Add documentation for WEBrick's DigestAuth
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29224 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
drbrain
parent
6329215dbf
commit
073e6ccc7b
@ -1,3 +1,11 @@
|
|||||||
|
Sat Sep 11 15:19:57 2010 Eric Hodel <drbrain@segment7.net>
|
||||||
|
|
||||||
|
* lib/webrick/httpauth/digestauth.rb (WEBrick::Config::DigestAuth):
|
||||||
|
Add documentation
|
||||||
|
|
||||||
|
* lib/webrick/config.rb (WEBrick::Config::DigestAuth): Add
|
||||||
|
documentation
|
||||||
|
|
||||||
Sat Sep 11 12:32:05 2010 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
Sat Sep 11 12:32:05 2010 Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||||
|
|
||||||
* include/ruby/intern.h (rb_set_kcode, rb_get_kcode): removed
|
* include/ruby/intern.h (rb_set_kcode, rb_get_kcode): removed
|
||||||
|
|||||||
@ -82,6 +82,27 @@ module WEBrick
|
|||||||
:AutoReloadUserDB => true,
|
:AutoReloadUserDB => true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
##
|
||||||
|
# Default configuration for WEBrick::HTTPAuth::DigestAuth.
|
||||||
|
#
|
||||||
|
# :Algorithm:: MD5, MD5-sess (default), SHA1, SHA1-sess
|
||||||
|
# :Domain:: An Array of URIs that define the protected space
|
||||||
|
# :Qop:: 'auth' for authentication, 'auth-int' for integrity protection or
|
||||||
|
# both
|
||||||
|
# :UseOpaque:: Should the server send opaque values to the client? This
|
||||||
|
# helps prevent replay attacks.
|
||||||
|
# :CheckNc:: Should the server check the nonce count? This helps the
|
||||||
|
# server detect replay attacks.
|
||||||
|
# :UseAuthenticationInfoHeader:: Should the server send an
|
||||||
|
# AuthenticationInfo header?
|
||||||
|
# :AutoReloadUserDB:: Reload the user database provided by :UserDB
|
||||||
|
# automatically?
|
||||||
|
# :NonceExpirePeriod:: How long should we store used nonces? Default is
|
||||||
|
# 30 minutes.
|
||||||
|
# :NonceExpireDelta:: How long is a nonce valid? Default is 1 minute
|
||||||
|
# :InternetExplorerHack:: Hack which allows Internet Explorer to work.
|
||||||
|
# :OperaHack:: Hack which allows Opera to work.
|
||||||
|
|
||||||
DigestAuth = {
|
DigestAuth = {
|
||||||
:Algorithm => 'MD5-sess', # or 'MD5'
|
:Algorithm => 'MD5-sess', # or 'MD5'
|
||||||
:Domain => nil, # an array includes domain names.
|
:Domain => nil, # an array includes domain names.
|
||||||
|
|||||||
@ -19,6 +19,30 @@ require 'digest/sha1'
|
|||||||
|
|
||||||
module WEBrick
|
module WEBrick
|
||||||
module HTTPAuth
|
module HTTPAuth
|
||||||
|
|
||||||
|
##
|
||||||
|
# RFC 2617 Digest Access Authentication for WEBrick
|
||||||
|
#
|
||||||
|
# Use this class to add digest authentication to a WEBrick servlet.
|
||||||
|
#
|
||||||
|
# Here is an example of how to set up DigestAuth:
|
||||||
|
#
|
||||||
|
# config = { :Realm => 'DigestAuth example realm' }
|
||||||
|
#
|
||||||
|
# htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file'
|
||||||
|
# htpasswd.auth_type = WEBrick::HTTPAuth::DigestAuth
|
||||||
|
# htpasswd.set_passwd config[:Realm], 'username', 'password'
|
||||||
|
# htpasswd.flush
|
||||||
|
#
|
||||||
|
# config[:UserDB] = htpasswd
|
||||||
|
#
|
||||||
|
# digest_auth = WEBrick::HTTPAuth::DigestAuth.new config
|
||||||
|
#
|
||||||
|
# When using this as with a servlet be sure not to create a new DigestAuth
|
||||||
|
# object in the servlet's #initialize. By default WEBrick creates a new
|
||||||
|
# servlet instance for every request and the DigestAuth object must be
|
||||||
|
# used across requests.
|
||||||
|
|
||||||
class DigestAuth
|
class DigestAuth
|
||||||
include Authenticator
|
include Authenticator
|
||||||
|
|
||||||
@ -26,11 +50,27 @@ module WEBrick
|
|||||||
OpaqueInfo = Struct.new(:time, :nonce, :nc)
|
OpaqueInfo = Struct.new(:time, :nonce, :nc)
|
||||||
attr_reader :algorithm, :qop
|
attr_reader :algorithm, :qop
|
||||||
|
|
||||||
|
##
|
||||||
|
# Used by UserDB to create a password entry
|
||||||
|
|
||||||
def self.make_passwd(realm, user, pass)
|
def self.make_passwd(realm, user, pass)
|
||||||
pass ||= ""
|
pass ||= ""
|
||||||
Digest::MD5::hexdigest([user, realm, pass].join(":"))
|
Digest::MD5::hexdigest([user, realm, pass].join(":"))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
##
|
||||||
|
# Creates a new DigestAuth instance. Be sure to use the same DigestAuth
|
||||||
|
# instance for multiple requests as it saves state between requests in
|
||||||
|
# order to perform authentication.
|
||||||
|
#
|
||||||
|
# See WEBrick::Config::DigestAuth for default configuration entries
|
||||||
|
#
|
||||||
|
# You must supply the following configuration entries:
|
||||||
|
#
|
||||||
|
# :Realm:: The name of the realm being protected.
|
||||||
|
# :UserDB:: A database of usernames and passwords. See Htpasswd,
|
||||||
|
# Htdigest, Htgroup
|
||||||
|
|
||||||
def initialize(config, default=Config::DigestAuth)
|
def initialize(config, default=Config::DigestAuth)
|
||||||
check_init(config)
|
check_init(config)
|
||||||
@config = default.dup.update(config)
|
@config = default.dup.update(config)
|
||||||
@ -62,6 +102,10 @@ module WEBrick
|
|||||||
@mutex = Mutex.new
|
@mutex = Mutex.new
|
||||||
end
|
end
|
||||||
|
|
||||||
|
##
|
||||||
|
# Authenticates a +req+ and returns a 401 Unauthorized using +res+ if
|
||||||
|
# the authentication was not correct.
|
||||||
|
|
||||||
def authenticate(req, res)
|
def authenticate(req, res)
|
||||||
unless result = @mutex.synchronize{ _authenticate(req, res) }
|
unless result = @mutex.synchronize{ _authenticate(req, res) }
|
||||||
challenge(req, res)
|
challenge(req, res)
|
||||||
@ -72,6 +116,10 @@ module WEBrick
|
|||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
##
|
||||||
|
# Returns a challenge response which asks for for authentication
|
||||||
|
# information
|
||||||
|
|
||||||
def challenge(req, res, stale=false)
|
def challenge(req, res, stale=false)
|
||||||
nonce = generate_next_nonce(req)
|
nonce = generate_next_nonce(req)
|
||||||
if @use_opaque
|
if @use_opaque
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user