[Catalyst-commits] r11179 - in
Catalyst-Authentication-Credential-OpenID/trunk: .
lib/Catalyst/Authentication/Credential t t/Consumer/lib
t/Provider/lib
apv at dev.catalyst.perl.org
apv at dev.catalyst.perl.org
Fri Aug 21 06:46:29 GMT 2009
Author: apv
Date: 2009-08-21 06:46:28 +0000 (Fri, 21 Aug 2009)
New Revision: 11179
Modified:
Catalyst-Authentication-Credential-OpenID/trunk/Changes
Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm
Catalyst-Authentication-Credential-OpenID/trunk/t/Consumer/lib/TestApp.pm
Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp.pm
Catalyst-Authentication-Credential-OpenID/trunk/t/live-app.t
Log:
Fixed Pod L<> errors. Moved extensions args. Change default agent due to LWPx::PA's current instability.
Modified: Catalyst-Authentication-Credential-OpenID/trunk/Changes
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/Changes 2009-08-20 04:15:26 UTC (rev 11178)
+++ Catalyst-Authentication-Credential-OpenID/trunk/Changes 2009-08-21 06:46:28 UTC (rev 11179)
@@ -1,5 +1,13 @@
Revision history for Catalyst::Authentication::Credential::OpenID
+0.14_01 Thu Aug 20 21:30:32 PDT 2009
+ - I had an old Test::Pod that didn't catch unsupported L<>
+ usage; CPAN testers found it.
+ - Changed use of LWPx::PA when a ua_class isn't set to test for
+ its successful eval and to use LWP::UserAgent on failure.
+ - Rearranged the extensions and extention_args so there is no
+ duplication necessary in the config.
+
0.14 Tue Aug 18 22:37:51 PDT 2009
- Split live tests into two test apps to avoid the need to fork
to have a self-answering server; crudely done, it's the same
Modified: Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm 2009-08-20 04:15:26 UTC (rev 11178)
+++ Catalyst-Authentication-Credential-OpenID/trunk/lib/Catalyst/Authentication/Credential/OpenID.pm 2009-08-21 06:46:28 UTC (rev 11179)
@@ -7,7 +7,7 @@
__PACKAGE__->mk_accessors(qw/ _config realm debug secret /);
}
-our $VERSION = "0.14";
+our $VERSION = "0.14_01";
use Net::OpenID::Consumer;
use Catalyst::Exception ();
@@ -33,7 +33,9 @@
$secret = substr($secret,0,255) if length $secret > 255;
$self->secret($secret);
- $self->_config->{ua_class} ||= "LWPx::ParanoidAgent";
+ # If user has no preference we prefer L::PA b/c it can prevent DoS attacks.
+ $self->_config->{ua_class} ||= eval "use LWPx::ParanoidAgent" ?
+ "LWPx::ParanoidAgent" : "LWP::UserAgent";
my $agent_class = $self->_config->{ua_class};
eval "require $agent_class"
@@ -64,6 +66,10 @@
consumer_secret => $self->secret,
);
+ my @extensions = $self->_config->{extensions} ?
+ @{ $self->_config->{extensions} } : $self->_config->{extension_args} ?
+ @{ $self->_config->{extension_args} } : ();
+
if ( $claimed_uri )
{
my $current = $c->uri_for($c->req->uri->path); # clear query/fragment...
@@ -71,8 +77,8 @@
my $identity = $csr->claimed_identity($claimed_uri)
or Catalyst::Exception->throw($csr->err);
- $identity->set_extension_args(@{$self->_config->{extension_args}})
- if $self->_config->{extension_args};
+ $identity->set_extension_args(\@extensions)
+ if @extensions;
my $check_url = $identity->check_url(
return_to => $current . '?openid-check=1',
@@ -98,9 +104,11 @@
# This is where we ought to build an OpenID user and verify against the spec.
my $user = +{ map { $_ => scalar $identity->$_ }
qw( url display rss atom foaf declared_rss declared_atom declared_foaf foafmaker ) };
-
- for(keys %{$self->{_config}->{extensions}}) {
- $user->{extensions}->{$_} = $identity->signed_extension_fields($_);
+ # Dude, I did not design the array as hash spec. Don't curse me [apv].
+ my %flat = @extensions;
+ for my $key ( keys %flat )
+ {
+ $user->{extensions}->{$key} = $identity->signed_extension_fields($key);
}
my $user_obj = $realm->find_user($user, $c);
@@ -134,8 +142,14 @@
=head1 VERSION
-0.13
+0.14_01
+=head1 BACKWARDS COMPATIBILITY CHANGE
+
+B<NB>: The extenstions were previously configured under the key C<extension_args>. They are now configured under C<extensions>. This prevents the need for double configuration but it breaks extensions in your application if you do not change the name. The old version is supported for now but may be phased out at any time.
+
+As previously noted, L</EXTENSIONS TO OPENID>, I have not tested the extensions. I would be grateful for any feedback or, better, tests.
+
=head1 SYNOPSIS
In MyApp.pm-
@@ -156,7 +170,7 @@
<credential>
class OpenID
</credential>
- ua_class LWPx::ParanoidAgent
+ ua_class LWP::UserAgent
</openid>
</realms>
</Plugin::Authentication>
@@ -169,7 +183,7 @@
openid:
credential:
class: OpenID
- ua_class: LWPx::ParanoidAgent
+ ua_class: LWP::UserAgent
In a controller, perhaps C<Root::openid>-
@@ -315,7 +329,7 @@
},
openid => {
consumer_secret => "Don't bother setting",
- ua_class => "LWPx::ParanoidAgent",
+ ua_class => "LWP::UserAgent",
ua_args => {
whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
},
@@ -325,7 +339,7 @@
class => "OpenID",
},
},
- extension_args => [
+ extensions => [
'http://openid.net/extensions/sreg/1.1',
{
required => 'email',
@@ -364,18 +378,18 @@
whitelisted_hosts localhost
</ua_args>
consumer_secret Don't bother setting
- ua_class LWPx::ParanoidAgent
+ ua_class LWP::UserAgent
<credential>
<store>
class OpenID
</store>
class OpenID
</credential>
- <extension_args>
+ <extensions>
http://openid.net/extensions/sreg/1.1
required email
optional fullname,nickname,timezone
- </extension_args>
+ </extensions>
</openid>
</realms>
</Plugin::Authentication>
@@ -402,12 +416,12 @@
store:
class: OpenID
consumer_secret: Don't bother setting
- ua_class: LWPx::ParanoidAgent
+ ua_class: LWP::UserAgent
ua_args:
whitelisted_hosts:
- 127.0.0.1
- localhost
- extension_args:
+ extensions:
- http://openid.net/extensions/sreg/1.1
- required: email
optional: fullname,nickname,timezone
@@ -416,7 +430,7 @@
=head2 EXTENSIONS TO OPENID
-The L<Simple Registration|http://openid.net/extensions/sreg/1.1> (SREG) extension to OpenID is supported in the L<Net::OpenID> family now. Experimental support for it is included here as of v0.12. SREG is the only supported extension in OpenID 1.1. It's experimental in the sense it's a new interface and barely tested. Support for OpenID extensions is here to stay.
+The Simple Registration--L<http://openid.net/extensions/sreg/1.1>--(SREG) extension to OpenID is supported in the L<Net::OpenID> family now. Experimental support for it is included here as of v0.12. SREG is the only supported extension in OpenID 1.1. It's experimental in the sense it's a new interface and barely tested. Support for OpenID extensions is here to stay.
=head2 MORE ON CONFIGURATION
@@ -426,12 +440,13 @@
=item ua_args and ua_class
-L<LWPx::ParanoidAgent> is the default agent E<mdash> C<ua_class>. You don't
-have to set it. I recommend that you do B<not> override it. You can
-with any well behaved L<LWP::UserAgent>. You probably should not.
+L<LWPx::ParanoidAgent> is the default agent E<mdash> C<ua_class>
+E<mdash> if it's available, L<LWP::UserAgent> if not. You don't have
+to set it. I recommend that you do B<not> override it. You can with
+any well behaved L<LWP::UserAgent>. You probably should not.
L<LWPx::ParanoidAgent> buys you many defenses and extra security
checks. When you allow your application users freedom to initiate
-external requests, you open a big avenue for DoS (denial of service)
+external requests, you open an avenue for DoS (denial of service)
attacks. L<LWPx::ParanoidAgent> defends against this.
L<LWP::UserAgent> and any regular subclass of it will not.
@@ -447,6 +462,8 @@
=head1 TODO
+Option to suppress fatals.
+
Support more of the new methods in the L<Net::OpenID> kit.
There are some interesting implications with this sort of setup. Does
@@ -465,11 +482,11 @@
To Benjamin Trott (L<Catalyst::Plugin::Authentication::OpenID>), Tatsuhiko Miyagawa (L<Catalyst::Plugin::Authentication::Credential::OpenID>), Brad Fitzpatrick for the great OpenID stuff, Martin Atkins for picking up the code to handle OpenID 2.0, and Jay Kuri and everyone else who has made Catalyst such a wonderful framework.
-L<Menno Blom|http://search.cpan.org/~blom/> provided a bug fix and the hook to use OpenID extensions.
+Menno Blom provided a bug fix and the hook to use OpenID extensions.
=head1 LICENSE AND COPYRIGHT
-Copyright (c) 2008, Ashley Pond V C<< <ashley at cpan.org> >>. Some of Tatsuhiko Miyagawa's work is reused here.
+Copyright (c) 2008-2009, Ashley Pond V C<< <ashley at cpan.org> >>. Some of Tatsuhiko Miyagawa's work is reused here.
This module is free software; you can redistribute it and modify it under the same terms as Perl itself. See L<perlartistic>.
Modified: Catalyst-Authentication-Credential-OpenID/trunk/t/Consumer/lib/TestApp.pm
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/t/Consumer/lib/TestApp.pm 2009-08-20 04:15:26 UTC (rev 11178)
+++ Catalyst-Authentication-Credential-OpenID/trunk/t/Consumer/lib/TestApp.pm 2009-08-21 06:46:28 UTC (rev 11179)
@@ -47,7 +47,7 @@
whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
timeout => 10,
},
- extension_args => [
+ extensions => [
'http://openid.net/extensions/sreg/1.1',
{
required => 'email',
Modified: Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp.pm
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp.pm 2009-08-20 04:15:26 UTC (rev 11178)
+++ Catalyst-Authentication-Credential-OpenID/trunk/t/Provider/lib/TestApp.pm 2009-08-21 06:46:28 UTC (rev 11179)
@@ -47,7 +47,7 @@
whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
timeout => 10,
},
- extension_args => [
+ extensions => [
'http://openid.net/extensions/sreg/1.1',
{
required => 'email',
Modified: Catalyst-Authentication-Credential-OpenID/trunk/t/live-app.t
===================================================================
--- Catalyst-Authentication-Credential-OpenID/trunk/t/live-app.t 2009-08-20 04:15:26 UTC (rev 11178)
+++ Catalyst-Authentication-Credential-OpenID/trunk/t/live-app.t 2009-08-21 06:46:28 UTC (rev 11179)
@@ -19,9 +19,9 @@
my $provider_port = $consumer_port;
$provider_port = 10000 + int rand(1 + 10000) until $consumer_port != $provider_port;
-my $provider_pipe = "perl -I$FindBin::Bin/../lib -I$FindBin::Bin/Provider/lib $FindBin::Bin/Provider/script/testapp_server.pl -p $consumer_port |";
+my $provider_pipe = "perl -I$FindBin::Bin/../lib -I$FindBin::Bin/Provider/lib $FindBin::Bin/Provider/script/testapp_server.pl -p $consumer_port -d |";
-my $consumer_pipe = "perl -I$FindBin::Bin/../lib -I$FindBin::Bin/Consumer/lib $FindBin::Bin/Consumer/script/testapp_server.pl -p $provider_port |";
+my $consumer_pipe = "perl -I$FindBin::Bin/../lib -I$FindBin::Bin/Consumer/lib $FindBin::Bin/Consumer/script/testapp_server.pl -p $provider_port -d |";
my $provider_pid = open my $provider, $provider_pipe
or die "Unable to spawn standalone HTTP server for Provider: $!";
More information about the Catalyst-commits
mailing list