Class: WEBrick::HTTPAuth::BasicAuth

Inherits:
Object
  • Object
show all
Includes:
Authenticator
Defined in:
lib/webrick/httpauth/basicauth.rb

Overview

Basic Authentication for WEBrick

Use this class to add basic authentication to a WEBrick servlet.

Here is an example of how to set up a BasicAuth:

config = { :Realm => 'BasicAuth example realm' }

htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file', password_hash: :bcrypt
htpasswd.set_passwd config[:Realm], 'username', 'password'
htpasswd.flush

config[:UserDB] = htpasswd

basic_auth = WEBrick::HTTPAuth::BasicAuth.new config

Direct Known Subclasses

ProxyBasicAuth

Constant Summary collapse

AuthScheme =

:nodoc:

"Basic"

Constants included from Authenticator

Authenticator::AuthException, Authenticator::RequestField, Authenticator::ResponseField, Authenticator::ResponseInfoField

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(config, default = Config::BasicAuth) ⇒ BasicAuth

Creates a new BasicAuth instance.

See WEBrick::Config::BasicAuth for default configuration entries

You must supply the following configuration entries:

:Realm

The name of the realm being protected.

:UserDB

A database of usernames and passwords. A WEBrick::HTTPAuth::Htpasswd instance should be used.



61
62
63
64
 
# File 'lib/webrick/httpauth/basicauth.rb', line 61

def initialize(config, default=Config::BasicAuth)
  check_init(config)
  @config = default.dup.update(config)
end

Instance Attribute Details

#loggerObject (readonly)

Returns the value of attribute logger.



48
49
50
 
# File 'lib/webrick/httpauth/basicauth.rb', line 48

def logger
  @logger
end

#realmObject (readonly)

Returns the value of attribute realm.



48
49
50
 
# File 'lib/webrick/httpauth/basicauth.rb', line 48

def realm
  @realm
end

#userdbObject (readonly)

Returns the value of attribute userdb.



48
49
50
 
# File 'lib/webrick/httpauth/basicauth.rb', line 48

def userdb
  @userdb
end

Class Method Details

.make_passwd(realm, user, pass) ⇒ Object

Used by UserDB to create a basic password entry



43
44
45
46
 
# File 'lib/webrick/httpauth/basicauth.rb', line 43

def self.make_passwd(realm, user, pass)
  pass ||= ""
  pass.crypt(Utils::random_string(2))
end

Instance Method Details

#authenticate(req, res) ⇒ Object

Authenticates a req and returns a 401 Unauthorized using res if the authentication was not correct.



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
# File 'lib/webrick/httpauth/basicauth.rb', line 70

def authenticate(req, res)
  unless basic_credentials = check_scheme(req)
    challenge(req, res)
  end
  userid, password = basic_credentials.unpack("m*")[0].split(":", 2)
  password ||= ""
  if userid.empty?
    error("user id was not given.")
    challenge(req, res)
  end
  unless encpass = @userdb.get_passwd(@realm, userid, @reload_db)
    error("%s: the user is not allowed.", userid)
    challenge(req, res)
  end

  case encpass
  when /\A\$2[aby]\$/
    password_matches = BCrypt::Password.new(encpass.sub(/\A\$2[aby]\$/, '$2a$')) == password
  else
    password_matches = password.crypt(encpass) == encpass
  end

  unless password_matches
    error("%s: password unmatch.", userid)
    challenge(req, res)
  end
  info("%s: authentication succeeded.", userid)
  req.user = userid
end

#challenge(req, res) ⇒ Object

Returns a challenge response which asks for authentication information

Raises:

  • (@auth_exception) 


103
104
105
106
 
# File 'lib/webrick/httpauth/basicauth.rb', line 103

def challenge(req, res)
  res[@response_field] = "#{@auth_scheme} realm=\"#{@realm}\""
  raise @auth_exception
end