htauth 1.0.0

data/lib/htauth/md5.rb

@@ -0,0 +1,82 @@
+require 'htauth/algorithm'
+require 'digest/md5'
+
+module HTAuth
+
+    # an implementation of the MD5 based encoding algorithm 
+    # as used in the apache htpasswd -m option
+    class Md5 < Algorithm
+            
+        DIGEST_LENGTH = 16
+
+        def initialize(params = {})
+            @salt = params['salt'] || params[:salt] || gen_salt
+        end
+
+        def prefix
+            "$apr1$"
+        end
+
+        # this algorigthm pulled straight from apr_md5_encode() and converted to ruby syntax
+        def encode(password)
+            primary = ::Digest::MD5.new
+            primary << password
+            primary << prefix
+            primary << @salt
+
+            md5_t = ::Digest::MD5.digest("#{password}#{@salt}#{password}")
+
+            l = password.length
+            while l > 0 do
+                slice_size = ( l > DIGEST_LENGTH ) ? DIGEST_LENGTH : l
+                primary << md5_t[0, slice_size]
+                l -= DIGEST_LENGTH
+            end
+
+            # weirdness
+            l = password.length
+            while l != 0
+                case (l & 1)
+                when 1
+                    primary << 0.chr
+                when 0
+                    primary << password[0,1]
+                end
+                l >>= 1
+            end
+
+            pd = primary.digest
+            
+            encoded_password = "#{prefix}#{@salt}$"
+
+            # apr_md5_encode has this comment about a 60Mhz Pentium above this loop.
+            1000.times do |x|
+                ctx = ::Digest::MD5.new
+                ctx << (( ( x & 1 ) == 1 ) ? password : pd[0,DIGEST_LENGTH])
+                (ctx << @salt) unless ( x % 3 ) == 0
+                (ctx << password) unless ( x % 7 ) == 0
+                ctx << (( ( x & 1 ) == 0 ) ? password : pd[0,DIGEST_LENGTH])
+                pd = ctx.digest
+            end
+
+
+            l = (pd[ 0]<<16) | (pd[ 6]<<8) | pd[12]
+            encoded_password << to_64(l, 4)
+
+            l = (pd[ 1]<<16) | (pd[ 7]<<8) | pd[13]
+            encoded_password << to_64(l, 4)
+
+            l = (pd[ 2]<<16) | (pd[ 8]<<8) | pd[14]
+            encoded_password << to_64(l, 4)
+
+            l = (pd[ 3]<<16) | (pd[ 9]<<8) | pd[15]
+            encoded_password << to_64(l, 4)
+
+            l = (pd[ 4]<<16) | (pd[10]<<8) | pd[ 5]
+            encoded_password << to_64(l, 4)
+            encoded_password << to_64(pd[11],2)
+
+            return encoded_password
+        end
+    end
+end

data/lib/htauth/passwd.rb

@@ -0,0 +1,174 @@
+require 'htauth/passwd_file'
+require 'ostruct'
+require 'optparse'
+
+require 'rubygems'
+require 'highline'
+
+module HTAuth
+    class Passwd
+
+        MAX_PASSWD_LENGTH = 255
+
+        attr_accessor :passwd_file
+
+        def initialize
+            @passwd_file = nil
+        end
+
+        def options
+            if @options.nil? then
+                @options                = ::OpenStruct.new
+                @options.batch_mode     = false
+                @options.file_mode      = File::ALTER
+                @options.passwdfile     = nil
+                @options.algorithm      = Algorithm::EXISTING
+                @options.send_to_stdout = false
+                @options.show_version   = false
+                @options.show_help      = false
+                @options.username       = nil
+                @options.delete_entry   = false
+                @options.password       = ""
+            end
+            @options
+        end
+
+        def option_parser
+            if not @option_parser then
+                @option_parser = OptionParser.new do |op|
+                    op.banner = <<EOB
+Usage: 
+    #{op.program_name} [-cmdpsD] passwordfile username
+    #{op.program_name} -b[cmdpsD] passwordfile username password
+
+    #{op.program_name} -n[mdps] username
+    #{op.program_name} -nb[mdps] username password
+EOB
+
+                    op.separator ""
+
+                    op.on("-b", "--batch", "Batch mode, get the password from the command line, rather than prompt") do |b|
+                        options.batch_mode = b
+                    end
+
+                    op.on("-c", "--create", "Create a new file; this overwrites an existing file.") do |c|
+                        options.file_mode = HTAuth::File::CREATE
+                    end
+                    
+                    op.on("-d", "--crypt", "Force CRYPT encryption of the password (default).") do |c|
+                        options.algorithm = "crypt"
+                    end
+
+                    op.on("-D", "--delete", "Delete the specified user.") do |d|
+                        options.delete_entry = d
+                    end
+
+                    op.on("-h", "--help", "Display this help.") do |h|
+                        options.show_help = h
+                    end
+
+                    op.on("-m", "--md5", "Force MD5 encryption of the password (default on Windows).") do |m|
+                        options.algorithm = "md5"
+                    end
+
+                    op.on("-n", "--stdout", "Do not update the file; Display the results on stdout instead.") do |n|
+                        options.send_to_stdout = true
+                        options.passwdfile     = HTAuth::File::STDOUT_FLAG
+                    end
+                    
+                    op.on("-p", "--plaintext", "Do not encrypt the password (plaintext).") do |p|
+                        options.algorithm = "plaintext"
+                    end
+
+                    op.on("-s", "--sha1", "Force SHA encryption of the password.") do |s|
+                        options.algorithm = "sha1"
+                    end
+
+                    op.on("-v", "--version", "Show version info.") do |v|
+                        options.show_version = v
+                    end
+               end
+            end
+            @option_parser
+        end
+
+        def show_help
+            $stdout.puts option_parser
+            exit 1
+        end
+
+        def show_version
+            $stdout.puts "#{option_parser.program_name}: version #{HTAuth::VERSION}"
+            exit 1
+        end
+
+        def parse_options(argv)
+            begin
+                option_parser.parse!(argv)
+                show_version if options.show_version
+                show_help if options.show_help 
+
+                raise ::OptionParser::ParseError, "Unable to send to stdout AND create a new file" if options.send_to_stdout and (options.file_mode == File::CREATE)
+                raise ::OptionParser::ParseError, "a username is needed" if options.send_to_stdout and argv.size < 1
+                raise ::OptionParser::ParseError, "a username and password are needed" if options.send_to_stdout and options.batch_mode  and ( argv.size < 2 ) 
+                raise ::OptionParser::ParseError, "a passwordfile, username and password are needed " if not options.send_to_stdout and options.batch_mode and ( argv.size < 3 )
+                raise ::OptionParser::ParseError, "a passwordfile and username are needed" if argv.size < 2
+
+                options.passwdfile = argv.shift unless options.send_to_stdout
+                options.username   = argv.shift
+                options.password   = argv.shift if options.batch_mode
+
+            rescue ::OptionParser::ParseError => pe
+                $stderr.puts "ERROR: #{option_parser.program_name} - #{pe}"
+                show_help
+                exit 1
+            end
+        end
+
+        def run(argv)
+            begin
+                parse_options(argv)
+                passwd_file = PasswdFile.new(options.passwdfile, options.file_mode)
+
+                if options.delete_entry then
+                    passwd_file.delete(options.username)
+                else
+                    unless options.batch_mode 
+                        # initialize here so that if $stdin is overwritten it gest picked up
+                        hl = ::HighLine.new
+
+                        action = passwd_file.has_entry?(options.username) ? "Changing" : "Adding"
+
+                        $stdout.puts "#{action} password for #{options.username}."
+
+                        pw_in       = hl.ask("        New password: ") { |q| q.echo = '*' } 
+                        raise PasswordError, "password '#{pw_in}' too long" if pw_in.length >= MAX_PASSWD_LENGTH
+                        
+                        pw_validate = hl.ask("Re-type new password: ") { |q| q.echo = '*' }
+                        raise PasswordError, "They don't match, sorry." unless pw_in == pw_validate
+                        options.password = pw_in
+                    end
+                    passwd_file.add_or_update(options.username, options.password, options.algorithm)
+                end
+
+                passwd_file.save! 
+
+            rescue HTAuth::FileAccessError => fae
+                msg = "Password file failure (#{options.passwdfile}) "
+                $stderr.puts "#{msg}: #{fae.message}"
+                exit 1
+            rescue HTAuth::PasswordError => pe
+                $stderr.puts "#{pe.message}"
+                exit 1
+            rescue HTAuth::PasswdFileError => fe
+                $stderr.puts "#{fe.message}"
+                exit 1
+            rescue SignalException => se
+                $stderr.puts
+                $stderr.puts "Interrupted"
+                exit 1
+            end
+            exit 0
+        end
+    end
+end

data/lib/htauth/passwd_entry.rb

@@ -0,0 +1,97 @@
+
+require 'htauth/entry'
+
+module HTAuth
+    class InvalidPasswdEntry < StandardError ; end
+
+    # A single record in an htdigest file.  
+    class PasswdEntry < Entry
+
+        attr_accessor :user
+        attr_accessor :digest
+        attr_reader   :algorithm
+
+        class << self
+            def from_line(line)
+                parts = is_entry!(line)
+                d = PasswdEntry.new(parts[0])
+                d.digest = parts[1]
+                d.algorithm = Algorithm.algorithms_from_field(parts[1])
+                return d
+            end
+
+            # test if a line is an entry, raise InvalidPasswdEntry if it is not.
+            # an entry must be composed of 2 parts, username:encrypted_password
+            # where username, and password do not contain the ':' character 
+            def is_entry!(line)
+                raise InvalidPasswdEntry, "line commented out" if line =~ /\A#/
+                parts = line.strip.split(":")
+                raise InvalidPasswdEntry, "line must be of the format username:pssword" if parts.size != 2
+                return parts
+            end
+
+            # test if a line is an entry and return true or false
+            def is_entry?(line)
+                begin
+                    is_entry!(line)
+                    return true
+                rescue InvalidPasswdEntry
+                    return false
+                end
+            end
+        end
+
+        def initialize(user, password = "", alg = Algorithm::DEFAULT, alg_params = {} ) 
+            @user      = user
+            alg = Algorithm::DEFAULT if alg == Algorithm::EXISTING 
+            @algorithm = Algorithm.algorithm_from_name(alg, alg_params)
+            @digest    = algorithm.encode(password)
+        end
+
+        def algorithm=(alg)
+            if alg.kind_of?(Array) then
+                if alg.size == 1 then
+                    @algorithm = alg.first
+                else
+                    @algorithm = alg
+                end
+            else
+                @algorithm = Algorithm.algorithm_from_name(alg) unless Algorithm::EXISTING == alg
+            end
+            return @algorithm
+        end
+
+        def password=(new_password)
+            if algorithm.kind_of?(Array) then
+                @algorithm = Algorithm.algorithm_from_name("crypt")
+            end
+            @digest = algorithm.encode(new_password)
+        end
+
+        # check the password and make sure it works, in the case that the algorithm is unknown it
+        # tries all of the ones that it thinks it could be, and marks the algorithm if it matches
+        def authenticated?(check_password)
+            authed = false
+            if algorithm.kind_of?(Array) then
+                algorithm.each do |alg|
+                    if alg.encode(check_password) == digest then
+                        @algorithm = alg
+                        authed = true
+                        break
+                    end
+                end
+            else
+                authed = digest == algorithm.encode(check_password)
+            end
+            return authed
+        end
+
+        def key
+            return "#{user}"
+        end
+
+        def to_s
+            "#{user}:#{digest}"
+        end
+    end
+end

data/lib/htauth/passwd_file.rb

@@ -0,0 +1,86 @@
+require 'stringio'
+require 'tempfile'
+
+require 'htauth/passwd_entry'
+
+module HTAuth
+    class PasswdFileError < StandardError ; end
+
+    # PasswdFile provides API style access to an +htpasswd+ produced file
+    class PasswdFile < HTAuth::File
+
+        ENTRY_KLASS = HTAuth::PasswdEntry
+
+        # does the entry the the specified username and realm exist in the file
+        def has_entry?(username)
+            test_entry = PasswdEntry.new(username)
+            @entries.has_key?(test_entry.key)
+        end
+
+        # remove an entry from the file
+        def delete(username)
+            if has_entry?(username) then 
+                ir = internal_record(username)
+                line_index = ir['line_index']
+                @entries.delete(ir['entry'].key)
+                @lines[line_index] = nil
+                dirty!
+            end
+            nil
+        end
+
+        # add or update an entry as appropriate
+        def add_or_update(username, password, algorithm = Algorithm::DEFAULT)
+            if has_entry?(username) then
+                update(username, password, algorithm)
+            else
+                add(username, password, algorithm)
+            end
+        end
+
+        # add an new record.  raises an error if the entry exists.
+        def add(username, password, algorithm = Algorithm::DEFAULT)
+            raise PasswdFileError, "Unable to add already existing user #{username}" if has_entry?(username)
+            new_entry = PasswdEntry.new(username, password, algorithm)
+            new_index = @lines.size
+            @lines << new_entry.to_s
+            @entries[new_entry.key] = { 'entry' => new_entry, 'line_index' => new_index }
+            dirty!
+            return nil
+        end
+
+        # update an already existing entry with a new password.  raises an error if the entry does not exist
+        def update(username, password, algorithm = Algorithm::EXISTING)
+            raise PasswdFileError, "Unable to update non-existent user #{username}" unless has_entry?(username)
+            ir = internal_record(username)
+            ir['entry'].algorithm = algorithm
+            ir['entry'].password = password
+            @lines[ir['line_index']] = ir['entry'].to_s
+            dirty!
+            return nil
+        end
+
+        # fetches a copy of an entry from the file.  Updateing the entry returned from fetch will NOT
+        # propogate back to the file.
+        def fetch(username)
+            return nil unless has_entry?(username)
+            ir = internal_record(username)
+            return ir['entry'].dup
+        end
+
+        def entry_klass
+            ENTRY_KLASS
+        end
+
+        def file_type
+            "passwd"
+        end
+
+        private
+
+        def internal_record(username)
+            e = PasswdEntry.new(username)
+            @entries[e.key]
+        end
+    end
+end

data/lib/htauth/plaintext.rb

@@ -0,0 +1,18 @@
+require 'htauth/algorithm'
+
+module HTAuth
+
+    # the plaintext algorithm, which does absolutly  nothing
+    class Plaintext < Algorithm
+        # ignore parameters
+        def initialize(params = {}) 
+        end
+        def prefix
+            ""
+        end
+
+        def encode(password)
+            "#{password}"
+        end
+    end
+end

data/lib/htauth/sha1.rb

@@ -0,0 +1,23 @@
+require 'htauth/algorithm'
+require 'digest/sha1'
+require 'base64'
+
+module HTAuth
+
+    # an implementation of the SHA based encoding algorithm 
+    # as used in the apache htpasswd -s option
+    class Sha1 < Algorithm
+        
+        # ignore the params
+        def initialize(params = {}) 
+        end
+
+        def prefix
+            "{SHA}"
+        end
+
+        def encode(password)
+            "#{prefix}#{Base64.encode64(::Digest::SHA1.digest(password)).strip}"
+        end
+    end
+end

data/lib/htauth/specification.rb

@@ -0,0 +1,128 @@
+require 'rubygems'
+require 'rubygems/specification'
+require 'rake'
+
+module HTAuth 
+    # Add some additional items to Gem::Specification
+    # A HTAuth::Specification adds additional pieces of information the
+    # typical gem specification
+    class Specification 
+
+        RUBYFORGE_ROOT = "/var/www/gforge-projects/"
+      
+        # user that accesses remote site
+        attr_accessor :remote_user
+
+        # remote host, default 'rubyforge.org'
+        attr_accessor :remote_host
+
+        # name the rdoc main
+        attr_accessor :rdoc_main
+
+        # local directory in development holding the generated rdoc
+        # default 'doc'
+        attr_accessor :local_rdoc_dir
+
+        # remote directory for storing rdoc, default 'doc'
+        attr_accessor :remote_rdoc_dir
+
+        # local directory for coverage report
+        attr_accessor :local_coverage_dir
+        
+        # remote directory for storing coverage reports
+        # This defaults to 'coverage'
+        attr_accessor :remote_coverage_dir
+
+        # local directory for generated website, default +site/public+
+        attr_accessor :local_site_dir
+       
+        # remote directory relative to +remote_root+ for the website.
+        # website.
+        attr_accessor :remote_site_dir
+
+        # is a .tgz to be created?, default 'true'
+        attr_accessor :need_tar
+
+        # is a .zip to be created, default 'true'
+        attr_accessor :need_zip
+
+
+        def initialize
+            @remote_user = nil
+            @remote_host = "rubyforge.org"
+
+            @rdoc_main              = "README"
+            @local_rdoc_dir         = "doc"
+            @remote_rdoc_dir        = "doc"
+            @local_coverage_dir     = "coverage"
+            @remote_coverage_dir    = "coverage"
+            @local_site_dir         = "site/public"
+            @remote_site_dir        = "."
+            
+            @need_tar   = true
+            @need_zip   = true
+
+            @spec                   = Gem::Specification.new
+
+            yield self if block_given?
+
+            # update rdoc options to take care of the rdoc_main if it is
+            # there, and add a default title if one is not given
+            if not @spec.rdoc_options.include?("--main") then
+                @spec.rdoc_options.concat(["--main", rdoc_main])
+            end
+
+            if not @spec.rdoc_options.include?("--title") then
+                @spec.rdoc_options.concat(["--title","'#{name} -- #{summary}'"])
+            end
+        end
+
+        # if this gets set then it overwrites what would be the
+        # rubyforge default.  If rubyforge project is not set then use
+        # name.  If rubyforge project and name are set, but they are
+        # different then assume that name is a subproject of the
+        # rubyforge project
+        def remote_root 
+            if rubyforge_project.nil? or 
+                rubyforge_project == name then
+                return RUBYFORGE_ROOT + "#{name}/"
+            else
+                return RUBYFORGE_ROOT + "#{rubyforge_project}/#{name}/"
+            end
+        end
+
+        # rdoc files is the same as what would be generated during gem
+        # installation. That is, everything in the require paths plus
+        # the rdoc_extra_files
+        #
+        def rdoc_files 
+            flist = extra_rdoc_files.dup
+            @spec.require_paths.each do |rp|
+                flist << FileList["#{rp}/**/*.rb"]
+            end
+            flist.flatten.uniq
+        end
+
+        # calculate the remote directories
+        def remote_root_location
+            "#{remote_user}@#{remote_host}:#{remote_root}"
+        end
+           
+        def remote_rdoc_location
+            remote_root_location + @remote_rdoc_dir
+        end
+
+        def remote_coverage_location
+            remote_root_loation + @remote_coverage_dir
+        end
+
+        def remote_site_location
+            remote_root_location + @remote_site_dir
+        end
+
+        # we delegate any other calls to spec
+        def method_missing(method_id,*params,&block)
+            @spec.send method_id, *params, &block
+        end
+    end
+end

data/lib/htauth/version.rb

@@ -0,0 +1,18 @@
+module HTAuth
+    class Version
+        MAJOR   = 1
+        MINOR   = 0
+        BUILD   = 0
+
+        class << self
+            def to_a
+                [MAJOR, MINOR, BUILD]
+            end
+
+            def to_s
+                to_a.join(".")
+            end
+        end
+    end
+    VERSION = Version.to_s
+end

data/lib/htauth.rb

@@ -0,0 +1,27 @@
+module HTAuth
+    
+    ROOT_DIR        = ::File.expand_path(::File.join(::File.dirname(__FILE__),".."))
+    LIB_DIR         = ::File.join(ROOT_DIR,"lib").freeze
+
+    # 
+    # Utility method to require all files ending in .rb in the directory
+    # with the same name as this file minus .rb
+    #
+    def require_all_libs_relative_to(fname)
+        prepend   = ::File.basename(fname,".rb")
+        search_me = ::File.join(::File.dirname(fname),prepend)
+     
+        Dir.entries(search_me).each do |rb|
+            if ::File.extname(rb) == ".rb" then
+                require "#{prepend}/#{::File.basename(rb,".rb")}"
+            end
+        end
+    end 
+    module_function :require_all_libs_relative_to
+
+    class FileAccessError < StandardError ; end
+    class TempFileError < StandardError ; end
+    class PasswordError < StandardError ; end
+end
+
+HTAuth.require_all_libs_relative_to(__FILE__)

data/spec/crypt_spec.rb

@@ -0,0 +1,18 @@
+
+require File.join(File.dirname(__FILE__),"spec_helper.rb")
+
+require 'htauth/crypt'
+
+describe HTAuth::Crypt do
+    it "has a prefix" do
+        HTAuth::Crypt.new.prefix.should == ""
+    end
+
+    it "encrypts the same way that apache does" do
+        apache_salt = "L0LDd/.."
+        apache_result = "L0ekWYm59LT1M"
+        crypt = HTAuth::Crypt.new({ :salt => apache_salt} )
+        crypt.encode("a secret").should == apache_result
+    end
+end
+