Class: WEBrick::HTTPAuth::BasicAuth
Relationships & Source Files | |
Extension / Inclusion / Inheritance Descendants | |
Subclasses:
|
|
Super Chains via Extension / Inclusion / Inheritance | |
Instance Chain:
self,
Authenticator
|
|
Inherits: | Object |
Defined in: | lib/webrick/httpauth/basicauth.rb |
Overview
Basic Authentication for ::WEBrick
Use this class to add basic authentication to a ::WEBrick
servlet.
Here is an example of how to set up a BasicAuth
:
config = { :Realm => 'BasicAuth example realm' }
htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file', password_hash: :bcrypt
htpasswd.set_passwd config[:Realm], 'username', 'password'
htpasswd.flush
config[:UserDB] = htpasswd
basic_auth = WEBrick::HTTPAuth::BasicAuth.new config
Constant Summary
-
AuthScheme =
Internal use only
# File 'lib/webrick/httpauth/basicauth.rb', line 38"Basic"
Authenticator
- Included
AuthException, AuthScheme, RequestField, ResponseField, ResponseInfoField
Class Method Summary
-
.make_passwd(realm, user, pass)
Used by
UserDB
to create a basic password entry. -
.new(config, default = Config::BasicAuth) ⇒ BasicAuth
constructor
Creates a new
BasicAuth
instance.
Instance Attribute Summary
Authenticator
- Included
Instance Method Summary
-
#authenticate(req, res)
Authenticates a
req
and returns a 401 Unauthorized usingres
if the authentication was not correct. -
#challenge(req, res)
Returns a challenge response which asks for authentication information.
Authenticator
- Included
#check_init | Initializes the authenticator from |
#check_scheme | Ensures |
#error, #info, #log |
Constructor Details
.new(config, default = Config::BasicAuth) ⇒ BasicAuth
Creates a new BasicAuth
instance.
See Config::BasicAuth for default configuration entries
You must supply the following configuration entries:
- :Realm
-
The name of the realm being protected.
- :UserDB
-
A database of usernames and passwords. A WEBrick::HTTPAuth::Htpasswd instance should be used.
# File 'lib/webrick/httpauth/basicauth.rb', line 61
def initialize(config, default=Config::BasicAuth) check_init(config) @config = default.dup.update(config) end
Class Method Details
.make_passwd(realm, user, pass)
Used by UserDB
to create a basic password entry
# File 'lib/webrick/httpauth/basicauth.rb', line 43
def self.make_passwd(realm, user, pass) pass ||= "" pass.crypt(Utils::random_string(2)) end
Instance Attribute Details
#logger (readonly)
[ GitHub ]#realm (readonly)
[ GitHub ]#userdb (readonly)
[ GitHub ]Instance Method Details
#authenticate(req, res)
Authenticates a req
and returns a 401 Unauthorized using res
if the authentication was not correct.
# File 'lib/webrick/httpauth/basicauth.rb', line 70
def authenticate(req, res) unless basic_credentials = check_scheme(req) challenge(req, res) end userid, password = basic_credentials.unpack("m*")[0].split(":", 2) password ||= "" if userid.empty? error("user id was not given.") challenge(req, res) end unless encpass = @userdb.get_passwd(@realm, userid, @reload_db) error("%s: the user is not allowed.", userid) challenge(req, res) end case encpass when /\A\$2[aby]\$/ password_matches = BCrypt::Password.new(encpass.sub(/\A\$2[aby]\$/, '$2a$')) == password else password_matches = password.crypt(encpass) == encpass end unless password_matches error("%s: password unmatch.", userid) challenge(req, res) end info("%s: authentication succeeded.", userid) req.user = userid end
#challenge(req, res)
Returns a challenge response which asks for authentication information
# File 'lib/webrick/httpauth/basicauth.rb', line 103
def challenge(req, res) res[@response_field] = "#{@auth_scheme} realm=\"#{@realm}\"" raise @auth_exception end