Class: HTTPClient::NegotiateAuth

Inherits:

Object

• Object
• HTTPClient::NegotiateAuth

Defined in:

lib/httpclient/auth.rb

Overview

Authentication filter for handling Negotiate/NTLM negotiation. Used in WWWAuth and ProxyAuth.

NegotiateAuth depends on ‘ruby/ntlm’ module.

Instance Attribute Summary

• #ntlm_opt ⇒ Object readonly

  NTLM opt for ruby/ntlm.

• #scheme ⇒ Object readonly

  Authentication scheme.

Instance Method Summary

• #challenge(uri, param_str) ⇒ Object

  Challenge handler: remember URL and challenge token for response.

• #get(req) ⇒ Object

  Response handler: returns credential.

• #initialize(scheme = "Negotiate") ⇒ NegotiateAuth constructor

  Creates new NegotiateAuth filter.

• #reset_challenge ⇒ Object

  Resets challenge state.

• #set(uri, user, passwd) ⇒ Object

  Set authentication credential.

• #set? ⇒ Boolean

  have we marked this as set - ie that it’s valid to use in this context?.

Constructor Details

#initialize(scheme = "Negotiate") ⇒ NegotiateAuth

Creates new NegotiateAuth filter.

# File 'lib/httpclient/auth.rb', line 418

def initialize(scheme = "Negotiate")
  @auth = {}
  @auth_default = nil
  @challenge = {}
  @scheme = scheme
  @set = false
  @ntlm_opt = {
    :ntlmv2 => true
  }
end

Instance Attribute Details

#ntlm_opt ⇒ Object (readonly)

NTLM opt for ruby/ntlm. => true by default.

# File 'lib/httpclient/auth.rb', line 415

def ntlm_opt
  @ntlm_opt
end

#scheme ⇒ Object (readonly)

Authentication scheme.

# File 'lib/httpclient/auth.rb', line 413

def scheme
  @scheme
end

Instance Method Details

#challenge(uri, param_str) ⇒ Object

Challenge handler: remember URL and challenge token for response.

# File 'lib/httpclient/auth.rb', line 489

def challenge(uri, param_str)
  return false unless NTLMEnabled
  if param_str.nil? or @challenge[uri].nil?
    c = @challenge[uri] = {}
    c[:state] = :init
    c[:authphrase] = ""
  else
    c = @challenge[uri]
    c[:state] = :response
    c[:authphrase] = param_str
  end
  true
end

#get(req) ⇒ Object

Response handler: returns credential. See ruby/ntlm for negotiation state transition.

# File 'lib/httpclient/auth.rb', line 454

def get(req)
  return nil unless NTLMEnabled
  target_uri = req.header.request_uri
  domain_uri, param = @challenge.find { |uri, v|
    Util.uri_part_of(target_uri, uri)
  }
  return nil unless param
  user, passwd = Util.hash_find_value(@auth) { |uri, auth_data|
    Util.uri_part_of(target_uri, uri)
  }
  unless user
    user, passwd = @auth_default
  end
  return nil unless user
  domain = nil
  domain, user = user.split("\\") if user.index("\\")
  state = param[:state]
  authphrase = param[:authphrase]
  case state
  when :init
    t1 = Net::NTLM::Message::Type1.new
    t1.domain = domain if domain
    return t1.encode64
  when :response
    t2 = Net::NTLM::Message.decode64(authphrase)
    param = {:user => user, :password => passwd}
    param[:domain] = domain if domain
    t3 = t2.response(param, @ntlm_opt.dup)
    @challenge.delete(domain_uri)
    return t3.encode64
  end
  nil
end

#reset_challenge ⇒ Object

Resets challenge state. Do not send ‘*Authorization’ header until the server sends ‘*Authentication’ again.

# File 'lib/httpclient/auth.rb', line 431

def reset_challenge
  @challenge.clear
end

#set(uri, user, passwd) ⇒ Object

Set authentication credential. uri == nil for generic purpose (allow to use user/password for any URL).

# File 'lib/httpclient/auth.rb', line 437

def set(uri, user, passwd)
  @set = true
  if uri
    uri = Util.uri_dirname(uri)
    @auth[uri] = [user, passwd]
  else
    @auth_default = [user, passwd]
  end
end

#set? ⇒ Boolean

have we marked this as set - ie that it’s valid to use in this context?

Returns:

• (Boolean)

# File 'lib/httpclient/auth.rb', line 448

def set?
  @set == true
end