search

nbudin / devise_openid_authenticatable

OpenID authentication for Devise
MIT License
99 stars 32 forks source link

Doesn't work with rememberable #3

Closed greendog99 closed 14 years ago

greendog99 commented 14 years ago

It appears that when devise_openid_authenticatable constructs the OpenID HTTP request, it drops the "remember_me" parameter, thus breaking rememberable.

nbudin commented 14 years ago

I'm about halfway to a fix on this one, I think. I added the following code to Devise::Strategies::OpenidAuthenticatable, right before it sends the custom! header:

      # construct a return URL, preserving all the scope parameters as GET parameters
      return_to = URI.parse(request.url)
      scope_params = {}
      params[scope].each do |k, v|
        scope_params["#{scope}[#{k}]"] = v
      end
      return_to.query = Rack::Utils.build_query(scope_params)

      header_data = Rack::OpenID.build_header(:identifier => params[scope]["identity_url"], :return_to => return_to.to_s,
        :method => request.method)

Now when the OpenID provider successfully handles the authentication, it will automatically add in any scoped parameters (such as user[remember_me]) back to the consumer. However, I think I am doing something wrong here, since I get back an OpenID::FailureResponse with the message "Message missing return_to argument 'user[remember_me]'".

I guess this must be a misuse of the return_to parameter or something. Any OpenID experts who wish to jump in and correct me, please do...

vvdpzz commented 14 years ago

Can you fix this problem now? Thank you very much.

nbudin commented 14 years ago

No, this is an upstream issue in Ruby::OpenID. I've just reported an issue in that project. Until this is resolved, I can't support rememberable in devise_openid_authenticatable.

http://github.com/openid/ruby-openid/issues/issue/5

vvdpzz commented 14 years ago

What can we do ? I really like this plugin and wanna use it into production environment but I don't know how to fix it. Do you remember someone has ask a question about this plugin in stackoverflow ? It was me... 2 months later, It works but not pretty good... Please help me. Thank you very much. I am hard working at learning rails...

nbudin commented 14 years ago

Actually, on further investigation, this is not an issue in Ruby::OpenID, but in Rack::OpenID. I successfully tested a workaround in Rack::OpenID that fixes this issue, but will need upstream to accept a patch for it before I can release rememberable support here.

Joshua Peek, the author of rack-openid, has already responded to my issue with helpful suggestions, so a fix will probably be coming soon.

vvdpzz commented 14 years ago

Thank you very much~ God bless you.

nbudin commented 14 years ago

The changes to support this are now committed to this project. I have not yet released a gem because some of the test cases are failing, so once those pass, I will release it. If you want to test it in the meantime, go ahead and check out the latest master of this project.

vvdpzz commented 14 years ago

Thank you~ (:

greendog99 commented 14 years ago

Confirmed that this is working correctly in devise_openid_authenticatable 1.0.0.alpha7 (head). Thanks so much for your continued work on this gem!

nbudin commented 14 years ago

Turns out my fix that I'd submitted to rack-openid 1.1.2 broke some cases where the OpenID server returns back parameters via POST instead of GET, which is why the test suite was failing. There is a fix for that rolled into rack-openid 1.2.0.

I've released 1.0.0.alpha7 of this gem with rememberable support and a requirement for rack-openid 1.2.0. Since rack-openid 1.2.0 depends on rack 1.1 or greater, Rails 2.3 users will need to be on at least 2.3.6 for this to work.