Class: Mechanize::HTTP::AuthStore

Inherits:
Object
  • Object
show all
Defined in:
lib/mechanize/http/auth_store.rb

Overview

A credential store for HTTP authentication.

uri = URI 'http://example'

store = Mechanize::HTTP::AuthStore.new
store.add_auth uri, 'user1', 'pass'
store.add_auth uri, 'user2', 'pass', 'realm'

user, pass = store.credentials_for uri, 'realm' #=> 'user2', 'pass'
user, pass = store.credentials_for uri, 'other' #=> 'user1', 'pass'

store.remove_auth uri # removes all credentials

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeAuthStore

Creates a new AuthStore



25
26
27
28
29
30
31
 
# File 'lib/mechanize/http/auth_store.rb', line 25

def initialize
  @auth_accounts = Hash.new do |h, uri|
    h[uri] = {}
  end

  @default_auth = nil
end

Instance Attribute Details

#auth_accountsObject (readonly)

:nodoc:



18
19
20
 
# File 'lib/mechanize/http/auth_store.rb', line 18

def auth_accounts
  @auth_accounts
end

#default_authObject (readonly)

:nodoc:



20
21
22
 
# File 'lib/mechanize/http/auth_store.rb', line 20

def default_auth
  @default_auth
end

Instance Method Details

#add_auth(uri, user, pass, realm = nil, domain = nil) ⇒ Object

Adds credentials user, pass for the server at uri. If realm is set the credentials are used only for that realm. If realm is not set the credentials become the default for any realm on that URI.

domain and realm are exclusive as NTLM does not follow RFC

  1. If domain is given it is only used for NTLM authentication.

Raises:

  • (ArgumentError) 


41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/mechanize/http/auth_store.rb', line 41

def add_auth uri, user, pass, realm = nil, domain = nil
  uri = URI uri unless URI === uri

  raise ArgumentError,
        'NTLM domain given with realm which NTLM does not use' if
    realm and domain

  uri += '/'

  auth_accounts[uri][realm] = [user, pass, domain]

  self
end

#add_default_auth(user, pass, domain = nil) ⇒ Object

USE OF add_default_auth IS NOT RECOMMENDED AS IT MAY EXPOSE PASSWORDS TO THIRD PARTIES

Adds credentials user, pass as the default authentication credentials. If no other credentials are available these will be returned from credentials_for.

If domain is given it is only used for NTLM authentication.



65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/mechanize/http/auth_store.rb', line 65

def add_default_auth user, pass, domain = nil
  warn <<-WARN
You have supplied default authentication credentials that apply to ANY SERVER.
Your username and password can be retrieved by ANY SERVER using Basic
authentication.

THIS EXPOSES YOUR USERNAME AND PASSWORD TO DISCLOSURE WITHOUT YOUR KNOWLEDGE.

Use add_auth to set authentication credentials that will only be delivered
only to a particular server you specify.
  WARN

  @default_auth = [user, pass, domain]
end

#credentials?(uri, challenges) ⇒ Boolean

Returns true if credentials exist for the challenges from the server at uri.

Returns:

  • (Boolean) 


84
85
86
87
88
 
# File 'lib/mechanize/http/auth_store.rb', line 84

def credentials? uri, challenges
  challenges.any? do |challenge|
    credentials_for uri, challenge.realm_name
  end
end

#credentials_for(uri, realm) ⇒ Object

Retrieves credentials for realm on the server at uri.



93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/mechanize/http/auth_store.rb', line 93

def credentials_for uri, realm
  uri = URI uri unless URI === uri

  uri += '/'
  uri.user = nil
  uri.password = nil

  realms = @auth_accounts[uri]

  realms[realm] || realms[nil] || @default_auth
end

#remove_auth(uri, realm = nil) ⇒ Object

Removes credentials for realm on the server at uri. If realm is not set all credentials for the server at uri are removed.



109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/mechanize/http/auth_store.rb', line 109

def remove_auth uri, realm = nil
  uri = URI uri unless URI === uri

  uri += '/'

  if realm then
    auth_accounts[uri].delete realm
  else
    auth_accounts.delete uri
  end

  self
end