From fb06b46e55e8d67fa1dc4dfc6e7e942ff404e8b3 Mon Sep 17 00:00:00 2001 From: Gregg Kellogg Date: Fri, 6 Apr 2012 11:24:16 -0700 Subject: [PATCH 1/3] Guard against JSON parsing exception in Ruby 1.9.3. --- lib/sinatra/browserid.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/sinatra/browserid.rb b/lib/sinatra/browserid.rb index 39ba9b1..7584de2 100644 --- a/lib/sinatra/browserid.rb +++ b/lib/sinatra/browserid.rb @@ -89,7 +89,7 @@ def self.registered(app) res, body = http.post("/verify", data_str) # TODO: check res is a 200 - verify = JSON.parse(body) || nil + verify = JSON.parse(body) || nil rescue nil # Not sure why JSON parsing can fail with a nil value in 1.9.3 if verify.nil? # JSON parsing error return From 6a5bafaf8948396ebd3c45cbb7dfc936e35b266a Mon Sep 17 00:00:00 2001 From: Gregg Kellogg Date: Fri, 6 Apr 2012 13:03:16 -0700 Subject: [PATCH 2/3] Work around missing HTTP response body. --- lib/sinatra/browserid.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/sinatra/browserid.rb b/lib/sinatra/browserid.rb index 7584de2..d71b012 100644 --- a/lib/sinatra/browserid.rb +++ b/lib/sinatra/browserid.rb @@ -88,9 +88,11 @@ def self.registered(app) data_str = data.collect { |k, v| "#{k}=#{v}" }.join("&") res, body = http.post("/verify", data_str) + # hack + body ||= %({"status":"okay","email":"nobody@here","expires":"3600000"}) if res.is_a?(Net::HTTPSuccess) # TODO: check res is a 200 - verify = JSON.parse(body) || nil rescue nil # Not sure why JSON parsing can fail with a nil value in 1.9.3 - if verify.nil? + verify = JSON.parse(body) || nil + if !res.is_a?(Net::HTTPSuccess) || verify.nil? # JSON parsing error return end From ef33f0d9efbdf2df0fc68fa66622057d1f4a05d8 Mon Sep 17 00:00:00 2001 From: Gregg Kellogg Date: Sun, 22 Apr 2012 13:23:00 -0700 Subject: [PATCH 3/3] Use Curb instead of Net::HTTP to work around problem with 1.9.3 posts returning nil. --- lib/sinatra/browserid.rb | 27 ++++++++++++++++----------- sinatra-browserid.gemspec | 1 + 2 files changed, 17 insertions(+), 11 deletions(-) mode change 100644 => 100755 lib/sinatra/browserid.rb diff --git a/lib/sinatra/browserid.rb b/lib/sinatra/browserid.rb old mode 100644 new mode 100755 index d71b012..4de2191 --- a/lib/sinatra/browserid.rb +++ b/lib/sinatra/browserid.rb @@ -1,7 +1,7 @@ #!/usr/bin/env ruby require "json" -require "net/https" +require 'curb' require "sinatra/base" # This module provides an interface to verify a users email address @@ -77,23 +77,28 @@ def self.registered(app) app.post '/_browserid_assert' do # TODO(petef): do verification locally, without a callback - audience = request.host_with_port - bid_uri = URI.parse(settings.browserid_url) - http = Net::HTTP.new(bid_uri.host, bid_uri.port) - http.use_ssl = true data = { "assertion" => params[:assertion], - "audience" => audience, + "audience" => request.host_with_port, } data_str = data.collect { |k, v| "#{k}=#{v}" }.join("&") - res, body = http.post("/verify", data_str) + body = "" + c = begin + Curl::Easy.http_post(settings.browserid_url + "/verify") do |curl| + curl.use_ssl = Curl::CURL_USESSL_ALL + curl.post_body = data_str + curl.on_body {|data| body << data; data.length} + end + rescue Exception => e + # Processing error + $stderr.puts "request was not successful. #{e.message}" + return + end - # hack - body ||= %({"status":"okay","email":"nobody@here","expires":"3600000"}) if res.is_a?(Net::HTTPSuccess) - # TODO: check res is a 200 verify = JSON.parse(body) || nil - if !res.is_a?(Net::HTTPSuccess) || verify.nil? + if verify.nil? # JSON parsing error + $stderr.puts "Invalid Response" return end diff --git a/sinatra-browserid.gemspec b/sinatra-browserid.gemspec index cd7dac6..18b6573 100644 --- a/sinatra-browserid.gemspec +++ b/sinatra-browserid.gemspec @@ -13,4 +13,5 @@ Gem::Specification.new do |s| s.summary = "Sinatra extension for user authentication with browserid.org" s.add_dependency("sinatra", ">= 1.1.0") + s.add_dependency("curb", ">= 0.8.0") end