-
Notifications
You must be signed in to change notification settings - Fork 3
/
README
143 lines (97 loc) · 4.85 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
The Integration_API enables single sign-on between an existing Rails
application and any number of instances of other web applications.
The Wordpress plugin is completed, and collaborators are wanted for
plugins for other apps such as Beast, PunBB, or Vanilla.
The most current info about available plugin/adapters is available on
the Integration_API home page:
http://greenfabric.com/page/integration_api_home_page
The basic idea
--------------
The key idea is to add a web services API into the existing Rails
application, which allows one or more 3rd party apps to get the
information they need, when they need it. The API should be
configurable enough and general enough so that it can be added to any
Rails app without modification. The Rails app stays in control of all
sign-in and sign-out functions.
A 3rd party app, such as Vanilla, is installed in a subdirectory of
the Rails app on the same host. If that is difficult to do, it can be
installed running on a different port. These configurations will
allow it to access the Rails cookie.
The Rails app will need no custom work. The third-party apps will
need a small amount of programming. The following steps are performed
in PHP, Rails, or whatever development environment in which the
3rd-party app runs:
* Customize the sign-in and sign-out links to point to those in your
Rails app.
* Customize the function that checks if a user is signed in to do the
following:
1. Get the Rails cookie name via the API.
2. Check for the existence of the cookie in the browser. Not there
=> not logged in. If there, continue...
3. Get the cookie data and send it to the API, which returns
the user info. Empty data => not logged in. If there's
user data, continue...
4. Create a new [Vanilla/Wordpress/etc.] user record if none exists
yet.
5. Allow the [Vanilla/Wordpress/etc.] sign-in function to succeed,
marking the user as signed in.
The hope of this project is that this process is fairly easy to code
up in mature, well-refactored 3rd-party apps. For example, the LDAP
plugin for Wordpress would make a great starting point for an
Integration_API Wordpress plugin.
Assumptions
-----------
In order to use this, you should have a working Rails app that
completely manages its authentication and users. It should keep track
of whether a user is signed in by placing the id of a User instance
into the session.
Future plans
------------
* Make the library more flexible by supporting other user class names,
etc.
* Write Wordpress/PunBB/Vanilla, etc. adapters that connect to this
API.
Required constants / configuration settings
-------------------------------------------
Add these statements to your config/environments/development.rb and
config/environments/production.rb. You'll mostly likely need to
change the ...USER_ID_KEY to the key that you use to store your user
id in the session. For development, set the ...DEBUG variable to
true.
# Constants for the Integration API
INTEGRATION_API_DEBUG = false
INTEGRATION_API_SESSION_USER_ID_KEY = :userid
INTEGRATION_API_SESSION_ID_PARAM = :id
INTEGRATION_API_CONFIG = {
:login_url => 'http://devbox:3000/page/sign_in',
:logout_url => 'http://devbox:3000/consumer/logout'
}
# For security:
INTEGRATION_API_REQUIRED_PORT = 3000 # Set to nil to disable
INTEGRATION_API_REQUIRED_HOST = "localhost" # Set to nil to disable
Testing the JSON API
--------------------
After copying the controller file to your app/controllers directory
and tailoring the constants, you can test the API like this:
* Getting the cookie name used by your app:
$ curl http://localhost:3000/integration_api/config_info
{"login_url":"http:\/\/devbox:3000\/page\/sign_in","logout_url":"http:\/\/devbox:3000\/consumer\/logout","cookie_name":"_gf_session"}
* Getting the user info for a signed-in user, based on the session id
stored in a rails cookie. (This is what my system shows -- I use
OpenID for authentication. You'll see different attributes,
obviously):
$ curl http://localhost:3000/integration_api/user/390f55cfd1ad5a911833a7683d2c3793
{"user": {"name":"Robb Shecter","updated_at":"2008-09-02T11:57:51-07:00","nickname":"Robb","id":2,"pref_announce_list":false,"homepage":null,"openid":"http:\/\/greenfabric.com\/robb\/","email":"[email protected]","created_at":"2008-06-29T01:23:01-07:00"}}
* Attempting to use the API from an unauthorized host (Debug mode enabled):
$ curl http://devbox:3000/integration_api/config_info
Bad host: localhost is required, but got devbox
* Attempting to use the API from an unauthorized host (Debug mode disabled):
$ curl http://devbox:3000/integration_api/config_info
HTTP 501 -- Server error.
--
Robb Shecter
http://greenfabric.com/robb
This document, and the entire Integration_API project has been
released under the GNU public license.
Copyright (C) 2008, Robb Shecter, greenfabric.com