mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
9749bfbf73
This adds a password_hash keyword argument to WEBrick::HTTPAuth::Htpasswd#initialize. If set to :bcrypt, it will create bcrypt hashes instead of crypt hashes, and will raise an exception if the .htpasswd file uses crypt hashes. If :bcrypt is used, then instead of calling BasicAuth.make_passwd (which uses crypt), WEBrick::HTTPAuth::Htpasswd#set_passwd will set the bcrypt password directly. It isn't possible to change the make_passwd API to accept the password hash format, as that would break configurations who use Htpasswd#auth_type= to set a custom auth_type. This modifies WEBrick::HTTPAuth::BasicAuth to handle checking both crypt and bcrypt hashes. There are commented out requires for 'string/crypt', to handle when String#crypt is deprecated and the undeprecated version is moved to a gem. There is also a commented out warning for the case when the password_hash keyword is not specified and 'string/crypt' cannot be required. I think the warning makes sense to nudge users to using bcrypt. I've updated the tests to test nil, :crypt, and :bcrypt values for the password_hash keyword, skipping the bcrypt tests if the bcrypt library cannot be required. [ruby-core:88111] [Feature #14940] From: Jeremy Evans <code@jeremyevans.net> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e |
||
|---|---|---|
| .. | ||
| .htaccess | ||
| test_cgi.rb | ||
| test_config.rb | ||
| test_cookie.rb | ||
| test_do_not_reverse_lookup.rb | ||
| test_filehandler.rb | ||
| test_htmlutils.rb | ||
| test_httpauth.rb | ||
| test_httpproxy.rb | ||
| test_httprequest.rb | ||
| test_httpresponse.rb | ||
| test_https.rb | ||
| test_httpserver.rb | ||
| test_httputils.rb | ||
| test_httpversion.rb | ||
| test_server.rb | ||
| test_ssl_server.rb | ||
| test_utils.rb | ||
| utils.rb | ||
| webrick.cgi | ||
| webrick.rhtml | ||
| webrick_long_filename.cgi | ||