Class: HTTPAuth::Digest::Challenge

Inherits:

AbstractHeader

• Object
• AbstractHeader
• HTTPAuth::Digest::Challenge

Defined in:

lib/httpauth/digest.rb

Overview

The Challenge class handlers the WWW-Authenticate header. The WWW-Authenticate header is sent by a server when accessing a resource without credentials is prohibided. The header should always be sent together with a 401 status.

See the Digest module for examples

Instance Attribute Summary

Attributes inherited from AbstractHeader

#h

Class Method Summary

• .from_header(challenge, options = {}) ⇒ Object

  Parses the information from a WWW-Authenticate header and creates a new WWW-Authenticate instance with this data.

Instance Method Summary

• #initialize(h, options = {}) ⇒ Challenge constructor

  Create a new instance.

• #to_header ⇒ Object

  Encodes directives and returns a string that can be used as the WWW-Authenticate header.

Methods inherited from AbstractHeader

#method_missing

Constructor Details

#initialize(h, options = {}) ⇒ Challenge

Create a new instance.

• h: A Hash with directives, normally this is filled with directives coming from a Challenge instance.

• options: Use to set of override data from the WWW-Authenticate header

  • :realm: The name of the realm the client should authenticate for. The RFC suggests to use a string like ‘admin@yourhost.domain.com’. Be sure to use a reasonably long string to avoid brute force attacks.

  • :qop: A list with supported qop values. For example: ['auth-int']. This will default to ['auth']. Although this implementation supports both auth and auth-int, most implementations don’t. Some implementations get confused when they receive anything but ‘auth’. For maximum compatibility you should leave this setting alone.

  • :algorithm: The preferred algorithm for calculating the digest. For example: 'MD5-sess'. This will default to 'MD5'. For maximum compatibility you should leave this setting alone.

# File 'lib/httpauth/digest.rb', line 439

def initialize(h, options = {})
  @h = h
  @h.merge! options
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class HTTPAuth::Digest::AbstractHeader

Class Method Details

.from_header(challenge, options = {}) ⇒ Object

Parses the information from a WWW-Authenticate header and creates a new WWW-Authenticate instance with this data.

• challenge: The contents of a WWW-Authenticate header

See initialize for valid options.

# File 'lib/httpauth/digest.rb', line 421

def self.from_header(challenge, options = {})
  new Utils.decode_directives(challenge, :challenge), options
end

Instance Method Details

#to_header ⇒ Object

Encodes directives and returns a string that can be used as the WWW-Authenticate header

# File 'lib/httpauth/digest.rb', line 445

def to_header
  @h[:nonce] ||= Utils.create_nonce @h[:salt]
  @h[:opaque] ||= Utils.create_opaque
  @h[:algorithm] ||= HTTPAuth::PREFERRED_ALGORITHM
  @h[:qop] ||= [HTTPAuth::PREFERRED_QOP]
  Utils.encode_directives Utils.filter_h_on(@h,
                                            [:realm, :domain, :nonce, :opaque, :stale, :algorithm, :qop]), :challenge
end