123456789_123456789_123456789_123456789_123456789_

Class: WEBrick::HTTPAuth::BasicAuth

Relationships & Source Files
Extension / Inclusion / Inheritance Descendants
Subclasses:
Super Chains via Extension / Inclusion / Inheritance
Instance Chain:
Inherits: Object
Defined in: lib/webrick/httpauth/basicauth.rb

Overview

Basic Authentication for ::WEBrick

Use this class to add basic authentication to a ::WEBrick servlet.

Here is an example of how to set up a BasicAuth:

config = { :Realm => 'BasicAuth example realm' }

htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file', password_hash: :bcrypt
htpasswd.set_passwd config[:Realm], 'username', 'password'
htpasswd.flush

config[:UserDB] = htpasswd

basic_auth = WEBrick::HTTPAuth::BasicAuth.new config

Constant Summary

Authenticator - Included

AuthException, AuthScheme, RequestField, ResponseField, ResponseInfoField

Class Method Summary

Instance Attribute Summary

Authenticator - Included

#logger

The logger for this authenticator.

#realm

The realm this authenticator covers.

#userdb

The user database for this authenticator.

Instance Method Summary

Authenticator - Included

#check_init

Initializes the authenticator from config

#check_scheme

Ensures req has credentials that can be authenticated.

#error, #info, #log

Constructor Details

.new(config, default = Config::BasicAuth) ⇒ BasicAuth

Creates a new BasicAuth instance.

See Config::BasicAuth for default configuration entries

You must supply the following configuration entries:

:Realm

The name of the realm being protected.

:UserDB

A database of usernames and passwords. A WEBrick::HTTPAuth::Htpasswd instance should be used.

[ GitHub ]

  
# File 'lib/webrick/httpauth/basicauth.rb', line 61

def initialize(config, default=Config::BasicAuth)
  check_init(config)
  @config = default.dup.update(config)
end

Class Method Details

.make_passwd(realm, user, pass)

Used by UserDB to create a basic password entry

[ GitHub ]

  
# File 'lib/webrick/httpauth/basicauth.rb', line 43

def self.make_passwd(realm, user, pass)
  pass ||= ""
  pass.crypt(Utils::random_string(2))
end

Instance Attribute Details

#logger (readonly)

[ GitHub ]

  
# File 'lib/webrick/httpauth/basicauth.rb', line 48

attr_reader :realm, :userdb, :logger

#realm (readonly)

[ GitHub ]

  
# File 'lib/webrick/httpauth/basicauth.rb', line 48

attr_reader :realm, :userdb, :logger

#userdb (readonly)

[ GitHub ]

  
# File 'lib/webrick/httpauth/basicauth.rb', line 48

attr_reader :realm, :userdb, :logger

Instance Method Details

#authenticate(req, res)

Authenticates a req and returns a 401 Unauthorized using res if the authentication was not correct.

[ GitHub ]

  
# File 'lib/webrick/httpauth/basicauth.rb', line 70

def authenticate(req, res)
  unless basic_credentials = check_scheme(req)
    challenge(req, res)
  end
  userid, password = basic_credentials.unpack("m*")[0].split(":", 2)
  password ||= ""
  if userid.empty?
    error("user id was not given.")
    challenge(req, res)
  end
  unless encpass = @userdb.get_passwd(@realm, userid, @reload_db)
    error("%s: the user is not allowed.", userid)
    challenge(req, res)
  end

  case encpass
  when /\A\$2[aby]\$/
    password_matches = BCrypt::Password.new(encpass.sub(/\A\$2[aby]\$/, '$2a$')) == password
  else
    password_matches = password.crypt(encpass) == encpass
  end

  unless password_matches
    error("%s: password unmatch.", userid)
    challenge(req, res)
  end
  info("%s: authentication succeeded.", userid)
  req.user = userid
end

#challenge(req, res)

Returns a challenge response which asks for authentication information

Raises:

  • (@auth_exception)
[ GitHub ]

  
# File 'lib/webrick/httpauth/basicauth.rb', line 103

def challenge(req, res)
  res[@response_field] = "#{@auth_scheme} realm=\"#{@realm}\""
  raise @auth_exception
end