Class: Rack::Auth::Digest::MD5

Inherits:
AbstractHandler show all
Defined in:
lib/rack/auth/digest/md5.rb

Overview

Rack::Auth::Digest::MD5 implements the MD5 algorithm version of HTTP Digest Authentication, as per RFC 2617.

Initialize with the [Rack] application that you want protecting, and a block that looks up a plaintext password for a given username.

opaque needs to be set to a constant base64/hexadecimal string.

Instance Attribute Summary collapse

Attributes inherited from AbstractHandler

#realm

Instance Method Summary collapse

Constructor Details

#initialize(app, realm = nil, opaque = nil, &authenticator) ⇒ MD5


26
27
28
29
30
31
32
33
# File 'lib/rack/auth/digest/md5.rb', line 26

def initialize(app, realm = nil, opaque = nil, &authenticator)
  @passwords_hashed = nil
  if opaque.nil? and realm.respond_to? :values_at
    realm, opaque, @passwords_hashed = realm.values_at :realm, :opaque, :passwords_hashed
  end
  super(app, realm, &authenticator)
  @opaque = opaque
end

Instance Attribute Details

#opaqueObject

Returns the value of attribute opaque


22
23
24
# File 'lib/rack/auth/digest/md5.rb', line 22

def opaque
  @opaque
end

#passwords_hashed=(value) ⇒ Object (writeonly)

Sets the attribute passwords_hashed


24
25
26
# File 'lib/rack/auth/digest/md5.rb', line 24

def passwords_hashed=(value)
  @passwords_hashed = value
end

Instance Method Details

#call(env) ⇒ Object


39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'lib/rack/auth/digest/md5.rb', line 39

def call(env)
  auth = Request.new(env)

  unless auth.provided?
    return unauthorized
  end

  if !auth.digest? || !auth.correct_uri? || !valid_qop?(auth)
    return bad_request
  end

  if valid?(auth)
    if auth.nonce.stale?
      return unauthorized(challenge(stale: true))
    else
      env['REMOTE_USER'] = auth.username

      return @app.call(env)
    end
  end

  unauthorized
end

#passwords_hashed?Boolean


35
36
37
# File 'lib/rack/auth/digest/md5.rb', line 35

def passwords_hashed?
  !!@passwords_hashed
end