Class Index [+]

Quicksearch

Rack::Auth::Digest::MD5

Rack::Auth::Digest::MD5 implements the MD5 algorithm version of HTTP Digest Authentication, as per RFC 2617.

Initialize with the [Rack] application that you want protecting, and a block that looks up a plaintext password for a given username.

opaque needs to be set to a constant base64/hexadecimal string.

Constants

QOP

Attributes

opaque[RW]
passwords_hashed[W]

Public Class Methods

new(app, realm=nil, opaque=nil, &authenticator) click to toggle source
    # File lib/rack/auth/digest/md5.rb, line 24
24:         def initialize(app, realm=nil, opaque=nil, &authenticator)
25:           @passwords_hashed = nil
26:           if opaque.nil? and realm.respond_to? :values_at
27:             realm, opaque, @passwords_hashed = realm.values_at :realm, :opaque, :passwords_hashed
28:           end
29:           super(app, realm, &authenticator)
30:           @opaque = opaque
31:         end

Public Instance Methods

call(env) click to toggle source
    # File lib/rack/auth/digest/md5.rb, line 37
37:         def call(env)
38:           auth = Request.new(env)
39: 
40:           unless auth.provided?
41:             return unauthorized
42:           end
43: 
44:           if !auth.digest? || !auth.correct_uri? || !valid_qop?(auth)
45:             return bad_request
46:           end
47: 
48:           if valid?(auth)
49:             if auth.nonce.stale?
50:               return unauthorized(challenge(:stale => true))
51:             else
52:               env['REMOTE_USER'] = auth.username
53: 
54:               return @app.call(env)
55:             end
56:           end
57: 
58:           unauthorized
59:         end
passwords_hashed?() click to toggle source
    # File lib/rack/auth/digest/md5.rb, line 33
33:         def passwords_hashed?
34:           !!@passwords_hashed
35:         end

Private Instance Methods

A1(auth, password) click to toggle source
     # File lib/rack/auth/digest/md5.rb, line 112
112:         def A1(auth, password)
113:           [ auth.username, auth.realm, password ] * ':'
114:         end
A2(auth) click to toggle source
     # File lib/rack/auth/digest/md5.rb, line 116
116:         def A2(auth)
117:           [ auth.method, auth.uri ] * ':'
118:         end
H(data) click to toggle source
Alias for: md5
KD(secret, data) click to toggle source
     # File lib/rack/auth/digest/md5.rb, line 108
108:         def KD(secret, data)
109:           H([secret, data] * ':')
110:         end
challenge(hash = {}) click to toggle source
    # File lib/rack/auth/digest/md5.rb, line 77
77:         def challenge(hash = {})
78:           "Digest #{params(hash)}"
79:         end
digest(auth, password) click to toggle source
     # File lib/rack/auth/digest/md5.rb, line 120
120:         def digest(auth, password)
121:           password_hash = passwords_hashed? ? password : H(A1(auth, password))
122: 
123:           KD(password_hash, [ auth.nonce, auth.nc, auth.cnonce, QOP, H(A2(auth)) ] * ':')
124:         end
md5(data) click to toggle source
     # File lib/rack/auth/digest/md5.rb, line 102
102:         def md5(data)
103:           ::Digest::MD5.hexdigest(data)
104:         end
Also aliased as: H
params(hash = {}) click to toggle source
    # File lib/rack/auth/digest/md5.rb, line 66
66:         def params(hash = {})
67:           Params.new do |params|
68:             params['realm'] = realm
69:             params['nonce'] = Nonce.new.to_s
70:             params['opaque'] = H(opaque)
71:             params['qop'] = QOP
72: 
73:             hash.each { |k, v| params[k] = v }
74:           end
75:         end
valid?(auth) click to toggle source
    # File lib/rack/auth/digest/md5.rb, line 81
81:         def valid?(auth)
82:           valid_opaque?(auth) && valid_nonce?(auth) && valid_digest?(auth)
83:         end
valid_digest?(auth) click to toggle source
     # File lib/rack/auth/digest/md5.rb, line 97
 97:         def valid_digest?(auth)
 98:           pw = @authenticator.call(auth.username)
 99:           pw && digest(auth, pw) == auth.response
100:         end
valid_nonce?(auth) click to toggle source
    # File lib/rack/auth/digest/md5.rb, line 93
93:         def valid_nonce?(auth)
94:           auth.nonce.valid?
95:         end
valid_opaque?(auth) click to toggle source
    # File lib/rack/auth/digest/md5.rb, line 89
89:         def valid_opaque?(auth)
90:           H(opaque) == auth.opaque
91:         end
valid_qop?(auth) click to toggle source
    # File lib/rack/auth/digest/md5.rb, line 85
85:         def valid_qop?(auth)
86:           QOP == auth.qop
87:         end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.