Class: WEBrick::HTTPAuth::Htdigest

Inherits:
Object
  • Object
show all
Includes:
UserDB
Defined in:
lib/webrick/httpauth/htdigest.rb

Overview

Htdigest accesses apache-compatible digest password files. Passwords are matched to a realm where they are valid. For security, the path for a digest password database should be stored outside of the paths available to the HTTP server.

Htdigest is intended for use with WEBrick::HTTPAuth::DigestAuth and stores passwords using cryptographic hashes.

htpasswd = WEBrick::HTTPAuth::Htdigest.new 'my_password_file'
htpasswd.set_passwd 'my realm', 'username', 'password'
htpasswd.flush

Instance Attribute Summary

Attributes included from UserDB

#auth_type

Instance Method Summary collapse

Methods included from UserDB

#make_passwd

Constructor Details

#initialize(path) ⇒ Htdigest

Open a digest password database at path



37
38
39
40
41
42
43
44
45
# File 'lib/webrick/httpauth/htdigest.rb', line 37

def initialize(path)
  @path = path
  @mtime = Time.at(0)
  @digest = Hash.new
  @mutex = Mutex::new
  @auth_type = DigestAuth
  open(@path,"a").close unless File::exist?(@path)
  reload
end

Instance Method Details

#delete_passwd(realm, user) ⇒ Object

Removes a password from the database for user in realm.



113
114
115
116
117
# File 'lib/webrick/httpauth/htdigest.rb', line 113

def delete_passwd(realm, user)
  if hash = @digest[realm]
    hash.delete(user)
  end
end

#eachObject

Iterate passwords in the database.



122
123
124
125
126
127
128
129
# File 'lib/webrick/httpauth/htdigest.rb', line 122

def each # :yields: [user, realm, password_hash]
  @digest.keys.sort.each{|realm|
    hash = @digest[realm]
    hash.keys.sort.each{|user|
      yield([user, realm, hash[user]])
    }
  }
end

#flush(output = nil) ⇒ Object

Flush the password database. If output is given the database will be written there instead of to the original path.



72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'lib/webrick/httpauth/htdigest.rb', line 72

def flush(output=nil)
  output ||= @path
  tmp = Tempfile.create("htpasswd", File::dirname(output))
  renamed = false
  begin
    each{|item| tmp.puts(item.join(":")) }
    tmp.close
    File::rename(tmp.path, output)
    renamed = true
  ensure
    tmp.close if !tmp.closed?
    File.unlink(tmp.path) if !renamed
  end
end

#get_passwd(realm, user, reload_db) ⇒ Object

Retrieves a password from the database for user in realm. If reload_db is true the database will be reloaded first.



91
92
93
94
95
96
# File 'lib/webrick/httpauth/htdigest.rb', line 91

def get_passwd(realm, user, reload_db)
  reload() if reload_db
  if hash = @digest[realm]
    hash[user]
  end
end

#reloadObject

Reloads passwords from the database



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# File 'lib/webrick/httpauth/htdigest.rb', line 50

def reload
  mtime = File::mtime(@path)
  if mtime > @mtime
    @digest.clear
    open(@path){|io|
      while line = io.gets
        line.chomp!
        user, realm, pass = line.split(/:/, 3)
        unless @digest[realm]
          @digest[realm] = Hash.new
        end
        @digest[realm][user] = pass
      end
    }
    @mtime = mtime
  end
end

#set_passwd(realm, user, pass) ⇒ Object

Sets a password in the database for user in realm to pass.



101
102
103
104
105
106
107
108
# File 'lib/webrick/httpauth/htdigest.rb', line 101

def set_passwd(realm, user, pass)
  @mutex.synchronize{
    unless @digest[realm]
      @digest[realm] = Hash.new
    end
    @digest[realm][user] = make_passwd(realm, user, pass)
  }
end