Class: HTTPClient::NegotiateAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/httpclient/auth.rb

Overview

Authentication filter for handling Negotiate/NTLM negotiation. Used in WWWAuth and ProxyAuth.

NegotiateAuth depends on 'ruby/ntlm' module.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(scheme = "Negotiate") ⇒ NegotiateAuth

Creates new NegotiateAuth filter.


486
487
488
489
490
491
492
493
494
495
# File 'lib/httpclient/auth.rb', line 486

def initialize(scheme = "Negotiate")
  @auth = {}
  @auth_default = nil
  @challenge = {}
  @scheme = scheme
  @set = false
  @ntlm_opt = {
    :ntlmv2 => true
  }
end

Instance Attribute Details

#ntlm_optObject (readonly)

NTLM opt for ruby/ntlm. => true by default.


483
484
485
# File 'lib/httpclient/auth.rb', line 483

def ntlm_opt
  @ntlm_opt
end

#schemeObject (readonly)

Authentication scheme.


481
482
483
# File 'lib/httpclient/auth.rb', line 481

def scheme
  @scheme
end

Instance Method Details

#challenge(uri, param_str) ⇒ Object

Challenge handler: remember URL and challenge token for response.


557
558
559
560
561
562
563
564
565
566
567
568
569
# File 'lib/httpclient/auth.rb', line 557

def challenge(uri, param_str)
  return false unless NTLMEnabled
  if param_str.nil? or @challenge[uri].nil?
    c = @challenge[uri] = {}
    c[:state] = :init
    c[:authphrase] = ""
  else
    c = @challenge[uri]
    c[:state] = :response
    c[:authphrase] = param_str
  end
  true
end

#get(req) ⇒ Object

Response handler: returns credential. See ruby/ntlm for negotiation state transition.


522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
# File 'lib/httpclient/auth.rb', line 522

def get(req)
  return nil unless NTLMEnabled
  target_uri = req.header.request_uri
  domain_uri, param = @challenge.find { |uri, v|
    Util.uri_part_of(target_uri, uri)
  }
  return nil unless param
  user, passwd = Util.hash_find_value(@auth) { |uri, auth_data|
    Util.uri_part_of(target_uri, uri)
  }
  unless user
    user, passwd = @auth_default
  end
  return nil unless user
  domain = nil
  domain, user = user.split("\\") if user.index("\\")
  state = param[:state]
  authphrase = param[:authphrase]
  case state
  when :init
    t1 = Net::NTLM::Message::Type1.new
    t1.domain = domain if domain
    return t1.encode64
  when :response
    t2 = Net::NTLM::Message.decode64(authphrase)
    param = {:user => user, :password => passwd}
    param[:domain] = domain if domain
    t3 = t2.response(param, @ntlm_opt.dup)
    @challenge.delete(domain_uri)
    return t3.encode64
  end
  nil
end

#reset_challengeObject

Resets challenge state. Do not send '*Authorization' header until the server sends '*Authentication' again.


499
500
501
# File 'lib/httpclient/auth.rb', line 499

def reset_challenge
  @challenge.clear
end

#set(uri, user, passwd) ⇒ Object

Set authentication credential. uri == nil for generic purpose (allow to use user/password for any URL).


505
506
507
508
509
510
511
512
513
# File 'lib/httpclient/auth.rb', line 505

def set(uri, user, passwd)
  @set = true
  if uri
    uri = Util.uri_dirname(uri)
    @auth[uri] = [user, passwd]
  else
    @auth_default = [user, passwd]
  end
end

#set?Boolean

have we marked this as set - ie that it's valid to use in this context?

Returns:

  • (Boolean)

516
517
518
# File 'lib/httpclient/auth.rb', line 516

def set?
  @set == true
end