Class: Aker::Modes::HttpBasic

Inherits:

Base

• Object
• Warden::Strategies::Base
• Base
• Aker::Modes::HttpBasic

Includes:

Support::Rfc2617

Defined in:

lib/aker/modes/http_basic.rb

Overview

A non-interactive and interactive mode that provides HTTP Basic authentication.

This mode operates non-interactively when an Authorization header with a Basic challenge is present. It operates interactively when it is configured as an interactive authentication mode.

See Also:

• RFC 2617

Author:

• David Yip

Constant Summary

BasicPattern =

Recognizes valid Basic challenges.

An HTTP Basic challenge is the word “Basic”, followed by one space, followed by a Base64-encoded string.

See Also:

• RFC 2045, section 6.8

%r{^Basic ((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?)$}

Class Method Summary

• .key ⇒ Symbol

  A key that refers to this mode; used for configuration convenience.

Instance Method Summary

• #credentials ⇒ Array<String>

  Decodes and extracts a (username, password) pair from an Authorization header.

• #kind ⇒ Symbol

  The type of credentials supplied by this mode.

• #on_ui_failure ⇒ Rack::Response

  Builds a Rack response with status 401 that indicates a need for authentication.

• #scheme ⇒ String

  Used to build a WWW-Authenticate header that will be returned to a client when authentication is required.

• #valid? ⇒ Boolean

  Returns true if a valid Basic challenge is present, false otherwise.

Methods included from Support::Rfc2617

#challenge, #realm

Methods inherited from Base

#authenticate!, #authority, #configuration, #interactive?, #store?

Methods included from Rack::EnvironmentHelper

#authority, #configuration, #interactive?

Class Method Details

.key ⇒ Symbol

A key that refers to this mode; used for configuration convenience.

Returns:

• (Symbol)

# File 'lib/aker/modes/http_basic.rb', line 34

def self.key
  :http_basic
end

Instance Method Details

#credentials ⇒ Array<String>

Decodes and extracts a (username, password) pair from an Authorization header.

This method checks if the format of the Authorization header is a valid response to a Basic challenge. If it is, then a username (and possibly a password) are returned. If it is not, then an empty array is returned.

Returns:

• (Array<String>) —

  username and password, username, or an empty array

See Also:

• BasicPattern
• RFC 2617, section 2

# File 'lib/aker/modes/http_basic.rb', line 60

def credentials
  key = 'HTTP_AUTHORIZATION'
  matches = env[key].match(BasicPattern) if env.has_key?(key)

  if matches && matches[1]
    Base64.decode64(matches[1]).split(':', 2)
  else
    []
  end
end

#kind ⇒ Symbol

The type of credentials supplied by this mode.

Returns:

• (Symbol)

# File 'lib/aker/modes/http_basic.rb', line 42

def kind
  :user
end

#on_ui_failure ⇒ Rack::Response

Builds a Rack response with status 401 that indicates a need for authentication.

With Web browsers, this will cause a username/password dialog to appear.

Returns:

• (Rack::Response)

# File 'lib/aker/modes/http_basic.rb', line 85

def on_ui_failure
  ::Rack::Response.new([], 401, {'WWW-Authenticate' => challenge})
end

#scheme ⇒ String

Used to build a WWW-Authenticate header that will be returned to a client when authentication is required.

Returns:

• (String)

See Also:

• HttpMode#challenge

# File 'lib/aker/modes/http_basic.rb', line 95

def scheme
  "Basic"
end

#valid? ⇒ Boolean

Returns true if a valid Basic challenge is present, false otherwise.

Returns:

• (Boolean)

# File 'lib/aker/modes/http_basic.rb', line 73

def valid?
  credentials.length == 2
end