2003-07-23 12:51:36 -04:00
|
|
|
#
|
|
|
|
# httpauth/basicauth.rb -- HTTP basic access authentication
|
|
|
|
#
|
|
|
|
# Author: IPR -- Internet Programming with Ruby -- writers
|
|
|
|
# Copyright (c) 2003 Internet Programming with Ruby writers. All rights
|
|
|
|
# reserved.
|
|
|
|
#
|
|
|
|
# $IPR: basicauth.rb,v 1.5 2003/02/20 07:15:47 gotoyuzo Exp $
|
|
|
|
|
|
|
|
require 'webrick/config'
|
|
|
|
require 'webrick/httpstatus'
|
|
|
|
require 'webrick/httpauth/authenticator'
|
|
|
|
|
|
|
|
module WEBrick
|
|
|
|
module HTTPAuth
|
2011-05-10 19:37:43 -04:00
|
|
|
|
|
|
|
##
|
|
|
|
# Basic Authentication for WEBrick
|
|
|
|
#
|
|
|
|
# Use this class to add basic authentication to a WEBrick servlet.
|
|
|
|
#
|
|
|
|
# Here is an example of how to set up a BasicAuth:
|
|
|
|
#
|
|
|
|
# config = { :Realm => 'BasicAuth example realm' }
|
|
|
|
#
|
|
|
|
# htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file'
|
|
|
|
# htpasswd.set_passwd config[:Realm], 'username', 'password'
|
|
|
|
# htpasswd.flush
|
|
|
|
#
|
|
|
|
# config[:UserDB] = htpasswd
|
|
|
|
#
|
|
|
|
# basic_auth = WEBrick::HTTPAuth::BasicAuth.new config
|
|
|
|
|
2003-07-23 12:51:36 -04:00
|
|
|
class BasicAuth
|
|
|
|
include Authenticator
|
|
|
|
|
2013-01-25 20:12:54 -05:00
|
|
|
AuthScheme = "Basic" # :nodoc:
|
2003-07-23 12:51:36 -04:00
|
|
|
|
2011-05-10 19:37:43 -04:00
|
|
|
##
|
|
|
|
# Used by UserDB to create a basic password entry
|
|
|
|
|
2003-07-23 12:51:36 -04:00
|
|
|
def self.make_passwd(realm, user, pass)
|
|
|
|
pass ||= ""
|
|
|
|
pass.crypt(Utils::random_string(2))
|
|
|
|
end
|
|
|
|
|
|
|
|
attr_reader :realm, :userdb, :logger
|
|
|
|
|
2011-05-10 19:37:43 -04:00
|
|
|
##
|
|
|
|
# Creates a new BasicAuth instance.
|
|
|
|
#
|
|
|
|
# See WEBrick::Config::BasicAuth for default configuration entries
|
|
|
|
#
|
|
|
|
# You must supply the following configuration entries:
|
|
|
|
#
|
|
|
|
# :Realm:: The name of the realm being protected.
|
|
|
|
# :UserDB:: A database of usernames and passwords.
|
|
|
|
# A WEBrick::HTTPAuth::Htpasswd instance should be used.
|
|
|
|
|
2003-07-23 12:51:36 -04:00
|
|
|
def initialize(config, default=Config::BasicAuth)
|
|
|
|
check_init(config)
|
|
|
|
@config = default.dup.update(config)
|
|
|
|
end
|
|
|
|
|
2011-05-10 19:37:43 -04:00
|
|
|
##
|
|
|
|
# Authenticates a +req+ and returns a 401 Unauthorized using +res+ if
|
|
|
|
# the authentication was not correct.
|
|
|
|
|
2003-07-23 12:51:36 -04:00
|
|
|
def authenticate(req, res)
|
|
|
|
unless basic_credentials = check_scheme(req)
|
|
|
|
challenge(req, res)
|
|
|
|
end
|
2005-07-03 10:54:20 -04:00
|
|
|
userid, password = basic_credentials.unpack("m*")[0].split(":", 2)
|
2003-07-23 12:51:36 -04:00
|
|
|
password ||= ""
|
|
|
|
if userid.empty?
|
|
|
|
error("user id was not given.")
|
|
|
|
challenge(req, res)
|
|
|
|
end
|
|
|
|
unless encpass = @userdb.get_passwd(@realm, userid, @reload_db)
|
|
|
|
error("%s: the user is not allowed.", userid)
|
|
|
|
challenge(req, res)
|
|
|
|
end
|
|
|
|
if password.crypt(encpass) != encpass
|
|
|
|
error("%s: password unmatch.", userid)
|
|
|
|
challenge(req, res)
|
|
|
|
end
|
|
|
|
info("%s: authentication succeeded.", userid)
|
|
|
|
req.user = userid
|
|
|
|
end
|
|
|
|
|
2011-05-10 19:37:43 -04:00
|
|
|
##
|
2015-11-15 22:11:20 -05:00
|
|
|
# Returns a challenge response which asks for authentication information
|
2011-05-10 19:37:43 -04:00
|
|
|
|
2003-07-23 12:51:36 -04:00
|
|
|
def challenge(req, res)
|
|
|
|
res[@response_field] = "#{@auth_scheme} realm=\"#{@realm}\""
|
|
|
|
raise @auth_exception
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2011-05-10 19:37:43 -04:00
|
|
|
##
|
|
|
|
# Basic authentication for proxy servers. See BasicAuth for details.
|
|
|
|
|
2003-07-23 12:51:36 -04:00
|
|
|
class ProxyBasicAuth < BasicAuth
|
|
|
|
include ProxyAuthenticator
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|