Rack::Auth::Digest::MD5 implements the MD5 algorithm version of HTTP Digest Authentication, as per RFC 2617.
Initialize with the [Rack] application that you want protecting, and a block that looks up a plaintext password for a given username.
opaque needs to be set to a constant base64/hexadecimal string.
# File lib/rack/auth/digest/md5.rb, line 24 24: def initialize(app, realm=nil, opaque=nil, &authenticator) 25: @passwords_hashed = nil 26: if opaque.nil? and realm.respond_to? :values_at 27: realm, opaque, @passwords_hashed = realm.values_at :realm, :opaque, :passwords_hashed 28: end 29: super(app, realm, &authenticator) 30: @opaque = opaque 31: end
# File lib/rack/auth/digest/md5.rb, line 37 37: def call(env) 38: auth = Request.new(env) 39: 40: unless auth.provided? 41: return unauthorized 42: end 43: 44: if !auth.digest? || !auth.correct_uri? || !valid_qop?(auth) 45: return bad_request 46: end 47: 48: if valid?(auth) 49: if auth.nonce.stale? 50: return unauthorized(challenge(:stale => true)) 51: else 52: env['REMOTE_USER'] = auth.username 53: 54: return @app.call(env) 55: end 56: end 57: 58: unauthorized 59: end
# File lib/rack/auth/digest/md5.rb, line 112 112: def A1(auth, password) 113: [ auth.username, auth.realm, password ] * ':' 114: end
# File lib/rack/auth/digest/md5.rb, line 116 116: def A2(auth) 117: [ auth.method, auth.uri ] * ':' 118: end
# File lib/rack/auth/digest/md5.rb, line 108 108: def KD(secret, data) 109: H([secret, data] * ':') 110: end
# File lib/rack/auth/digest/md5.rb, line 77 77: def challenge(hash = {}) 78: "Digest #{params(hash)}" 79: end
# File lib/rack/auth/digest/md5.rb, line 120 120: def digest(auth, password) 121: password_hash = passwords_hashed? ? password : H(A1(auth, password)) 122: 123: KD(password_hash, [ auth.nonce, auth.nc, auth.cnonce, QOP, H(A2(auth)) ] * ':') 124: end
# File lib/rack/auth/digest/md5.rb, line 102 102: def md5(data) 103: ::Digest::MD5.hexdigest(data) 104: end
# File lib/rack/auth/digest/md5.rb, line 66 66: def params(hash = {}) 67: Params.new do |params| 68: params['realm'] = realm 69: params['nonce'] = Nonce.new.to_s 70: params['opaque'] = H(opaque) 71: params['qop'] = QOP 72: 73: hash.each { |k, v| params[k] = v } 74: end 75: end
# File lib/rack/auth/digest/md5.rb, line 81 81: def valid?(auth) 82: valid_opaque?(auth) && valid_nonce?(auth) && valid_digest?(auth) 83: end
# File lib/rack/auth/digest/md5.rb, line 97 97: def valid_digest?(auth) 98: pw = @authenticator.call(auth.username) 99: pw && digest(auth, pw) == auth.response 100: end
# File lib/rack/auth/digest/md5.rb, line 93 93: def valid_nonce?(auth) 94: auth.nonce.valid? 95: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.