Class HTTPAuth::Digest::Credentials
In: lib/httpauth/digest.rb
Parent: AbstractHeader

The Credentials class handlers the Authorize header. The Authorize header is sent by a client who wants to let the server know he has the credentials needed to access a resource.

See the Digest module for examples

Methods

Public Class methods

Creates a new Credential instance based on a Challenge instance.

See initialize for valid options.

[Source]

     # File lib/httpauth/digest.rb, line 292
292:       def self.from_challenge(challenge, options={})
293:         credentials = new challenge.h
294:         credentials.update_from_challenge! options
295:         credentials
296:       end

Parses the information from a Authorize header and create a new Credentials instance with the information. The options hash allows you to specify additional information.

  • authorization: The contents of the Authorize header

See initialize for valid options.

[Source]

     # File lib/httpauth/digest.rb, line 284
284:       def self.from_header(authorization, options={})
285:         new Utils.decode_directives(authorization, :credentials), options
286:       end

Create a new instance.

  • h: A Hash with directives, normally this is filled with the directives coming from a Challenge instance.
  • options: Used to set or override data from the Authorize header and add additional parameters.
    • :username: Mostly set by a client to send the username
    • :password: Mostly set by a client to send the password, set either this or the digest
    • :digest: Mostly set by a client to send a digest, set either this or the digest. For more information about digests see Digest.
    • :uri: Mostly set by the client to send the uri
    • :method: The HTTP Method used by the client to send the request, this should be an uppercase string with the name of the verb.

[Source]

     # File lib/httpauth/digest.rb, line 309
309:       def initialize(h, options={})
310:         @h = h
311:         @h.merge! options
312:         session = Session.new h[:opaque], :tmpdir => options[:tmpdir]
313:         @s = session.load
314:         @reason = 'There has been no validation yet'
315:       end

Public Instance methods

Returns a string with the reason validate returned false.

[Source]

     # File lib/httpauth/digest.rb, line 355
355:       def reason
356:         @reason
357:       end

Encodeds directives and returns a string that can be used in the Authorize header

[Source]

     # File lib/httpauth/digest.rb, line 360
360:       def to_header        
361:         Utils.encode_directives Utils.filter_h_on(@h,
362:           [:username, :realm, :nonce, :uri, :response, :algorithm, :cnonce, :opaque, :qop, :nc]), :credentials
363:       end

Updates @h from options, generally called after an instance was created with from_challenge.

[Source]

     # File lib/httpauth/digest.rb, line 366
366:       def update_from_challenge!(options)
367:         # TODO: integrity checks
368:         @h[:username] = options[:username]
369:         @h[:password] = options[:password]
370:         @h[:digest] = options[:digest]
371:         @h[:uri] = options[:uri]
372:         @h[:method] = options[:method]
373:         @h[:request_body] = options[:request_body]
374:         unless @h[:qop].nil?
375:           # Determine the QOP 
376:           if !options[:qop].nil? and @h[:qop].include?(options[:qop])
377:             @h[:qop] = options[:qop]
378:           elsif @h[:qop].include?(HTTPAuth::PREFERRED_QOP)
379:             @h[:qop] = HTTPAuth::PREFERRED_QOP
380:           else
381:             qop = @h[:qop].detect { |qop| HTTPAuth::SUPPORTED_QOPS.include? qop }
382:             unless qop.nil?
383:               @h[:qop] = qop
384:             else
385:               raise UnsupportedError.new("HTTPAuth doesn't support any of the proposed qop values: #{@h[:qop].inspect}")
386:             end
387:           end
388:           @h[:cnonce] ||= Utils.create_nonce options[:salt]
389:           @h[:nc] ||= 1 unless @h[:qop].nil?
390:         end
391:         @h[:response] = Utils.calculate_digest(@h, @s, :request)
392:       end

Validates the credential information stored in the Credentials instance. Returns true or false. You can read the ue

  • options: The extra options needed to validate the credentials. A server implementation should provide the :method and a :password or :digest.
    • :method: The HTTP Verb in uppercase, ie. GET or POST.
    • :password: The password for the sent username and realm, either a password or digest should be provided.
    • :digest: The digest for the specified username and realm, either a digest or password should ne provided.

[Source]

     # File lib/httpauth/digest.rb, line 339
339:       def validate(options)
340:         ho = @h.merge(options)
341:         raise ArgumentError.new("You have to set the :request_body value if you want to use :qop => 'auth-int'") if @h[:qop] == 'auth-int' and ho[:request_body].nil?
342:         raise ArgumentError.new("Please specify the request method :method (ie. GET)") if ho[:method].nil?
343:         
344:         calculated_response = Utils.calculate_digest(ho, @s, :request)
345:         if ho[:response] == calculated_response
346:           @reason = ''
347:           return true
348:         else
349:           @reason = "Response isn't the same as computed response #{ho[:response]} != #{calculated_response} for #{ho.inspect}"
350:         end
351:         false
352:       end

Convenience method, basically an alias for validate(options.merge(:digest => digest))

[Source]

     # File lib/httpauth/digest.rb, line 324
324:       def validate_digest(digest, options={})
325:         options[:digest] = digest
326:         validate(options)
327:       end

Convenience method, basically an alias for validate(options.merge(:password => password))

[Source]

     # File lib/httpauth/digest.rb, line 318
318:       def validate_password(password, options={})
319:         options[:password] = password
320:         validate(options)
321:       end

[Validate]