Class: HTTPClient::NegotiateAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/httpclient/auth.rb

Overview

Authentication filter for handling Negotiate/NTLM negotiation. Used in WWWAuth and ProxyAuth.

NegotiateAuth depends on ‘ruby/ntlm’ module.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(scheme = "Negotiate") ⇒ NegotiateAuth

Creates new NegotiateAuth filter.



387
388
389
390
391
392
393
394
395
 
# File 'lib/httpclient/auth.rb', line 387

def initialize(scheme = "Negotiate")
  @auth = {}
  @auth_default = nil
  @challenge = {}
  @scheme = scheme
  @ntlm_opt = {
    :ntlmv2 => true
  }
end

Instance Attribute Details

#ntlm_optObject (readonly)

NTLM opt for ruby/ntlm. => true by default.



384
385
386
 
# File 'lib/httpclient/auth.rb', line 384

def ntlm_opt
  @ntlm_opt
end

#schemeObject (readonly)

Authentication scheme.



382
383
384
 
# File 'lib/httpclient/auth.rb', line 382

def scheme
  @scheme
end

Instance Method Details

#challenge(uri, param_str) ⇒ Object

Challenge handler: remember URL and challenge token for response.



446
447
448
449
450
451
452
453
454
455
456
457
458
 
# File 'lib/httpclient/auth.rb', line 446

def challenge(uri, param_str)
  return false unless NTLMEnabled
  if param_str.nil? or @challenge[uri].nil?
    c = @challenge[uri] = {}
    c[:state] = :init
    c[:authphrase] = ""
  else
    c = @challenge[uri]
    c[:state] = :response
    c[:authphrase] = param_str
  end
  true
end

#get(req) ⇒ Object

Response handler: returns credential. See ruby/ntlm for negotiation state transition.



416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
 
# File 'lib/httpclient/auth.rb', line 416

def get(req)
  return nil unless NTLMEnabled
  target_uri = req.header.request_uri
  domain_uri, param = @challenge.find { |uri, v|
    Util.uri_part_of(target_uri, uri)
  }
  return nil unless param
  user, passwd = Util.hash_find_value(@auth) { |uri, auth_data|
    Util.uri_part_of(target_uri, uri)
  }
  unless user
    user, passwd = @auth_default
  end
  return nil unless user
  state = param[:state]
  authphrase = param[:authphrase]
  case state
  when :init
    t1 = Net::NTLM::Message::Type1.new
    return t1.encode64
  when :response
    t2 = Net::NTLM::Message.decode64(authphrase)
    t3 = t2.response({:user => user, :password => passwd}, @ntlm_opt.dup)
    @challenge.delete(domain_uri)
    return t3.encode64
  end
  nil
end

#reset_challengeObject

Resets challenge state. Do not send ‘*Authorization’ header until the server sends ‘*Authentication’ again.



399
400
401
 
# File 'lib/httpclient/auth.rb', line 399

def reset_challenge
  @challenge.clear
end

#set(uri, user, passwd) ⇒ Object

Set authentication credential. uri == nil for generic purpose (allow to use user/password for any URL).



405
406
407
408
409
410
411
412
 
# File 'lib/httpclient/auth.rb', line 405

def set(uri, user, passwd)
  if uri
    uri = Util.uri_dirname(uri)
    @auth[uri] = [user, passwd]
  else
    @auth_default = [user, passwd]
  end
end