From a67aeebcbcebb9358debb06fa31da515f574d201 Mon Sep 17 00:00:00 2001
From: Andy Gregorowicz <andy@mitre.org>
Date: Wed, 29 Aug 2012 15:05:14 -0400
Subject: [PATCH] Adding support for logging in with the TATRC OIDC IdP

---
 Gemfile                                  |  1 +
 Gemfile.lock                             | 37 ++++++++++++++++++++++++
 app/views/authentications/index.html.erb |  2 +-
 app/views/devise/sessions/new.html.erb   |  2 +-
 config/initializers/omniauth.rb          |  7 +++++
 5 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/Gemfile b/Gemfile
index 07449a1..74ed1b3 100644
--- a/Gemfile
+++ b/Gemfile
@@ -13,6 +13,7 @@ gem 'heroku'
 gem "nokogiri"
 gem 'devise'
 gem 'devise_oauth2_providable', :git => 'https://github.com/rdingwell/devise_oauth2_providable.git',:branch => "master" 
+gem 'omniauth_openid_connect', :git => "https://github.com/project-rhex/omniauth_openid_connect.git"
 
 gem 'omniauth'
 gem 'omniauth-openid'
diff --git a/Gemfile.lock b/Gemfile.lock
index cecc827..fd5f93b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -10,6 +10,15 @@ GIT
       nokogiri (>= 1.4.4)
       uuid (~> 2.3.4)
 
+GIT
+  remote: https://github.com/project-rhex/omniauth_openid_connect.git
+  revision: b12d89d5744b0fcf766b6e12e1fc6c2b2c4382df
+  specs:
+    omniauth_openid_connect (0.2.0)
+      omniauth (~> 1.0)
+      openid_connect (= 0.2.0.alpha3)
+      rack-oauth2
+
 GIT
   remote: https://github.com/rdingwell/devise_oauth2_providable.git
   revision: 99d0ca56786f86a8e28875d462c99f9e344ac2f9
@@ -128,6 +137,11 @@ GEM
       railties (>= 3.1.0, < 5.0)
       thor (~> 0.14)
     json (1.7.5)
+    json-jwt (0.1.8)
+      activesupport (>= 2.3)
+      i18n
+      json (>= 1.4.3)
+      url_safe_base64
     kaminari (0.13.0)
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
@@ -168,6 +182,16 @@ GEM
     omniauth-openid (1.0.1)
       omniauth (~> 1.0)
       rack-openid (~> 1.3.1)
+    openid_connect (0.2.0.alpha3)
+      activemodel (>= 3)
+      attr_required (>= 0.0.5)
+      json (>= 1.4.3)
+      json-jwt (>= 0.0.3)
+      rack-oauth2 (>= 0.14.2)
+      swd (>= 0.1.2)
+      tzinfo
+      validate_email
+      validate_url
     orm_adapter (0.4.0)
     polyglot (0.3.3)
     pry (0.9.10)
@@ -226,6 +250,12 @@ GEM
       hike (~> 1.2)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
+    swd (0.1.2)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      httpclient (>= 2.2.1)
+      i18n
+      json (>= 1.4.3)
     symbolize (4.2.0)
     systemu (2.5.2)
     therubyracer (0.10.2)
@@ -245,8 +275,14 @@ GEM
     uglifier (1.2.7)
       execjs (>= 0.3.0)
       multi_json (~> 1.3)
+    url_safe_base64 (0.2.1)
     uuid (2.3.5)
       macaddr (~> 1.0)
+    validate_email (0.1.6)
+      activemodel (>= 3.0)
+      mail (>= 2.2.5)
+    validate_url (0.2.0)
+      activemodel (>= 3.0.0)
     warden (1.2.1)
       rack (>= 1.0)
     webmock (1.8.9)
@@ -275,6 +311,7 @@ DEPENDENCIES
   nokogiri
   omniauth
   omniauth-openid
+  omniauth_openid_connect!
   pry
   pry-nav
   rails (= 3.2.8)
diff --git a/app/views/authentications/index.html.erb b/app/views/authentications/index.html.erb
index a9a021c..3be0dea 100644
--- a/app/views/authentications/index.html.erb
+++ b/app/views/authentications/index.html.erb
@@ -20,7 +20,7 @@
   <p><strong>Sign in through one of these services:</strong></p>
 <% end %>
 
-<a href="/auth/open_id" class="auth_provider">
+<a href="/auth/openid_connect" class="auth_provider">
   <%= image_tag "openid_64.png", :size => "64x64", :alt => "OpenID" %>
   OpenID
 </a>
diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
index ffaebc9..63474c4 100644
--- a/app/views/devise/sessions/new.html.erb
+++ b/app/views/devise/sessions/new.html.erb
@@ -41,7 +41,7 @@
   <h3>Select an identity provider</h3>
   <table><tr>
       <td>
-        <a href="/auth/open_id" class="auth_provider">
+        <a href="/auth/openid_connect" class="auth_provider">
         <%= image_tag "open_id_large.png", :class => "tag", :alt => "OpenID" %>
         </a>
       </td>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index a501b46..ba11cc1 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -3,4 +3,11 @@
 Rails.application.config.middleware.use OmniAuth::Builder do
    provider :open_id, store: OpenID::Store::Filesystem.new('/tmp')
    provider :developer unless Rails.env.production?
+   provider :openid_connect, 'direct.stormwoods.info','67f31a9c-ca13-11e1-bc1d-000c297fba10','7fae4ef2-cca7-11e1-bd23-000c297fba10',{:authorization_endpoint => "/tatrc-openid-connect-server/authorize"  ,
+                :user_info_endpoint=>"/tatrc-openid-connect-server/userinfo", 
+                :token_endpoint =>"/tatrc-openid-connect-server/token", 
+                :jwk_url=>"/tatrc-openid-connect-server/jwk",
+                :issuer=>"http://localhost/",
+                :scope=>"openid profile email",
+                :client_options =>{:scheme=>"http", :port=>8080}}
 end
\ No newline at end of file