1# 2# httpauth.rb -- HTTP access authentication 3# 4# Author: IPR -- Internet Programming with Ruby -- writers 5# Copyright (c) 2000, 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou 6# Copyright (c) 2002 Internet Programming with Ruby writers. All rights 7# reserved. 8# 9# $IPR: httpauth.rb,v 1.14 2003/07/22 19:20:42 gotoyuzo Exp $ 10 11require 'webrick/httpauth/basicauth' 12require 'webrick/httpauth/digestauth' 13require 'webrick/httpauth/htpasswd' 14require 'webrick/httpauth/htdigest' 15require 'webrick/httpauth/htgroup' 16 17module WEBrick 18 19 ## 20 # HTTPAuth provides both basic and digest authentication. 21 # 22 # To enable authentication for requests in WEBrick you will need a user 23 # database and an authenticator. To start, here's an Htpasswd database for 24 # use with a DigestAuth authenticator: 25 # 26 # config = { :Realm => 'DigestAuth example realm' } 27 # 28 # htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file' 29 # htpasswd.auth_type = WEBrick::HTTPAuth::DigestAuth 30 # htpasswd.set_passwd config[:Realm], 'username', 'password' 31 # htpasswd.flush 32 # 33 # The +:Realm+ is used to provide different access to different groups 34 # across several resources on a server. Typically you'll need only one 35 # realm for a server. 36 # 37 # This database can be used to create an authenticator: 38 # 39 # config[:UserDB] = htpasswd 40 # 41 # digest_auth = WEBrick::HTTPAuth::DigestAuth.new config 42 # 43 # To authenticate a request call #authenticate with a request and response 44 # object in a servlet: 45 # 46 # def do_GET req, res 47 # @authenticator.authenticate req, res 48 # end 49 # 50 # For digest authentication the authenticator must not be created every 51 # request, it must be passed in as an option via WEBrick::HTTPServer#mount. 52 53 module HTTPAuth 54 module_function 55 56 def _basic_auth(req, res, realm, req_field, res_field, err_type, 57 block) # :nodoc: 58 user = pass = nil 59 if /^Basic\s+(.*)/o =~ req[req_field] 60 userpass = $1 61 user, pass = userpass.unpack("m*")[0].split(":", 2) 62 end 63 if block.call(user, pass) 64 req.user = user 65 return 66 end 67 res[res_field] = "Basic realm=\"#{realm}\"" 68 raise err_type 69 end 70 71 ## 72 # Simple wrapper for providing basic authentication for a request. When 73 # called with a request +req+, response +res+, authentication +realm+ and 74 # +block+ the block will be called with a +username+ and +password+. If 75 # the block returns true the request is allowed to continue, otherwise an 76 # HTTPStatus::Unauthorized error is raised. 77 78 def basic_auth(req, res, realm, &block) # :yield: username, password 79 _basic_auth(req, res, realm, "Authorization", "WWW-Authenticate", 80 HTTPStatus::Unauthorized, block) 81 end 82 83 ## 84 # Simple wrapper for providing basic authentication for a proxied request. 85 # When called with a request +req+, response +res+, authentication +realm+ 86 # and +block+ the block will be called with a +username+ and +password+. 87 # If the block returns true the request is allowed to continue, otherwise 88 # an HTTPStatus::ProxyAuthenticationRequired error is raised. 89 90 def proxy_basic_auth(req, res, realm, &block) # :yield: username, password 91 _basic_auth(req, res, realm, "Proxy-Authorization", "Proxy-Authenticate", 92 HTTPStatus::ProxyAuthenticationRequired, block) 93 end 94 end 95end 96