Ruby on rails 3 为google身份验证传递附加参数-rails
对于使用Rack::openid的Google身份验证,如何传递附加参数,例如Ruby on rails 3 为google身份验证传递附加参数-rails,ruby-on-rails-3,openid,rack,google-authentication,Ruby On Rails 3,Openid,Rack,Google Authentication,对于使用Rack::openid的Google身份验证,如何传递附加参数,例如openid.ns.pape和openid.pape.max\u auth\u age def new response.headers['WWW-Authenticate'] = Rack::OpenID.build_header( :identifier => "https://www.google.com/accounts/o8/id", :required => ["h
openid.ns.pape
和openid.pape.max\u auth\u age
def new
response.headers['WWW-Authenticate'] = Rack::OpenID.build_header(
:identifier => "https://www.google.com/accounts/o8/id",
:required => ["http://axschema.org/contact/email"],
:return_to => accounts_url,
:method => 'POST')
head 401
end
我只想强制新会话进行身份验证我是rails openid的新手
提前感谢。在大量的谷歌搜索之后,我在
Rack::openid
中找到了传递openid.ns.pape
参数的解决方案。解决方案在我的博客中发布
我刚刚做了一个猴子补丁来解决这个问题。这是补丁
require 'openid/extensions/pape'
module Rack
class OpenID
private
def begin_authentication(env, qs)
req = Rack::Request.new(env)
params = self.class.parse_header(qs)
session = env["rack.session"]
unless session
raise RuntimeError, "Rack::OpenID requires a session"
end
consumer = ::OpenID::Consumer.new(session, @store)
identifier = params['identifier'] || params['identity']
immediate = params['immediate'] == 'true'
begin
oidreq = consumer.begin(identifier)
add_simple_registration_fields(oidreq, params)
unless params['pape'].nil?
add_pape(oidreq,params['pape'])
end
add_attribute_exchange_fields(oidreq, params)
add_oauth_fields(oidreq, params)
url = open_id_redirect_url(req, oidreq, params["trust_root"], params["return_to"], params["method"], immediate)
return redirect_to(url)
rescue ::OpenID::OpenIDError, Timeout::Error => e
env[RESPONSE] = MissingResponse.new
return @app.call(env)
end
end
def add_pape(oidreq,max_auth_age)
papereq = ::OpenID::PAPE::Request.new
papereq.add_policy_uri(::OpenID::PAPE::AUTH_PHISHING_RESISTANT)
papereq.max_auth_age = max_auth_age
oidreq.add_extension(papereq)
oidreq.return_to_args['did_pape'] = 'y'
end
end
end
因为我在rails应用程序中需要它,所以我将上述代码保存在initializers(config/initializers/rack_openid_patch.rb)文件夹中。若你们并没有使用rails,我认为你们需要保存这个文件,并在u'r项目中手动执行
现在,您需要将pape选项添加到Rack::OpenID.build_头中
max_auth_age = 0
response.headers['WWW-Authenticate'] = Rack::OpenID.build_header(
:identifier => "https://www.google.com/accounts/o8/id",
:required => ["http://axschema.org/contact/email"],
:return_to => accounts_url,
:pape => max_auth_age,
:method => 'POST')
head 401
确保将max_auth_age设置为0,以强制对新会话进行google身份验证。在进行了大量的google搜索后,我在
Rack::openid
中找到了传递openid.ns.pape
参数的解决方案。该解决方案在我的博客中发布
我刚刚做了一个猴子补丁来解决这个问题。这是补丁
require 'openid/extensions/pape'
module Rack
class OpenID
private
def begin_authentication(env, qs)
req = Rack::Request.new(env)
params = self.class.parse_header(qs)
session = env["rack.session"]
unless session
raise RuntimeError, "Rack::OpenID requires a session"
end
consumer = ::OpenID::Consumer.new(session, @store)
identifier = params['identifier'] || params['identity']
immediate = params['immediate'] == 'true'
begin
oidreq = consumer.begin(identifier)
add_simple_registration_fields(oidreq, params)
unless params['pape'].nil?
add_pape(oidreq,params['pape'])
end
add_attribute_exchange_fields(oidreq, params)
add_oauth_fields(oidreq, params)
url = open_id_redirect_url(req, oidreq, params["trust_root"], params["return_to"], params["method"], immediate)
return redirect_to(url)
rescue ::OpenID::OpenIDError, Timeout::Error => e
env[RESPONSE] = MissingResponse.new
return @app.call(env)
end
end
def add_pape(oidreq,max_auth_age)
papereq = ::OpenID::PAPE::Request.new
papereq.add_policy_uri(::OpenID::PAPE::AUTH_PHISHING_RESISTANT)
papereq.max_auth_age = max_auth_age
oidreq.add_extension(papereq)
oidreq.return_to_args['did_pape'] = 'y'
end
end
end
因为我在rails应用程序中需要它,所以我将上述代码保存在initializers(config/initializers/rack_openid_patch.rb)文件夹中。若你们并没有使用rails,我认为你们需要保存这个文件,并在u'r项目中手动执行
现在,您需要将pape选项添加到Rack::OpenID.build_头中
max_auth_age = 0
response.headers['WWW-Authenticate'] = Rack::OpenID.build_header(
:identifier => "https://www.google.com/accounts/o8/id",
:required => ["http://axschema.org/contact/email"],
:return_to => accounts_url,
:pape => max_auth_age,
:method => 'POST')
head 401
确保将max_auth_age设置为0,以强制对新会话进行google身份验证