Class: HTTPClient::ProxyAuth

Inherits:

AuthFilterBase

Object
AuthFilterBase
HTTPClient::ProxyAuth

show all

Defined in:: lib/httpclient/auth.rb

Overview

Authentication filter for handling authentication negotiation between Proxy server. Parses ‘Proxy-Authentication’ header in response and generates ‘Proxy-Authorization’ header in request.

Authentication filter is implemented using request filter of HTTPClient. It traps HTTP response header and maintains authentication state, and traps HTTP request header for inserting necessary authentication header.

ProxyAuth has sub filters (BasicAuth, NegotiateAuth, and SSPINegotiateAuth) and delegates some operations to it. NegotiateAuth requires ‘ruby/ntlm’ module. SSPINegotiateAuth requires ‘win32/sspi’ module.

Instance Attribute Summary collapse

#basic_auth ⇒ Object readonly

Returns the value of attribute basic_auth.
#digest_auth ⇒ Object readonly

Returns the value of attribute digest_auth.
#negotiate_auth ⇒ Object readonly

Returns the value of attribute negotiate_auth.
#sspi_negotiate_auth ⇒ Object readonly

Returns the value of attribute sspi_negotiate_auth.

Instance Method Summary collapse

#filter_request(req) ⇒ Object

Filter API implementation.
#filter_response(req, res) ⇒ Object

Filter API implementation.
#initialize ⇒ ProxyAuth constructor

Creates new ProxyAuth.
#reset_challenge ⇒ Object

Resets challenge state.
#set_auth(user, passwd) ⇒ Object

Set authentication credential.

Constructor Details

#initialize ⇒ `ProxyAuth`

Creates new ProxyAuth.

# File 'lib/httpclient/auth.rb', line 158

def initialize
  @basic_auth = ProxyBasicAuth.new
  @negotiate_auth = NegotiateAuth.new
  @ntlm_auth = NegotiateAuth.new('NTLM')
  @sspi_negotiate_auth = SSPINegotiateAuth.new
  @digest_auth = ProxyDigestAuth.new
  # sort authenticators by priority
  @authenticator = [@negotiate_auth, @ntlm_auth, @sspi_negotiate_auth, @digest_auth, @basic_auth]
end

Instance Attribute Details

#basic_auth ⇒ `Object` (readonly)

Returns the value of attribute basic_auth.



152
153
154

# File 'lib/httpclient/auth.rb', line 152

def basic_auth
  @basic_auth
end

#digest_auth ⇒ `Object` (readonly)

Returns the value of attribute digest_auth.



153
154
155

# File 'lib/httpclient/auth.rb', line 153

def digest_auth
  @digest_auth
end

#negotiate_auth ⇒ `Object` (readonly)

Returns the value of attribute negotiate_auth.



154
155
156

# File 'lib/httpclient/auth.rb', line 154

def negotiate_auth
  @negotiate_auth
end

#sspi_negotiate_auth ⇒ `Object` (readonly)

Returns the value of attribute sspi_negotiate_auth.



155
156
157

# File 'lib/httpclient/auth.rb', line 155

def sspi_negotiate_auth
  @sspi_negotiate_auth
end

Instance Method Details

#filter_request(req) ⇒ `Object`

Filter API implementation. Traps HTTP request and insert ‘Proxy-Authorization’ header if needed.

# File 'lib/httpclient/auth.rb', line 185

def filter_request(req)
  @authenticator.each do |auth|
    next unless auth.set? # hasn't be set, don't use it
    if cred = auth.get(req)
      if cred == :skip
        # some authenticator (NTLM and Negotiate) does not
        # need to send extra header after authorization. In such case
        # it should block other authenticators to respond and :skip is
        # the marker for such case.
        return
      end
      req.header.set('Proxy-Authorization', auth.scheme + " " + cred)
      return
    end
  end
end

#filter_response(req, res) ⇒ `Object`

Filter API implementation. Traps HTTP response and parses ‘Proxy-Authenticate’ header.

# File 'lib/httpclient/auth.rb', line 204

def filter_response(req, res)
  command = nil
  if res.status == HTTP::Status::PROXY_AUTHENTICATE_REQUIRED
    if challenge = parse_authentication_header(res, 'proxy-authenticate')
      uri = req.header.request_uri
      challenge.each do |scheme, param_str|
        @authenticator.each do |auth|
          next unless auth.set? # hasn't be set, don't use it
          if scheme.downcase == auth.scheme.downcase
            challengeable = auth.challenge(uri, param_str)
            command = :retry if challengeable
          end
        end
      end
      # ignore unknown authentication scheme
    end
  end
  command
end

#reset_challenge ⇒ `Object`

Resets challenge state. See sub filters for more details.

# File 'lib/httpclient/auth.rb', line 169

def reset_challenge
  @authenticator.each do |auth|
    auth.reset_challenge
  end
end

#set_auth(user, passwd) ⇒ `Object`

Set authentication credential. See sub filters for more details.

# File 'lib/httpclient/auth.rb', line 176

def set_auth(user, passwd)
  @authenticator.each do |auth|
    auth.set(nil, user, passwd)
  end
  reset_challenge
end

Class: HTTPClient::ProxyAuth

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize ⇒ ProxyAuth

Instance Attribute Details

#basic_auth ⇒ Object (readonly)

#digest_auth ⇒ Object (readonly)

#negotiate_auth ⇒ Object (readonly)

#sspi_negotiate_auth ⇒ Object (readonly)