Class: BasicAuth::Htpasswd

Inherits:
Object
  • Object
show all
Defined in:
lib/basic_auth/htpasswd.rb

Constant Summary collapse

@@data = 
nil

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(path, realm = nil) ⇒ Htpasswd 



33
34
35
36
 
# File 'lib/basic_auth/htpasswd.rb', line 33

def initialize(path, realm=nil)
  @path = path
  @realm = realm
end

Instance Attribute Details

#pathObject

Returns the value of attribute path.



30
31
32
 
# File 'lib/basic_auth/htpasswd.rb', line 30

def path
  @path
end

#realmObject

Returns the value of attribute realm.



31
32
33
 
# File 'lib/basic_auth/htpasswd.rb', line 31

def realm
  @realm
end

Class Method Details

._to64(v, n) ⇒ Object 



114
115
116
117
118
119
120
121
122
 
# File 'lib/basic_auth/htpasswd.rb', line 114

def Htpasswd._to64(v, n)
  chars = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
  output = ""
  n.times do
    output << chars[v & 0x3f]
    v >>= 6
  end
  output
end

.crypt_md5(pass, salt) ⇒ Object 



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/basic_auth/htpasswd.rb', line 77

def Htpasswd.crypt_md5(pass, salt)
  ctx = Digest::MD5.new.update("#{pass}$apr1$#{salt}")
  final = Digest::MD5.new.update("#{pass}#{salt}#{pass}").digest!.bytes

  l = pass.length
  while l > 0
    ctx.update(final[0 .. (l > 16 ? 16 : l) - 1].pack("C*"))
    l -= 16
  end

  l = pass.length
  while l > 0
    ctx.update(l % 2 != 0 ? "\0" : pass[0])
    l >>= 1
  end

  final = ctx.digest!

  1000.times do |i|
    ctx = Digest::MD5.new
    ctx.update(i % 2 != 0 ? pass : final)
    ctx.update(salt) if i % 3 != 0
    ctx.update(pass) if i % 7 != 0
    ctx.update(i % 2 != 0 ? final : pass)
    final = ctx.digest!
  end

  final = final.bytes
  hash = ""
  for a, b, c in [[0, 6, 12], [1, 7, 13], [2, 8, 14], [3, 9, 15], [4, 10, 5]]
    hash << _to64(final[a] << 16 | final[b] << 8 | final[c], 4)
  end
  hash << _to64(final[11], 2)

  "$apr1$#{salt}$#{hash}"
end

.crypt_sha1(pass) ⇒ Object 



124
125
126
 
# File 'lib/basic_auth/htpasswd.rb', line 124

def Htpasswd.crypt_sha1(pass)
  "{SHA}" + [Digest::SHA1.new.update(pass).digest!].pack("m").chomp
end

.validate(pass, hash) ⇒ Object 



128
129
130
131
132
133
134
135
136
137
 
# File 'lib/basic_auth/htpasswd.rb', line 128

def Htpasswd.validate(pass, hash)
  if /^\$apr1\$(.*)\$/.match(hash)
    encoded = crypt_md5(pass, $1)
  elsif /^{SHA}/.match(hash)
    encoded = crypt_sha1(pass)
  else
    raise "crypt-style password hash is not supported"
  end
  return encoded == hash
end

Instance Method Details

#call(env) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/basic_auth/htpasswd.rb', line 38

def call(env)
  if /\/\.ht/.match(env['PATH_INFO'])
    return [ 404, { "Content-Type" => "text/plain" }, [ "not found" ] ]
  end
  auth = env['HTTP_AUTHORIZATION'] # Example: Basic dXNlcjpwYXNz
  # dXNlcjpwYXNz is base64 encoded
  if auth
    method, cred = *auth.split(' ')
    if method.casecmp("basic") == 0
      user, pass = cred.unpack("m")[0].split(':', 2)
      begin
        if validate(user, pass)
          return true
        end
      rescue => e
        $stderr.puts "failed to validate password using file:#{@path}:#{e.message}"
        return false
      end
    end
  end
  false
end

#dataObject 



72
73
74
75
 
# File 'lib/basic_auth/htpasswd.rb', line 72

def data
  return @@data if @@data && !ENV['BASIC_AUTH_NO_CACHE']
  @@data = File.readlines(@path)
end

#validate(user, pass) ⇒ Object 



61
62
63
64
65
66
67
68
69
 
# File 'lib/basic_auth/htpasswd.rb', line 61

def validate(user, pass)
  data.each do |line|
    line_user, hash = line.chomp.split(':', 2)
    if user == line_user && self.class.validate(pass, hash)
      return true
    end
  end
  return false
end