoc_type = assoc ? assoc.assoc_type : 'HMAC-SHA1' + if assoc and assoc.expires_in <= 0 + # now do the clean-up that the disabled checkExpiration + # code didn't get to do. + invalidate(assoc_handle, false) + end + assoc = create_association(true, assoc_type) + end + else + # dumb mode. + assoc = create_association(true) + end + + begin + signed_response.fields = assoc.sign_message(signed_response.fields) + rescue KVFormError => err + raise EncodingError, err + end + return signed_response + end + + # Make a new association. + def create_association(dumb=true, assoc_type='HMAC-SHA1') + secret = CryptUtil.random_string(OpenID.get_secret_size(assoc_type)) + uniq = Util.to_base64(CryptUtil.random_string(4)) + handle = sprintf('{%s}{%x}{%s}', assoc_type, Time.now.to_i, uniq) + + assoc = Association.from_expires_in( + secret_lifetime, handle, secret, assoc_type) + + if dumb + key = @@_dumb_key + else + key = @@_normal_key + end + + @store.store_association(key, assoc) + return assoc + end + + # Get the association with the specified handle. + def get_association(assoc_handle, dumb, checkExpiration=true) + # Hmm. We've created an interface that deals almost entirely + # with assoc_handles. The only place outside the Signatory + # that uses this (and thus the only place that ever sees + # Association objects) is when creating a response to an + # association request, as it must have the association's + # secret. + + if !assoc_handle + raise ArgumentError.new("assoc_handle must not be None") + end + + if dumb + key = @@_dumb_key + else + key = @@_normal_key + end + + assoc = @store.get_association(key, assoc_handle) + if assoc and assoc.expires_in <= 0 + Util.log(sprintf("requested %sdumb key %s is expired (by %s seconds)", + (!dumb) ? 'not-' : '', + assoc_handle, assoc.expires_in)) + if checkExpiration + @store.remove_association(key, assoc_handle) + assoc = nil + end + end + + return assoc + end + + # Invalidates the association with the given handle. + def invalidate(assoc_handle, dumb) + if dumb + key = @@_dumb_key + else + key = @@_normal_key + end + + @store.remove_association(key, assoc_handle) + end + end + + # I encode responses in to WebResponses. + # + # If you don't like WebResponses, you can do + # your own handling of OpenIDResponses with + # OpenIDResponse.whichEncoding, + # OpenIDResponse.encodeToURL, and + # OpenIDResponse.encodeToKVForm. + class Encoder + @@responseFactory = WebResponse + + # Encode a response to a WebResponse. + # + # Raises EncodingError when I can't figure out how to encode + # this message. + def encode(response) + encode_as = response.which_encoding() + if encode_as == ENCODE_KVFORM + wr = @@responseFactory.new(HTTP_OK, nil, + response.encode_to_kvform()) + if response.is_a?(Exception) + wr.code = HTTP_ERROR + end + elsif encode_as == ENCODE_URL + location = response.encode_to_url() + wr = @@responseFactory.new(HTTP_REDIRECT, + {'location' => location}) + elsif encode_as == ENCODE_HTML_FORM + wr = @@responseFactory.new(HTTP_OK, nil, + response.to_form_markup()) + else + # Can't encode this to a protocol message. You should + # probably render it to HTML and show it to the user. + raise EncodingError.new(response) + end + + return wr + end + end + + # I encode responses in to WebResponses, signing + # them when required. + class SigningEncoder < Encoder + + attr_accessor :signatory + + # Create a SigningEncoder given a Signatory + def initialize(signatory) + @signatory = signatory + end + + # Encode a response to a WebResponse, signing it first if + # appropriate. + # + # Raises EncodingError when I can't figure out how to encode this + # message. + # + # Raises AlreadySigned when this response is already signed. + def encode(response) + # the is_a? is a bit of a kludge... it means there isn't + # really an adapter to make the interfaces quite match. + if !response.is_a?(Exception) and response.needs_signing() + if !@signatory + raise ArgumentError.new( + sprintf("Must have a store to sign this request: %s", + response), response) + end + + if response.fields.has_key?(OPENID_NS, 'sig') + raise AlreadySigned.new(response) + end + + response = @signatory.sign(response) + end + + return super(response) + end + end + + # I decode an incoming web request in to a OpenIDRequest. + class Decoder + + @@handlers = { + 'checkid_setup' => CheckIDRequest.method('from_message'), + 'checkid_immediate' => CheckIDRequest.method('from_message'), + 'check_authentication' => CheckAuthRequest.method('from_message'), + 'associate' => AssociateRequest.method('from_message'), + } + + attr_accessor :server + + # Construct a Decoder. The server is necessary because some + # replies reference their server. + def initialize(server) + @server = server + end + + # I transform query parameters into an OpenIDRequest. + # + # If the query does not seem to be an OpenID request at all, I + # return nil. + # + # Raises ProtocolError when the query does not seem to be a valid + # OpenID request. + def decode(query) + if query.nil? or query.length == 0 + return nil + end + + begin + message = Message.from_post_args(query) + rescue InvalidOpenIDNamespace => e + query = query.dup + query['openid.ns'] = OPENID2_NS + message = Message.from_post_args(query) + raise ProtocolError.new(message, e.to_s) + end + + mode = message.get_arg(OPENID_NS, 'mode') + if !mode + msg = sprintf("No mode value in message %s", message) + raise ProtocolError.new(message, msg) + end + + handler = @@handlers.fetch(mode, self.method('default_decoder')) + return handler.call(message, @server.op_endpoint) + end + + # Called to decode queries when no handler for that mode is + # found. + # + # This implementation always raises ProtocolError. + def default_decoder(message, server) + mode = message.get_arg(OPENID_NS, 'mode') + msg = sprintf("Unrecognized OpenID mode %s", mode) + raise ProtocolError.new(message, msg) + end + end + + # I handle requests for an OpenID server. + # + # Some types of requests (those which are not checkid requests) + # may be handed to my handleRequest method, and I will take care + # of it and return a response. + # + # For your convenience, I also provide an interface to + # Decoder.decode and SigningEncoder.encode through my methods + # decodeRequest and encodeResponse. + # + # All my state is encapsulated in an store, which means I'm not + # generally pickleable but I am easy to reconstruct. + class Server + @@signatoryClass = Signatory + @@encoderClass = SigningEncoder + @@decoderClass = Decoder + + # The back-end where my associations and nonces are stored. + attr_accessor :store + + # I'm using this for associate requests and to sign things. + attr_accessor :signatory + + # I'm using this to encode things. + attr_accessor :encoder + + # I'm using this to decode things. + attr_accessor :decoder + + # I use this instance of OpenID::AssociationNegotiator to + # determine which kinds of associations I can make and how. + attr_accessor :negotiator + + # My URL. + attr_accessor :op_endpoint + + # op_endpoint is new in library version 2.0. + def initialize(store, op_endpoint) + @store = store + @signatory = @@signatoryClass.new(@store) + @encoder = @@encoderClass.new(@signatory) + @decoder = @@decoderClass.new(self) + @negotiator = DefaultNegotiator.copy() + @op_endpoint = op_endpoint + end + + # Handle a request. + # + # Give me a request, I will give you a response. Unless it's a + # type of request I cannot handle myself, in which case I will + # raise RuntimeError. In that case, you can handle it yourself, + # or add a method to me for handling that request type. + def handle_request(request) + begin + handler = self.method('openid_' + request.mode) + rescue NameError + raise RuntimeError.new( + sprintf("%s has no handler for a request of mode %s.", + self, request.mode)) + end + + return handler.call(request) + end + + # Handle and respond to check_authentication requests. + def openid_check_authentication(request) + return request.answer(@signatory) + end + + # Handle and respond to associate requests. + def openid_associate(request) + assoc_type = request.assoc_type + session_type = request.session.session_type + if @negotiator.allowed?(assoc_type, session_type) + assoc = @signatory.create_association(false, + assoc_type) + return request.answer(assoc) + else + message = sprintf('Association type %s is not supported with ' + + 'session type %s', assoc_type, session_type) + preferred_assoc_type, preferred_session_type = @negotiator.get_allowed_type() + return request.answer_unsupported(message, + preferred_assoc_type, + preferred_session_type) + end + end + + # Transform query parameters into an OpenIDRequest. + # query should contain the query parameters as a Hash with + # each key mapping to one value. + # + # If the query does not seem to be an OpenID request at all, I + # return nil. + def decode_request(query) + return @decoder.decode(query) + end + + # Encode a response to a WebResponse, signing it first if + # appropriate. + # + # Raises EncodingError when I can't figure out how to encode this + # message. + # + # Raises AlreadySigned When this response is already signed. + def encode_response(response) + return @encoder.encode(response) + end + end + + # A message did not conform to the OpenID protocol. + class ProtocolError < Exception + # The query that is failing to be a valid OpenID request. + attr_accessor :openid_message + attr_accessor :reference + attr_accessor :contact + + # text:: A message about the encountered error. + def initialize(message, text=nil, reference=nil, contact=nil) + @openid_message = message + @reference = reference + @contact = contact + Util.assert(!message.is_a?(String)) + super(text) + end + + # Get the return_to argument from the request, if any. + def get_return_to + if @openid_message.nil? + return nil + else + return @openid_message.get_arg(OPENID_NS, 'return_to') + end + end + + # Did this request have a return_to parameter? + def has_return_to + return !get_return_to.nil? + end + + # Generate a Message object for sending to the relying party, + # after encoding. + def to_message + namespace = @openid_message.get_openid_namespace() + reply = Message.new(namespace) + reply.set_arg(OPENID_NS, 'mode', 'error') + reply.set_arg(OPENID_NS, 'error', self.to_s) + + if @contact + reply.set_arg(OPENID_NS, 'contact', @contact.to_s) + end + + if @reference + reply.set_arg(OPENID_NS, 'reference', @reference.to_s) + end + + return reply + end + + # implements IEncodable + + def encode_to_url + return to_message().to_url(get_return_to()) + end + + def encode_to_kvform + return to_message().to_kvform() + end + + def to_form_markup + return to_message().to_form_markup(get_return_to()) + end + + def to_html + return Util.auto_submit_html(to_form_markup) + end + + # How should I be encoded? + # + # Returns one of ENCODE_URL, ENCODE_KVFORM, or None. If None, + # I cannot be encoded as a protocol message and should be + # displayed to the user. + def which_encoding + if has_return_to() + if @openid_message.is_openid2 and + encode_to_url().length > OPENID1_URL_LIMIT + return ENCODE_HTML_FORM + else + return ENCODE_URL + end + end + + if @openid_message.nil? + return nil + end + + mode = @openid_message.get_arg(OPENID_NS, 'mode') + if mode + if !BROWSER_REQUEST_MODES.member?(mode) + return ENCODE_KVFORM + end + end + + # If your request was so broken that you didn't manage to + # include an openid.mode, I'm not going to worry too much + # about returning you something you can't parse. + return nil + end + end + + # Raised when an operation was attempted that is not compatible + # with the protocol version being used. + class VersionError < Exception + end + + # Raised when a response to a request cannot be generated + # because the request contains no return_to URL. + class NoReturnToError < Exception + end + + # Could not encode this as a protocol message. + # + # You should probably render it and show it to the user. + class EncodingError < Exception + # The response that failed to encode. + attr_reader :response + + def initialize(response) + super(response) + @response = response + end + end + + # This response is already signed. + class AlreadySigned < EncodingError + end + + # A return_to is outside the trust_root. + class UntrustedReturnURL < ProtocolError + attr_reader :return_to, :trust_root + + def initialize(message, return_to, trust_root) + super(message) + @return_to = return_to + @trust_root = trust_root + end + + def to_s + return sprintf("return_to %s not under trust_root %s", + @return_to, + @trust_root) + end + end + + # The return_to URL doesn't look like a valid URL. + class MalformedReturnURL < ProtocolError + attr_reader :return_to + + def initialize(openid_message, return_to) + @return_to = return_to + super(openid_message) + end + end + + # The trust root is not well-formed. + class MalformedTrustRoot < ProtocolError + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/store/filesystem.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/store/filesystem.rb new file mode 100644 index 0000000000..e2993eea41 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/store/filesystem.rb @@ -0,0 +1,271 @@ +require 'fileutils' +require 'pathname' +require 'tempfile' + +require 'openid/util' +require 'openid/store/interface' +require 'openid/association' + +module OpenID + module Store + class Filesystem < Interface + @@FILENAME_ALLOWED = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-".split("") + + # Create a Filesystem store instance, putting all data in +directory+. + def initialize(directory) + p_dir = Pathname.new(directory) + @nonce_dir = p_dir.join('nonces') + @association_dir = p_dir.join('associations') + @temp_dir = p_dir.join('temp') + + self.ensure_dir(@nonce_dir) + self.ensure_dir(@association_dir) + self.ensure_dir(@temp_dir) + end + + # Create a unique filename for a given server url and handle. The + # filename that is returned will contain the domain name from the + # server URL for ease of human inspection of the data dir. + def get_association_filename(server_url, handle) + unless server_url.index('://') + raise ArgumentError, "Bad server URL: #{server_url}" + end + + proto, rest = server_url.split('://', 2) + domain = filename_escape(rest.split('/',2)[0]) + url_hash = safe64(server_url) + if handle + handle_hash = safe64(handle) + else + handle_hash = '' + end + filename = [proto,domain,url_hash,handle_hash].join('-') + @association_dir.join(filename) + end + + # Store an association in the assoc directory + def store_association(server_url, association) + assoc_s = association.serialize + filename = get_association_filename(server_url, association.handle) + f, tmp = mktemp + + begin + begin + f.write(assoc_s) + f.fsync + ensure + f.close + end + + begin + File.rename(tmp, filename) + rescue Errno::EEXIST + + begin + File.unlink(filename) + rescue Errno::ENOENT + # do nothing + end + + File.rename(tmp, filename) + end + + rescue + self.remove_if_present(tmp) + raise + end + end + + # Retrieve an association + def get_association(server_url, handle=nil) + # the filename with empty handle is the prefix for the associations + # for a given server url + filename = get_association_filename(server_url, handle) + if handle + return _get_association(filename) + end + assoc_filenames = Dir.glob(filename.to_s + '*') + + assocs = assoc_filenames.collect do |f| + _get_association(f) + end + + assocs = assocs.find_all { |a| not a.nil? } + assocs = assocs.sort_by { |a| a.issued } + + return nil if assocs.empty? + return assocs[-1] + end + + def _get_association(filename) + begin + assoc_file = File.open(filename, "r") + rescue Errno::ENOENT + return nil + else + begin + assoc_s = assoc_file.read + ensure + assoc_file.close + end + + begin + association = Association.deserialize(assoc_s) + rescue + self.remove_if_present(filename) + return nil + end + + # clean up expired associations + if association.expires_in == 0 + self.remove_if_present(filename) + return nil + else + return association + end + end + end + + # Remove an association if it exists, otherwise do nothing. + def remove_association(server_url, handle) + assoc = get_association(server_url, handle) + + if assoc.nil? + return false + else + filename = get_association_filename(server_url, handle) + return self.remove_if_present(filename) + end + end + + # Return whether the nonce is valid + def use_nonce(server_url, timestamp, salt) + return false if (timestamp - Time.now.to_i).abs > Nonce.skew + + if server_url and !server_url.empty? + proto, rest = server_url.split('://',2) + else + proto, rest = '','' + end + raise "Bad server URL" unless proto && rest + + domain = filename_escape(rest.split('/',2)[0]) + url_hash = safe64(server_url) + salt_hash = safe64(salt) + + nonce_fn = '%08x-%s-%s-%s-%s'%[timestamp, proto, domain, url_hash, salt_hash] + + filename = @nonce_dir.join(nonce_fn) + + begin + fd = File.new(filename, File::CREAT | File::EXCL | File::WRONLY, 0200) + fd.close + return true + rescue Errno::EEXIST + return false + end + end + + # Remove expired entries from the database. This is potentially expensive, + # so only run when it is acceptable to take time. + def cleanup + cleanup_associations + cleanup_nonces + end + + def cleanup_associations + association_filenames = Dir[@association_dir.join("*").to_s] + count = 0 + association_filenames.each do |af| + begin + f = File.open(af, 'r') + rescue Errno::ENOENT + next + else + begin + assoc_s = f.read + ensure + f.close + end + begin + association = OpenID::Association.deserialize(assoc_s) + rescue StandardError + self.remove_if_present(af) + next + else + if association.expires_in == 0 + self.remove_if_present(af) + count += 1 + end + end + end + end + return count + end + + def cleanup_nonces + nonces = Dir[@nonce_dir.join("*").to_s] + now = Time.now.to_i + + count = 0 + nonces.each do |filename| + nonce = filename.split('/')[-1] + timestamp = nonce.split('-', 2)[0].to_i(16) + nonce_age = (timestamp - now).abs + if nonce_age > Nonce.skew + self.remove_if_present(filename) + count += 1 + end + end + return count + end + + protected + + # Create a temporary file and return the File object and filename. + def mktemp + f = Tempfile.new('tmp', @temp_dir) + [f, f.path] + end + + # create a safe filename from a url + def filename_escape(s) + s = '' if s.nil? + filename_chunks = [] + s.split('').each do |c| + if @@FILENAME_ALLOWED.index(c) + filename_chunks << c + else + filename_chunks << sprintf("_%02X", c[0]) + end + end + filename_chunks.join("") + end + + def safe64(s) + s = OpenID::CryptUtil.sha1(s) + s = OpenID::Util.to_base64(s) + s.gsub!('+', '_') + s.gsub!('/', '.') + s.gsub!('=', '') + return s + end + + # remove file if present in filesystem + def remove_if_present(filename) + begin + File.unlink(filename) + rescue Errno::ENOENT + return false + end + return true + end + + # ensure that a path exists + def ensure_dir(dir_name) + FileUtils::mkdir_p(dir_name) + end + end + end +end + diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/store/interface.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/store/interface.rb new file mode 100644 index 0000000000..50819f6f71 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/store/interface.rb @@ -0,0 +1,75 @@ +require 'openid/util' + +module OpenID + + # Stores for Associations and nonces. Used by both the Consumer and + # the Server. If you have a database abstraction layer or other + # state storage in your application or framework already, you can + # implement the store interface. + module Store + # Abstract Store + # Changes in 2.0: + # * removed store_nonce, get_auth_key, is_dumb + # * changed use_nonce to support one-way nonces + # * added cleanup_nonces, cleanup_associations, cleanup + class Interface < Object + + # Put a Association object into storage. + # When implementing a store, don't assume that there are any limitations + # on the character set of the server_url. In particular, expect to see + # unescaped non-url-safe characters in the server_url field. + def store_association(server_url, association) + raise NotImplementedError + end + + # Returns a Association object from storage that matches + # the server_url. Returns nil if no such association is found or if + # the one matching association is expired. (Is allowed to GC expired + # associations when found.) + def get_association(server_url, handle=nil) + raise NotImplementedError + end + + # If there is a matching association, remove it from the store and + # return true, otherwise return false. + def remove_association(server_url, handle) + raise NotImplementedError + end + + # Return true if the nonce has not been used before, and store it + # for a while to make sure someone doesn't try to use the same value + # again. Return false if the nonce has already been used or if the + # timestamp is not current. + # You can use OpenID::Store::Nonce::SKEW for your timestamp window. + # server_url: URL of the server from which the nonce originated + # timestamp: time the nonce was created in seconds since unix epoch + # salt: A random string that makes two nonces issued by a server in + # the same second unique + def use_nonce(server_url, timestamp, salt) + raise NotImplementedError + end + + # Remove expired nonces from the store + # Discards any nonce that is old enough that it wouldn't pass use_nonce + # Not called during normal library operation, this method is for store + # admins to keep their storage from filling up with expired data + def cleanup_nonces + raise NotImplementedError + end + + # Remove expired associations from the store + # Not called during normal library operation, this method is for store + # admins to keep their storage from filling up with expired data + def cleanup_associations + raise NotImplementedError + end + + # Remove expired nonces and associations from the store + # Not called during normal library operation, this method is for store + # admins to keep their storage from filling up with expired data + def cleanup + return cleanup_nonces, cleanup_associations + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/store/memory.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/store/memory.rb new file mode 100644 index 0000000000..58455b9580 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/store/memory.rb @@ -0,0 +1,84 @@ +require 'openid/store/interface' +module OpenID + module Store + # An in-memory implementation of Store. This class is mainly used + # for testing, though it may be useful for long-running single + # process apps. Note that this store is NOT thread-safe. + # + # You should probably be looking at OpenID::Store::Filesystem + class Memory < Interface + + def initialize + @associations = {} + @associations.default = {} + @nonces = {} + end + + def store_association(server_url, assoc) + assocs = @associations[server_url] + @associations[server_url] = assocs.merge({assoc.handle => deepcopy(assoc)}) + end + + def get_association(server_url, handle=nil) + assocs = @associations[server_url] + assoc = nil + if handle + assoc = assocs[handle] + else + assoc = assocs.values.sort{|a,b| a.issued <=> b.issued}[-1] + end + + return assoc + end + + def remove_association(server_url, handle) + assocs = @associations[server_url] + if assocs.delete(handle) + return true + else + return false + end + end + + def use_nonce(server_url, timestamp, salt) + return false if (timestamp - Time.now.to_i).abs > Nonce.skew + nonce = [server_url, timestamp, salt].join('') + return false if @nonces[nonce] + @nonces[nonce] = timestamp + return true + end + + def cleanup_associations + count = 0 + @associations.each{|server_url, assocs| + assocs.each{|handle, assoc| + if assoc.expires_in == 0 + assocs.delete(handle) + count += 1 + end + } + } + return count + end + + def cleanup_nonces + count = 0 + now = Time.now.to_i + @nonces.each{|nonce, timestamp| + if (timestamp - now).abs > Nonce.skew + @nonces.delete(nonce) + count += 1 + end + } + return count + end + + protected + + def deepcopy(o) + Marshal.load(Marshal.dump(o)) + end + + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/store/nonce.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/store/nonce.rb new file mode 100644 index 0000000000..08a9e5298d --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/store/nonce.rb @@ -0,0 +1,68 @@ +require 'openid/cryptutil' +require 'date' +require 'time' + +module OpenID + module Nonce + DEFAULT_SKEW = 60*60*5 + TIME_FMT = '%Y-%m-%dT%H:%M:%SZ' + TIME_STR_LEN = '0000-00-00T00:00:00Z'.size + @@NONCE_CHRS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" + TIME_VALIDATOR = /\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ/ + + @skew = DEFAULT_SKEW + + # The allowed nonce time skew in seconds. Defaults to 5 hours. + # Used for checking nonce validity, and by stores' cleanup methods. + def Nonce.skew + @skew + end + + def Nonce.skew=(new_skew) + @skew = new_skew + end + + # Extract timestamp from a nonce string + def Nonce.split_nonce(nonce_str) + timestamp_str = nonce_str[0...TIME_STR_LEN] + raise ArgumentError if timestamp_str.size < TIME_STR_LEN + raise ArgumentError unless timestamp_str.match(TIME_VALIDATOR) + ts = Time.parse(timestamp_str).to_i + raise ArgumentError if ts < 0 + return ts, nonce_str[TIME_STR_LEN..-1] + end + + # Is the timestamp that is part of the specified nonce string + # within the allowed clock-skew of the current time? + def Nonce.check_timestamp(nonce_str, allowed_skew=nil, now=nil) + allowed_skew = skew if allowed_skew.nil? + begin + stamp, foo = split_nonce(nonce_str) + rescue ArgumentError # bad timestamp + return false + end + now = Time.now.to_i unless now + + # times before this are too old + past = now - allowed_skew + + # times newer than this are too far in the future + future = now + allowed_skew + + return (past <= stamp and stamp <= future) + end + + # generate a nonce with the specified timestamp (defaults to now) + def Nonce.mk_nonce(time = nil) + salt = CryptUtil::random_string(6, @@NONCE_CHRS) + if time.nil? + t = Time.now.getutc + else + t = Time.at(time).getutc + end + time_str = t.strftime(TIME_FMT) + return time_str + salt + end + + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/trustroot.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/trustroot.rb new file mode 100644 index 0000000000..16695f05ce --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/trustroot.rb @@ -0,0 +1,349 @@ +require 'uri' +require 'openid/urinorm' + +module OpenID + + class RealmVerificationRedirected < Exception + # Attempting to verify this realm resulted in a redirect. + def initialize(relying_party_url, rp_url_after_redirects) + @relying_party_url = relying_party_url + @rp_url_after_redirects = rp_url_after_redirects + end + + def to_s + return "Attempting to verify #{@relying_party_url} resulted in " + + "redirect to #{@rp_url_after_redirects}" + end + end + + module TrustRoot + TOP_LEVEL_DOMAINS = %w' + ac ad ae aero af ag ai al am an ao aq ar arpa as asia at + au aw ax az ba bb bd be bf bg bh bi biz bj bm bn bo br bs bt + bv bw by bz ca cat cc cd cf cg ch ci ck cl cm cn co com coop + cr cu cv cx cy cz de dj dk dm do dz ec edu ee eg er es et eu + fi fj fk fm fo fr ga gb gd ge gf gg gh gi gl gm gn gov gp gq + gr gs gt gu gw gy hk hm hn hr ht hu id ie il im in info int + io iq ir is it je jm jo jobs jp ke kg kh ki km kn kp kr kw + ky kz la lb lc li lk lr ls lt lu lv ly ma mc md me mg mh mil + mk ml mm mn mo mobi mp mq mr ms mt mu museum mv mw mx my mz + na name nc ne net nf ng ni nl no np nr nu nz om org pa pe pf + pg ph pk pl pm pn pr pro ps pt pw py qa re ro rs ru rw sa sb + sc sd se sg sh si sj sk sl sm sn so sr st su sv sy sz tc td + tel tf tg th tj tk tl tm tn to tp tr travel tt tv tw tz ua + ug uk us uy uz va vc ve vg vi vn vu wf ws xn--0zwm56d + xn--11b5bs3a9aj6g xn--80akhbyknj4f xn--9t4b11yi5a + xn--deba0ad xn--g6w251d xn--hgbk6aj7f53bba + xn--hlcj6aya9esc7a xn--jxalpdlp xn--kgbechtv xn--zckzah ye + yt yu za zm zw' + + ALLOWED_PROTOCOLS = ['http', 'https'] + + # The URI for relying party discovery, used in realm verification. + # + # XXX: This should probably live somewhere else (like in + # OpenID or OpenID::Yadis somewhere) + RP_RETURN_TO_URL_TYPE = 'http://specs.openid.net/auth/2.0/return_to' + + # If the endpoint is a relying party OpenID return_to endpoint, + # return the endpoint URL. Otherwise, return None. + # + # This function is intended to be used as a filter for the Yadis + # filtering interface. + # + # endpoint: An XRDS BasicServiceEndpoint, as returned by + # performing Yadis dicovery. + # + # returns the endpoint URL or None if the endpoint is not a + # relying party endpoint. + def TrustRoot._extract_return_url(endpoint) + if endpoint.matchTypes([RP_RETURN_TO_URL_TYPE]) + return endpoint.uri + else + return nil + end + end + + # Is the return_to URL under one of the supplied allowed + # return_to URLs? + def TrustRoot.return_to_matches(allowed_return_to_urls, return_to) + allowed_return_to_urls.each { |allowed_return_to| + # A return_to pattern works the same as a realm, except that + # it's not allowed to use a wildcard. We'll model this by + # parsing it as a realm, and not trying to match it if it has + # a wildcard. + + return_realm = TrustRoot.parse(allowed_return_to) + if (# Parses as a trust root + !return_realm.nil? and + + # Does not have a wildcard + !return_realm.wildcard and + + # Matches the return_to that we passed in with it + return_realm.validate_url(return_to) + ) + return true + end + } + + # No URL in the list matched + return false + end + + # Given a relying party discovery URL return a list of return_to + # URLs. + def TrustRoot.get_allowed_return_urls(relying_party_url) + rp_url_after_redirects, return_to_urls = services.get_service_endpoints( + relying_party_url, _extract_return_url) + + if rp_url_after_redirects != relying_party_url + # Verification caused a redirect + raise RealmVerificationRedirected.new( + relying_party_url, rp_url_after_redirects) + end + + return return_to_urls + end + + # Verify that a return_to URL is valid for the given realm. + # + # This function builds a discovery URL, performs Yadis discovery + # on it, makes sure that the URL does not redirect, parses out + # the return_to URLs, and finally checks to see if the current + # return_to URL matches the return_to. + # + # raises DiscoveryFailure when Yadis discovery fails returns + # true if the return_to URL is valid for the realm + def TrustRoot.verify_return_to(realm_str, return_to, _vrfy=nil) + # _vrfy parameter is there to make testing easier + if _vrfy.nil? + _vrfy = self.method('get_allowed_return_urls') + end + + if !(_vrfy.is_a?(Proc) or _vrfy.is_a?(Method)) + raise ArgumentError, "_vrfy must be a Proc or Method" + end + + realm = TrustRoot.parse(realm_str) + if realm.nil? + # The realm does not parse as a URL pattern + return false + end + + begin + allowable_urls = _vrfy.call(realm.build_discovery_url()) + rescue RealmVerificationRedirected => err + Util.log(err.to_s) + return false + end + + if return_to_matches(allowable_urls, return_to) + return true + else + Util.log("Failed to validate return_to #{return_to} for " + + "realm #{realm_str}, was not in #{allowable_urls}") + return false + end + end + + class TrustRoot + + attr_reader :unparsed, :proto, :wildcard, :host, :port, :path + + @@empty_re = Regexp.new('^http[s]*:\/\/\*\/$') + + def TrustRoot._build_path(path, query=nil, frag=nil) + s = path.dup + + frag = nil if frag == '' + query = nil if query == '' + + if query + s << "?" << query + end + + if frag + s << "#" << frag + end + + return s + end + + def TrustRoot._parse_url(url) + begin + url = URINorm.urinorm(url) + rescue URI::InvalidURIError => err + nil + end + + begin + parsed = URI::parse(url) + rescue URI::InvalidURIError + return nil + end + + path = TrustRoot._build_path(parsed.path, + parsed.query, + parsed.fragment) + + return [parsed.scheme || '', parsed.host || '', + parsed.port || '', path || ''] + end + + def TrustRoot.parse(trust_root) + trust_root = trust_root.dup + unparsed = trust_root.dup + + # look for wildcard + wildcard = (not trust_root.index('://*.').nil?) + trust_root.sub!('*.', '') if wildcard + + # handle http://*/ case + if not wildcard and @@empty_re.match(trust_root) + proto = trust_root.split(':')[0] + port = proto == 'http' ? 80 : 443 + return new(unparsed, proto, true, '', port, '/') + end + + parts = TrustRoot._parse_url(trust_root) + return nil if parts.nil? + + proto, host, port, path = parts + + # check for URI fragment + if path and !path.index('#').nil? + return nil + end + + return nil unless ['http', 'https'].member?(proto) + return new(unparsed, proto, wildcard, host, port, path) + end + + def TrustRoot.check_sanity(trust_root_string) + trust_root = TrustRoot.parse(trust_root_string) + if trust_root.nil? + return false + else + return trust_root.sane? + end + end + + # quick func for validating a url against a trust root. See the + # TrustRoot class if you need more control. + def self.check_url(trust_root, url) + tr = self.parse(trust_root) + return (!tr.nil? and tr.validate_url(url)) + end + + # Return a discovery URL for this realm. + # + # This function does not check to make sure that the realm is + # valid. Its behaviour on invalid inputs is undefined. + # + # return_to:: The relying party return URL of the OpenID + # authentication request + # + # Returns the URL upon which relying party discovery should be + # run in order to verify the return_to URL + def build_discovery_url + if self.wildcard + # Use "www." in place of the star + www_domain = 'www.' + @host + port = (!@port.nil? and ![80, 443].member?(@port)) ? (":" + @port.to_s) : '' + return "#{@proto}://#{www_domain}#{port}#{@path}" + else + return @unparsed + end + end + + def initialize(unparsed, proto, wildcard, host, port, path) + @unparsed = unparsed + @proto = proto + @wildcard = wildcard + @host = host + @port = port + @path = path + end + + def sane? + return true if @host == 'localhost' + + host_parts = @host.split('.') + + # a note: ruby string split does not put an empty string at + # the end of the list if the split element is last. for + # example, 'foo.com.'.split('.') => ['foo','com']. Mentioned + # because the python code differs here. + + return false if host_parts.length == 0 + + # no adjacent dots + return false if host_parts.member?('') + + # last part must be a tld + tld = host_parts[-1] + return false unless TOP_LEVEL_DOMAINS.member?(tld) + + return false if host_parts.length == 1 + + if @wildcard + if tld.length == 2 and host_parts[-2].length <= 3 + # It's a 2-letter tld with a short second to last segment + # so there needs to be more than two segments specified + # (e.g. *.co.uk is insane) + return host_parts.length > 2 + end + end + + return true + end + + def validate_url(url) + parts = TrustRoot._parse_url(url) + return false if parts.nil? + + proto, host, port, path = parts + + return false unless proto == @proto + return false unless port == @port + return false unless host.index('*').nil? + + if !@wildcard + if host != @host + return false + end + elsif ((@host != '') and + (!host.ends_with?('.' + @host)) and + (host != @host)) + return false + end + + if path != @path + path_len = @path.length + trust_prefix = @path[0...path_len] + url_prefix = path[0...path_len] + + # must be equal up to the length of the path, at least + if trust_prefix != url_prefix + return false + end + + # These characters must be on the boundary between the end + # of the trust root's path and the start of the URL's path. + if !@path.index('?').nil? + allowed = '&' + else + allowed = '?/' + end + + return (!allowed.index(@path[-1]).nil? or + !allowed.index(path[path_len]).nil?) + end + + return true + end + end + end +end + diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/urinorm.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/urinorm.rb new file mode 100644 index 0000000000..f30893eaa9 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/urinorm.rb @@ -0,0 +1,75 @@ +require 'uri' + +require "openid/extras" + +module OpenID + + module URINorm + public + def URINorm.urinorm(uri) + uri = URI.parse(uri) + + raise URI::InvalidURIError.new('no scheme') unless uri.scheme + uri.scheme = uri.scheme.downcase + unless ['http','https'].member?(uri.scheme) + raise URI::InvalidURIError.new('Not an HTTP or HTTPS URI') + end + + raise URI::InvalidURIError.new('no host') unless uri.host + uri.host = uri.host.downcase + + uri.path = remove_dot_segments(uri.path) + uri.path = '/' if uri.path.length == 0 + + uri = uri.normalize.to_s + uri = uri.gsub(PERCENT_ESCAPE_RE) { + sub = $&[1..2].to_i(16).chr + reserved(sub) ? $&.upcase : sub + } + + return uri + end + + private + RESERVED_RE = /[A-Za-z0-9._~-]/ + PERCENT_ESCAPE_RE = /%[0-9a-zA-Z]{2}/ + + def URINorm.reserved(chr) + not RESERVED_RE =~ chr + end + + def URINorm.remove_dot_segments(path) + result_segments = [] + + while path.length > 0 + if path.starts_with?('../') + path = path[3..-1] + elsif path.starts_with?('./') + path = path[2..-1] + elsif path.starts_with?('/./') + path = path[2..-1] + elsif path == '/.' + path = '/' + elsif path.starts_with?('/../') + path = path[3..-1] + result_segments.pop if result_segments.length > 0 + elsif path == '/..' + path = '/' + result_segments.pop if result_segments.length > 0 + elsif path == '..' or path == '.' + path = '' + else + i = 0 + i = 1 if path[0].chr == '/' + i = path.index('/', i) + i = path.length if i.nil? + result_segments << path[0...i] + path = path[i..-1] + end + end + + return result_segments.join('') + end + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/util.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/util.rb new file mode 100644 index 0000000000..c5a6716b27 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/util.rb @@ -0,0 +1,110 @@ +require "cgi" +require "uri" +require "logger" + +require "openid/extras" + +# See OpenID::Consumer or OpenID::Server modules, as well as the store classes +module OpenID + class AssertionError < Exception + end + + # Exceptions that are raised by the library are subclasses of this + # exception type, so if you want to catch all exceptions raised by + # the library, you can catch OpenIDError + class OpenIDError < StandardError + end + + module Util + + BASE64_CHARS = ('ABCDEFGHIJKLMNOPQRSTUVWXYZ' \ + 'abcdefghijklmnopqrstuvwxyz0123456789+/') + BASE64_RE = Regexp.compile(" + \\A + ([#{BASE64_CHARS}]{4})* + ([#{BASE64_CHARS}]{2}==| + [#{BASE64_CHARS}]{3}=)? + \\Z", Regexp::EXTENDED) + + def Util.assert(value, message=nil) + if not value + raise AssertionError, message or value + end + end + + def Util.to_base64(s) + [s].pack('m').gsub("\n", "") + end + + def Util.from_base64(s) + without_newlines = s.gsub(/[\r\n]+/, '') + if !BASE64_RE.match(without_newlines) + raise ArgumentError, "Malformed input: #{s.inspect}" + end + without_newlines.unpack('m').first + end + + def Util.urlencode(args) + a = [] + args.each do |key, val| + val = '' unless val + a << (CGI::escape(key) + "=" + CGI::escape(val)) + end + a.join("&") + end + + def Util.parse_query(qs) + query = {} + CGI::parse(qs).each {|k,v| query[k] = v[0]} + return query + end + + def Util.append_args(url, args) + url = url.dup + return url if args.length == 0 + + if args.respond_to?('each_pair') + args = args.sort + end + + url << (url.include?("?") ? "&" : "?") + url << Util.urlencode(args) + end + + @@logger = Logger.new(STDERR) + @@logger.progname = "OpenID" + + def Util.logger=(logger) + @@logger = logger + end + + def Util.logger + @@logger + end + + # change the message below to do whatever you like for logging + def Util.log(message) + logger.info(message) + end + + def Util.auto_submit_html(form, title='OpenID transaction in progress') + return " + + + #{title} + + +#{form} + + + +" + end + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/accept.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/accept.rb new file mode 100644 index 0000000000..a1657482f6 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/accept.rb @@ -0,0 +1,148 @@ +module OpenID + + module Yadis + + # Generate an accept header value + # + # [str or (str, float)] -> str + def self.generate_accept_header(*elements) + parts = [] + elements.each { |element| + if element.is_a?(String) + qs = "1.0" + mtype = element + else + mtype, q = element + q = q.to_f + if q > 1 or q <= 0 + raise ArgumentError.new("Invalid preference factor: #{q}") + end + qs = sprintf("%0.1f", q) + end + + parts << [qs, mtype] + } + + parts.sort! + chunks = [] + parts.each { |q, mtype| + if q == '1.0' + chunks << mtype + else + chunks << sprintf("%s; q=%s", mtype, q) + end + } + + return chunks.join(', ') + end + + def self.parse_accept_header(value) + # Parse an accept header, ignoring any accept-extensions + # + # returns a list of tuples containing main MIME type, MIME + # subtype, and quality markdown. + # + # str -> [(str, str, float)] + chunks = value.split(',', -1).collect { |v| v.strip } + accept = [] + chunks.each { |chunk| + parts = chunk.split(";", -1).collect { |s| s.strip } + + mtype = parts.shift + if mtype.index('/').nil? + # This is not a MIME type, so ignore the bad data + next + end + + main, sub = mtype.split('/', 2) + + q = nil + parts.each { |ext| + if !ext.index('=').nil? + k, v = ext.split('=', 2) + if k == 'q' + q = v.to_f + end + end + } + + q = 1.0 if q.nil? + + accept << [q, main, sub] + } + + accept.sort! + accept.reverse! + + return accept.collect { |q, main, sub| [main, sub, q] } + end + + def self.match_types(accept_types, have_types) + # Given the result of parsing an Accept: header, and the + # available MIME types, return the acceptable types with their + # quality markdowns. + # + # For example: + # + # >>> acceptable = parse_accept_header('text/html, text/plain; q=0.5') + # >>> matchTypes(acceptable, ['text/plain', 'text/html', 'image/jpeg']) + # [('text/html', 1.0), ('text/plain', 0.5)] + # + # Type signature: ([(str, str, float)], [str]) -> [(str, float)] + if accept_types.nil? or accept_types == [] + # Accept all of them + default = 1 + else + default = 0 + end + + match_main = {} + match_sub = {} + accept_types.each { |main, sub, q| + if main == '*' + default = [default, q].max + next + elsif sub == '*' + match_main[main] = [match_main.fetch(main, 0), q].max + else + match_sub[[main, sub]] = [match_sub.fetch([main, sub], 0), q].max + end + } + + accepted_list = [] + order_maintainer = 0 + have_types.each { |mtype| + main, sub = mtype.split('/', 2) + if match_sub.member?([main, sub]) + q = match_sub[[main, sub]] + else + q = match_main.fetch(main, default) + end + + if q != 0 + accepted_list << [1 - q, order_maintainer, q, mtype] + order_maintainer += 1 + end + } + + accepted_list.sort! + return accepted_list.collect { |_, _, q, mtype| [mtype, q] } + end + + def self.get_acceptable(accept_header, have_types) + # Parse the accept header and return a list of available types + # in preferred order. If a type is unacceptable, it will not be + # in the resulting list. + # + # This is a convenience wrapper around matchTypes and + # parse_accept_header + # + # (str, [str]) -> [str] + accepted = self.parse_accept_header(accept_header) + preferred = self.match_types(accepted, have_types) + return preferred.collect { |mtype, _| mtype } + end + + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/constants.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/constants.rb new file mode 100644 index 0000000000..99b58b138e --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/constants.rb @@ -0,0 +1,21 @@ + +require 'openid/yadis/accept' + +module OpenID + + module Yadis + + YADIS_HEADER_NAME = 'X-XRDS-Location' + YADIS_CONTENT_TYPE = 'application/xrds+xml' + + # A value suitable for using as an accept header when performing + # YADIS discovery, unless the application has special requirements + YADIS_ACCEPT_HEADER = generate_accept_header( + ['text/html', 0.3], + ['application/xhtml+xml', 0.5], + [YADIS_CONTENT_TYPE, 1.0] + ) + + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/discovery.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/discovery.rb new file mode 100644 index 0000000000..55d6f09b1c --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/discovery.rb @@ -0,0 +1,153 @@ + +require 'openid/util' +require 'openid/fetchers' +require 'openid/yadis/constants' +require 'openid/yadis/parsehtml' + +module OpenID + + # Raised when a error occurs in the discovery process + class DiscoveryFailure < OpenIDError + attr_accessor :identity_url, :http_response + + def initialize(message, http_response) + super(message) + @identity_url = nil + @http_response = http_response + end + end + + module Yadis + + # Contains the result of performing Yadis discovery on a URI + class DiscoveryResult + + # The result of following redirects from the request_uri + attr_accessor :normalize_uri + + # The URI from which the response text was returned (set to + # nil if there was no XRDS document found) + attr_accessor :xrds_uri + + # The content-type returned with the response_text + attr_accessor :content_type + + # The document returned from the xrds_uri + attr_accessor :response_text + + attr_accessor :request_uri, :normalized_uri + + def initialize(request_uri) + # Initialize the state of the object + # + # sets all attributes to None except the request_uri + @request_uri = request_uri + @normalized_uri = nil + @xrds_uri = nil + @content_type = nil + @response_text = nil + end + + # Was the Yadis protocol's indirection used? + def used_yadis_location? + return @normalized_uri != @xrds_uri + end + + # Is the response text supposed to be an XRDS document? + def is_xrds + return (used_yadis_location?() or + @content_type == YADIS_CONTENT_TYPE) + end + end + + # Discover services for a given URI. + # + # uri: The identity URI as a well-formed http or https URI. The + # well-formedness and the protocol are not checked, but the + # results of this function are undefined if those properties do + # not hold. + # + # returns a DiscoveryResult object + # + # Raises DiscoveryFailure when the HTTP response does not have + # a 200 code. + def self.discover(uri) + result = DiscoveryResult.new(uri) + begin + resp = OpenID.fetch(uri, nil, {'Accept' => YADIS_ACCEPT_HEADER}) + rescue Exception + raise DiscoveryFailure.new("Failed to fetch identity URL #{uri} : #{$!}", $!) + end + if resp.code != "200" and resp.code != "206" + raise DiscoveryFailure.new( + "HTTP Response status from identity URL host is not \"200\"."\ + "Got status #{resp.code.inspect} for #{resp.final_url}", resp) + end + + # Note the URL after following redirects + result.normalized_uri = resp.final_url + + # Attempt to find out where to go to discover the document or if + # we already have it + result.content_type = resp['content-type'] + + result.xrds_uri = self.where_is_yadis?(resp) + + if result.xrds_uri and result.used_yadis_location? + begin + resp = OpenID.fetch(result.xrds_uri) + rescue + raise DiscoveryFailure.new("Failed to fetch Yadis URL #{result.xrds_uri} : #{$!}", $!) + end + if resp.code != "200" and resp.code != "206" + exc = DiscoveryFailure.new( + "HTTP Response status from Yadis host is not \"200\". " + + "Got status #{resp.code.inspect} for #{resp.final_url}", resp) + exc.identity_url = result.normalized_uri + raise exc + end + + result.content_type = resp['content-type'] + end + + result.response_text = resp.body + return result + end + + # Given a HTTPResponse, return the location of the Yadis + # document. + # + # May be the URL just retrieved, another URL, or None, if I + # can't find any. + # + # [non-blocking] + def self.where_is_yadis?(resp) + # Attempt to find out where to go to discover the document or if + # we already have it + content_type = resp['content-type'] + + # According to the spec, the content-type header must be an + # exact match, or else we have to look for an indirection. + if (!content_type.nil? and !content_type.to_s.empty? and + content_type.split(';', 2)[0].downcase == YADIS_CONTENT_TYPE) + return resp.final_url + else + # Try the header + yadis_loc = resp[YADIS_HEADER_NAME.downcase] + + if yadis_loc.nil? + # Parse as HTML if the header is missing. + # + # XXX: do we want to do something with content-type, like + # have a whitelist or a blacklist (for detecting that it's + # HTML)? + yadis_loc = Yadis.html_yadis_location(resp.body) + end + end + + return yadis_loc + end + + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/filters.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/filters.rb new file mode 100644 index 0000000000..90f350ea3a --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/filters.rb @@ -0,0 +1,205 @@ +# This file contains functions and classes used for extracting +# endpoint information out of a Yadis XRD file using the REXML +# XML parser. + +# +module OpenID + module Yadis + class BasicServiceEndpoint + attr_reader :type_uris, :yadis_url, :uri, :service_element + + # Generic endpoint object that contains parsed service + # information, as well as a reference to the service element + # from which it was generated. If there is more than one + # xrd:Type or xrd:URI in the xrd:Service, this object represents + # just one of those pairs. + # + # This object can be used as a filter, because it implements + # fromBasicServiceEndpoint. + # + # The simplest kind of filter you can write implements + # fromBasicServiceEndpoint, which takes one of these objects. + def initialize(yadis_url, type_uris, uri, service_element) + @type_uris = type_uris + @yadis_url = yadis_url + @uri = uri + @service_element = service_element + end + + # Query this endpoint to see if it has any of the given type + # URIs. This is useful for implementing other endpoint classes + # that e.g. need to check for the presence of multiple + # versions of a single protocol. + def match_types(type_uris) + return @type_uris & type_uris + end + + # Trivial transform from a basic endpoint to itself. This + # method exists to allow BasicServiceEndpoint to be used as a + # filter. + # + # If you are subclassing this object, re-implement this function. + def self.from_basic_service_endpoint(endpoint) + return endpoint + end + + # A hack to make both this class and its instances respond to + # this message since Ruby doesn't support static methods. + def from_basic_service_endpoint(endpoint) + return self.class.from_basic_service_endpoint(endpoint) + end + + end + + # Take a list of basic filters and makes a filter that + # transforms the basic filter into a top-level filter. This is + # mostly useful for the implementation of make_filter, which + # should only be needed for special cases or internal use by + # this library. + # + # This object is useful for creating simple filters for services + # that use one URI and are specified by one Type (we expect most + # Types will fit this paradigm). + # + # Creates a BasicServiceEndpoint object and apply the filter + # functions to it until one of them returns a value. + class TransformFilterMaker + attr_reader :filter_procs + + # Initialize the filter maker's state + # + # filter_functions are the endpoint transformer + # Procs to apply to the basic endpoint. These are called in + # turn until one of them does not return nil, and the result + # of that transformer is returned. + def initialize(filter_procs) + @filter_procs = filter_procs + end + + # Returns an array of endpoint objects produced by the + # filter procs. + def get_service_endpoints(yadis_url, service_element) + endpoints = [] + + # Do an expansion of the service element by xrd:Type and + # xrd:URI + Yadis::expand_service(service_element).each { |type_uris, uri, _| + # Create a basic endpoint object to represent this + # yadis_url, Service, Type, URI combination + endpoint = BasicServiceEndpoint.new( + yadis_url, type_uris, uri, service_element) + + e = apply_filters(endpoint) + if !e.nil? + endpoints << e + end + } + return endpoints + end + + def apply_filters(endpoint) + # Apply filter procs to an endpoint until one of them returns + # non-nil. + @filter_procs.each { |filter_proc| + e = filter_proc.call(endpoint) + if !e.nil? + # Once one of the filters has returned an endpoint, do not + # apply any more. + return e + end + } + + return nil + end + end + + class CompoundFilter + attr_reader :subfilters + + # Create a new filter that applies a set of filters to an + # endpoint and collects their results. + def initialize(subfilters) + @subfilters = subfilters + end + + # Generate all endpoint objects for all of the subfilters of + # this filter and return their concatenation. + def get_service_endpoints(yadis_url, service_element) + endpoints = [] + @subfilters.each { |subfilter| + endpoints += subfilter.get_service_endpoints(yadis_url, service_element) + } + return endpoints + end + end + + # Exception raised when something is not able to be turned into a + # filter + @@filter_type_error = TypeError.new( + 'Expected a filter, an endpoint, a callable or a list of any of these.') + + # Convert a filter-convertable thing into a filter + # + # parts should be a filter, an endpoint, a callable, or a list of + # any of these. + def self.make_filter(parts) + # Convert the parts into a list, and pass to mk_compound_filter + if parts.nil? + parts = [BasicServiceEndpoint] + end + + if parts.is_a?(Array) + return mk_compound_filter(parts) + else + return mk_compound_filter([parts]) + end + end + + # Create a filter out of a list of filter-like things + # + # Used by make_filter + # + # parts should be a list of things that can be passed to make_filter + def self.mk_compound_filter(parts) + + if !parts.respond_to?('each') + raise TypeError, "#{parts.inspect} is not iterable" + end + + # Separate into a list of callables and a list of filter objects + transformers = [] + filters = [] + parts.each { |subfilter| + if !subfilter.is_a?(Array) + # If it's not an iterable + if subfilter.respond_to?('get_service_endpoints') + # It's a full filter + filters << subfilter + elsif subfilter.respond_to?('from_basic_service_endpoint') + # It's an endpoint object, so put its endpoint conversion + # attribute into the list of endpoint transformers + transformers << subfilter.method('from_basic_service_endpoint') + elsif subfilter.respond_to?('call') + # It's a proc, so add it to the list of endpoint + # transformers + transformers << subfilter + else + raise @@filter_type_error + end + else + filters << mk_compound_filter(subfilter) + end + } + + if transformers.length > 0 + filters << TransformFilterMaker.new(transformers) + end + + if filters.length == 1 + return filters[0] + else + return CompoundFilter.new(filters) + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/htmltokenizer.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/htmltokenizer.rb new file mode 100644 index 0000000000..b20810975b --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/htmltokenizer.rb @@ -0,0 +1,305 @@ +# = HTMLTokenizer +# +# Author:: Ben Giddings (mailto:bg-rubyforge@infofiend.com) +# Copyright:: Copyright (c) 2004 Ben Giddings +# License:: Distributes under the same terms as Ruby +# +# +# This is a partial port of the functionality behind Perl's TokeParser +# Provided a page it progressively returns tokens from that page +# +# $Id: htmltokenizer.rb,v 1.7 2005/06/07 21:05:53 merc Exp $ + +# +# A class to tokenize HTML. +# +# Example: +# +# page = " +# +# This is the title +# +# +# +#

    This is the header

    +#

    +# This is the paragraph, it contains +# links, +# images
+#        are
+#        really cool. Ok, here is some more text and +# another link. +#

    +# +# +# " +# toke = HTMLTokenizer.new(page) +# +# assert("

    " == toke.getTag("h1", "h2", "h3").to_s.downcase) +# assert(HTMLTag.new("") == toke.getTag("IMG", "A")) +# assert("links" == toke.getTrimmedText) +# assert(toke.getTag("IMG", "A").attr_hash['optional']) +# assert("_blank" == toke.getTag("IMG", "A").attr_hash['target']) +# +class HTMLTokenizer + @@version = 1.0 + + # Get version of HTMLTokenizer lib + def self.version + @@version + end + + attr_reader :page + + # Create a new tokenizer, based on the content, used as a string. + def initialize(content) + @page = content.to_s + @cur_pos = 0 + end + + # Reset the parser, setting the current position back at the stop + def reset + @cur_pos = 0 + end + + # Look at the next token, but don't actually grab it + def peekNextToken + if @cur_pos == @page.length then return nil end + + if ?< == @page[@cur_pos] + # Next token is a tag of some kind + if '!--' == @page[(@cur_pos + 1), 3] + # Token is a comment + tag_end = @page.index('-->', (@cur_pos + 1)) + if tag_end.nil? + raise HTMLTokenizerError, "No end found to started comment:\n#{@page[@cur_pos,80]}" + end + # p @page[@cur_pos .. (tag_end+2)] + HTMLComment.new(@page[@cur_pos .. (tag_end + 2)]) + else + # Token is a html tag + tag_end = @page.index('>', (@cur_pos + 1)) + if tag_end.nil? + raise HTMLTokenizerError, "No end found to started tag:\n#{@page[@cur_pos,80]}" + end + # p @page[@cur_pos .. tag_end] + HTMLTag.new(@page[@cur_pos .. tag_end]) + end + else + # Next token is text + text_end = @page.index('<', @cur_pos) + text_end = text_end.nil? ? -1 : (text_end - 1) + # p @page[@cur_pos .. text_end] + HTMLText.new(@page[@cur_pos .. text_end]) + end + end + + # Get the next token, returns an instance of + # * HTMLText + # * HTMLToken + # * HTMLTag + def getNextToken + token = peekNextToken + if token + # @page = @page[token.raw.length .. -1] + # @page.slice!(0, token.raw.length) + @cur_pos += token.raw.length + end + #p token + #print token.raw + return token + end + + # Get a tag from the specified set of desired tags. + # For example: + # foo = toke.getTag("h1", "h2", "h3") + # Will return the next header tag encountered. + def getTag(*sought_tags) + sought_tags.collect! {|elm| elm.downcase} + + while (tag = getNextToken) + if tag.kind_of?(HTMLTag) and + (0 == sought_tags.length or sought_tags.include?(tag.tag_name)) + break + end + end + tag + end + + # Get all the text between the current position and the next tag + # (if specified) or a specific later tag + def getText(until_tag = nil) + if until_tag.nil? + if ?< == @page[@cur_pos] + # Next token is a tag, not text + "" + else + # Next token is text + getNextToken.text + end + else + ret_str = "" + + while (tag = peekNextToken) + if tag.kind_of?(HTMLTag) and tag.tag_name == until_tag + break + end + + if ("" != tag.text) + ret_str << (tag.text + " ") + end + getNextToken + end + + ret_str + end + end + + # Like getText, but squeeze all whitespace, getting rid of + # leading and trailing whitespace, and squeezing multiple + # spaces into a single space. + def getTrimmedText(until_tag = nil) + getText(until_tag).strip.gsub(/\s+/m, " ") + end + +end + +class HTMLTokenizerError < Exception +end + +# The parent class for all three types of HTML tokens +class HTMLToken + attr_accessor :raw + + # Initialize the token based on the raw text + def initialize(text) + @raw = text + end + + # By default, return exactly the string used to create the text + def to_s + raw + end + + # By default tokens have no text representation + def text + "" + end + + def trimmed_text + text.strip.gsub(/\s+/m, " ") + end + + # Compare to another based on the raw source + def ==(other) + raw == other.to_s + end +end + +# Class representing text that isn't inside a tag +class HTMLText < HTMLToken + def text + raw + end +end + +# Class representing an HTML comment +class HTMLComment < HTMLToken + attr_accessor :contents + def initialize(text) + super(text) + temp_arr = text.scan(/^$/m) + if temp_arr[0].nil? + raise HTMLTokenizerError, "Text passed to HTMLComment.initialize is not a comment" + end + + @contents = temp_arr[0][0] + end +end + +# Class representing an HTML tag +class HTMLTag < HTMLToken + attr_reader :end_tag, :tag_name + def initialize(text) + super(text) + if ?< != text[0] or ?> != text[-1] + raise HTMLTokenizerError, "Text passed to HTMLComment.initialize is not a comment" + end + + @attr_hash = Hash.new + @raw = text + + tag_name = text.scan(/[\w:-]+/)[0] + if tag_name.nil? + raise HTMLTokenizerError, "Error, tag is nil: #{tag_name}" + end + + if ?/ == text[1] + # It's an end tag + @end_tag = true + @tag_name = '/' + tag_name.downcase + else + @end_tag = false + @tag_name = tag_name.downcase + end + + @hashed = false + end + + # Retrieve a hash of all the tag's attributes. + # Lazily done, so that if you don't look at a tag's attributes + # things go quicker + def attr_hash + # Lazy initialize == don't build the hash until it's needed + if !@hashed + if !@end_tag + # Get the attributes + attr_arr = @raw.scan(/<[\w:-]+\s+(.*?)\/?>/m)[0] + if attr_arr.kind_of?(Array) + # Attributes found, parse them + attrs = attr_arr[0] + attr_arr = attrs.scan(/\s*([\w:-]+)(?:\s*=\s*("[^"]*"|'[^']*'|([^"'>][^\s>]*)))?/m) + # clean up the array by: + # * setting all nil elements to true + # * removing enclosing quotes + attr_arr.each { + |item| + val = if item[1].nil? + item[0] + elsif '"'[0] == item[1][0] or '\''[0] == item[1][0] + item[1][1 .. -2] + else + item[1] + end + @attr_hash[item[0].downcase] = val + } + end + end + @hashed = true + end + + #p self + + @attr_hash + end + + # Get the 'alt' text for a tag, if it exists, or an empty string otherwise + def text + if !end_tag + case tag_name + when 'img' + if !attr_hash['alt'].nil? + return attr_hash['alt'] + end + when 'applet' + if !attr_hash['alt'].nil? + return attr_hash['alt'] + end + end + end + return '' + end +end + diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/parsehtml.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/parsehtml.rb new file mode 100644 index 0000000000..877c714bc0 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/parsehtml.rb @@ -0,0 +1,45 @@ +require "openid/yadis/htmltokenizer" +require 'cgi' + +module OpenID + module Yadis + def Yadis.html_yadis_location(html) + parser = HTMLTokenizer.new(html) + + # to keep track of whether or not we are in the head element + in_head = false + + begin + while el = parser.getTag('head', '/head', 'meta', 'body', '/body', + 'html', 'script') + + # we are leaving head or have reached body, so we bail + return nil if ['/head', 'body', '/body'].member?(el.tag_name) + + if el.tag_name == 'head' + unless el.to_s[-2] == ?/ # tag ends with a /: a short tag + in_head = true + end + end + next unless in_head + + if el.tag_name == 'script' + unless el.to_s[-2] == ?/ # tag ends with a /: a short tag + parser.getTag('/script') + end + end + + return nil if el.tag_name == 'html' + + if el.tag_name == 'meta' and (equiv = el.attr_hash['http-equiv']) + if ['x-xrds-location','x-yadis-location'].member?(equiv.downcase) && + el.attr_hash.member?('content') + return CGI::unescapeHTML(el.attr_hash['content']) + end + end + end + rescue HTMLTokenizerError # just stop parsing if there's an error + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/services.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/services.rb new file mode 100644 index 0000000000..e3b3e0f69e --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/services.rb @@ -0,0 +1,42 @@ + +require 'openid/yadis/filters' +require 'openid/yadis/discovery' +require 'openid/yadis/xrds' + +module OpenID + module Yadis + def Yadis.get_service_endpoints(input_url, flt=nil) + # Perform the Yadis protocol on the input URL and return an + # iterable of resulting endpoint objects. + # + # @param flt: A filter object or something that is convertable + # to a filter object (using mkFilter) that will be used to + # generate endpoint objects. This defaults to generating + # BasicEndpoint objects. + result = Yadis.discover(input_url) + begin + endpoints = Yadis.apply_filter(result.normalized_uri, + result.response_text, flt) + rescue XRDSError => err + raise DiscoveryFailure.new(err.to_s, nil) + end + + return [result.normalized_uri, endpoints] + end + + def Yadis.apply_filter(normalized_uri, xrd_data, flt=nil) + # Generate an iterable of endpoint objects given this input data, + # presumably from the result of performing the Yadis protocol. + + flt = Yadis.make_filter(flt) + et = Yadis.parseXRDS(xrd_data) + + endpoints = [] + each_service(et) { |service_element| + endpoints += flt.get_service_endpoints(normalized_uri, service_element) + } + + return endpoints + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/xrds.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/xrds.rb new file mode 100644 index 0000000000..0ebf34ab41 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/xrds.rb @@ -0,0 +1,155 @@ +require 'rexml/document' +require 'rexml/element' +require 'rexml/xpath' + +require 'openid/yadis/xri' + +module OpenID + module Yadis + + XRD_NS_2_0 = 'xri://$xrd*($v*2.0)' + XRDS_NS = 'xri://$xrds' + + XRDS_NAMESPACES = { + 'xrds' => XRDS_NS, + 'xrd' => XRD_NS_2_0, + } + + class XRDSError < StandardError; end + + # Raised when there's an assertion in the XRDS that it does not + # have the authority to make. + class XRDSFraud < XRDSError + end + + def Yadis::get_canonical_id(iname, xrd_tree) + # Return the CanonicalID from this XRDS document. + # + # @param iname: the XRI being resolved. + # @type iname: unicode + # + # @param xrd_tree: The XRDS output from the resolver. + # + # @returns: The XRI CanonicalID or None. + # @returntype: unicode or None + + xrd_list = [] + REXML::XPath::match(xrd_tree.root, '/xrds:XRDS/xrd:XRD', XRDS_NAMESPACES).each { |el| + xrd_list << el + } + + xrd_list.reverse! + + cid_elements = [] + + if !xrd_list.empty? + xrd_list[0].elements.each { |e| + if !e.respond_to?('name') + next + end + if e.name == 'CanonicalID' + cid_elements << e + end + } + end + + cid_element = cid_elements[0] + + if !cid_element + return nil + end + + canonicalID = XRI.make_xri(cid_element.text) + + childID = canonicalID.downcase + + xrd_list[1..-1].each { |xrd| + parent_sought = childID[0...childID.rindex('!')] + + parent = XRI.make_xri(xrd.elements["CanonicalID"].text) + + if parent_sought != parent.downcase + raise XRDSFraud.new(sprintf("%s can not come from %s", parent_sought, + parent)) + end + + childID = parent_sought + } + + root = XRI.root_authority(iname) + if not XRI.provider_is_authoritative(root, childID) + raise XRDSFraud.new(sprintf("%s can not come from root %s", childID, root)) + end + + return canonicalID + end + + class XRDSError < StandardError + end + + def Yadis::parseXRDS(text) + if text.nil? + raise XRDSError.new("Not an XRDS document.") + end + + begin + d = REXML::Document.new(text) + rescue RuntimeError => why + raise XRDSError.new("Not an XRDS document. Failed to parse XML.") + end + + if is_xrds?(d) + return d + else + raise XRDSError.new("Not an XRDS document.") + end + end + + def Yadis::is_xrds?(xrds_tree) + xrds_root = xrds_tree.root + return (!xrds_root.nil? and + xrds_root.name == 'XRDS' and + xrds_root.namespace == XRDS_NS) + end + + def Yadis::get_yadis_xrd(xrds_tree) + REXML::XPath.each(xrds_tree.root, + '/xrds:XRDS/xrd:XRD[last()]', + XRDS_NAMESPACES) { |el| + return el + } + raise XRDSError.new("No XRD element found.") + end + + # aka iterServices in Python + def Yadis::each_service(xrds_tree, &block) + xrd = get_yadis_xrd(xrds_tree) + xrd.each_element('Service', &block) + end + + def Yadis::services(xrds_tree) + s = [] + each_service(xrds_tree) { |service| + s << service + } + return s + end + + def Yadis::expand_service(service_element) + es = service_element.elements + uris = es.each('URI') { |u| } + uris = prio_sort(uris) + types = es.each('Type/text()') + # REXML::Text objects are not strings. + types = types.collect { |t| t.to_s } + uris.collect { |uri| [types, uri.text, service_element] } + end + + # Sort a list of elements that have priority attributes. + def Yadis::prio_sort(elements) + elements.sort { |a,b| + a.attribute('priority').to_s.to_i <=> b.attribute('priority').to_s.to_i + } + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/xri.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/xri.rb new file mode 100644 index 0000000000..89dd99afc4 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/xri.rb @@ -0,0 +1,90 @@ +require 'openid/yadis/xrds' +require 'openid/fetchers' + +module OpenID + module Yadis + module XRI + + # The '(' is for cross-reference authorities, and hopefully has a + # matching ')' somewhere. + XRI_AUTHORITIES = ["!", "=", "@", "+", "$", "("] + + def self.identifier_scheme(identifier) + if (!identifier.nil? and + identifier.length > 0 and + (identifier.match('^xri://') or + XRI_AUTHORITIES.member?(identifier[0].chr))) + return :xri + else + return :uri + end + end + + # Transform an XRI reference to an IRI reference. Note this is + # not not idempotent, so do not apply this to an identifier more + # than once. XRI Syntax section 2.3.1 + def self.to_iri_normal(xri) + iri = xri.dup + iri.insert(0, 'xri://') if not iri.match('^xri://') + return escape_for_iri(iri) + end + + # Note this is not not idempotent, so do not apply this more than + # once. XRI Syntax section 2.3.2 + def self.escape_for_iri(xri) + esc = xri.dup + # encode all % + esc.gsub!(/%/, '%25') + esc.gsub!(/\((.*?)\)/) { |xref_match| + xref_match.gsub(/[\/\?\#]/) { |char_match| + CGI::escape(char_match) + } + } + return esc + end + + # Transform an XRI reference to a URI reference. Note this is not + # not idempotent, so do not apply this to an identifier more than + # once. XRI Syntax section 2.3.1 + def self.to_uri_normal(xri) + return iri_to_uri(to_iri_normal(xri)) + end + + # RFC 3987 section 3.1 + def self.iri_to_uri(iri) + uri = iri.dup + # for char in ucschar or iprivate + # convert each char to %HH%HH%HH (as many %HH as octets) + return uri + end + + def self.provider_is_authoritative(provider_id, canonical_id) + lastbang = canonical_id.rindex('!') + return false unless lastbang + parent = canonical_id[0...lastbang] + return parent == provider_id + end + + def self.root_authority(xri) + xri = xri[6..-1] if xri.index('xri://') == 0 + authority = xri.split('/', 2)[0] + if authority[0].chr == '(' + root = authority[0...authority.index(')')+1] + elsif XRI_AUTHORITIES.member?(authority[0].chr) + root = authority[0].chr + else + root = authority.split(/[!*]/)[0] + end + + self.make_xri(root) + end + + def self.make_xri(xri) + if xri.index('xri://') != 0 + xri = 'xri://' + xri + end + return xri + end + end + end +end diff --git a/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/xrires.rb b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/xrires.rb new file mode 100644 index 0000000000..3943911989 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/lib/openid/yadis/xrires.rb @@ -0,0 +1,106 @@ +require "cgi" +require "openid/yadis/xri" +require "openid/yadis/xrds" +require "openid/fetchers" + +module OpenID + + module Yadis + + module XRI + + class XRIHTTPError < StandardError; end + + class ProxyResolver + + DEFAULT_PROXY = 'http://proxy.xri.net/' + + def initialize(proxy_url=nil) + if proxy_url + @proxy_url = proxy_url + else + @proxy_url = DEFAULT_PROXY + end + + @proxy_url += '/' unless @proxy_url.match('/$') + end + + def query_url(xri, service_type=nil) + # URI normal form has a leading xri://, but we need to strip + # that off again for the QXRI. This is under discussion for + # XRI Resolution WD 11. + qxri = XRI.to_uri_normal(xri)[6..-1] + hxri = @proxy_url + qxri + args = {'_xrd_r' => 'application/xrds+xml'} + if service_type + args['_xrd_t'] = service_type + else + # don't perform service endpoint selection + args['_xrd_r'] += ';sep=false' + end + + return XRI.append_args(hxri, args) + end + + def query(xri, service_types) + # these can be query args or http headers, needn't be both. + # headers = {'Accept' => 'application/xrds+xml;sep=true'} + canonicalID = nil + + services = service_types.collect { |service_type| + url = self.query_url(xri, service_type) + begin + response = OpenID.fetch(url) + rescue + raise XRIHTTPError, ["Could not fetch #{xri}", $!] + end + raise XRIHTTPError, "Could not fetch #{xri}" if response.nil? + + xrds = Yadis::parseXRDS(response.body) + canonicalID = Yadis::get_canonical_id(xri, xrds) + + Yadis::services(xrds) unless xrds.nil? + } + # TODO: + # * If we do get hits for multiple service_types, we're almost + # certainly going to have duplicated service entries and + # broken priority ordering. + services = services.inject([]) { |flatter, some_services| + flatter += some_services unless some_services.nil? + } + + return canonicalID, services + end + end + + def self.urlencode(args) + a = [] + args.each do |key, val| + a << (CGI::escape(key) + "=" + CGI::escape(val)) + end + a.join("&") + end + + def self.append_args(url, args) + return url if args.length == 0 + + # rstrip question marks + rstripped = url.dup + while rstripped[-1].chr == '?' + rstripped = rstripped[0...rstripped.length-1] + end + + if rstripped.index('?') + sep = '&' + else + sep = '?' + end + + return url + sep + XRI.urlencode(args) + end + + end + + end + +end diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/accept.txt b/vendor/gems/ruby-openid-2.1.4/test/data/accept.txt new file mode 100644 index 0000000000..884ff662eb --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/test/data/accept.txt @@ -0,0 +1,124 @@ +# Accept: [Accept: header value from RFC2616, +# http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html] +# Available: [whitespace-separated content types] +# Expected: [Accept-header like list, containing the available content +# types with their q-values] + +Accept: */* +Available: text/plain +Expected: text/plain; q=1.0 + +Accept: */* +Available: text/plain, text/html +Expected: text/plain; q=1.0, text/html; q=1.0 + +# The order matters +Accept: */* +Available: text/html, text/plain +Expected: text/html; q=1.0, text/plain; q=1.0 + +Accept: text/*, */*; q=0.9 +Available: text/plain, image/jpeg +Expected: text/plain; q=1.0, image/jpeg; q=0.9 + +Accept: text/*, */*; q=0.9 +Available: image/jpeg, text/plain +Expected: text/plain; q=1.0, image/jpeg; q=0.9 + +# wildcard subtypes still reject differing main types +Accept: text/* +Available: image/jpeg, text/plain +Expected: text/plain; q=1.0 + +Accept: text/html +Available: text/html +Expected: text/html; q=1.0 + +Accept: text/html, text/* +Available: text/html +Expected: text/html; q=1.0 + +Accept: text/html, text/* +Available: text/plain, text/html +Expected: text/plain; q=1.0, text/html; q=1.0 + +Accept: text/html, text/*; q=0.9 +Available: text/plain, text/html +Expected: text/html; q=1.0, text/plain; q=0.9 + +# If a more specific type has a higher q-value, then the higher value wins +Accept: text/*; q=0.9, text/html +Available: text/plain, text/html +Expected: text/html; q=1.0, text/plain; q=0.9 + +Accept: */*, text/*; q=0.9, text/html; q=0.1 +Available: text/plain, text/html, image/monkeys +Expected: image/monkeys; q=1.0, text/plain; q=0.9, text/html; q=0.1 + +Accept: text/*, text/html; q=0 +Available: text/html +Expected: + +Accept: text/*, text/html; q=0 +Available: text/html, text/plain +Expected: text/plain; q=1.0 + +Accept: text/html +Available: text/plain +Expected: + +Accept: application/xrds+xml, text/html; q=0.9 +Available: application/xrds+xml, text/html +Expected: application/xrds+xml; q=1.0, text/html; q=0.9 + +Accept: application/xrds+xml, */*; q=0.9 +Available: application/xrds+xml, text/html +Expected: application/xrds+xml; q=1.0, text/html; q=0.9 + +Accept: application/xrds+xml, application/xhtml+xml; q=0.9, text/html; q=0.8, text/xml; q=0.7 +Available: application/xrds+xml, text/html +Expected: application/xrds+xml; q=1.0, text/html; q=0.8 + +# See http://www.rfc-editor.org/rfc/rfc3023.txt, section A.13 +Accept: application/xrds +Available: application/xrds+xml +Expected: + +Accept: application/xrds+xml +Available: application/xrds +Expected: + +Accept: application/xml +Available: application/xrds+xml +Expected: + +Available: application/xrds+xml +Accept: application/xml +Expected: + +Available: +Accept: not_a_content_type +Expected: + +Available: text/html +Accept: not_a_content_type, text/html +Expected: text/html; q=1.0 + +################################################# +# The tests below this line are documentation of how this library +# works. If the implementation changes, it's acceptable to change the +# test to reflect that. These are specified so that we can make sure +# that the current implementation actually works the way that we +# expect it to given these inputs. + +Accept: text/html;level=1 +Available: text/html +Expected: text/html; q=1.0 + +Accept: text/html; level=1, text/html; level=9; q=0.1 +Available: text/html +Expected: text/html; q=1.0 + +Accept: text/html; level=9; q=0.1, text/html; level=1 +Available: text/html +Expected: text/html; q=1.0 diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/dh.txt b/vendor/gems/ruby-openid-2.1.4/test/data/dh.txt new file mode 100644 index 0000000000..0fa523146c --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/test/data/dh.txt @@ -0,0 +1,29 @@ +130706940119084053627151828062879423433929180135817317038378606310097533503449582079984816816837125851552273641820339909167103200910805078308128174143174269944095368580519322913514764528012639683546377014716235962867583443566164615728897857285824741767070432119909660645255499710701356135207437699643611094585 139808169914464096465921128085565621767096724855516655439365028496569658038844954238931647642811548254956660405394116677296461848124300258439895306367561416289126854788101396379292925819850897858045772500578222021901631436550118958972312221974009238050517034542286574826081826542722270952769078386418682059418 +91966407878983240112417790733941098492087186469785726449910011271065622315680646030230288265496017310433513856308693810812043160919214636748486185212617634222158204354206411031403206076739932806412551605172319515223573351072757800448643935018534945933808900467686115619932664888581913179496050117713298715475 88086484332488517006277516020842172054013692832175783214603951240851750819999098631851571207693874357651112736088114133607400684776234181681933311972926752846692615822043533641407510569745606256772455614745111122033229877596984718963046218854103292937700694160593653595134512369959987897086639788909618660591 +94633950701209990078055218830969910271587805983595045023718108184189787131629772007048606080263109446462048743696369276578815611098215686598630889831104860221067872883514840819381234786050098278403321905311637820524177879167250981289318356078312300538871435101338967079907049912435983871847334104247675360099 136836393035803488129856151345450008294260680733328546556640578838845312279198933806383329293483852515700876505956362639881210101974254765087350842271260064592406308509078284840473735904755203614987286456952991025347168970462354352741159076541157478949094536405618626397435745496863324654768971213730622037771 +24685127248019769965088146297942173464487677364928435784091685260262292485380918213538979925891771204729738138857126454465630594391449913947358655368215901119137728648638547728497517587701248406019427282237279437409508871300675355166059811431191200555457304463617727969228965042729205402243355816702436970430 103488011917988946858248200111251786178288940265978921633592888293430082248387786443813155999158786903216094876295371112716734481877806417714913656921169196196571699893360825510307056269738593971532017994987406325068886420548597161498019372380511676314312298122272401348856314619382867707981701472607230523868 +116791045850880292989786005885944774698035781824784400772676299590038746153860847252706167458966356897309533614849402276819438194497464696186624618374179812548893947178936305721131565012344462048549467883494038577857638815386798694225798517783768606048713198211730870155881426709644960689953998714045816205549 25767875422998856261320430397505398614439586659207416236135894343577952114994718158163212134503751463610021489053571733974769536157057815413209619147486931502025658987681202196476489081257777148377685478756033509708349637895740799542063593586769082830323796978935454479273531157121440998804334199442003857410 +75582226959658406842894734694860761896800153014775231713388264961517169436476322183886891849966756849783437334069692683523296295601533803799559985845105706728538458624387103621364117548643541824878550074680443708148686601108223917493525070861593238005735446708555769966855130921562955491250908613793521520082 51100990616369611694975829054222013346248289055987940844427061856603230021472379888102172458517294080775792439385531234808129302064303666640376750139242970123503857186428797403843206765926798353022284672682073397573130625177187185114726049347844460311761033584101482859992951420083621362870301150543916815123 +22852401165908224137274273646590366934616265607879280260563022941455466297431255072303172649495519837876946233272420969249841381161312477263365567831938496555136366981954001163034914812189448922853839616662859772087929140818377228980710884492996109434435597500854043325062122184466315338260530734979159890875 35017410720028595029711778101507729481023945551700945988329114663345341120595162378885287946069695772429641825579528116641336456773227542256911497084242947904528367986325800537695079726856460817606404224094336361853766354225558025931211551975334149258299477750615397616908655079967952372222383056221992235704 +37364490883518159794654045194678325635036705086417851509136183713863262621334636905291385255662750747808690129471989906644041585863034419130023070856805511017402434123099100618568335168939301014148587149578150068910141065808373976114927339040964292334109797421173369274978107389084873550233108940239410902552 40916262212189137562350357241447034318002130016858244002788189310078477605649010031339865625243230798681216437501833540185827501244378529230150467789369234869122179247196276164931090039290879808162629109742198951942358028123056268054775108592325500609335947248599688175189333996086475013450537086042387719925 +42030470670714872936404499074069849778147578537708230270030877866700844337372497704027708080369726758812896818567830863540507961487472657570488625639077418109017434494794778542739932765561706796300920251933107517954265066804108669800167526425723377411855061131982689717887180411017924173629124764378241885274 124652439272864857598747946875599560379786580730218192165733924418687522301721706620565030507816884907589477351553268146177293719586287258662025940181301472851649975563004543250656807255226609296537922304346339513054316391667044301386950180277940536542183725690479451746977789001659540839582630251935163344393 +33176766914206542084736303652243484580303865879984981189372762326078776390896986743451688462101732968104375838228070296418541745483112261133079756514082093269959937647525005374035326747696591842313517634077723301677759648869372517403529488493581781546743147639937580084065663597330159470577639629864369972900 67485835091897238609131069363014775606263390149204621594445803179810038685760826651889895397414961195533694176706808504447269558421955735607423135937153901140512527504198912146656610630396284977496295289999655140295415981288181545277299615922576281262872097567020980675200178329219970170480653040350512964539 +131497983897702298481056962402569646971797912524360547236788650961059980711719600424210346263081838703940277066368168874781981151411096949736205282734026497995296147418292226818536168555712128736975034272678008697869326747592750850184857659420541708058277866000692785617873742438060271311159568468507825422571 5400380840349873337222394910303409203226429752629134721503171858543984393161548520471799318518954232197106728096866840965784563043721652790856860155702760027304915133166173298206604451826182024471262142046935060360564569939062438160049193241369468208458085699995573492688298015026628427440418009025072261296 +83265103005695640943261961853521077357830295830250157593141844209296716788437615940096402365505416686459260302419338241462783388722843946886845478224048360927114533590583464979009731440049610985062455108831881153988321298531365779084012803908832525921630534096740755274371500276660832724874701671184539131864 141285570207910287798371174771658911045525474449663877845558585668334618068814605961306961485855329182957174312715910923324965889174835444049526313968571611940626279733302104955951067959291852710640374412577070764165811275030632465290729619533330733368808295932659463215921521905553936914975786500018720073003 +68435028583616495789148116911096163791710022987677894923742899873596891423986951658100606742052014161171185231735413902875605720814417622409817842932759492013585936536452615480700628719795872201528559780249210820284350401473564919576289210869896327937002173624497942136329576506818749730506884927872345019446 134655528287263100540003157571441260698452262106680191153945271167894435782028803135774578949200580551016388918860856991026082917835209212892423567114480975540305860034439015788120390011692862968771136814777768281366591257663821495720134621172848947971117885754539770645621669309650476331439675400544167728223 +97765390064836080322590528352647421920257073063706996347334558390461274981996865736612531330863478931481491964338380362350271734683183807511097331539820133036984271653285063355715726806139083282458695728902452215405696318402583540317419929113959816258829534543044153959951908676300847164682178008704099351835 92552521881196975294401505656851872247567784546370503402756239533783651371688190302773864319828182042605239246779598629409815474038541272600580320815319709309111399294952620375093803971373108792300726524826209329889463854451846561437729676142864421966497641824498079067929811613947148353921163336822026640804 +145767094672933012300753301037546647564595762930138884463767054235112032706630891961371504668013023047595721138624016493638510710257541241706724342585654715468628355455898091951826598092812212209834746162089753649871544789379424903025374228231365026585872808685759231756517703720396301355299998059523896918448 116669462839999965355861187716880953863237226719689755457884414384663576662696981997535568446560375442532084973721539944428004043491468494548231348032618218312515409944970197902589794303562379864012797605284844016184274353252071642511293089390472576498394410829972525726474727579603392265177009323768966538608 +34172517877854802711907683049441723730724885305592620486269966708379625109832852005775048584124451699198484092407720344962116726808090368739361658889584507734617844212547181476646725256303630128954338675520938806905779837227983648887192531356390902975904503218654196581612781227843742951241442641220856414232 126013077261793777773236390821108423367648447987653714614732477073177878509574051196587476846560696305938891953527959347566502332765820074506907037627115954790645652211088723122982633069089920979477728376746424256704724173255656757918995039125823421607024407307091796807227896314403153380323770001854211384322 +9979624731056222925878866378063961280844793874828281622845276060532093809300121084179730782833657205171434732875093693074415298975346410131191865198158876447591891117577190438695367929923494177555818480377241891190442070100052523008290671797937772993634966511431668500154258765510857129203107386972819651767 76559085024395996164590986654274454741199399364851956129137304209855150918182685643729981600389513229011956888957763987167398150792454613751473654448162776379362213885827651020309844507723069713820393068520302223477225569348080362344052033711960892643036147232270133731530049660264526964146237693063093765111 +18162696663677410793062235946366423954875282212790518677684260521370996677183041664345920941714064628111537529793170736292618705900247450994864220481135611781148410617609559050220262121494712903009168783279356915189941268264177631458029177102542745167475619936272581126346266816618866806564180995726437177435 63244550218824945129624987597134280916829928261688093445040235408899092619821698537312158783367974202557699994650667088974727356690181336666077506063310290098995215324552449858513870629176838494348632073938023916155113126203791709810160925798130199717340478393420816876665127594623142175853115698049952126277 +4817943161362708117912118300716778687157593557807116683477307391846133734701449509121209661982298574607233039490570567781316652698287671086985501523197566560479906850423709894582834963398034434055472063156147829131181965140631257939036683622084290629927807369457311894970308590034407761706800045378158588657 61612160237840981966750225147965256022861527286827877531373888434780789812764688703260066154973576040405676432586962624922734102370509771313805122788566405984830112657060375568510809122230960988304085950306616401218206390412815884549481965750553137717475620505076144744211331973240555181377832337912951699135 +36363324947629373144612372870171042343590861026293829791335153646774927623889458346817049419803031378037141773848560341251355283891019532059644644509836766167835557471311319194033709837770615526356168418160386395260066262292757953919140150454538786106958252854181965875293629955562111756775391296856504912587 86831561031659073326747216166881733513938228972332631084118628692228329095617884068498116676787029033973607066377816508795286358748076949738854520048303930186595481606562375516134920902325649683618195251332651685732712539073110524182134321873838204219194459231650917098791250048469346563303077080880339797744 +26406869969418301728540993821409753036653370247174689204659006239823766914991146853283367848649039747728229875444327879875275718711878211919734397349994000106499628652960403076186651083084423734034070082770589453774926850920776427074440483233447839259180467805375782600203654373428926653730090468535611335253 100139935381469543084506312717977196291289016554846164338908226931204624582010530255955411615528804421371905642197394534614355186795223905217732992497673429554618838376065777445760355552020655667172127543653684405493978325270279321013143828897100500212200358450649158287605846102419527584313353072518101626851 +92613116984760565837109105383781193800503303131143575169488835702472221039082994091847595094556327985517286288659598094631489552181233202387028607421487026032402972597880028640156629614572656967808446397456622178472130864873587747608262139844319805074476178618930354824943672367046477408898479503054125369731 30023391082615178562263328892343821010986429338255434046051061316154579824472412477397496718186615690433045030046315908170615910505869972621853946234911296439134838951047107272129711854649412919542407760508235711897489847951451200722151978578883748353566191421685659370090024401368356823252748749449302536931 +31485815361342085113278193504381994806529237123359718043079410511224607873725611862217941085749929342777366642477711445011074784469367917758629403998067347054115844421430072631339788256386509261291675080191633908849638316409182455648806133048549359800886124554879661473112614246869101243501787363247762961784 114503770698890543429251666713050844656853278831559195214556474458830029271801818536133531843456707474500106283648085144619097572354066554819887152106174400667929098257361286338795493838820850475790977445807435511982704395422526800272723708548541616513134676140304653112325071112865020365664833601046215694089 +76882090884790547431641385530818076533805072109483843307806375918023300052767710853172670987385376253156912268523505310624133905633437815297307463917718596711590885553760690350221265675690787249135345226947453988081566088302642706234126002514517416493192624887800567412565527886687096028028124049522890448168 15056463217273240496622619354104573042767532856243223052125822509781815362480522535564283485059790932505429110157271454207173426525345813426696743168079246510944969446574354255284952839036431873039487144279164893710061580467579842173706653409487110282515691099753380094215805485573768509475850463001549608836 +52345178981230648108672997265819959243255047568833938156267924185186047373470984278294897653277996726416846430969793375429223610099546622112048283560483136389901514170116723365811871938630317974150540909650396429631704968748113009366339718498979597226137532343384889080245796447593572468846438769413505393967 32148494517199936472358017244372701214529606506776255341152991328091526865643069587953759877295255050519124541457805199596762210567333445908166076384465183589342153762720515477404466193879418014196727238972417616122646440870364200208488239778452378059236162633837824948613596114768455832408342040970780086 +41095268619128788015767564971105114602454449306041732792746397800275041704886345704294273937217484580365505320134717320083763349380629342859670693445658118959823430378844830923452105707338162448974869312012791385772125813291388247857971218575518319578818336960572244046567099555399203328678654466958536663208 92166550199033418923713824997841892577149715275633481076285269142670107687867024550593869464613175882141630640739938334001211714884975032600306279287443909448541179109981755796752132502127330056736913454039526413284519137059580845856736918773597087836203497066909257930043736166431682872083389105176299181629 +40049143661018504441607875135884755310012910557581028447435354354754245291878800571089144452035026644953322330676651798951447670184106450649737772686119714700743396359069052813433030118630105307022867200053964644574786137276428546712005171080129190959914708907200288299169344380390093918556722227705114244981 108159089972386282154772900619022507336076619354549601813179459338897131937353741544606392560724999980281424266891537298473163753022749859939445293926707568015958367188089915420630082556748668489756475027008449860889202622698060097015044886961901650857610841562477736791450080980702347705778074391774667412741 +69905259478181995876884927656894491893594530150260951315109404530530357998889589977208787140430938039028941393673520799460431992051993157468616168400324834880926190141581037597526917869362292931957289043707855837933490285814769110495657056206391880865972389421774822461752702336812585852278453803972600333734 71821415380277072313878763768684432371552628204186742842154591000123020597011744840460964835414360968627162765288463383113375595799297552681618876474019263288277398833725479226930770694271622605114061622753165584075733358178384410640349907375170170910499615355511313349300918885560131539570707695789106185664 +26945345439378873515011714350080059082081595419023056538696949766471272811362104837806324694947413603019863785876836706911406330379274553386254346050697348395574746891556054334903838949157798006141473389066020212044825140294048709654273698482867946522782450500680195477050110145664069582549935651920545151500 80313315938584480048642653013876614091607852535582224914294013785054094052454758327935781971746329853786568549510067442145637007308960551652864942042189241081946607011847245280773379099020221884296226818685556430275385068764313042226925852500883894269809033380734632866477789520106865758504064806906234130588 diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/example-xrds.xml b/vendor/gems/ruby-openid-2.1.4/test/data/example-xrds.xml new file mode 100644 index 0000000000..101ba3bd53 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/test/data/example-xrds.xml @@ -0,0 +1,14 @@ + + + + + + + http://example.com/ + http://www.openidenabled.com/ + + + + diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/linkparse.txt b/vendor/gems/ruby-openid-2.1.4/test/data/linkparse.txt new file mode 100644 index 0000000000..2fa38cde92 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/test/data/linkparse.txt @@ -0,0 +1,587 @@ +Num Tests: 72 + +OpenID link parsing test cases +Copyright (C) 2005-2008, JanRain, Inc. +See COPYING for license information. + +File format +----------- + +All text before the first triple-newline (this chunk) should be ignored. + +This file may be interpreted as Latin-1 or UTF-8. + +Test cases separated by three line separators (`\n\n\n'). The test +cases consist of a headers section followed by a data block. These are +separated by a double newline. The headers consist of the header name, +followed by a colon, a space, the value, and a newline. There must be +one, and only one, `Name' header for a test case. There may be zero or +more link headers. The `Link' header consists of whitespace-separated +attribute pairs. A link header with an empty string as a value +indicates an empty but present link tag. The attribute pairs are `=' +separated and not quoted. + +Optional Links and attributes have a trailing `*'. A compilant +implementation may produce this as output or may not. A compliant +implementation will not produce any output that is absent from this +file. + + +Name: No link tag at all + + + + + + + +Name: Link element first + + + + +Name: Link inside HTML, not head + + + + + +Name: Link inside head, not html + + + + + +Name: Link inside html, after head + + + + + + + +Name: Link inside html, before head + + + + + + +Name: Link before html and head + + + + + + +Name: Link after html document with head + + + + + + + + +Name: Link inside html inside head, inside another html + + + + + + + +Name: Link inside html inside head + + + + + + +Name: link inside body inside head inside html + + + + + + + +Name: Link inside head inside head inside html + + + + + + + +Name: Link inside script inside head inside html + + + + + + +Name: Link inside comment inside head inside html + + + + + + +Name: Link inside of head after short head + + + + + + + +Name: Plain vanilla +Link: + + + + + + +Name: Ignore tags in the namespace +Link*: + + + + + + + + +Name: Short link tag +Link: + + + + + + +Name: Spaces in the HTML tag +Link: + + + + + + +Name: Spaces in the head tag +Link: + + + + + + +Name: Spaces in the link tag +Link: + + + + + + +Name: No whitespace +Link: + + + + +Name: Closed head tag +Link: + + + + + + + +Name: One good, one bad (after close head) +Link: + + + + + + + + +Name: One good, one bad (after open body) +Link: + + + + + + + + +Name: ill formed (missing close head) +Link: + + + + + + + +Name: Ill formed (no close head, link after ) +Link: + + + + + + + + +Name: Ignore random tags inside of html +Link: + + + + + +<link> + + +Name: case-folding +Link*: + +<HtMl> +<hEaD> +<LiNk> + + +Name: unexpected tags +Link: + +<butternut> +<html> +<summer> +<head> +<turban> +<link> + + +Name: un-closed script tags +Link*: + +<html> +<head> +<script> +<link> + + +Name: un-closed script tags (no whitespace) +Link*: + +<html><head><script><link> + + +Name: un-closed comment +Link*: + +<html> +<head> +<!-- +<link> + + +Name: un-closed CDATA +Link*: + +<html> +<head> +<![CDATA[ +<link> + + +Name: cdata-like +Link*: + +<html> +<head> +<![ACORN[ +<link> +]]> + + +Name: comment close only +Link: + +<html> +<head> +<link> +--> + + +Name: Vanilla, two links +Link: +Link: + +<html> +<head> +<link> +<link> + + +Name: extra tag, two links +Link: +Link: + +<html> +<gold nugget> +<head> +<link> +<link> + + +Name: case-fold, body ends, two links +Link: +Link*: + +<html> +<head> +<link> +<LiNk> +<body> +<link> + + +Name: simple, non-quoted rel +Link: rel=openid.server + +<html><head><link rel=openid.server> + + +Name: short tag has rel +Link: rel=openid.server + +<html><head><link rel=openid.server/> + + +Name: short tag w/space has rel +Link: rel=openid.server + +<html><head><link rel=openid.server /> + + +Name: extra non-attribute, has rel +Link: rel=openid.server hubbard*=hubbard + +<html><head><link hubbard rel=openid.server> + + +Name: non-attr, has rel, short +Link: rel=openid.server hubbard*=hubbard + +<html><head><link hubbard rel=openid.server/> + + +Name: non-attr, has rel, short, space +Link: rel=openid.server hubbard*=hubbard + +<html><head><link hubbard rel=openid.server /> + + +Name: misplaced slash has rel +Link: rel=openid.server + +<html><head><link / rel=openid.server> + + +Name: quoted rel +Link: rel=openid.server + +<html><head><link rel="openid.server"> + + +Name: single-quoted rel +Link: rel=openid.server + +<html><head><link rel='openid.server'> + + +Name: two links w/ rel +Link: x=y +Link: a=b + +<html><head><link x=y><link a=b> + + +Name: non-entity +Link: x=&y + +<html><head><link x=&y> + + +Name: quoted non-entity +Link: x=&y + +<html><head><link x="&y"> + + +Name: quoted entity +Link: x=& + +<html><head><link x="&"> + + +Name: entity not processed +Link: x= + +<html><head><link x=""> + + +Name: < +Link: x=< + +<html><head><link x="<"> + + +Name: > +Link: x=> + +<html><head><link x=">"> + + +Name: " +Link: x=" + +<html><head><link x="""> + + +Name: &" +Link: x=&" + +<html><head><link x="&""> + + +Name: mixed entity and non-entity +Link: x=&"…> + +<html><head><link x="&"…>"> + + +Name: mixed entity and non-entity (w/normal chars) +Link: x=x&"…>x + +<html><head><link x="x&"…>x"> + + +Name: broken tags +Link*: x=y +Link*: x=y< + +<html><head><link x=y<> + + +Name: missing close pointy +Link*: x=y +Link*: x=y<link z=y +Link*: z=y + +<html><head><link x=y<link z=y /> + + +Name: missing attribute value +Link: x=y y*=y +Link: x=y + +<html><head><link x=y y=><link x=y /> + + +Name: Missing close pointy (no following) +Link*: x=y + +<html><head><link x=y + + +Name: Should be quoted +Link*: x=< + +<html><head><link x="<"> + + +Name: Should be quoted (2) +Link*: x=> +Link*: x=x + +<html><head><link x=">"> + + +Name: Repeated attribute +Link: x=y + +<html><head><link x=z x=y> + + +Name: Repeated attribute (2) +Link: x=y + +<html><head><link x=y x=y> + + +Name: Two attributes +Link: x=y y=z + +<html><head><link x=y y=z> + + +Name: Well-formed link rel="openid.server" +Link: rel=openid.server href=http://www.myopenid.com/server + +<html> + <head> + <link rel="openid.server" + href="http://www.myopenid.com/server" /> + </head> +</html> + + +Name: Well-formed link rel="openid.server" and "openid.delegate" +Link: rel=openid.server href=http://www.myopenid.com/server +Link: rel=openid.delegate href=http://example.myopenid.com/ + +<html><head><link rel="openid.server" + href="http://www.myopenid.com/server" /> + <link rel="openid.delegate" href="http://example.myopenid.com/" /> +</head></html> + + +Name: from brian's livejournal page +Link: rel=stylesheet href=http://www.livejournal.com/~serotta/res/319998/stylesheet?1130478711 type=text/css +Link: rel=openid.server href=http://www.livejournal.com/openid/server.bml + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <link rel="stylesheet" + href="http://www.livejournal.com/~serotta/res/319998/stylesheet?1130478711" + type="text/css" /> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="foaf:maker" + content="foaf:mbox_sha1sum '12f8abdacb5b1a806711e23249da592c0d316260'" /> + <meta name="robots" content="noindex, nofollow, noarchive" /> + <meta name="googlebot" content="nosnippet" /> + <link rel="openid.server" + href="http://www.livejournal.com/openid/server.bml" /> + <title>Brian + + + +Name: non-ascii (Latin-1 or UTF8) +Link: x=® + + + + diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/n2b64 b/vendor/gems/ruby-openid-2.1.4/test/data/n2b64 new file mode 100644 index 0000000000..b12a246043 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/test/data/n2b64 @@ -0,0 +1,650 @@ +AA== 0 +AQ== 1 +Ag== 2 +Aw== 3 +BA== 4 +BQ== 5 +Bg== 6 +Bw== 7 +CA== 8 +CQ== 9 +Cg== 10 +Cw== 11 +DA== 12 +DQ== 13 +Dg== 14 +Dw== 15 +EA== 16 +EQ== 17 +Eg== 18 +Ew== 19 +FA== 20 +FQ== 21 +Fg== 22 +Fw== 23 +GA== 24 +GQ== 25 +Gg== 26 +Gw== 27 +HA== 28 +HQ== 29 +Hg== 30 +Hw== 31 +IA== 32 +IQ== 33 +Ig== 34 +Iw== 35 +JA== 36 +JQ== 37 +Jg== 38 +Jw== 39 +KA== 40 +KQ== 41 +Kg== 42 +Kw== 43 +LA== 44 +LQ== 45 +Lg== 46 +Lw== 47 +MA== 48 +MQ== 49 +Mg== 50 +Mw== 51 +NA== 52 +NQ== 53 +Ng== 54 +Nw== 55 +OA== 56 +OQ== 57 +Og== 58 +Ow== 59 +PA== 60 +PQ== 61 +Pg== 62 +Pw== 63 +QA== 64 +QQ== 65 +Qg== 66 +Qw== 67 +RA== 68 +RQ== 69 +Rg== 70 +Rw== 71 +SA== 72 +SQ== 73 +Sg== 74 +Sw== 75 +TA== 76 +TQ== 77 +Tg== 78 +Tw== 79 +UA== 80 +UQ== 81 +Ug== 82 +Uw== 83 +VA== 84 +VQ== 85 +Vg== 86 +Vw== 87 +WA== 88 +WQ== 89 +Wg== 90 +Ww== 91 +XA== 92 +XQ== 93 +Xg== 94 +Xw== 95 +YA== 96 +YQ== 97 +Yg== 98 +Yw== 99 +ZA== 100 +ZQ== 101 +Zg== 102 +Zw== 103 +aA== 104 +aQ== 105 +ag== 106 +aw== 107 +bA== 108 +bQ== 109 +bg== 110 +bw== 111 +cA== 112 +cQ== 113 +cg== 114 +cw== 115 +dA== 116 +dQ== 117 +dg== 118 +dw== 119 +eA== 120 +eQ== 121 +eg== 122 +ew== 123 +fA== 124 +fQ== 125 +fg== 126 +fw== 127 +AIA= 128 +AIE= 129 +AII= 130 +AIM= 131 +AIQ= 132 +AIU= 133 +AIY= 134 +AIc= 135 +AIg= 136 +AIk= 137 +AIo= 138 +AIs= 139 +AIw= 140 +AI0= 141 +AI4= 142 +AI8= 143 +AJA= 144 +AJE= 145 +AJI= 146 +AJM= 147 +AJQ= 148 +AJU= 149 +AJY= 150 +AJc= 151 +AJg= 152 +AJk= 153 +AJo= 154 +AJs= 155 +AJw= 156 +AJ0= 157 +AJ4= 158 +AJ8= 159 +AKA= 160 +AKE= 161 +AKI= 162 +AKM= 163 +AKQ= 164 +AKU= 165 +AKY= 166 +AKc= 167 +AKg= 168 +AKk= 169 +AKo= 170 +AKs= 171 +AKw= 172 +AK0= 173 +AK4= 174 +AK8= 175 +ALA= 176 +ALE= 177 +ALI= 178 +ALM= 179 +ALQ= 180 +ALU= 181 +ALY= 182 +ALc= 183 +ALg= 184 +ALk= 185 +ALo= 186 +ALs= 187 +ALw= 188 +AL0= 189 +AL4= 190 +AL8= 191 +AMA= 192 +AME= 193 +AMI= 194 +AMM= 195 +AMQ= 196 +AMU= 197 +AMY= 198 +AMc= 199 +AMg= 200 +AMk= 201 +AMo= 202 +AMs= 203 +AMw= 204 +AM0= 205 +AM4= 206 +AM8= 207 +ANA= 208 +ANE= 209 +ANI= 210 +ANM= 211 +ANQ= 212 +ANU= 213 +ANY= 214 +ANc= 215 +ANg= 216 +ANk= 217 +ANo= 218 +ANs= 219 +ANw= 220 +AN0= 221 +AN4= 222 +AN8= 223 +AOA= 224 +AOE= 225 +AOI= 226 +AOM= 227 +AOQ= 228 +AOU= 229 +AOY= 230 +AOc= 231 +AOg= 232 +AOk= 233 +AOo= 234 +AOs= 235 +AOw= 236 +AO0= 237 +AO4= 238 +AO8= 239 +APA= 240 +APE= 241 +API= 242 +APM= 243 +APQ= 244 +APU= 245 +APY= 246 +APc= 247 +APg= 248 +APk= 249 +APo= 250 +APs= 251 +APw= 252 +AP0= 253 +AP4= 254 +AP8= 255 +AQA= 256 +AQE= 257 +AQI= 258 +AQM= 259 +AQQ= 260 +AQU= 261 +AQY= 262 +AQc= 263 +AQg= 264 +AQk= 265 +AQo= 266 +AQs= 267 +AQw= 268 +AQ0= 269 +AQ4= 270 +AQ8= 271 +ARA= 272 +ARE= 273 +ARI= 274 +ARM= 275 +ARQ= 276 +ARU= 277 +ARY= 278 +ARc= 279 +ARg= 280 +ARk= 281 +ARo= 282 +ARs= 283 +ARw= 284 +AR0= 285 +AR4= 286 +AR8= 287 +ASA= 288 +ASE= 289 +ASI= 290 +ASM= 291 +ASQ= 292 +ASU= 293 +ASY= 294 +ASc= 295 +ASg= 296 +ASk= 297 +ASo= 298 +ASs= 299 +ASw= 300 +AS0= 301 +AS4= 302 +AS8= 303 +ATA= 304 +ATE= 305 +ATI= 306 +ATM= 307 +ATQ= 308 +ATU= 309 +ATY= 310 +ATc= 311 +ATg= 312 +ATk= 313 +ATo= 314 +ATs= 315 +ATw= 316 +AT0= 317 +AT4= 318 +AT8= 319 +AUA= 320 +AUE= 321 +AUI= 322 +AUM= 323 +AUQ= 324 +AUU= 325 +AUY= 326 +AUc= 327 +AUg= 328 +AUk= 329 +AUo= 330 +AUs= 331 +AUw= 332 +AU0= 333 +AU4= 334 +AU8= 335 +AVA= 336 +AVE= 337 +AVI= 338 +AVM= 339 +AVQ= 340 +AVU= 341 +AVY= 342 +AVc= 343 +AVg= 344 +AVk= 345 +AVo= 346 +AVs= 347 +AVw= 348 +AV0= 349 +AV4= 350 +AV8= 351 +AWA= 352 +AWE= 353 +AWI= 354 +AWM= 355 +AWQ= 356 +AWU= 357 +AWY= 358 +AWc= 359 +AWg= 360 +AWk= 361 +AWo= 362 +AWs= 363 +AWw= 364 +AW0= 365 +AW4= 366 +AW8= 367 +AXA= 368 +AXE= 369 +AXI= 370 +AXM= 371 +AXQ= 372 +AXU= 373 +AXY= 374 +AXc= 375 +AXg= 376 +AXk= 377 +AXo= 378 +AXs= 379 +AXw= 380 +AX0= 381 +AX4= 382 +AX8= 383 +AYA= 384 +AYE= 385 +AYI= 386 +AYM= 387 +AYQ= 388 +AYU= 389 +AYY= 390 +AYc= 391 +AYg= 392 +AYk= 393 +AYo= 394 +AYs= 395 +AYw= 396 +AY0= 397 +AY4= 398 +AY8= 399 +AZA= 400 +AZE= 401 +AZI= 402 +AZM= 403 +AZQ= 404 +AZU= 405 +AZY= 406 +AZc= 407 +AZg= 408 +AZk= 409 +AZo= 410 +AZs= 411 +AZw= 412 +AZ0= 413 +AZ4= 414 +AZ8= 415 +AaA= 416 +AaE= 417 +AaI= 418 +AaM= 419 +AaQ= 420 +AaU= 421 +AaY= 422 +Aac= 423 +Aag= 424 +Aak= 425 +Aao= 426 +Aas= 427 +Aaw= 428 +Aa0= 429 +Aa4= 430 +Aa8= 431 +AbA= 432 +AbE= 433 +AbI= 434 +AbM= 435 +AbQ= 436 +AbU= 437 +AbY= 438 +Abc= 439 +Abg= 440 +Abk= 441 +Abo= 442 +Abs= 443 +Abw= 444 +Ab0= 445 +Ab4= 446 +Ab8= 447 +AcA= 448 +AcE= 449 +AcI= 450 +AcM= 451 +AcQ= 452 +AcU= 453 +AcY= 454 +Acc= 455 +Acg= 456 +Ack= 457 +Aco= 458 +Acs= 459 +Acw= 460 +Ac0= 461 +Ac4= 462 +Ac8= 463 +AdA= 464 +AdE= 465 +AdI= 466 +AdM= 467 +AdQ= 468 +AdU= 469 +AdY= 470 +Adc= 471 +Adg= 472 +Adk= 473 +Ado= 474 +Ads= 475 +Adw= 476 +Ad0= 477 +Ad4= 478 +Ad8= 479 +AeA= 480 +AeE= 481 +AeI= 482 +AeM= 483 +AeQ= 484 +AeU= 485 +AeY= 486 +Aec= 487 +Aeg= 488 +Aek= 489 +Aeo= 490 +Aes= 491 +Aew= 492 +Ae0= 493 +Ae4= 494 +Ae8= 495 +AfA= 496 +AfE= 497 +AfI= 498 +AfM= 499 +AfQ= 500 +AfU= 501 +AfY= 502 +Afc= 503 +Afg= 504 +Afk= 505 +Afo= 506 +Afs= 507 +Afw= 508 +Af0= 509 +Af4= 510 +Af8= 511 +AgA= 512 +ALDs7paJl5xPh6ORH61iDA6pONpV0rTjGiTkLEW2JsVsRKaRiS4AGn2PTR1UZXP0vXAmRXwdSegQgWPUp3Hm3RofRcDh1SykZBLif7ulau1hVO+rhwRyKc7F8F+7LcMf/v+s73eOXUDbbI2r52wfr7skZy/IELhsC8EK6HzhACI3 124241322153253947064453752054205174382289463089695815605736438952932114700118408072544073767229325045596832952652232288773280299665950768731398747700657715829631597019676014848183966683866396215048196276450953653433516126074463193382764063985175903718735372053536664711482497859539116009770850968340298474039 +AOzgU1s6Pd2IkrJlvGND8legXTe50nyDCocI5mwT9rW0YsisY5jaaEOcu51BAq9MmXBPeVX0k/jlXwH4Pn3mCpUAU1rEOsTdcmSJp35siKliDdhTZHHdZNMW+igfXGX5OCsA/BaBcGnE6NnrGWXKyTOoVUGQLEkL2T5yhNUaCT83 166340174936369324883416612727439279977041963320514134445183426741643586944819834936989524033374309932122967866930503619179389342537723598234062828695747850043368572301869699886931403612266216965783079972698791813140295203826980649434652168563255385527187360027803388963151668338040517316899628026707657178935 +AO8hrpw+lDiJ13JahLtCb1RenupQcNd0wlTSck9OLL8wB/x6gAoj0PTLV05eZIbz43N3GUSDmmckjlxdHXiBJ9rsoB0P95l1CWIV+4rXblCqxmOdmlm6VZ13bqbI0x7l0cjeMrkmk+yJ067WqUolqQBlUWMTuJVfkxALJYH5xr/C 167923899524385316022824282304301434707626789716026029252173742527362300338760906999615029022863637963070711762128687835779073122264515776657475985362344360699359591353388569856862973447791264902182048648600267737826849280828116753682917256540180401899752566540869918949003470368970029744573140084219550547906 +QxAn7yrdVs5tlHV+Glbqdaj67c6Ni8am3bBLOL8PV5HbdrLf2xIPmNugo6MfUwFSnT+ZPJ51+VTOsItaNwCFju0Eh1cqyP3JWyLRPE7emKuo6xRhf+5ik0pTg77LEF4JXW6ofDqirpR4alFi0G2d9yImQPphsYJwYGF/nNT8u0Q= 47093316905427544098193936500644355852669366083115552072584429220248776817916430034648347490325490701471113667554329499736495877969341478442613611948220957798780043076906836236556612316544460763366275536846463456405604189392790111985912854476264292503164100482712281088955640964034295834935468665872932715332 +AI9PVzrbJUvmCihwSFans1lBKwudGEZpWWu8pkSK2zVgzGhMvUoGgMp6TG2zsUd1tV8zv7KsVD2t6pXmjT1wPUynufq97GVHI06SGpflDTt30WboYRh3DgYxvso1sOjUXpnDezcaqc2Aiz4nV5MSShkBlyBjA8z2worHDE+uXqw0 100635651531872121827765663065728398779771663753008344681972226973080394359405041113312675686974926993279775427390065833081040771269307007695807025882757371805607979134114890454059957194316765342461291139168706134406917264848659448693866813989352429841300235734400772946895458374870482441457514575059390213172 +FiinVicXOqqRLpxcGTorQpSAGeQ/PfDOuzYK9ViFtmPv6D0cYPfhUH4qXEHOejvmX+0b4lfaX8MWPVZxlqpfXiU9BhG76HJxkLF4ysipukeOvhoHzvcxE5bnhSF1i//bOSifATBLBEZInwqSVg5tHHPuuCkwTL91NqhOulp7Lsk= 15560440884463435471963622630292643727112462888414585143143739400703889930416938984547754943252935620248108237258540176511252143752416771350868493435174026287082706690332705481726295797196444796135827460509780634261726494455068460028424141500629527968240913757449787164107068039175831847071025316475940056777 +aYrxyQN/hkBne2ayqo2/iDLF3DZGgk080SOMJfsj9h3Z1OfFZM7TJA+y+/O7niqatosvKrfHrAw+Qs7c6tCZ6NPwYJ4QJLOF9bqH2u2a3fkI954voNUctlUagYUJsZXV8hdhLM6NwUyIZ3ZFkPcpTZp7nKQQ84tr1a8VjDIT5/o= 74114640794666001532816944350975062126079079113921109750255283189037502412929005615388097912507598112836936032143435813588205939470002911374442844578739574773399427907766548612582213272643279263782396527705126350063372192910060171635870872236876399794128383338399728947176692692942605589343038282957050865658 +AMpCUeKUX/vtRslWiUUuXNl1KA9uDAWjMUkTrdsxxRDESI7iZIn3TR9lW+0kV5fzkLF18iYLAwSGBmX1PS/T0UVFmoBPJ9yS7yktNL0lpQ3noyGFn8HHZ6XB3FkH3jegIfGbvwwhnhhFzpHPrXlpO5iU5Y+rexzp2XHWt4yJGuIL 142031143422642739313498629438991149460874309300342349421794421544918823888598660275343727563280565210534243383322796489809683834300630555650331646026843796764549231159336347965502383849513994449309613369541991287590422095953275586374371960367000083487965487661436037637475372929033613295072397262739084075531 +AIMIQVz0JIEKEI+PREu94m3v9XoiU/Q0CpsSuqkwSSje+Wyul5ea9oU5qgtOpdkMUOW91BJo0DW/GMZ8v3C4qyyP29TtjCcAHObJi9hfLSlnTSuzXZnDStooYYKqzfToLToCaAJKCXiXAVW0vWtapLnyqafrf/KgyGZ5u4HfXKY0 92013973253053602863003242446596060337454881568126916916519869242232429836082762281129448384605359749247852792606718908482332975424967542242332487707042773885428473061056052851768940900752317020681189773407893371297668591494665352294885305475871917069040377145530889271334616499701769138948975263435137525300 +ANfP+zPBTR27afneyac1KJhOB5Pq3AXB+SoAXJvQI/GkSoNhw5KdfqoIkLcoJi8wClCm424Gm1AdrdGwDFOM/iKTSPkrvMag93+b2EbQGX66/n2X3YRFNkgq/Gtb+2M8oCcAL054Z/iiMD67aU5RWzjqS64ePHsn01bJ7dqLgpMO 151548639867177154896951257541227014781655576169318283047778755573323724856619156348444192550664853912434681577093459933599575436686424046466113215132845213008587152894642577278656978304699131916299275797578171518984206145555369576872231567191579337901913492071976578289189524123204040497290426960375042970382 +AK0kHtacLGu1NFWMADq2rG8hpzM4UEYyPOL+aMJbnwXcUYptRIxb0YFZg35RN/RiZs4lQsiq+kEJKzMMV71TsJq59vMkIZhZoB3t8g9ZqBZuq0JYcTICDwRpNSttJidVpJ6P9sR3s1xPMYKdlSwt6EEc9htOXfZU+yHKYgn98X60 121583812047864398969816595368193171848971298823388059338224714026742264861090347096116404814514279627148994345584790617974476594451626305761040465570524035369799925437276511604752129817947910677564301623631349399504187314174538914591944778074509068973226322566160587813128746039859381466427380402262866230964 +W3sZlWW1Aev3x/DiH9MzwCAZzBj++x9cknLfGAHwgFqkLH6vimEH/r8hi85hzlCOG5CjwhoZ0D/Hsfr26ZJ3X4chG84byrfDnek1V9mm1++v+clJvlYgcuVgn2Opsba2TILTm1MDB+Ujs9brJ2AAKrE9+ep5nvtQVeG9PUGtdlo= 64240043913835461386212515483198059541440539167395859777194837833769712010594411295323900074066077107346806786205590345517755715510695858065925747020336398305793661773798243627926904542715123849691490667964262778804487343218972081260210371192903128886030021862362141928329650003493687310970684093289133340250 +FTQRk9/BIj21gbLwI22fHJWYj+8Ghdcc613hOtJ+/hQmh73HwTXLpaGK9aCptxVbpjW0r/bxaRjmgxu9u1CCZh5yRd7Z46Wk/LIPXGd3ycQzqRMFB7TISFQGJIcFoxRp3Eb5wa2OyrUg7c/D+kb7oFJq9P7mEwIh8TpLzwmu4SU= 14889529068556301710329043521845510156960298822469914567758538023025100741826628180855835334285179977296740667353391766487166458692144569279381035582718738461626140662441222061900764829681913534146898551570916312642104487829660946024590782808750587095559047648957238487820069966851521487428624726655438348581 +APYXO6uGvs9qWiEAkcWsaCaCrGJJCP2Z1g++XlJ67oZIgEoWITn3T/R2/c4edAfwUUzNHAYZN1h2dSrRoqlrRXrbxFtGOuRCUrXcGLFFcEbTrtm+z5z8xGRfcorx7Cu3FIBPMK5XcGPcbRZdyP1gBkeDMvuBNAo0/To+LP/dhCNM 172810804474418448604443090732221483571611665465870520701624598983692130272337358406272727413570938793741430131635927237320173996217984860203754686741782921346604605228620148450611724714868551781003004492587584071978757421616871762681049508123223983431502852926521520561941051298696758046005573332373854233420 +AIDNxhnDEe1kTJ3XGfTS8zKXeXPRdw5yifm8j8Ibzj/quExy7hFPtKct8hRskPR2qwTlMiW9Ra8Npg2USsqHV0rBoIkX7E3psxq5LBfp/q00l3SEBuLL4K2FGR87bPgU+Duk3RVrNMnColiTcnAR5XkoeWhn/r9MfJMIN9Y0FEh8 90449107125498302548188660544012777357148118984122992664008792590422284061463729084479315745509706793674355738023180454297730948397413371686013210006834869294564190666543874617716180411178090109573192518129248278410216362657350215009192850017507998797754539132540293137589672869131300859207213449571846080636 +AIRWavxYRsGlH0Yr0DudwrpYtbrByf9ZsDawKom7ubiRfepqYzcBlwt4adMMnkYSaXeYtOsD4KBm2ZvLKN3++RkYNmxgkyarORBEg7ERyiThBj7Ksw57pNHCAoHtBEhH7Wp9mHhuZtPvPgCEptmwCu9rYhLt4zZp+Zq8a02dkXvM 92930601962515884925250459851491509622611227724602941760145671636277317511265759558869239180653492283311584982044597979173761619470326096725838197524704577188104121460089235709339932110663536557497112887112782062772810759971739760085128369628777812332518137107605855679096146402427144185104230596200130247628 +AMNJGLcAiJtL5fUfkesWKYJurdYSnvsOZeZcrg7bemkEVjF6S9CcojimUl+ncr/YY5/EXnU0mg84fObtDxWWdJ7z7l0CFcoALTyEatDYKshT0xvdKY3u+LUShxIAyk8EcGnf+KoEaa4Mx3tg2oTBnVegXClOakNTWw8bu2ItagoQ 137134165107366719462230252606689766470445826753581409513106273517221906418464863733870948759313279128624638614534848890858250894834883265387344539280755177217350585564186248554307335197387734431939154077778003706720017441895613190141376534460438929588407764609772857975000507660651583780079804513519571438096 +BmGPZt8XqqI1PuLN4K1/PZMi2rfOYtHEMrcwZdSjKRm5qTkd0Pbb/5zPV07TnM0uLRvIQYTLloEY+GYyn0K5gDTEZpEtQ8ee6Y87zYGDwcf20eqYNxkA7FVV71vqCP/Uw3Oi6B+hMvsWZbvv2vH6MkAeADCrezOtwqVS+irftyc= 4480956865245875120472829476982311611308898564405318773810939350829150182630548948231116574193987272498161864310429976564278532538229396846813874244969927890037756969704618336242255039858182439641759659872128285423988638335967412040624105824571426792562334458751137508116412821914961236269913776304372561703 +APqFgCIYbJWuRyEGuOStPvcprj2PILQ0JpgwQ2jLKn3DvkWSd83qh7PWGKozGavsjh803K+ZzI7P2wP+Nc0r0El3q4nzaHvKaCtVRyMwbXv9wYLFZICeM6J1l9ljUMts4tbDoPzkIy3ScU7pYxarBWqMkcBU8qL6NN1vEdkeu0fW 175922170410080716883576123079908758276229469783745771772401183721225804343343063277676406040455068452258961299511343441961963941297631097736305638850193978800615558067791016294285848963023036905095022181004058235239390870177623185946205281141386416867569004073524130001309977475780893497185890756991672600534 +APA/rCcGeH6A+6ZwaBBDM6mB6tTD8mjkrOWEo/pK3MCZ+rrErMBnFp2S19GhlLOfuY8BHS+D834Fdm8+3wKYkWnXZpGb+e3v8ofOQ34G1HvzULOYtrEiC4ISZRt2SSyz2hU+PBXjVnplsHWTRxZDmBxTJdgli4ItAqxGCxj/aJ9m 168708388929747822981923386197903561880341990893945097067702518857172133291360611402092714329372304718329568897960770488377524912057166920574319430820488930520807742026377043178502591886293565177404635365772829346030773275726024973460121300339258054215286249329967181244588558220467488638468686270735376228198 +AKmwrLP108dCGWOWxE/6woJVLRi/Kra/DvdsPkkrZQmWIlUT7IvwM4gU6bUr4f6wpT08cIQls2cGh7dbSEaO0xLa3mmtKhPiAlzSnz0wuifF3JT9U3uXgUfCZuFtE0z7Oi7WTOrpl3k3GA7JFvXnY0lwblIQALVf6oWyNETnajGl 119160465301384937485959146028591622947513292915838943629387700439301197965652871741710280647524383590817798553034250156068573474278225305190573334054718387045488098320076877626430189054572361967283632592181431701411266656256255758079114072932140551282607247364388070762970060420036793573956057551235306893733 +VTe3rCzAL1Sljo3QAXEkAdBy1ZARHZwtrj6ZNRa5ttqd6/l21g4z3iHCeGo4rnE2F8wYTy+NlugjXw86OS+XojW5y6UzTtx0HX5IJ4POqN64aXWmaklGzroBEYWeuFFKcgQN3NOxkuJoDQ6VElP7Epz69kj5CsKJUwL0SjbNrFY= 59841866347633473702601462509811342285929528424012250265905695635971518533504187799047710303717472950129869674786231155102509311322791323986824635569605105662070745033595366004805920086888891275288347907772640070278731650628917037915863439204501060041944275512863990729926528905725569467329169134226609384534 +AIZt1xGhC/HrvpPASsvVIVdsu//tn0noyJmVYh3FdQ6yIh1uce47iCsrV1yvYqx5ZTbC0vnfnbjFcWqH+HtLX/DelgvhEwzqJ8hwQrfE1ShLG4ZjAVo1Z4GCjrDcEUMlwKcunuSJssuxeQuXwTLS92+q6QeBSS7OmfxPX29CLb4B 94399298271083745508290936113986978382457275531684761701599029877008571741877683365769553170771833981099580359640421358853566501815723434822307977440496208486103754978934472597505865596938563438311337045817621762649604204720249750058676095769230214181772215323235427976398686727606000594646472236822594174465 +NIhTPpWXS82VTA0LTd6TfM+HgLgUcmvnMYtLqPpuqCKZwalAycwl0XFYNyVvaY21J94j92ts/lRYgVtHDhk7/9nLXq5js/lsUnG8rWPHJo11JTxvW+df88aX0pw8u+biOWt87vc1MW1dsMTTsJFJAeBx77qU/Cwto95IVqM7vSE= 36889590210230649939994518345793530042252563793069578097360569338647730438860274349862767107939590441616825589851005429465345268710487649366046960918184701290985280638488938340668212498212581853679035928093386035688597446809895381618260692378376844452061580510108168030682664507293277674052032318576713776417 +KXdi4A2Z7tSiiX9YGtDtxUXIfQvPhcc48rUH+Q2SnXL7fLNmr+F4Rf3RiFBRiHKocPfE94pothop5qQJ5X221/DbEKWK6s+ChfQ636jvRxojoLMab3dPtaAPpDJHrfZMxbT4ZaDJT0tpA2e+zZrzBuDs+UUgCpty9nxtdm1gS7A= 29118662951481660380477444121362422614202367719725087486810943918529894738076273660245405874301505615796632229852040910511025841576465052938308369421493312085081188509808322692130449282585522349552501983296872614029139293444558468751646868108213623606366977549477663987815308260383403466635254115908032940976 +AIOTBZQR2EJJRmoWdRNFLG4fceoS3KnRTHRpPdllhHODqdg+QxTOcOvqIzBqgdD0JgO12SuNAjLQOiz0jhd02qkXw9Y1adGuKvL97ARFtNEuJiNzFAj7KpDLy2zk2rPJp4Lp7cjQs0fe8BQYnTzTsNRGm+4ybln/gse1YWu9w8y5 92394618277596007469808288231093678404089765494062813665106014405059399079199990128824492247005602685377185496959522609467906358619318009231448503013528692450191782140091818984176967246749464502089280153086163239846744554575017530385347720563798041108608545014076448155956762636929707905789978331102411214009 +NzfbJRBF4pqEeborJrjoknJgpfK+DZh2k9cE5dcElMPZ2Zn9im7desWGiBSQnu3KbTO4L/t4+m6nFTNcbIJnqbVSMDHdsfG72rG/t89aOuECQw0HMVVgONNNa6i/mw0jZSWnRLD4fa1YgbUlMd8jeqO9XcBDB4mVtDTxyeGa3vU= 38775530011374537813502898274019389132620116890266344603221997943675706375698597061571989090674289834838060050848545748579361837989319487970580969082824601965845786771062335733318139530316825802589479118956745739691326447349403950997231306042638797277408335778415717988679050762936401945487285814799382535925 +Y4BVPZ6necuLSwaqYEPeZp0lt9tTGFl/WCJJbwg7XpyvuwYKtzagC1NLzY5ymBfwGFw1yRlQuyGsYd9mBfC99DuVCIeh0JNrhJN1bNfoSzy5UO5+dmTr+dm66VGSRS0tFcViDTfCIleTV+zxo/xuZT+Bjxq7kZue8zGkjp42Kmo= 69872189501616471647606976308259279995249122669120675885925763529037695584466011511740991152346215507625265226811128801733353566555339153627478941716586678793853828514394269931890370517258825006937741437480128878717892485074131232336852490940507703859793477547154689914725314529986438108117871674332626168426 +AKCP9Mto4q/a2xNqM4N7PekbKspwt48OGPre+iqVwPrSP/jWKxg3CvvLNZzN5P+/FiUGIklMMFJ8w76OaHIPqKuwckj1gvCLECJEE+UAZWrNKPmpzd/ootN9/kQhNMuloTFCyhXAUUOXJ7Z0WVLb2u6fn4zroszSMBoWQEKC6lcq 112750701794692134675959811050012620191158543234019977304167102486465198271340022889272244811582365901584420008564301920174477182946432553537794834985703732129975734658113610563794129371053853971031300761815004524681756388784922001759202643614966614186697992611399618828963452661554240362943588548146868410154 +APOTAFA2waoAODECaGNgCHa8dNN+cjMnD01M+IeQFytzo9RLMzzzg/gpTUFpyLtFMcfbCkDYQMLXwE4crTimdz5sVvjGQ+5fSFQjoDY6Bw7MO6NAcLzlV/sI/1WyNBKaLQbcl2720n16tdUcdckQNnV+cC2J48CVxYM1c7QQlxA0 171043636512232272455501595416608280460445723238023572475354665686544174728784633443479486247342724860289312593374524429736857970220153680852977711594899595712511352458264354251161579203922747468321999465061463474727943140910084880926005209538535217464825087114791420210981711903880998556269523363208766099508 +AMGpxRlB8WVnsGqyyiy3/mzrPymtJW1o1HcDErK11ZwQV5PwTF3c0THwlnxDmcziLWHSWgPQwfRddVDCXMGW9BffJn+XO6aTcWDPmDAh+1DbWJPE1aqApGbHvQ8HONy90dQMZf1ayuwceWCVTuU1wnHdo9F/sIsRbuu7ic2OJDzY 135994898408425255747055209966103741651849229328236418804928584233229830656742052333413774490626915784901255640138520158698845938184666683995579777154437927013722740366497459963753542029774185193376253885864514386760437194444013834088425088260658670140534670789371556026135595577395047002643901630053097946328 +AJAw4uDYdSYkOrjtwJVWLv3pi1+UxWge4RmkWKqVquTsAVcT2tRZ+MFdHM457Hl7fmFIyxvGZQy4c2v1AbHEfPR8ID2sCRQpdcfrxEUZPMDqxfnHHm0ziny6W4X6ggdBzMp/sBWaVNTBL0e61/pELBGYNRGFMzGws7HQkr/sro1D 101254336834199527040756567675327011562230719161388328289463594628690618298993695452746353237675715087353241661592074446889034411683413957950360025295995263477031608845241728493807755308798509893719674568267846671753070163272328014412744008880395248474446310603301447848026040555910147467745595720879397834051 +AM09TdtXgYL4FI5CGNiVjf0T/AN/pZ5zZsBOi1MAUKMURiXnc1x8VKYTqM9Xb86mqNBBqphynIQG6/3e/YbGJgHlsSdrmKbo+P9daMr02I/7Z76/7Osa8+7Ky6lhVCbU3F0tBH4WvopkCQmuJ267afgvDD5kB+9uNr28deMH00cY 144124056591600568767398029380314564902309327093641173350205276895603332085753288682409279238417493662029954512382520307259348748813767324609446500382301421328754981718014234615523158887865271179104711373675849713359713282937065993613915015084108700238420759344034475478243507306107546245540340758766909867800 +AKDhK+/BKGXbrbBh2vM61OP8LN81YwlJKe68KNwUu4tjXlQg7i49Jis7QKPI/YFPUpSNTu5N2iCgeMnCX4+r3NAfivOao9lw4N3nc9bi839SIWdlokhwBHBYmCIgjehUeBAdkU4jKqlE06pIrpRmSvBtn7O4aWTbT+C++ViYAcGF 112973480670453665543892521898882856059335781900313607790238402438320486344365203510769919022496690291280873287383392088872774202832124927485754495093552572232234532821756395965072330282810574669371524103814871172318519695921477775100282448247625395376072233777533359104085023946019406729587713120941266551173 +ALxDiSxHjfxvP8ETvpE+SyDPTS7q3o3zCK519WTepygC58KSRfvDnIVIyV3toQKzgqD50kF1Ni5D/wuaSs62y3zg3kELX1g+WuBCc8+x50+kDtbHXa1Me3et/OqVS/QeppkcjK1UZMU29fXze6P/w6aQfvKQkE7koeQtZBKkYc0p 132203344567902304830160099595561253300484092355345272411265169562971473393256361094745618829297250316196312398486598077249124198329075791740755862221465178128527292695331061023291345396067863215552021206609309872689233899464919108147533679134727064586730810633196817136739658243232643507412032417747255282985 +VF0YUTvy8Mfi5o6X06DEvLm87r72mAtTdyyLNr0/GXlk0Xj3L2Oi2bVUMtcXQNRXg/mkdGP88pgdaP/eMzqkUU++vJ7t3UgOC1i3SHegpiBhhZh+aZHH/wjFV8Mz2XZB5z8MpMgN+QwALK1TT2Pyt/feQTsOy0imVanB5+OvCeQ= 59242171319056188000481457618922567543461456096441095927600135114274111606802456239311634638536207588762066940095527920532936960549439269891703098017342732142860571277442598349453761561189719823290643146391349978698217357430495238876700400634593256155537598291759795109752990651995982467695091946768443574756 +ezpwBt0N6QhTusiPcKrBvSB6yuk/KShTLUFQHdf5J1u1fgDYrp+aOWuXOFVfOd0bweiG4UxBQNXB2IDFWfYON0fBoaDqNk/41YyqXBSkKbiNWLi1y3zPmwTAiwK0PzYp2EPfk/t/j0HsDbvebu0ygcxb2tPqj4EQ1TXEdD007kU= 86533835313999945727720083706940213467453975054116752898416709637030456504024135513972566184073843025739226187558143854850980654667596935003124034699919861200483994576288766702308068265526535622439762454501169018136389983894783905946543636163866717367545972667876983557989192393479830223914708619684891389509 +U8BT26zT46tTZnkmTNxGUAlXbJhk5cNi4AMSd8fSvZHm55siMFGJ8Jl7mtdzEFR1UFAyEztf2fUhxdtMLe8ei/OJgM0j7myQ9STucEwnsShT7QS/DjBmfvcC42sl1CRpXkb0ZLrEJCPf+crtLKGrG7ExS1oawIAgALBiMQIL6mE= 58812148564290791415180898639607206220554150794356494356250223429674091688305329629529905854147200457536549527135776329004085047145097927266797668252160196098870200925284256433894773392353678965699083286106628662506590268955650280670838340651598082083455821825076016227525614626726458235627297885815646710369 +HfYii3U1SIkBZl09RHaGGA7H3np+qxyNeeCNY07PDl8LwZAaaYk/bHPeBVboan0I2X4o78zCD/gFXFBJ4rxwwUsVjHEioyO2JcpV2/oDOelJBD//78WzBMMSWt7ZKbJV9uYr9ZUM0BUD3fsk1esFCEdnDJdr86U0UMmiig2R+ME= 21039655953870571289679214995029926285040274249531458675115179004718812090027267801012507748013357317597416722235988917212676802092082137617336199787762782958420742299451435320649616271885264333948336627286638368859041172783505464468640994920853000441536629081040963398001710173320125308624362209157720438977 +AICOlee3daFyqTrTdtWjVb5M2rclh9BpIo1CRvKo2bF7NYcjrU0/VvbOnTVXDwdeGMLupbi76f0BrfDxYtkzMXvIZlgoTit4g5ennnklDHFBC5cogaGlri8U28w4/h5oMunZ1O4ezdpRgVJe9nTP/sSEMYiNS5IA7Zshdvm/XccF 90275777798511290102824338787811725003177532250296755103300529948194832904403489332420505850668003332750291879153080212231952155092379375422537931240723308384652734942204313672973885652497290433943089371705605128843469306776615573873479312715317072986990219294942040272550822460408702072075001377245051602693 +L0QUSVIjxvE201b1ztRZyOOxy8vkUz6626TH4tbLwXjjc+AhmrvplaVlavnOgHqve+/L18XNuAYP4BqdxIcWTx+yxBKm4ZS92dRJdcAtccvZpEJtYjdJvI6qbL5Ph6HluaVZwp4dyFyXuZOJGTfYdTb7PUWM0jNT/xsqyjxSQ2U= 33191267986826803728285073844005357792766429917696698533494382218509532051029343127452480789088572904364699220151221680328978554239767633887572649589456766209242252549993823283929686430100804479376247660556781589549613316880150951333982646510273364068770923588389668733632648346075516618646974067295703417701 +APlD9ECKJuACUmQUsbd2GTOpb2PgQVT08C/5hyNEVdA5bWoICX7epmoCKCybdolk+cfEBP6fSz33j+Vn8MbeiHBLdmF6ETbmcyOjldJ902MDvU8dqAa8IgEZN5Uh5x/xzN+3dqk9o0ji7yi291u90rpfIh85PPpDat2B4l5zs9i5 175040148659257809883308984693597046378367187659749953472629929701758633206586720399909808941145946314755491399962797299295431089674294356220216615950668954164397362123668926410543898553191541662075745481299747832013627018846822876386760538344447600390187421938699064459451308870669878673306013635576901916857 +KB7N0tE+A5vFhyrd/m6Qe1wTihkjqmBn+rinfmMAzRlvtxIBSyDLzQsOQs7L4oTG64ABU+YwcWVijvoeZNamaxGl4hatAH1pRqmC/r8FMvC4vqiFTbFHzQhkjM7uoHD1aKnxyBVgjMj0E0KZjrRxydZjIR2p13FXjLP3UQSFtII= 28173452509830313810392326357601136401754938805266458365469366750775669869895498658593356375710132149836430968810246171974040975430205200958564616924399794768861923079158311829444850822144940112488994119845741191519421434257276977333662656888696213514226866147767570046232093727585815615828360199830275208322 +bxFgV7eXwnbQScl4VzS3RTdcMW+NY6pcGkT1UsqHIeDVyBb8DnH/2/Z+DX3zniR1iW6FPdvhJJeQyPIax1ohILa11R27C1TLxGvTrRBGUycxjEcBIxamHveBsXbECWusYLEakeSDg9x4BTWMz1rTQajkorBoeEjYuW+xBxQtXME= 77994515143740690952370766995249847650881300682406161400195705464876513409097078624084133111941171517535435606295232558665316819077765607639545069239931096306624817379462598756505457054433358548941076472902905065316335603665413114267741896000877284610377452471067725794013283338924419969559537339967562669249 +AOH6E2eBzD76QdTJ6QbR/7OeF7AagUif9pEYx7fMqrIsXCJKKpLV/RHIItCDYP2WO4URCaVueoAJe3M/Shj4o6efvH9pf5Q8MLM0rn5MTHWhThivqYQDwjCp1ZsPgq1VFS+gcnmwgHhj2W7XzJxiNPeRXlxI2vL+XTT/wPBYhqEP 158686346608862569574095184731081143351413141116869402750758091813874232272198082464382169470744476593016502816563462778075467588097653320101723165887488327616477297401486647183409348122990505635004320879840358339260797834264972100385692477324858942142372580281421734058008608134075577990829273447077276721423 +ANDDgNXOB/rXwmS4KEjiHj7RCDocVrMv5SU0aw6AJzNTBfseFngqidXx2AJKOEeG7RDDN2gzn4K4qJktF0AIPG2JbELlLUu0MFlpOLxamp586qyp67Cl9OuPq3UZTyQhIsSIE3VQkvxuQkGsaV1owDV3BKIWQbQEqMQI3yT4ELHm 146598844784260148346676185962272439320781765598895126402049215152385925250917998794921584290777625240122575975327405909800121511343265147922400813488099624745229653124857224399973509428158163452130086943873214460600035260925149630502192183407327427517292065083168010281295559088633086659209316582810260124134 +Vprr6oBnWuxIzyTZjuxlKSdZhBc0upeNBHVIlXpQEnN1Q+XURKzp4/6Vg/koITftr3SMSgGpE7LkrERMGFgYaqM5XZ1RXYFKT9dRJnz9VRDITVZtdkDrU04bqo2Ur+jvZhvg/oHBDTgQ4nPLJfHO3+GEmUtck+g/wOVozMMgufY= 60816213163057201559480662231646403262735082707152897397414589876256824040344252799972529759737904461369360580708093117244392116003622336721789703580184437841209963565058475060017600871779929808204093448248984201640754565635410002090180110910120481044515630478472999135146756643143415057403006410330361346550 +do4LGsm0afQLHl9alWF2RVyEKPxLIErsf4pTPgScRE7ZiTSVErbCDeyzd/KHzhBLQs/DhHHcw+OXj541cIRm6jaLVKiT8EwLW/dVG0AkVli83sFh2f56Kk+bCGSKvfGEQcGLY2k7nQ06zoMlYR/xbZCka6Q6kSq4YBDQgigQ1lU= 83252051731120517035090523892596419800592471447735288551342681962005778435125655090199060145942826521644585427683714084736143440310518046334877897672493531918539106001203807757254797471481884534543367685912500572052457610702790097953420236852480969038388056545966568595395722585797418296411673622376893961813 +OL2Qoj4xkqRrQmuuLwrABG3BMMBNGjfBtVBNTdBf7g027Ghkk/z3aK3jKT1EPpdiOdn8zXYBSO1mTRGyK3n7Jo8ICOcnlBOF6cZtDsb9bvSVE26MOD2wzl6irU7vzS+s3vGBkN3AazrxPD4czk3xezA9y13DJVnNzgAgIQHEols= 39844525812817530522650122383059885756573694015271773938493414420875846359054562126060762455794481186614035892021706051863945033061233991184379580556219478200155757966121832613842937722944431875100059046588723473670448006803481527981834627086055642349130254917244469014754132003347635357123155857820000494171 +Ljgn+3Hcg5DOf6usRumk7P+ZrdTBRmo968HdZU1mS7LwLW3Hii2KNkwMV7J77zA0P1pnvhMSEEeh1RbCUjLtSIbt3RIcOEoc+aO0eINF8r99l83xF57CBI3MDA3AAbtaYATy/NUXSC2h4W5kdsQuR88139MFi5y8E5njqxHu3UI= 32456338403763561215581247445990611953939298888251578685087656354454727113846722731945605696397627662593375001096230320486703167389461057538581895745078593206660798580358701927596287363374862536765135996838944212622199018632046955402325290145163082309469649329852148345837780541107029165352782710901375425858 +AMt5/u+ZUNm+Xsucr4RQPUu6ExAOq/Jbcjm/Kb2YIAaEQ1czIL82wsu6YmpHcfMaxLjY+EnaaF+eCWQPeGd1av919+QFbQPeh5DT7ZT9klK7BFyVsN0nEDJQ3AMMJqq6lm4sUeVxDVTmMypYnkzRl7jqzyCRY1MHA+o2LyMECdOg 142886089970163885609957244378225169093559131065687633458877059657380607541767850701139140472705242750285722732461954100519608059127637509286558848391554697942686619832870045594188204522385787253648018847569919409782188708374165437385572046835539379151066214153911415525465041951116179326632238059135825466272 +AMvXeHCaa+zk5VdB27KoS8XpjSUngaw7Gwlq6e2RrkEOxBhU2rGWGJ3fhq1HBNRxDf0quqfYTMd1speisaEr3cIyx9BhYwB6A+Nex/Sf9DSixezhcgEz6c5CfwUYP0QTTOiZDqzz+GcjKikjN7DKJTO0WSXMRG8qX8FBbH0rlc9l 143142496664357119491819741364830737485524654099662921673419335301323845847085335210884201567922636945282124120681371777665458057821603161276185071778040317947168899788341482064834489328957963447735297898161379277478278414388733161844053774747425459239004132791029364174047523473372650441001639174571312926565 +AMxoMXHfE2i4khsAkv/lPtLQhbWUjP3kxYmlJkpacpicBB6z/TmG5zjmTC/sqzBvBn3J4UvMzKYFyk9/l7Wnuc480500a3S4HRVtMtirPueV8v/SPktL67eN2zoj1VZA/Rex0aRGjW2CzEKGwEn3G2bZSgdT8hKv7AypF69ppjz6 143539479941314279463880342636704987025205547180882175105616955926182352311179043850344463145750154442573797875223178075233807385237935671604701513551125937539235111702655902037518920150424691586943553275517626347557879039695678271564616114192941679606063184290901862703975921261779714258077775731727612132602 +ODvOKg7l9RCn5CePG1FfMitkR5l9+7JK67eU+WeA5p1YXCcKS8GbYAKCtXPD2QfxmQcrNYfAc6Yb/kksaq29oW7MzZuTDzK0HXY5xBc/fJzEuvU51gaI0PR3cuU1qRlLqwmIlyt16gto+2E64BgPgIKJcAjx+TfH/EqNeJ77/W4= 39488587053253042573878502921384752550143716864908041972426777545317969264945056510991363961916339225192727727267483337259701961148978214005913510275048195308792987888118270387288989623193626554910652030960235845935461155296845475356011099372367616732243132816329531758943935324760665826550992788664237161838 +AKkznyQtB+PGvbVroM5nUIzhJUjiNj7q4fC9sSFbmDgvehnwPElVlie6PimH2FKonGV4GSaxZ+osil+9omfkb4rO3pq8fy5KcFSw/gs09X/U2eEEcUt/4oSbjs2NaMIxQftM2CauULiwfkWdkMFTBkHnh7Bbyocc8dtmrBDdoI8a 118817437232756222334188081193205110010964766506378146125932730686679941224328135190204402802650523704343176483564284220367074983943319572348376466341132480772885833789613392397284313483009178508647973749522358005819092779831781339778163122774381387989185969990310049504391258988402795259963134610905036263194 +AJfwWA7XnYbTjlJt+9hO/Q/OubHkUkyMYrN6Jd0cN5MG9Rg8W3i8U6oJxT18p4XozkiOgPlF1lE7hIAW9KRKJKGTue+iw0okLq5UNMu2Ha6l5/wzKi0QzRVTBnQm2zjPlQpgUorBBty5mcbt/B/Y3vOE4I3iVXklVtjQ7zIBHaNK 106695084438708194568048926154027115609888551145480521213711726807296356271397749432698558860759334362315257102647885062353922543502466463770991058956633500180245599467233361812610650830611712448187310827443315947425061886163301613989593906515923245020641415290300558869209909418659128196109640872398602216266 +aCXItk5XhuNrbrqJr1Qm04U4y4AzSKDMms11PgVcdf5fCGdizibh6/oZqx5OitM26nRz2vob8F+ZIP0CIyIJU0T1M50dVTbbpwuVNdv/XI6gHekQt0d2g34x1TQJIcsT1VWwGWTPNMtht1hezBAYxwv105AGKnqdLiz04YAdEk0= 73134927546833985031652237686088635686032103401394612286045377544136784429757461671691980910279873140130943470029643791712859175007885735170485461366406852784845528918253441791024065848540598601036357817496637108534035807393364939272891745520961269029038360205258229770737579266643408540634722493263322616397 +APNeoaWlyNa554OtHP8F7GAY5V9F7LMoF2ssg5wBmsgGFktrRH1C4FdyD0COrzIb0Vcko1/HiTnA9JXlfGKc3gTHEnO0gxBSDjK41L+EIgUfR0EhAD9iftTaCoBM7qZN3R1MYrSz3sevQZNMFOOnRrzwWEXnJaPKAZXvsqPzOIF9 170899982929163229592439208307232242235219591108657660041403142612622997092685093132858257827585941687488772925553142105567685213341947938835403410054637382864108739466539574004149772568683507025358331323655651148107044968424043673850583150424463706583215452211942132017052425497789362680979074312857823248765 +ALhwBfBYpOk1pfJcNut0C2fEAd4hhYU03/ZQBqVe/7MgpEDjro7oMvSdba5kjH/VBssmZVqpvuZ5lG+vI9lXLukhwRKJg7m67HG8lZXvjDmjU/PCjxBPNt5r8/DziETYmMa+fhaMTw4hedZcwDe37t1VPIflvM94sBKu6be9yJAn 129516480651398210587505113546142851617282590236388547627336279692965778911450075230961856270046942312918567973875005814982283590898552829322178788678196583244198944578081007477482775130405341039067711963061287597331433268366003672643052056973656674139309732186091974604170508497340243515339072325943686631463 +c9vpoiZvtnj71b8XguD67WayOF57QgOX4V4L++nG2u/RY9VT2+0tJ/C4NIawVa7ScQZAPVLuhV4J50HJX7FZgtY5n+lwMzNo0av7i0IqTS+1BBO8eNJy2wkCbWWBxNybuNnF6OK7eXdPb2Mmwm2OmhN2/j7HAr0cD7rK/Hnif7I= 81358980280155473712258342299472964374474635149963153129588784719499494479288254287754874893180126149146558961101860327826747785201363745989346818037655063262173536227595206355647880155693272153902647256175878517626925488264893732295267833614283963802283320574654949992393798458265266551024756663538388467634 +APArEXNLzDydcHrieLDReJryWxFzcsN1dxjpJIVGeJp6itsJOrUtnmXVnETtaZhWsmN3/Zh0R7TgJ253f7PZ/Z2xCEdqF0hs2MmnERSywdWZQ0a0McbDUUaDjBNYFht1wvS6djbI1b8RfayrnEZ0miYdzrrP1ntU+5cM1QBAvj6T 168651870043094856205824264282870999215855903395882323164614939540734011037112413507417141209480771157672307388419164831992909066097194364645695794831939514470650008210390333649278806163193463937050083854756730458780288720541495880958909249273048328511615821480782977316719631334570687241232556472064072892051 +RhGyx6xibf0OvY1XjnmX5na3G7emG8PWbvEa1kIjR6pK6K1MrMZnxFefXpHWInFS7ADESNI9LHjZB8VW5QrjRVPMksgdEAlkhY7MyQxaclUlShFl2AfKYBfIIro+vg7mUMzMctD+07BLk+jejRHtPVIxHmNnZrZYds80ve5z3Xw= 49204219353786910100605282012781696579642953908541693903348594981245301165936599174304121350092894937817100350990938057159324959104937469442065996667276651025661016077514839755853073999975805394464570132481314896694678249282338429544941873047382467276103868995474424700207571657816852575364781281563515280764 +AKbFfU3GL6NILVyONPVD/X0tffk5HS//7FBp7n6JKMXu3VXvWnfTl32R0WyVHk2yP0iIyi6SUusSicOH9ncO8KJHmaoMGN9Fn+Zq94FTFqZne5NxHmCtwRAbFNDVGg4FeemGXEe1S5Kk1VcvWqnp+QgY0uwa7RtT8C7/T+1pZlwq 117110890075563714812929271250884717870581483065920538069845585667296154465072587148155060755111295509684258790280104272121160614620669593483929827848744548171793187278583947500205314283462739235860439216105116687015890394925743036369717346234391524403038196640934551590543386844279091801685432977718405127210 +AJ0xZ9dfRc6P4W31bMHBymgOq+38ETEIMvMtr+wB5WTcsquZY1IUB4IVkrHaOo3W2SIr479IfJOOQhmvyRS4iB05yDI88Z/fJfXarkH53gDivECuo+5+JmV7e0S6gCvOuVamwoQjlK3G32bCV2946ry4EyIsVZ6Alk9xk7X5HfGU 110384671994603894282707302829898242894456931176497230904862171369974466400767175784681299142670706023468915238955836087425993929524341269289746060546848852729416925808186253355106621584826213979718185296723694190658548757311188764342751280681935289121682174507629679900374674992438818324999211250580434317716 +fjzmb1D+YBU5Wn1GlwhxjiJS07k+fXxjeNRbOv5SjktzxOXmautO8xZ5ACOlYrTt5G2gzW2PU6sYNfByQ0xoUSyutOuQlD2r+8MnDrxCo6RxT3P0dUSX7q0IVj+oLK4GPbscnKLfe6KqUcYLMgKnDYnc+ztFD+csL6BQnM9WMLk= 88647261832601702291191332432291274285041869480562430895152086741320122435409959711452438332192792226899741738806447713240934608106883094466050154088410020909933636902495700779087737304255058561688767369900548260278700135161077055869478387490726087630962098228537973426295306997128615315548440548541717688505 +YDg99aHkQSh9RjytWknbXzcgLD8MrWUEHF46yQLHYANKXaQYyf3yGM9TYPCDUqWbOapqQe+XfOCoACLyRg7vVDsnOPRDI9ZFUgCQBNG06ZOxzktEhnNJoRC99da8jyodFqqk2f9UD1lVa8tsQdatjUDocwgJaDAOpYEyGnUlbXo= 67567767932654827067250684965667741848878457020992905661955722020937161710030993261011062929936964216357930453809610708591260182295097124272956485574313839759737390934220465669626974544253750900911093325004172643146669082793591441922014060981070503803266774197958528843445580649512373693546027107823355522426 +ANdsfO+cNtWsbT/QJHGkYAL2WCHWVPrX6oEz78pO8lUwiigVEow5roLI5Tm7GP7XffjF95z5WDxzpoam+Bfp4za75D6ZEHQmuFnpWQAmNLUHdKUE6UcsWN1rbV1uY+x+Nr5Vni/M7PfQi1yRTTJTYav40tFPb9rY48FsUotivoxd 151275723772668372472508916060743043308364940375633847663054782759325087560768667906829087958412643723335046123025802453213225972572697773468957759328009026531148112732519692142632237595562259864125679649273054426879080697360204352423668940795473103047320116317252295126635024518179060076282921965794883439709 +D2Z8YA0G/vzEVVQ6itLPUC92r9n9FKRpf6lDPWIgpZOOfIkukPp7zzTlo9Ej5IsBrZBbtGz/eYmlHeZ8Y9pQj8HFW24HeKYqjmR0ujbNxI0QgoE+VUwPVg0HhoQsOGmq47zpXpkDwpOAZbMh/t1Bafq6r2zM0qmiwOacJ8KFUas= 10814483230552506566705634583020057064935800294861277580077052473134972003523900930560478187758928889017740705417070994563709463926267126567504805864719383185267204810142444719634360655595490833208838383875687102074846353850310954150927702228780599083427768247170427544730791038729428517279760042619935478187 +XoZpSMHqlOyPYJS7dWSRNDJHCkjbo6+DECzu0FpB9O8bftcxan/06Twbo5d1lEqPlLx3w0XeWtrmCSCaeVcXVtlY3QuPjdKPv8LBnnhslPOVcbGyflaTPXU+ITWE6rwnIF+yWQl3NIwCV4EBtCT+3U//Dt/Ebif9gzfKpKltD6U= 66377743237695515693282032069691369056215169443985727092982918806809030742478033317158686828712146024066618073633406428345129492010236994055590530566431286733776441810601990431112187030942086686719669823512292071202675269428014136307286941704297995292544712278047959299939833088742083527714893795660235870117 +QUbbkyJQ0Nru9c/nPbphM6VxHp5DWlai6407KIDbTGvUReVYI7de1gO/BFphL9GA7gDareYoMuej3/SVp8lEujXywtXzjiI+j2TzR3YYiMBAMhsJO1wU9pxy69Cj5xeFFlrOycjE9sPS9nrqnEEEFNPiK/GDDTHj0KuNbWSCLrI= 45838919357034925862751142472777409057791233610959872523563363744902783251621354580995921495295078179996083468819097423327554678806691589090814275138081407920379810144694354354954459732280968086760894209634364189264517251735804373673532012530665557440070501687207620525228416650281363557992436992284712644274 +F+uI7ARCeAlnPLO1YR7RJj8LyhtE/EJMcY45lsNMff0YeENe8KOITZVxNA55FcxDYpg9sKi1UV3/ASqkqpH8MOxWpBdT2UwSX3oBkp6ETfJKqiag0C4MS8cQVsfcKF39BJ6KUE7X6KUEj11j2YIIRREmLPyZ0LatG7dN7Rmv2iI= 16797235966984072293396362937533957334369977688369659112225970370748312376722010874726300554329794854683394163379447263409228872034356195791733533528404245739693397078461712458035888813157166614479153484688995068722288153129390850561042173295997770817893349738328312152341860704179681230323810266038959856162 +ALkEoXznA7BJlBIfA3Avl9kygQcxexEMApwduVRiXeYG0uEXMQU4rgMJBlPqs+ly8LTIcLFaLnJAG2KFQn2GXz2TNa7w4xkegkrslIJEtBWX/lc7VzRtcLbhaXEs0Ci1ValnW9Up7dYOj3Qw9eNo/9M9b1fD9TI+0QXFtp1ge728 129924120553920201168632484268654219915712271781591182777925696006023100660478316445751842982460082888615429513674356810187315558964251402722465707617058251479494744427428152566665405423424700027316505872162698141109433045594670140335040479559124757490095995568556894332243767736124299898808796118800328801724 +Ki3FNTEE870E9GaNtbT418CLSmf++s6Di3hzAy8NgiDOFo+uuicJa54V3JNRxOBc99sl/chfZuaBQt14BFOQ0i+9rm2KD82okNABd+SNfXOb0Ow2taZX8CpkVJYDyphFPyHbPIKmzwMShNx9X2z9w4++tJgzBzGcFTPv1nhAlxc= 29618953883711174042338818332957726953262658484143534778541769862244883781157097499904047532839425875312731531093860721544220959674634750905085721866390609141599426547378130082409488797303960018348798930232014390380383063108812922828160584483043190739354817699497573863286563890071313017508437166939160221463 +AJq8tcSnAq6M32ViO4hVGiHY7Tb08cLVyxpl/v0Y5adYblvjrbsFcCmsNDi5PnBOBl5awR7KZdQ1xgq6jIs+SQbccEMvJvGUZW5MgcHrXBj9XVd+8oB0z0eahqXpgYBqLDeHLU6238xR3dJYFf+Xrcrzjg8swx66OmQKkAQVJtdq 108660120968150664552423780971948386965268856900017812123107864829782135741514930439461240950044759098603910762272795612101834680870627850178371693837566833495418727543557712057554231215186486008080050486837716071537742708913279026303380104388546316647349432118287628353129105425052237438199445863950767806314 +AI3mfrgcRwtE3mA12gSoQV1xyIGy/YA4pCCvja4mTjvzQOAfiZL0efadxZH5awohCC1SpZDCFsE9yYp4LugHKu/A8zMcp4k5ena8sTPDkSod1yucjybgmVJ5h17Pru28AzHQ/YUmCnojQv55aV2+AUhxzIfojY+NT2PKRqr+vuf+ 99645829268436288676280252226747461064597487404802430565833102291706103139410465131373666856042539909746769688396958963177805479987372681967013633920910376342526433530508868114301205524789149997372160919406352823342811006288909548557622230243808373083272214426118230701324879006645047374853535922112549545982 +TmXQ+D8XFKSclXwnTIH8d+sb1IV0gfm7GagJahaFL6A9rvYaZ0NTizkG5DQ0RmXyo0wPmLork/296whsdNdUxVAwnGFlWWvMV0ftR1fOvN9KoT0WtVZ4Rmu6Fuc7q1PskAZzIp7MkOAxILO4iX5dNuVC+GLZYIbpTel3Ga8fXuU= 55052751096768041533898435453266875315629605001878362193939750978427494147944918632414581744895066623527980497732722163665712245580312596487741856071020477624754815927936394948233480228964159047139170955663289543349257377302556035170334384320502468579367401821986660515827461352578142560630318492817238744805 +EF6KIBWQiQoHOnBdJs1p+WIcAv9ILt0cnQVo+o/2niOtI0C+eFBSiNgeddhotkQFgHvGUjq8BPYgtLC8A5IFKGzXu4SYj5ziagka0hqfhVs9zVHKNx2NUoMhPDG5R7+giwEGGPOayGHVNbsBf1FBYG91+mwy8hnNbhcHSnvLGk4= 11494909948912248031301686864833544028186348338729984264372557659364976118965740281229664413031002362633393381744365783802034700038490736736266032000546393704814403638058993380993275865674190555703046732456017652317200288968188655019374159412919163798248766655991273308390043613040731449231289437754791500366 +AL7wCh8tkFe07qChFAzRkrnNehvda/Teroj65X1Bmcr14+/zeJlZDObYRYBOm8YYSYNgJekcL3o9lLFE34sCMbSJgm4dGwpEVexiLVi+zc8ndnqBDSAnRqtC+3jbInm/v8l6cUvuzrUNtzXIQ/H4FrmPMiVy0EMerkMtkfw5GBsd 134080980697158076909534078193319899756347955848461100874771253577754225619652121295523443912922220564492468474647193062555347746840044705102003079330399499915801536721237211615317000955332058281901995149084303143543150689010335818219129745452688372571010816270728441637278434982752674030696337642893239393053 +APunLhlblRi3bbRBwSV8dsw8h5SvT8ncAmXPnca+e1dLzrQZzL7P2OhFope0mW1MCDl2kJPiGTdK3SiYJVsAFeR3r/0z96g3oq+8uS66T6VaJym0QToMsqQF4/fUMaTo9HsukyPyOgjVIU+6TiFd3SxQKIu1/GpQWVQIP2pkHFKM 176716779397275986910036615967409090183531310366246043951791503601618945774743601662530806467045971394247287367421508126613573039423674729894091424105133906122821596079925540513892022311039293333114333317886304014722168786051080135090242879622144693440448171583324154550086458411590240882982297314605229953676 +MM6B5AgdJKe5OLlPzcXwi9WhqQjx5KsnBYxxa3kWdGNTdk/IN6TVd4Ptn8lWkLm78mw3DXP4Ol1sQbIfkHRoKFUN6TaWg5aDCJBDXyHSTZI2FDc1di0Te1SwziYn0sIOe+R+rfuLuHlcT1xaZBgL6+dDLAZaZza36UEjn5i/pTs= 34273208848307582992498656582721015257885595139328466874135636009184357438445251703533153492315835793684794951576799764181908090765379592683793969576893243386892292517067596035059342970830813419330530731370385186653239446376170533147020072285887964430731437765184844167400169982662183791828762458682426369339 +AJK1dx77ZA4F0sYCgRL1LKSTvjGTKBHd4QBeVnE6FKJxIow82puqtsVZ7TBxbECex+LkLQPrEbuQaVr3giUDjg0aJCE0D9ZVXCUS06qulqcCCdWgGFHXDOQzTWDn6TlJCGxtTEMbMxSlUq1q0iKZ19kwMHiT3GydBn8/G7tIYd23 103022457217861194294329435482792508957642944252832971366936865663608381648431732294396977429863681671686490913575377744795372643599438468695483808375208871881849232129651519218503507811863794426234594709451104684234156597418383183271923307418704786548452806494411689822939919114966188329657999811363991575991 +fPZNsqUYBbVGA2FAiglnByxGJOZkVSpj8Y4QNW5wq6o/1e/PRwp0TLYJXIoCJRs82pAj0QDpQbHl5lCZmNxEIQP8o8xI//HCPxPIdgBJmSfm3VGetrOpqEGU0KJJqK4IsjoVpAfPFMUMOpGNz9CSvCHGk1AKrtYvrTJEKmETuig= 87751387019308584846595931543798879607048239290774788042055795835726250309378365187899578817976976035304304847968410200168743967600896348021636654074952051821111673620467434295067182213181329543946368332581250062140819766061014427755090798550122401239987766844126425179573454145697756278292448630509686471208 +EmT6DUd0bxcdprYhAnycQaxm89kltJOlIOGFFRmEK90H3RhzBGr5PRVTJVqemFVpVliO1gy1nPHgqDGVNIE1GXhrhyFJU6m+HJeNcduippRe38xPCiuraRkXao79X7WAiVYUq6RIH+UIRnfTvHBgzTwjrOvKJ5853hYmGaanjh0= 12917015385266582065020051081997430892582163827812227349569911846746592973268746845211126663077128575098045461893559476227689488349263954564361736197688317585888118974603264677576027836032271531903881104937422976121352854003385726888601980526287956222142458858211589791399646989299770657341412683499692330525 +APtOYyWzdY1A/YU0SGrtjPdMZA5E50Y3hJVXppwuuSk04TjXzcbu2Sqp7sMnKYbToRW4nB5p2UnaLPhTRy0yszOd1auLngW+0ttCybD6nTcVoP65gYOwXGfSEQysqKLb1OfV8kYq5Ba92Efn+CcWWWuS0wEr97W5M/Hccx9bGu0r 176473215292413922394356058789571494026727424839036665031567966488209592078148711908841964690807374236235612412767651029865069639786447019874344449598703213025389428836803984245755885691094364960118900160737925054803955567361126391353868279642836569627177281508980029006921064654964339077608785831304875404587 +Vs6bjpYfFA1R/QTeCfhMuZLZ+Zxo6wxq1jFZpi5SBR1LaUwAtOAj38OJC8L7zmxSOj/RGEmJHkulI3E1MH7P7xlWbY468/azfot5fX9BgHrtptV6Q0dkBUg7H91+tcxdbm4/V0HGQGa2rZp+XK1rO+U/d0ki6iNbsCsCR+OeyvI= 60957991334776853645581868230398759578123373154273044785333939425321390401088800849629483265841435899835570419798325123273632247193463641611211088549152950252041797959644227170492417662363676228611376046334386877555777556575818860902071813120592757466883038430756577949025778080997296219236534786815367760626 +GiauT9A+wmwJsFbS2OPIM6ultIbU+kT2NgACn1jFAy+vNBahdfHMCH0jJdCs5TbmKTCeiEf3ITc5TV1OSvIejJ0GRkTf80nY47TAhiP1aehZvMAv59NQHHTDUE1U4TPVYKIyFpm1V1A+JBHKJzuGrB4lvqB2ed7k4m/ZD5lFLMM= 18363925023885496669420377869542744504974590667921570026763131637088916425434675950812384919000566852243714758512996458727914094904422651029609645299422563453163291342992902510788457007623888307499601267675322986672697397389663297565071582648674012080122614260400848960757021864980761735684874056409664531651 +AL/9KOZLtZu4+ZQYQsmOgbST8F4RV4N/Z+l8qsbCFlHdXHqTTkcN0chsccE/3KkVTZsAnAyJqogbAvB/RZqttaK5a8iKlOEoerUS92FVQw/42WhsVaFggR9cHVuvCD6QqclZjSBQKQzUMy0YWPWlycAZDIv96tooA+V+Fk0jbcFs 134819194171226950171930028888667967094069342154233489571728632904658607624703819928943642011918061760802468868660586005724399808048609316802502143143910585363214684061242274402109137825176291816945489430125510625857564490981683683589784133305376252294774711594646923226452625156299996630452243345104727556460 +AK5x2N/4+PKlsW/fNrw76CnE+nS76Rd7Ugo3IKhMTB/IuCc5xG4MQHo5MlWE0oVkZ+Gs4CxUpvD/WCCjHHFlSxKG4mC6ehz3NVLglBt+f1RWfPkF28JPd0UaIOG3um8kG4J3JDN48PXOPP86A0H8ZYbE5+ImmXsGAcwvScUQRInU 122499245103202714319465533564374494931278163571999934877854825659720649344163774228004853964635693562785966889622928722984134944784141208867445419597834322541679973956606275877526560988151196822256754309120410807075405427166696093800381410682490767468563176131997424692783482903880902119461752084196789357012 +ALZ12i0hqFhwRAikcoahYzH/BUolhgZ9Jz6adLvvTO4wk6LLOpNC/zCz+LjM7HazZomT1SqeYJ2X+WeGFLADHuWo+Gp/I3S0UEneYHKJxoU7OoOtE0mB0BCncLckHao/LmbpnQpS+Lx5bRsr0yE6oWNea6gbyRm/R0to74MI3/KK 128128022342420083856194424802390993133863171077961467523372211039771843125192435716337829530528063182315478279257832480290950255315151577221042903861075751839976362752440630888566422581799720709574650482021111126414843635330535518992034746102956214991673417580508389225948159518319625680855827280146399752842 +APXxvLifWgehdwdTRAJP5KrchRzgbUsyMWKcPGm2ZkwGDJjoTl2LIOOGVFiL4CyPBxahkEHf0nMxBN5oNGX/Y4W4PuOAC8gMgHzdLkPWkpnTcyoe5DD+fQsqNuKVw9nvyB15fx8k0d6b056nfFjnnRqgybby7MSllAWSKRYRdxVm 172707950911363219032118650562553641123743396229371815589867086054370029540557395298194067635069298952836929253340374819975848769009260895874615676938511747311585257140973518651959463416682165208985512233703837931718385346209362040743041262031997793519095342415901373534535662377972036003546589624834285049190 +O+9ohtZ9SzGLJoZM8IRQAjhc/GPt2X5G+M22ZidYjx9WgOTrZDXorSyxLuHxay6djsJSgjxYMj8MuanYSn/DzPWBB1Gn4cDmIsfeYuzO+vUJ4l6d0nIvBg9Iqs61/PGFd46YxhnDiVQ9HEznyTjzESnNqc0+/OkQVJcwNHAcZBg= 42087920806448980363073662127262313840530298932643042322138035915324224188032438119079107631420338701086802583985117830416851550991102672642532160807467909040086448764318690465254898516502941122327185894900817634110254371864896139724173087625913998657136384357741816102965779105122269429701537815263708996632 +VJOZmvqrqsIUTQSSJpZPhbQIYN2tsfBhAciWnfAYpwjK9/ts7OP4Qgdp6T/V2EsSRPnfZ0VKdLg1CnEWDhfcODo+/BZcUrJ0AviFAEtdeUhoMSWXtjel9Ln2guHY4s33z2cN70+e8gfjes65lCzrxUIXEF4nKxzKBnScoooQP5k= 59391682001673484862915842850714742391303140646889359425353339320546979084250010101273851580028171449840778038774656177449549941659895629203970455580974953864068394275066532699748911169800076515776388213090834432354601344176559839798153004796057709798368011673585434643656820656931921831615507416411999846297 +FRyJCOgPziO6RDHX1JgYGZRcSAuoQFIZM4niD/B0twK3l+TRpmVigKZAJnZZFtmX+0JQkDwQn3lcBGQIL6mgy+j0hD58U2/Wd6xebuHSzf4OHVGo1cYoqZLplszA+hVCoDVTHi2YAZ+GtfQEggumcNVxqfEZd6D9Nu//hm0t21M= 14824975573460749317081504809641216868382341402512168178334301409725840669112911061147252565570697788806398498723577368905065980113760265945344671897779830912242224090954834750057278285419880820811348943398148063418809729356397202526234113316098584002071850758705282845646489058224513019380757604894853946195 +dUk5LyS7mduFJlvh5o8R73kJIeeTh0Zli/y3XjtIXfCaNRf+wDlD/pX91JEwsQ5Mvj8yq/Uq13QyWhoNwsPpXVcJtJ+02wtIn5darsBDfzcD/LbWhl7zTRUeMjZ72gAWi1djx94SWjrZJS2oWZU92Og1yOyKRG+ua0AhHfYYh6g= 82361050315899968537319599868832189063658136463903643442673674137187842597528653416212822014359684261704550279153006971937114135373937934986951573613797195556144113400128502946618028800530164890707031379614952207482505803377774320259789692177752930767589642007257364960987343146063216186985472686575891023784 +AI6rejwEznR35rIPuIz0CP2aWyhRUR3unJ90YfxyuVYxrqOJQGSDTSf6SGDDw5MqpZXa9pWuwpyrb6smOq4ZtC3Er7lipJfXDjhy+0k1qcfMjmqbATUscwXGpgW+MO71cttccEz6vhbjndi8gvG5M/vfL2l1jA8nXuBd4e254dbz 100186164434910864539376019601151338080943067893748898987236087770762310617199833479771711726248130012472861788210345311298499515751355424063761182369333224929721733015910055321263016834247318907562652286587380604998130368845939290804442878127169587599285040969551065995197981341260363722618429042861484922611 +AJ5vLZX0fSs8dUSBqd5hki48T9cYuR0atxR+qv7cRu9nD1vP8uNVR8dLitg3XH0RARt3ZmOgi/AuggZt6tTxuIBg+9JhBY9WW+BLL5CnYWHC3AKMi7MQBWciLtmBpyF152bDaEcV1PXxtml2KxX0Ba0C+hGVDmJSdi8Kjd4AkfU6 111256341508463539324514225759801553679558662737345522765042612717818066374840372549356543720386819501973783940451033901079765311790026584654529398345993992144903839534037331533660672892487693477412528974248713261092693018326068480417183236210881306241164169849090833681510163753605662526243408192127670285626 +ZhXtSzn1GiFfHHnSKUYZiTcEWqlI8owyCKFjCQ+VEvkdk50m8uN7RCQ6ZhI545tN7Uy0WdLstJhgJETBYLHHIoWsJn07mgPxuyO0XsqNroICMQEOO/YWQFk1c0VqZifcohQAwJj7fONzM7hTcA22/7gVigJ3iLq178jZOJsEPQs= 71686982768953132894579286530164112027530221141251507987469672039995314435159469907420372652392376452531392493658576814100773556880394271726970628960571077839124343525055625420896355363707908511865700866168843075071778015504724409171911254647909938237551680861008772396291072284353858575645679153885560978699 +Vc8Cw5m5yI+bJ5sUJYm/F2wyZ5x3D4ydyL0uU/3eVF2ZJu55OOlC9pUyyv7WGExClHvWpR9mhMnsqCLyseLfM2Q/YXJ7cjGPKp2xd+fvwHa4hRi1FdOxs96rJnb+HUt9hTwQByXgzpnUfs7AqrqaNf4WSlBNMu0IOOqDdB4iVHU= 60256873326783629723455608618518793848697944184579877638436234491615392142659293975260290798403892159720925893207048153291000664050780029732557737984085196691225472664027706406879051455184548871511448456651238810812870905640934953489289909009741493031472382758586341375517766302753448531830002512912250459253 +QmeUn6cbpE8YrDfMETz/+KVFaK+d4NHHzcdj/MnjcmqQSLpP/XwCW/aeudlN3SfKd6rNo1XZefunZO/ek+PHEIy899WzjiJaajhf2X05fl9WuPEaMES3Yrr+ClogFNQ+9jL8+7L+J8lDuqQzvchT0U0RPay5HSNZw+ZouVCiQ18= 46630904037845609335515965570673490721137364238213103678233212262384415738654627185220187275286458759154841820256007930773120637898228224906635911124921895934056288121005350040349882413280772888907627838315559544636626856478316691755270725623680935763476199888127096014398699432042227882284223578563208692575 +ALUBYIShA4w5kRUa6iNF8S33DqaprdOWjVBnO+j9CCGtUh+NNwfpKR8AKf536MtuFFtwaQvRIlkLpaTYXuRxzyU/YG2+UfRQF3pEmXQhcMxJqFzqZ5nWCIWlJ/KtYS4lcC/B7hD2UGAktnIdjVUTSxX60VzA+zxeunV2iBZXQlEs 127106299687401374061881872616647348819431126560557369258073443762502337592227172639640997680536372567116568811258505773087926491911004324918919511363985868314578663758269650473780772688462266790559846182685481907703974916356209771821075179827563487466641669110315430790405454641953880582274165368514679034156 +ANyAdMnVCVjmUZGiVdyvGE5mUQpKoJOJINqMAfzVUGvvxXFmGdoAx+xsDRNAP4KoijpXk6E3yPBPBZEWyhiHnyjEkktK/gX6gnb745afS0QIlsjhKCk/W/BHXkzC862Llnc1ZGAIsERnGceEoZHdICfDUh/7nMFp5WuSMzPB7nEO 154841617115465511611746667401422322067517612306328612547616471923266281876818466022676728696273611923942543658633762267658490816264271663863494188027433799849037906883352478212451733963905925106470599843045599411842850386623187980045961158399934160107237440980574028985561404965317132715808604373199725949198 +AJ4nfhDe+HojR2YrprDHW9FVUxsZvoIekwlNL2iKFRFcTB9IcEdh6QnGcaRinev7yEYUsL6saSxUj39uWlqo8udJFdszuuQUmnloIi34L5uj0m1OpLy2dawpFQr8pqyA7go4ugMMj6XCtiVnISUcK8wjHgY3Jed/EKK8k5ce0Jxt 111059703393618496515021583605572584329116596402705082562306930876194742195701060137568030171429700588269665205795898835699633817098262654446852249498668467827435829513531633390969638488553144849154126899372953755511962841193763362947708260103832329116485114451074371844037650417731807385491783373627950406765 +AL+heSTflb2MkRYFTKghfzqlVQ1oE5vcx0eCIsy9NJ2NGFXCRRvoGDVoB8UEsUWIRnaA+MIpwDKGpbOS8kRQrvBvPe/xM/t3jrGkaS6pN064+bCBx8Y/Jq31ZXNG8oUol+y1Eo6fkUKNl4EOetmZWK8VmhVwol5YngDffj4Q8ned 134567692290185631768518572983694048149859804864902017394351513816079806629664302312927579302025923096596995134868068794900003728293470554490807959649153000914807604036531509869958441069678002226922395630284261949256022972967357884468325217602330254290548618134453007903724438628204981673400911693835033278365 +AI272d2sbYIi637kHZC+6lievgcDvT5VKaCnus3fHwm2vfao7oYu31P4st9DlqPWJ635X6QtLkU5HgvVSy66MDj2fcOfwVL09ffkZYnoGNdhMADVgOq62Ro5cCpOdw8Ko0cCyVpVIaSysPuqY7kiClf9GTdyZz/uYHDgwWeNrc4R 99528854246023003959943182132914587584844397870416002887630245681136432049666385367430032197518895755482367603560037194955739661569172773017279832774100155646116233705958563163070414171045438199561777058338188494271322834524386565519620661180246416329082614115142485663975718653564590519408413408765689056785 +AN9S8vPzo4SkyKsk07nfyD0um1riJzRqqWF9KCL+kWMHajurgPACikYzu61tL7l1mNEaIU16Ndz541o+y76DgsTLYszu4KXUOEt1Gu3eHy05Fq18zCDlNesSVjkZjPmuJr2ku+p0cP0TLLMn7/KuVOm4GlEVc6OvBNZuEzRriSYZ 156823459768092337875922818543729136404805918580285507923139232733465414368775678369646914249412830351437211620056021568154043505276475345347569200977945836210758870414054407438380975491139001471954448623922841964684437333066353208837709613982022690623722155151315252634380695513434502419141555410441456920089 +AMc5H8kywLgiT4zz5xgoI90jejsHorbqUGtBeX9wke7zyvEKyWxRKScZwzRbinjDZzN48eg/30qTZOV2Rw97JFg+EA63iZ0vqfF8jErIt3hODniKX8zayCuNmiSb5kiZL0UDU1SNh8ER4m6o5vshBKkmqs0PeozfCGQtR3bZXlx4 139899247405256530335276706333424670310599977544642091674186635734421385499036688803073040921114325725234673132788498809189814711681909865484671959982394306416477300458309408833281654917008031099378445580498219376391819745965887864647387211647794422908411100892195529730435423964537342228510107659017578765432 +AKv+3H/TruTX3wdMWnLzD05em8u/QMl6lCHT4VkK+uZwBXoLeji54Tcs/hZIhj0Bdj0URrRt+7JdGSTy4Sr986AtVFxBJZA3lT+JT4JSrq3oY1Tv+tX/yg8ZodQmbpQyyfaFg3BgeHNmsUoCrdqhj4IwBqEXoOBRIXnzaTuqqSEw 120779384043726135670909127168686589868907326577918074234323699599475436892003731971700278391108690400460261929381703781833059801757700386671579819341589048987186473249926590758009001670959004477454905417357202448886738669226760846888369186457452643053236389556969071303251275912453385963613554945645058007344 +ANXIB+HxOyJd3YYsscMpqZpi/eYjZi5q6A0MohU4BiWEJK/E4uIObLJDH5yd4ng+hn7UMhc+R/AxG88hIdOc5NyG/QyFs95ZLUC26F9rkRifu2CBkgqR5EQi2cgwC8jGxQOkC62YND6cAn/ILsKTYaH0iavtO9Tz04vQp9Ypc82H 150122383481070201614242107655752525590609186454390549085509458064289390813495886095936526832230958746095739308601699615024239939948911472291507190108935262129646691795733786714291498653838550751365834947465294261687773081563139416397262227609481906371677917295227469553787085145970923979142676551778927103367 +ZQLFoW+dJ7vrHdMlcLRGKY6T6PZKnE2L3NjXymS/55my2CDBLdDf3oXwLlRjVt9KnEiXyQzLhyY2PrFA4k3N/3P5lVDLHero5c36TMshbHgbIKRGN2CGWPEFeQ4j040IwVbQCPJeuF3jL5ikCxWZFXfeEnTL6TqumLfD9yLQfKA= 70932215714423143395949105745758445705072524008235214324766464113352968998429901322485575506330607802260244612268338586532462314021433435523464635419846126736185176246740838082062856583684393425704173881940108783636582561707441482446854068022535943408999200681879161519209676205165680598258447492092651404448 +LzzvPw0FdtM2G/RRiqoajJiIH+Lw3jpL4H+08yOpp1bNITR2Aq0beu2nP0H4o2Z1/FNr2hzuGakkAhVbmmRXc8keoOkeaAQAP/8OYxHpjrqou3WPWaKx+vUCTSqVYYf8gnVKpAAC2cD+3lW+/ZJ538o+c0ovbUKNu1u1j1OBtA0= 33171669664542509840621265032202455391098253465550501094201777336478104142847268103467889435377685359857979277521589539506627375165485879405453566052091202280471235979376217319335800766353336252760793484157724210008639813552207624049019149744883918494762511376489708611103181576211531366514802868659603747853 +APrGj1lIIlxA57DNh+bTEAFbJK2Y2P3MxLShb4fPx2aY6j88k3umoe07ISQLf9PzNPeml4/0I3w0KNd2x4s9KHbj7NsIT64lhO6eQSEteqZXZGXUYUyNzhrTbAjt+Q9LVKItQhsTkTW2HTQ5RQZfGrkL118b/I18J4P+T8CGZdDz 176100632478477421621142147788721746818712752858710594712903769452749028606541677227413333567013253138397373757811889654342173021761934591400685421771460440213093509170325205622261487145789848227404883040799927313402244625239515162996390018403365063394514244196976794479529075569412676472840544017222373593331 +Fvcl/LemWk29I5LCjU1QedTjGlkvFF/kZXNkRJv+vNZ7qgq6pX8WB9yVkk6AoclDYAhCRfKTKuEpR23iafVuHpprPfNXcqBH8n01kq3U27xqIy2hS+D6BRBK67PQaekq31EB0aOcEb/DuNaXakS9+mtTMx6BKt+WoEY+NkzHK6c= 16126868736093163702771491576570380743773057522016869811780571865928979861357811080042796140032050364543242385458140594532945509386155523162799601656485075247603490060565663264947465987286983338572455184901756399862440455644131755848583379822279676555143231305246033911608913609591095831135803702269767527335 +AKW8tvaB8YZ7J5W2lmquBniJzUhRfqFdPZPqvBoMzR4cRh1CMNdSFsYsnsaF3KolNzogdsxFpHAaEMG6zSvpNJAoi4nixCqb5SETXrSLASXvNjI9MvCoE2JCRq7kMbjPL7cem+mBPWZITGUI6KVlJPLxQngHYSFxukqlx7jznwJH 116384596458828069344020651216200368975621068920641012055593076864629080375946542748377736186556382088448816531408136815533164209947323588157210859294774679831647934533061547276394884474877353537242203645373945111105805934070657589374883764420038511061919092743520704686962593876316976299391579463759429567047 +D5N2P4FrqDf7/2Z2BJsqah4SjUtolic/yNqdNzvNEogDKZKAJyGq4zhnHvkYXkEm2ueU/FDPJRqisszG0oULdU6c7p8acirEwsGLVh4RamnFRgmQSK1vbiYB3bR+P+iFX/bZ+TWjN2Y3YMa5UB//I6Zb5kEIjmTpjY2LEPI1e6s= 10937855369372570149476727082965401421189236366492771695094788039313362971972373068736123833330006002198346944149230147444718818161877123407713821100752433128205189334393732633989950841577315682292180735057952587083688644195300641998709155269462601925653013312848413290208844194513502358901613104779186502571 +V/A1ktS0xrcwlI8xrYqvlLCFYrdVp8tEzZaZ9iNNpPH/pzVsA0WbnnUeHbdilkje+4OdoX9C4U2xaOuWOfvqLR0c7GeCkSffCqyf4ZsBmjy/BQL6rCpxMF0gIHXO5O8aJ1h17hy9LTuNzWm4zVh4pNFuHC9L6nAcf92udMiIQzk= 61752386563628388546439207444896778638632243226541303179646524864765343154194512297447627825411023405896612559648434895675553567405277169056807223959390559391191382555701580549902639604424290133917402316755076644943742815711432111554988540913643347167948778404861099845961151998728662878854088239266688156473 +APoPgEKA0/r1FYmt/Iso6ChYK6dDU62Y+vH5h/LVE00biBYG1f7aL3GdllUTN+XQSHpqlDw8CD+9xojwZIMfgpgjOwLbbe7Aso460zLrg3R8aHBpbVt8iZUgjACwPYr5UyKbFzIAWaXcnYYQ+tCO9aDIuOz+/7eIF62C81zXFJVZ 175598490446477604563905754135475294999639698464908622773037381109011373179895295130424828038708319325919451724985361900259676699137657615076219968061941008972496322083528922054390781811699677037439989404270415929836486610353098273115864435328533577114470407444852521009919911888840405368858409835197558461785 +cL54ymLJhRx3U20Y9aUTIsXy9Ags+XHy4qk3F7uJyO46eiXSL7VrrR9vTQXAbETbu1YiVWfslsPht810eUDUVaVir6yLnXkywn46Ci42FEvVoTEFjO22uYcCh8nqB8H589w/+lVSlNrcILugwfdfCvK1iZzVimOO6l3qzfXToOU= 79171550718114578361958369278761819285111811576818442980166457146638966315793211967882077899426611721874954146020093740153495693185472340728106727284441726113022873005252623222594060645383105757498856463065370975867121188445567981809371870213273555432308279508351518168027875538720367440153667708369625129189 +QdQN4qW2QZq8/fmSaqlRiPSoDbhmF0oYjaY29HcKYGHdlOH0AMJb+RUIq1aszvVtjh7AYay2TNhaZMWQ6Qi3c42SNk3A1MVknT6zqiRCGjNFfxf/matbRLbTFQF832MAId708vrFLF/o2HpekMkc5hcHB6bkUUhEI1NLcMXwGck= 46226230186280253581676626651942823886592433541360244612432763620730826574920825070086312767146345247802570752482654580909236388357139147786783758670999083804670979821212991224400629053427330483809790366665043598754931511997925850227997764381723288657884346974360232490075739442406431704368767588177525348809 +cxHvCK/dyVDvaqCCQyLeaiBGA36mV5el+1lc2eUTkHGUzX5gU0QQCEp+iSXNJhIOON8VFpKOFsziuV0Z+3cegWRw/VnxnjXcBh6IDKdupzOPB+Yl8MA1ti/GrQjLC6ikcNYNjQT0ZThL7KTqEvvZJH68WYmD0IuK26swjNGIGaI= 80804939616399473443737611589382762718815989847332356984276911837267997590368701684135326680567847542004499684038240485603420973682522792156533112356849436451918522884749244246467852622918805139990256619014116276456718693703261686778030658826952213058982142604346352178078750879100976710761147710018148637090 +AIQ3OIZevkYoRGBmsFaXJobSfLeInuKKReVYNjP5VEPoMq0mXTltY6l09/rQ3d1JjsMD1PfA7emhxex+H9t3leBIfCi6Ux34GQEjXWpQc4awuiy9tbR077HaJyecvb8Qy1FTnOHoH5C043QJzrKYT/sFXjgB60piI8Y0R/hwxO4r 92845026347218330987427785323244729176754623818531419911990153715676845614711324345879159989637824921793015074978358052562420379797956750450245721653716740651389924718711940869162230097839047895842495414221110468446944827052871968998907462191349838598297775847512250220907563815783358238473966349820476321323 +LoG6ib5lUh57rdmSkZSWzBoudytFohS4uoU/uly6OaQDOi34GeNVxu/yr6RszJyL9JWkGNgFaBIv/HirH5zA9VQAL/6kpL93a0/GQ/nuHkHy3GWZPF/2+yJ0PfazQ40fWhHZfRxBngWslbguFPjj1XaJ37YzpQAYb/+QcUai9ic= 32658152290878644668906121702816147999633088014476055330179597550087921141413344679134407016170035735846077181424615228657687216737432274043674411132745299610950657139041836412322040866250189120286839287690983293111362228893996267791120043532014262644480689231457941173330523718758287779526551822788227954215 +AKu2jgOQCCfYZ3CLkXEH44aO4TtwMPeK/eq4FtNj9HZ9FxT0LLNJh0ZXPOaPJjgznvIw5C7/hNm7rUs1JeV8I8dj3nbS3EVERQz1gc/ckYB3H1bViWREOD5+TScDusi86YO/z4ar3dauKkg5kT1kKDuU/OP5kNMWvtJjHc4Vd3L3 120581042599355202025471829872601846477331097842315143148145881424071317426176264583672725691485724160094190478865850305422057632110749683552966861219554215519032344086824849470294473808177223497912069335635933312949412445851201918768630656712413082629164792850095444166888072453190903931430551124946191872759 +ANLs7OsR7oBM5jSjVADrk+Mx9d0TeieTIkxwWiJ5STKNQmW2EzPOjgbfcLhbYEhzzDFJveXO2dzz6/c8V5oW2yqg7VMx88DzEbpQnQpk/rOQRw9jbI4fxXNJHkNZCeysEVvFfLJb4ecsGA0xJ3Aylny/jP10ahPv2z5K99edGZSU 148116916208650944522110872759145096907599612943009577897396622287067669897712748449324334650112672914917664881091633448764667172850435775162090891556266912697811031318228334453406561952979778127173704706529448647577013482442758465809198730066784986763500579667100246958959793527011919373534159474250508506260 +AL+Er3n1qj+SBsZVtOMJYg4m0CN+DE6gRnC1F7nPvd2XnBe+QE0+LKfcpUDHVNxoydW4BDzNVwnUNbyjXZ+iuddPtO9hchVEI36UiuL0ydeldFpOZ9mtHJaAF6abd0MlHw4vXRf8CbOvXb5N4s76ggijlZBjRtU563sSmBcyq6Zt 134488725667189507159811764480908602790838430340670328479145818969651133017546803581865897303917708192047926432630297993507146075655594931523561067937580218599890162311074002344315818494246433967228889645359283635389151927472221799543158424012020308449895562192866672439712148770104592027035768027605661099629 +AK/04XOBSjjPpuFXTDF82RNWnKqZz9mJQbS2B5bn0ehFnBa6j+B+MazX+AxXTL/d5+hPLT1uexcnSMl3DcGGwKipOXg7Dtuj3pfJXHTrCqXAUYrIXI+8vKVQO55yQPGfzIg9SVgetwW1sDk+a28ZhJ5a9OddqNoi5C+dLce7ZtNb 123560902006294001923570614486104726169564351074482936927091682096999779538353161007361361829586988452098646362280351148131540524964916445100589671458589346440250329883789099771417949746709217272531950438336245613419967556433467843237384555807236658182067742367748737224684334525934210197178231424396818830171 +PzOEGHlihiveoWFAALY+LOfkRJfm0NUF/uR6cSU/tbpGAq4onNpr+iZIzEP5o3JBLOtDC595/NBPI0fzaXl0vQvgJs6KG8iKANjsLKQjIpZBkoKhdbG9MzTVQuAeuDW0w3sn2iMZ/v2dgAzRwfqmQYXJr3I2BbcwWraIJuZXw5A= 44381416070253681813077725822442106641846565789204187691647505370231831464947935035197059366680327425453811558282831465960889061956588244308214943856009686127871667376028831540813257349779756631357122923723235595360268572998278795110672666089470210929411514949652537714634611421849780859192966935514197771152 +APnuduN01GS9dO2m2uCLs400AR2lX7elOnIPC5U6e17qbukxWYzNhilZlM4kdGXAIeYpzFdSIW/gxRMZe6TXq9krFWRaaPyT2QwRfGHYnazS9F1QNYmW1zXdt+qVp0JGxmh5PyDstbP8Z3x50/E8Mb0gLLPhNAvzY2Jnr9A8Q1Hy 175507868985304663005133968393406051624825489142498103948374797086106732382869120248515993626061853699363294022457032257026588816021007648668265488426495800459085474654859258116280251546902009156490112550154951965894022789029787886785376415437170872937201839249103828294508088966180386198213606090453461193202 +QHEhL4iVzNdUsfG0izTEepwTOvxka8t/9MwuF1Ey6kxsI+ry4g4sJPgR2xMnbtOmvQn2NitAkfvA8JPCiL7a8+gmf+DVRDjKDfpfrtgAVmo+3rH+uJYTrKhAp8R7ggU2xIrvbIrgeUj7ieThPI3Rtap+IdkPCL853JC/+oKtytM= 45252649968839515171157821292772647085425694172492111870169593872127007254353374581972876464918186509502070064028725519394859148593053614163356612260257013360168930649423732336969778875205250872728821432415158634190866775855521719727700464116412886964736859295086745723651735554245035077902615220578218265299 +APeaekK4mVhEShCfM0mkRebcg1Iq5CgrFIEGOoh1nHzgebr5A9Wrhm9yD1Vd3e+fFD9urDRB4y5MHPJHX1U2NFToC+H8nQkFXL8bfd/9Wl2c7y8m0Mxwi53pLIdzETLbbfeOOtJvuSYYT3n8+/PeMnJ46UD8OfqtnFuS0/bVpFLS 173873040145444066957050580959132871919216036714423404143335635770937773583761934638398867981658394368476005882852706046614562314432695052874974848076542261910660410561876043187368112065303981001507235893831108658530338308496461162623683138693880482650786841100027392293758260448606244283355655751440485602002 +FqC/wgZDPTUoObPFSH5w4QR79zj/O+ZiHGTEnsBMwNZD3Gl/ClRDIsFMDDupNLgwgXsqCQbpwSOHOtAvUuAFwRpzt5B7lwIgtP5ism/AZRno5p+9WVSmUAM3glHsNtvYydz2MkXtnXzSMIR1ZVoLrdwMnckE4pbMzggqz+JZqxw= 15889870005716350976759704672045310928616256175405784574141006779373730686049218680335525720670897894546334915362899913262232170795516176419192840427996647372619000239408311568577050460995518058850793096827271653902583271225799114408537346367483775593212272587811309978019791973449354003275559762102731778844 +AJXNbv2AMWadF5h99ZAUy5gLnVK/hMaakFo0ZedtPNRJobxPmwj+h52G+Czd0U48G0V0wpdeUJC9v/4BhjzhCvNhNsdAT1+vQXDuteYQ1aspsEKLQ6b+NknO88QSbRJw53+KeOY2xe7PKOa4V89XnFFBF7wljRnIYrM8vvcqVQDk 105194875227030598769888785590198577650278341586165110611689226597424766274486797264032300493674927704016605741286512271390703088626381669060095573361828932336327125438452066548897528158329044309005232090053420259033538936293519762277428283316506398965916381374819450858053512398634116052299066189424983605476 +AIDRnUpBHepjBqYAlU4MG/8JxzX1mPxVNHpWvnEVgvqTQx/bisFPpXrYs3jAKIR/lzevYwhH0K/8Vvw4NK9iTMFqgSnU44AZztKsoxUXsEsl1UU56UscY5C7ciKU6vjjWI7nm/uHNOXdE82TQXkk2WX8ferNqZU5DaLFCb+zxb7w 90459642084794142567976043425270153270545560059973413835786695756473295513758287577749768786155290305189883600338986370836806413936196854410098516254596146039255388020628703824195128439558127783534033672712705194483515442668075394018677699876614329419492391568463215822656901183478205197671375262145069825776 +AIdvVNzJqWPgAShvi3GhbhMQft+SLigKGrhoqas2Saz/bA9u9Td6fAxa2LjrAqshW6cnm2aalc3Yv6RW/Y8vg7Ho31NSaRjT4zMUenykcC0/Y88UNxREi85wdnHwGytms6Lq49H8/7EFGJIyL1PLRWPmZn6XFkegscI/HUq/hiKm 95105613103051650721863964216778532448106311156426028879315612217763044797186635476805213120469258258125661666950525364331551671653846368977016286153840829836509696804585927581668281228810410814602664419962214359687545209312836366693384158782798559255789953908588601637765910472073600954502095647132310971046 +DdchOPjXrI6lpV84IdKCisPmdqZan8AARXRLADEhixsfXCYuO+WhNatI/fM1vgv+/TxwwIQjIfG1vOZcB36JUfjHYdItYQ70vUXaVFdpqvoBGyfOTU50Ds/11iGPCF8mWiQwR30/XAXytqDZtaVJVWsgHD3RigBSnSHhnvZAWYg= 9719024770319024562623340689338530708271347986326272393419504304391837979619189392867902307307106771234732135400958362219711925045600118964223238147375808749507928768896918369395426933218443166133187066167663170936604731896932630589251946733237697936733924510107175304126061649311812536190882160340308613512 +I+Z6rdTOt26/v3dtUP1plITb15fjb6aMDvqFS3AD1+nxBqnnk7ISGE9j6dv762EIWQpMzcCG5NCCq35KOHEwRXP28zup6olOMt3CBFgYVcBE2pWOpGiO19G/iFweYZXZPY5HgIkex7HBbb7l6HhomPc2sLL/IRhh2oogyHx2JMM= 25210054612455888156900839678249806510561198051210010474517915819801056434402727631042894881559517808906460418029149538469607239850657781476308872923928122553395468026744382526167194202058040459679991391557937527079948356545086684521068912222036707113005006607012596093923970784177288565193670152033981048003 +ALbBoyelCs4UkfnPjMT3S67ujhBHBEE0uxLx6kSGZq2IOMU/QdWYPFElRgYC/y++334FSEycjS6NAJJo2ITpZCO5AjNJ93J3WYgbDLiwu1VzKHX6ItfFNEk45km+QTi07+pDKcKNd1k0mxqpLd/PuZd5hRpPDDoKBb6i+mrCb2yF 128335905497646745013379107761994003743181143126608677203818152878840562628631384684712779135591095534911406031545494164782375276574093777950840330452805743803067864740000758175436633463846967335728314347497013853264454015790847388463800323796888198433722196292529074568758149650782323407298620158495364705413 +ANwlxEkeqmqYTxw1ZwMi1v2wo4ntPaEYZYoTLTJQfa+kuIksnHW9va243HAiOixd+rviVdm1dEwzESBbX0wiJNtRBpP+bnRxy4xOBjNoOB0c/tfka5JVwu5eeskyHx4V3inLviUaj86Yck42n5NaJFMfBvhzVftZ/YF9WBITI8g6 154592850289860621115358362871905683265658659789986179554827712019629689749439795961607030363152337159590319622241556795951071651584979664762468782303706550885785493534656062553770262954861884613383561063525714923031691298088562054236178003658891902606245782350998076658704876516153027797371814038658244397114 diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test1-discover.txt b/vendor/gems/ruby-openid-2.1.4/test/data/test1-discover.txt new file mode 100644 index 0000000000..7ec9b87886 --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/test/data/test1-discover.txt @@ -0,0 +1,137 @@ +equiv +Status: 200 OK +Content-Type: text/html + + + + +Joe Schmoe's Homepage + + +

    Joe Schmoe's Homepage

    +

    Blah blah blah blah blah blah blah

    + + + +header +Status: 200 OK +Content-Type: text/html +YADIS_HEADER: URL_BASE/xrds + + + +Joe Schmoe's Homepage + + +

    Joe Schmoe's Homepage

    +

    Blah blah blah blah blah blah blah

    + + +xrds +Status: 200 OK +Content-Type: application/xrds+xml + + + +xrds_ctparam +Status: 200 OK +Content-Type: application/xrds+xml; charset=UTF8 + + + +xrds_ctcase +Status: 200 OK +Content-Type: appliCATION/XRDS+xml + + + +xrds_html +Status: 200 OK +Content-Type: text/html + + + +redir_equiv +Status: 302 Found +Content-Type: text/plain +Location: URL_BASE/equiv + +You are presently being redirected. + +redir_header +Status: 302 Found +Content-Type: text/plain +Location: URL_BASE/header + +You are presently being redirected. + +redir_xrds +Status: 302 Found +Content-Type: application/xrds+xml +Location: URL_BASE/xrds + + + +redir_xrds_html +Status: 302 Found +Content-Type: text/plain +Location: URL_BASE/xrds_html + +You are presently being redirected. + +redir_redir_equiv +Status: 302 Found +Content-Type: text/plain +Location: URL_BASE/redir_equiv + +You are presently being redirected. + +lowercase_header +Status: 200 OK +Content-Type: text/html +x-xrds-location: URL_BASE/xrds + + + +Joe Schmoe's Homepage + + +

    Joe Schmoe's Homepage

    +

    Blah blah blah blah blah blah blah

    + + +404_server_response +Status: 404 Not Found + +EEk! + +500_server_response +Status: 500 Server error + +EEk! + +201_server_response +Status: 201 Created + +EEk! + +404_with_header +Status: 404 Not Found +YADIS_HEADER: URL_BASE/xrds + +EEk! + +404_with_meta +Status: 404 Not Found +Content-Type: text/html + + + + +Joe Schmoe's Homepage + + +

    Joe Schmoe's Homepage

    +

    Blah blah blah blah blah blah blah

    + + diff --git a/vendor/gems/ruby-openid-2.1.4/test/data/test1-parsehtml.txt b/vendor/gems/ruby-openid-2.1.4/test/data/test1-parsehtml.txt new file mode 100644 index 0000000000..8ed59d33ed --- /dev/null +++ b/vendor/gems/ruby-openid-2.1.4/test/data/test1-parsehtml.txt @@ -0,0 +1,152 @@ +found + + + +found + + + +found + + + +found + + + +found + + + +found + + + +found + + + +found + + + +None + +