class OpenID::TrustRoot::TrustRoot
Attributes
host[R]
path[R]
port[R]
proto[R]
unparsed[R]
wildcard[R]
Public Class Methods
_build_path(path, query=nil, frag=nil)
click to toggle source
# File lib/openid/trustroot.rb, line 156 def TrustRoot._build_path(path, query=nil, frag=nil) s = path.dup frag = nil if frag == '' query = nil if query == '' if query s << "?" << query end if frag s << "#" << frag end return s end
_parse_url(url)
click to toggle source
# File lib/openid/trustroot.rb, line 173 def TrustRoot._parse_url(url) begin url = URINorm.urinorm(url) rescue URI::InvalidURIError nil end begin parsed = URI::DEFAULT_PARSER.parse(url) rescue URI::InvalidURIError return nil end path = TrustRoot._build_path(parsed.path, parsed.query, parsed.fragment) return [parsed.scheme || '', parsed.host || '', parsed.port || '', path || ''] end
check_sanity(trust_root_string)
click to toggle source
# File lib/openid/trustroot.rb, line 224 def TrustRoot.check_sanity(trust_root_string) trust_root = TrustRoot.parse(trust_root_string) if trust_root.nil? return false else return trust_root.sane? end end
check_url(trust_root, url)
click to toggle source
quick func for validating a url against a trust root. See the TrustRoot class if you need more control.
# File lib/openid/trustroot.rb, line 235 def self.check_url(trust_root, url) tr = self.parse(trust_root) return (!tr.nil? and tr.validate_url(url)) end
new(unparsed, proto, wildcard, host, port, path)
click to toggle source
# File lib/openid/trustroot.rb, line 261 def initialize(unparsed, proto, wildcard, host, port, path) @unparsed = unparsed @proto = proto @wildcard = wildcard @host = host @port = port @path = path end
parse(trust_root)
click to toggle source
# File lib/openid/trustroot.rb, line 194 def TrustRoot.parse(trust_root) trust_root = trust_root.dup unparsed = trust_root.dup # look for wildcard wildcard = (not trust_root.index('://*.').nil?) trust_root.sub!('*.', '') if wildcard # handle http://*/ case if not wildcard and @@empty_re.match(trust_root) proto = trust_root.split(':')[0] port = proto == 'http' ? 80 : 443 return new(unparsed, proto, true, '', port, '/') end parts = TrustRoot._parse_url(trust_root) return nil if parts.nil? proto, host, port, path = parts return nil if host[0] == '.' # check for URI fragment if path and !path.index('#').nil? return nil end return nil unless ['http', 'https'].member?(proto) return new(unparsed, proto, wildcard, host, port, path) end
Public Instance Methods
build_discovery_url()
click to toggle source
Return a discovery URL for this realm.
This function does not check to make sure that the realm is valid. Its behaviour on invalid inputs is undefined.
- return_to
-
The relying party return URL of the OpenID
authentication request
Returns the URL upon which relying party discovery should be run in order to verify the return_to URL
# File lib/openid/trustroot.rb, line 250 def build_discovery_url if self.wildcard # Use "www." in place of the star www_domain = 'www.' + @host port = (!@port.nil? and ![80, 443].member?(@port)) ? (":" + @port.to_s) : '' return "#{@proto}://#{www_domain}#{port}#{@path}" else return @unparsed end end
sane?()
click to toggle source
# File lib/openid/trustroot.rb, line 270 def sane? return true if @host == 'localhost' host_parts = @host.split('.') # a note: ruby string split does not put an empty string at # the end of the list if the split element is last. for # example, 'foo.com.'.split('.') => ['foo','com']. Mentioned # because the python code differs here. return false if host_parts.length == 0 # no adjacent dots return false if host_parts.member?('') # last part must be a tld tld = host_parts[-1] return false unless TOP_LEVEL_DOMAINS.member?(tld) return false if host_parts.length == 1 if @wildcard if tld.length == 2 and host_parts[-2].length <= 3 # It's a 2-letter tld with a short second to last segment # so there needs to be more than two segments specified # (e.g. *.co.uk is insane) return host_parts.length > 2 end end return true end
validate_url(url)
click to toggle source
# File lib/openid/trustroot.rb, line 303 def validate_url(url) parts = TrustRoot._parse_url(url) return false if parts.nil? proto, host, port, path = parts return false unless proto == @proto return false unless port == @port return false unless host.index('*').nil? if !@wildcard if host != @host return false end elsif ((@host != '') and (!host.end_with?('.' + @host)) and (host != @host)) return false end if path != @path path_len = @path.length trust_prefix = @path[0...path_len] url_prefix = path[0...path_len] # must be equal up to the length of the path, at least if trust_prefix != url_prefix return false end # These characters must be on the boundary between the end # of the trust root's path and the start of the URL's path. if !@path.index('?').nil? allowed = '&' else allowed = '?/' end return (!allowed.index(@path[-1]).nil? or !allowed.index(path[path_len]).nil?) end return true end