Method: WEBrick::HTTPAuth::BasicAuth#authenticate
- Defined in:
- lib/webrick/httpauth/basicauth.rb
#authenticate(req, res) ⇒ Object
Authenticates a req and returns a 401 Unauthorized using res if the authentication was not correct.
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/webrick/httpauth/basicauth.rb', line 70 def authenticate(req, res) unless basic_credentials = check_scheme(req) challenge(req, res) end userid, password = basic_credentials.unpack("m*")[0].split(":", 2) password ||= "" if userid.empty? error("user id was not given.") challenge(req, res) end unless encpass = @userdb.get_passwd(@realm, userid, @reload_db) error("%s: the user is not allowed.", userid) challenge(req, res) end case encpass when /\A\$2[aby]\$/ password_matches = BCrypt::Password.new(encpass.sub(/\A\$2[aby]\$/, '$2a$')) == password else password_matches = password.crypt(encpass) == encpass end unless password_matches error("%s: password unmatch.", userid) challenge(req, res) end info("%s: authentication succeeded.", userid) req.user = userid end |