Module: Ramaze::Helper::HttpDigest

Defined in:
lib/ramaze/helper/httpdigest.rb

Constant Summary collapse

UUID_GENERATOR = 
UUID.new
SESSION_NONCE = 
'httpdigest_authentication_nonce'
SESSION_OPAQUE = 
'httpdigest_authentication_opaque'

Instance Method Summary collapse

Instance Method Details

#httpdigest(uid, realm) ⇒ Object 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/ramaze/helper/httpdigest.rb', line 28

def httpdigest(uid, realm)
  session[ SESSION_OPAQUE ] ||= {}
  session[ SESSION_OPAQUE ][ realm ] ||= {}

  if request.env['HTTP_AUTHORIZATION']

    authorized = false

    if session[ SESSION_NONCE ] and session[ SESSION_OPAQUE ][ realm ][ uid ]

      auth_split = request.env['HTTP_AUTHORIZATION'].split
      authentication_type = auth_split[0]
      authorization = Rack::Auth::Digest::Params.parse( auth_split[1..-1].join(' ') )

      digest_response, username, nonce, nc, cnonce, qop, opaque =
        authorization.values_at(*%w[response username nonce nc cnonce qop opaque])

      if authentication_type == 'Digest'
        if nonce == session[SESSION_NONCE] and opaque == session[SESSION_OPAQUE][realm][uid]
          h1 = nil
          if respond_to?( :httpdigest_lookup_password )  
            ha1 = httpdigest_lookup_password( username )
          else
            if respond_to?( :httpdigest_lookup_plaintext_password )
              ha1 = MD5.hexdigest( "#{username}:#{realm}:#{httpdigest_lookup_plaintext_password( username )}" )
            else
              if block_given?
                ha1 = yield( username )
              else
                raise "No password lookup handler found"
              end
            end
          end
          ha2 = MD5.hexdigest([request.request_method,request.fullpath].join(':'))
          md5 = MD5.hexdigest([ha1, nonce, nc, cnonce, qop, ha2].join(':'))

          authorized = digest_response == md5
        end
      end

    end

    unless authorized
      httpdigest_headers( uid, realm )
      respond('Unauthorized', 401)
    end

  else

    httpdigest_headers( uid, realm )
    httpdigest_failure if respond_to?( :httpdigest_failure )
    respond('Unauthorized', 401)

  end

  authorization["username"]
end

#httpdigest_headers(uid, realm) ⇒ Object 



18
19
20
21
22
23
24
25
26
 
# File 'lib/ramaze/helper/httpdigest.rb', line 18

def httpdigest_headers uid, realm
  session[ SESSION_NONCE ] = UUID_GENERATOR.generate
  session[ SESSION_OPAQUE ][ realm ][ uid ] = UUID_GENERATOR.generate
  response['WWW-Authenticate'] =
    %|Digest realm="#{realm}",| +
    %|qop="auth,auth-int",| +
    %|nonce="#{session[SESSION_NONCE]}",| +
    %|opaque="#{session[SESSION_OPAQUE][realm][uid]}"|
end

#httpdigest_logoutObject 



13
14
15
16
 
# File 'lib/ramaze/helper/httpdigest.rb', line 13

def httpdigest_logout
  session.delete( SESSION_NONCE )
  session.delete( SESSION_OPAQUE )
end