Class: HTTPClient::WWWAuth

Inherits:
AuthFilterBase show all
Defined in:
lib/httpclient/auth.rb

Overview

Authentication filter for handling authentication negotiation between Web server. Parses 'WWW-Authentication' header in response and generates 'Authorization' header in request.

Authentication filter is implemented using request filter of HTTPClient. It traps HTTP response header and maintains authentication state, and traps HTTP request header for inserting necessary authentication header.

WWWAuth has sub filters (BasicAuth, DigestAuth, NegotiateAuth and SSPINegotiateAuth) and delegates some operations to it. NegotiateAuth requires 'ruby/ntlm' module (rubyntlm gem). SSPINegotiateAuth requires 'win32/sspi' module (rubysspi gem).

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeWWWAuth

Creates new WWWAuth.



66
67
68
69
70
71
72
73
74
75
# File 'lib/httpclient/auth.rb', line 66

def initialize
  @basic_auth = BasicAuth.new
  @digest_auth = DigestAuth.new
  @negotiate_auth = NegotiateAuth.new
  @ntlm_auth = NegotiateAuth.new('NTLM')
  @sspi_negotiate_auth = SSPINegotiateAuth.new
  @oauth = OAuth.new
  # sort authenticators by priority
  @authenticator = [@oauth, @negotiate_auth, @ntlm_auth, @sspi_negotiate_auth, @digest_auth, @basic_auth]
end

Instance Attribute Details

#basic_authObject (readonly)

Returns the value of attribute basic_auth



59
60
61
# File 'lib/httpclient/auth.rb', line 59

def basic_auth
  @basic_auth
end

#digest_authObject (readonly)

Returns the value of attribute digest_auth



60
61
62
# File 'lib/httpclient/auth.rb', line 60

def digest_auth
  @digest_auth
end

#negotiate_authObject (readonly)

Returns the value of attribute negotiate_auth



61
62
63
# File 'lib/httpclient/auth.rb', line 61

def negotiate_auth
  @negotiate_auth
end

#oauthObject (readonly)

Returns the value of attribute oauth



63
64
65
# File 'lib/httpclient/auth.rb', line 63

def oauth
  @oauth
end

#sspi_negotiate_authObject (readonly)

Returns the value of attribute sspi_negotiate_auth



62
63
64
# File 'lib/httpclient/auth.rb', line 62

def sspi_negotiate_auth
  @sspi_negotiate_auth
end

Instance Method Details

#filter_request(req) ⇒ Object

Filter API implementation. Traps HTTP request and insert 'Authorization' header if needed.



94
95
96
97
98
99
100
101
102
# File 'lib/httpclient/auth.rb', line 94

def filter_request(req)
  @authenticator.each do |auth|
    next unless auth.set? # hasn't be set, don't use it
    if cred = auth.get(req)
      req.header.set('Authorization', auth.scheme + " " + cred)
      return
    end
  end
end

#filter_response(req, res) ⇒ Object

Filter API implementation. Traps HTTP response and parses 'WWW-Authenticate' header.

This remembers the challenges for all authentication methods available to the client. On the subsequent retry of the request, filter_request will select the strongest method.



110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# File 'lib/httpclient/auth.rb', line 110

def filter_response(req, res)
  command = nil
  if res.status == HTTP::Status::UNAUTHORIZED
    if challenge = parse_authentication_header(res, 'www-authenticate')
      uri = req.header.request_uri
      challenge.each do |scheme, param_str|
        @authenticator.each do |auth|
          next unless auth.set? # hasn't be set, don't use it
          if scheme.downcase == auth.scheme.downcase
            challengeable = auth.challenge(uri, param_str)
            command = :retry if challengeable
          end
        end
      end
      # ignore unknown authentication scheme
    end
  end
  command
end

#reset_challengeObject

Resets challenge state. See sub filters for more details.



78
79
80
81
82
# File 'lib/httpclient/auth.rb', line 78

def reset_challenge
  @authenticator.each do |auth|
    auth.reset_challenge
  end
end

#set_auth(uri, user, passwd) ⇒ Object

Set authentication credential. See sub filters for more details.



85
86
87
88
89
90
# File 'lib/httpclient/auth.rb', line 85

def set_auth(uri, user, passwd)
  @authenticator.each do |auth|
    auth.set(uri, user, passwd)
  end
  reset_challenge
end