htauth 2.2.0 → 3.0.0

data/lib/htauth/cli/digest.rb

@@ -1,16 +1,14 @@
-require 'htauth/version'
-require 'htauth/error'
-require 'htauth/digest_file'
-require 'htauth/console'
+# frozen_string_literal: true
 
-require 'ostruct'
-require 'optparse'
+require "htauth/cli"
+
+require "ostruct"
+require "optparse"
 
 module HTAuth
   module CLI
     # Internal: Implemenation of the commandline htdigest-ruby
     class Digest
-
       MAX_PASSWD_LENGTH = 255
 
       attr_accessor :digest_file
@@ -22,7 +20,7 @@ module HTAuth
       end
 
       def options
-        if @options.nil? then
+        if @options.nil?
           @options                = ::OpenStruct.new
           @options.show_version   = false
           @options.show_help      = false
@@ -36,24 +34,22 @@ module HTAuth
       end
 
       def option_parser
-        if not @option_parser then
-          @option_parser = OptionParser.new(nil, 14) do |op|
-            op.banner = "Usage: #{op.program_name} [options] passwordfile realm username"
-            op.on("-c", "--create", "Create a new digest password file; this overwrites an existing file.") do |c|
-              options.file_mode = DigestFile::CREATE
-            end
-
-            op.on("-D", "--delete", "Delete the specified user.") do |d|
-              options.delete_entry = d
-            end
-
-            op.on("-h", "--help", "Display this help.") do |h|
-              options.show_help = h
-            end
-
-            op.on("-v", "--version", "Show version info.") do |v|
-              options.show_version = v
-            end
+        @option_parser ||= OptionParser.new(nil, 14) do |op|
+          op.banner = "Usage: #{op.program_name} [options] passwordfile realm username"
+          op.on("-c", "--create", "Create a new digest password file; this overwrites an existing file.") do |_c|
+            options.file_mode = DigestFile::CREATE
+          end
+
+          op.on("-D", "--delete", "Delete the specified user.") do |d|
+            options.delete_entry = d
+          end
+
+          op.on("-h", "--help", "Display this help.") do |h|
+            options.show_help = h
+          end
+
+          op.on("-v", "--version", "Show version info.") do |v|
+            options.show_version = v
           end
         end
         @option_parser
@@ -70,27 +66,25 @@ module HTAuth
       end
 
       def parse_options(argv)
-        begin
-          option_parser.parse!(argv)
-          show_version if options.show_version
-          show_help if options.show_help or argv.size < 3
-
-          options.passwdfile = argv.shift
-          options.realm      = argv.shift
-          options.username   = argv.shift
-        rescue ::OptionParser::ParseError => pe
-          $stderr.puts "ERROR: #{option_parser.program_name} - #{pe}"
-          $stderr.puts "Try `#{option_parser.program_name} --help` for more information"
-          exit 1
-        end
+        option_parser.parse!(argv)
+        show_version if options.show_version
+        show_help if options.show_help || (argv.size < 3)
+
+        options.passwdfile = argv.shift
+        options.realm      = argv.shift
+        options.username   = argv.shift
+      rescue ::OptionParser::ParseError => e
+        warn "ERROR: #{option_parser.program_name} - #{e}"
+        warn "Try `#{option_parser.program_name} --help` for more information"
+        exit 1
       end
 
-      def run(argv, env = ENV)
+      def run(argv, _env = ENV)
         begin
           parse_options(argv)
           digest_file = DigestFile.new(options.passwdfile, options.file_mode)
 
-          if options.delete_entry then
+          if options.delete_entry
             digest_file.delete(options.username, options.realm)
           else
             console = Console.new
@@ -109,18 +103,17 @@ module HTAuth
           end
 
           digest_file.save!
-
-        rescue HTAuth::FileAccessError => fae
+        rescue HTAuth::FileAccessError => e
           msg = "Could not open password file #{options.passwdfile} "
-          $stderr.puts "#{msg}: #{fae.message}"
-          $stderr.puts fae.backtrace.join("\n")
+          warn "#{msg}: #{e.message}"
+          warn e.backtrace.join("\n")
           exit 1
-        rescue HTAuth::Error => pe
-          $stderr.puts "#{pe.message}"
+        rescue HTAuth::Error => e
+          warn e.message
           exit 1
-        rescue SignalException => se
+        rescue SignalException => e
           $stderr.puts
-          $stderr.puts "Interrupted #{se}"
+          warn "Interrupted #{e}"
           exit 1
         end
         exit 0

data/lib/htauth/cli/passwd.rb

@@ -1,15 +1,14 @@
-require 'htauth/error'
-require 'htauth/passwd_file'
-require 'htauth/console'
+# frozen_string_literal: true
 
-require 'ostruct'
-require 'optparse'
+require "htauth/cli"
+
+require "ostruct"
+require "optparse"
 
 module HTAuth
   module CLI
     # Internal: Implemenation of the commandline htpasswd-ruby
     class Passwd
-
       MAX_PASSWD_LENGTH = 255
 
       attr_accessor :passwd_file
@@ -21,14 +20,14 @@ module HTAuth
       end
 
       def options
-        if @options.nil? then
+        if @options.nil?
           @options                = ::OpenStruct.new
           @options.batch_mode     = false
           @options.file_mode      = File::ALTER
           @options.passwdfile     = nil
           @options.algorithm      = Algorithm::EXISTING
           @options.algorithm_args = {}
-          @options.read_stdin_once= false
+          @options.read_stdin_once = false
           @options.send_to_stdout = false
           @options.show_version   = false
           @options.show_help      = false
@@ -40,92 +39,94 @@ module HTAuth
       end
 
       def option_parser
-        if not @option_parser then
-          @option_parser = OptionParser.new(nil, 16) do |op|
-            op.banner = <<-EOB
-Usage:
-        #{op.program_name} [-cimBdpsD] [-C cost] passwordfile username
-        #{op.program_name} -b[cmBdpsD] [-C cost] passwordfile username password
+        @option_parser ||= OptionParser.new(nil, 16) do |op|
+          op.banner = <<~BANNER
+            Usage:
+                    #{op.program_name} [-acimBdpsD] [--verify] [-C cost] passwordfile username
+                    #{op.program_name} -b[acmBdpsD] [--verify] [-C cost] passwordfile username password
 
-        #{op.program_name} -n[imBdps] [-C cost] username
-        #{op.program_name} -nb[mBdps] [-C cost] username password
-            EOB
+                    #{op.program_name} -n[imBdps] [-C cost] username
+                    #{op.program_name} -nb[mBdps] [-C cost] username password
+          BANNER
 
-            op.separator ""
+          op.separator ""
 
-            op.on("-b", "--batch", "Batch mode, get the password from the command line, rather than prompt") do |b|
-              options.batch_mode = b
-            end
+          op.on("--argon2", "Force argon2 encryption of the password.") do |_a|
+            options.algorithm = Algorithm::ARGON2
+          end
 
-            op.on("-B", "--bcrypt", "Force bcrypt encryption of the password.") do |b|
-              options.algorithm = Algorithm::BCRYPT
-            end
+          op.on("-b", "--batch", "Batch mode, get the password from the command line, rather than prompt.") do |b|
+            options.batch_mode = b
+          end
 
-            op.on("-CCOST", "--cost COST", "Set the computing time used for the bcrypt algorithm",
-                                           "(higher is more secure but slower, default: 5, valid: 4 to 31).") do |c|
-              if c !~ /\A\d+\z/ then
-                  raise ::OptionParser::ParseError, "the bcrypt cost must be an integer from 4 to 31, `#{c}` is invalid"
-              end
-
-              cost = c.to_i
-              if (4..31).include?(cost)
-                options.algorithm_args = { :cost => cost }
-              else
-                raise ::OptionParser::ParseError, "the bcrypt cost must be an integer from 4 to 31, `#{c}` is invalid"
-              end
-            end
+          op.on("-B", "--bcrypt", "Force bcrypt encryption of the password.") do |_b|
+            options.algorithm = Algorithm::BCRYPT
+          end
 
-            op.on("-c", "--create", "Create a new file; this overwrites an existing file.") do |c|
-              options.file_mode = HTAuth::File::CREATE
-              options.operation << :add_or_update
+          op.on("-CCOST", "--cost COST", "Set the computing time used for the bcrypt algorithm",
+                "(higher is more secure but slower, default: 5, valid: 4 to 31).") do |c|
+            unless /\A\d+\z/.match?(c)
+              raise ::OptionParser::ParseError, "the bcrypt cost must be an integer from 4 to 31, `#{c}` is invalid"
             end
 
-            op.on("-d", "--crypt", "Force CRYPT encryption of the password.") do |c|
-              options.algorithm = Algorithm::CRYPT
+            cost = c.to_i
+            unless (4..31).cover?(cost)
+              raise ::OptionParser::ParseError, "the bcrypt cost must be an integer from 4 to 31, `#{c}` is invalid"
             end
 
-            op.on("-D", "--delete", "Delete the specified user.") do |d|
-              options.operation << :delete
-            end
+            options.algorithm_args = { cost: cost }
+          end
 
-            op.on("-h", "--help", "Display this help.") do |h|
-              options.show_help = h
-            end
+          op.on("-c", "--create", "Create a new file; this overwrites an existing file.") do |_c|
+            options.file_mode = HTAuth::File::CREATE
+            options.operation << :add_or_update
+          end
 
-            op.on("-i", "--stdin", "Read the passwod from stdin without verivication (for script usage).") do |i|
-              options.read_stdin_once = true
-            end
+          op.on("-d", "--crypt", "Force CRYPT encryption of the password.") do |_c|
+            options.algorithm = Algorithm::CRYPT
+          end
 
-            op.on("-m", "--md5", "Force MD5 encryption of the password (default).") do |m|
-              options.algorithm = Algorithm::MD5
-            end
+          op.on("-D", "--delete", "Delete the specified user.") do |_d|
+            options.operation << :delete
+          end
 
-            op.on("-n", "--stdout", "Do not update the file; Display the results on stdout instead.") do |n|
-              options.send_to_stdout = true
-              options.passwdfile     = HTAuth::File::STDOUT_FLAG
-              options.operation     << :stdout
-            end
+          op.on("-h", "--help", "Display this help.") do |h|
+            options.show_help = h
+          end
 
-            op.on("-p", "--plaintext", "Do not encrypt the password (plaintext).") do |p|
-              options.algorithm = Algorithm::PLAINTEXT
-            end
+          op.on("-i", "--stdin", "Read the passwod from stdin without verivication (for script usage).") do |_i|
+            options.read_stdin_once = true
+          end
 
-            op.on("-s", "--sha1", "Force SHA encryption of the password.") do |s|
-              options.algorithm = Algorithm::SHA1
-            end
+          op.on("-m", "--md5", "Force MD5 encryption of the password (default).") do |_m|
+            options.algorithm = Algorithm::MD5
+          end
 
-            op.on("-v", "--version", "Show version info.") do |v|
-              options.show_version = v
-            end
+          op.on("-n", "--stdout", "Do not update the file; Display the results on stdout instead.") do |_n|
+            options.send_to_stdout = true
+            options.passwdfile     = HTAuth::File::STDOUT_FLAG
+            options.operation     << :stdout
+          end
 
-            op.on("--verify", "Verify password for the specified user") do |v|
-              options.operation << :verify
-            end
+          op.on("-p", "--plaintext", "Do not encrypt the password (plaintext).") do |_p|
+            options.algorithm = Algorithm::PLAINTEXT
+          end
 
-            op.separator ""
+          op.on("-s", "--sha1", "Force SHA encryption of the password.") do |_s|
+            options.algorithm = Algorithm::SHA1
+          end
 
-            op.separator "The SHA algorihtm does not use a salt and is less secure than the MD5 algorithm."
+          op.on("-v", "--version", "Show version info.") do |v|
+            options.show_version = v
           end
+
+          op.on("--verify", "Verify password for the specified user.") do |_v|
+            options.operation << :verify
+          end
+
+          op.separator ""
+
+          op.separator "The SHA algorihtm does not use a salt and is less secure than the MD5 algorithm."
         end
         @option_parser
       end
@@ -141,35 +142,48 @@ Usage:
       end
 
       def parse_options(argv)
-        begin
-          option_parser.parse!(argv)
-          show_version if options.show_version
-          show_help if options.show_help
-
-          raise ::OptionParser::ParseError, "only one of --create, --stdout, --verify, --delete may be specified" if options.operation.size > 1
-          raise ::OptionParser::ParseError, "Unable to send to stdout AND create a new file" if options.send_to_stdout and (options.file_mode == File::CREATE)
-          raise ::OptionParser::ParseError, "a username is needed" if options.send_to_stdout and argv.size < 1
-          raise ::OptionParser::ParseError, "a username and password are needed" if options.send_to_stdout and options.batch_mode  and ( argv.size < 2 ) 
-          raise ::OptionParser::ParseError, "a passwordfile, username and password are needed " if not options.send_to_stdout and options.batch_mode and ( argv.size < 3 )
-          raise ::OptionParser::ParseError, "a passwordfile and username are needed" if argv.size < 2
-          raise ::OptionParser::ParseError, "options -i and -b are mutually exclusive" if options.batch_mode && options.read_stdin_once
-
-          options.operation  = options.operation.shift || :add_or_update
-          options.passwdfile = argv.shift unless options.send_to_stdout
-          options.username   = argv.shift
-          options.password   = argv.shift if options.batch_mode
-
-        rescue ::OptionParser::ParseError => pe
-          $stderr.puts "ERROR: #{option_parser.program_name} - #{pe}"
-          show_help
-          exit 1
+        option_parser.parse!(argv)
+        show_version if options.show_version
+        show_help if options.show_help
+
+        if options.operation.size > 1
+          raise ::OptionParser::ParseError,
+                "only one of --create, --stdout, --verify, --delete may be specified"
+        end
+        if options.send_to_stdout && (options.file_mode == File::CREATE)
+          raise ::OptionParser::ParseError,
+                "Unable to send to stdout AND create a new file"
+        end
+        raise ::OptionParser::ParseError, "a username is needed" if options.send_to_stdout && argv.empty?
+        if options.send_to_stdout && options.batch_mode && (argv.size < 2)
+          raise ::OptionParser::ParseError,
+                "a username and password are needed"
         end
+        if !options.send_to_stdout && options.batch_mode && (argv.size < 3)
+          raise ::OptionParser::ParseError,
+                "a passwordfile, username and password are needed "
+        end
+        raise ::OptionParser::ParseError, "a passwordfile and username are needed" if argv.size < 2
+        if options.batch_mode && options.read_stdin_once
+          raise ::OptionParser::ParseError,
+                "options -i and -b are mutually exclusive"
+        end
+
+        options.operation  = options.operation.shift || :add_or_update
+        options.passwdfile = argv.shift unless options.send_to_stdout
+        options.username   = argv.shift
+        options.password   = argv.shift if options.batch_mode
+      rescue ::OptionParser::ParseError => e
+        warn "ERROR: #{option_parser.program_name} - #{e}"
+        show_help
+        exit 1
       end
 
-      def fetch_password(width=20)
+      def fetch_password(width = 20)
         return options.password if options.batch_mode
+
         console = Console.new
-        if options.read_stdin_once then
+        if options.read_stdin_once
           pw_in = console.read_answer
           return pw_in
         end
@@ -186,10 +200,10 @@ Usage:
           raise PasswordError, "They don't match, sorry." unless pw_in == pw_validate
         end
 
-        return pw_in
+        pw_in
       end
 
-      def run(argv, env = ENV)
+      def run(argv, _env = ENV)
         begin
           parse_options(argv)
           console = Console.new
@@ -199,16 +213,15 @@ Usage:
             passwd_file.delete(options.username)
             passwd_file.save!
           when :verify
-            if passwd_file.has_entry?(options.username) then
-              pw_in = fetch_password
-              if passwd_file.authenticated?(options.username, pw_in) then
-                $stderr.puts "Password for user #{options.username} correct."
-              else
-                raise HTAuth::Error, "Password verification for user #{options.username} failed."
-              end
-            else
-              raise HTAuth::Error, "User #{options.username} not found"
+            raise HTAuth::Error, "User #{options.username} not found" unless passwd_file.has_entry?(options.username)
+
+            pw_in = fetch_password
+            unless passwd_file.authenticated?(options.username, pw_in)
+              raise HTAuth::Error, "Password verification for user #{options.username} failed."
             end
+
+            warn "Password for user #{options.username} correct."
+
           when :add_or_update
             options.password = fetch_password
             action = passwd_file.has_entry?(options.username) ? "Changing" : "Adding"
@@ -220,16 +233,16 @@ Usage:
             passwd_file.add_or_update(options.username, options.password, options.algorithm, options.algorithm_args)
             passwd_file.save!
           end
-        rescue HTAuth::FileAccessError => fae
+        rescue HTAuth::FileAccessError => e
           msg = "Password file failure (#{options.passwdfile}) "
-          $stderr.puts "#{msg}: #{fae.message}"
+          warn "#{msg}: #{e.message}"
           exit 1
-        rescue HTAuth::Error => pe
-          $stderr.puts "#{pe.message}"
+        rescue HTAuth::Error => e
+          warn e.message
           exit 1
-        rescue SignalException => se
+        rescue SignalException => e
           $stderr.puts
-          $stderr.puts "Interrupted #{se}"
+          warn "Interrupted #{e}"
           exit 1
         end
         exit 0

data/lib/htauth/cli.rb

@@ -1,8 +1,9 @@
-require 'htauth'
+# frozen_string_literal: true
+
+require "htauth"
+require "htauth/console"
 module HTAuth
+  # Internal: Commande Line Module
   module CLI
-
   end
 end
-require 'htauth/cli/digest'
-require 'htauth/cli/passwd'

data/lib/htauth/console.rb

@@ -1,13 +1,14 @@
-require 'io/console'
-require 'htauth/error'
+# frozen_string_literal: true
+
+require "io/console"
+require "htauth/error"
 
 # With many thanks to JEG2 - http://graysoftinc.com/terminal-tricks/random-access-terminal
 #
 module HTAuth
   # Internal: Utility class for managing console input/output
   class Console
-    attr_reader :input
-    attr_reader :output
+    attr_reader :input, :output
 
     def initialize(input = $stdin, output = $stdout)
       @input = input
@@ -23,9 +24,11 @@ module HTAuth
       answer = read_answer
       output.puts
       raise ConsoleError, "No input given" if answer.nil?
+
       answer.strip!
-      raise ConsoleError, "No input given" if answer.length == 0
-      return answer
+      raise ConsoleError, "No input given" if answer.empty?
+
+      answer
     end
 
     def read_answer

data/lib/htauth/crypt.rb

@@ -1,26 +1,28 @@
-require 'htauth/algorithm'
+# frozen_string_literal: true
+
+require "htauth/algorithm"
 
 module HTAuth
   # Internal: The basic crypt algorithm
   class Crypt < Algorithm
-
     ENTRY_LENGTH = 13
-    ENTRY_REGEX = %r{\A[^$:\s]{#{ENTRY_LENGTH}}\z}
+    ENTRY_REGEX = /\A[^$:\s]{#{ENTRY_LENGTH}}\z/
 
     def self.handles?(password_entry)
       ENTRY_REGEX.match?(password_entry)
     end
 
     def self.extract_salt_from_existing_password_field(existing)
-      existing[0,2]
+      existing[0, 2]
     end
 
     def initialize(params = {})
-      if existing = (params['existing'] || params[:existing]) then
-        @salt = self.class.extract_salt_from_existing_password_field(existing)
-      else
-        @salt = params[:salt] || params['salt'] || gen_salt
-      end
+      super()
+      @salt = if (existing = params["existing"] || params[:existing])
+                self.class.extract_salt_from_existing_password_field(existing)
+              else
+                params[:salt] || params["salt"] || gen_salt
+              end
     end
 
     def encode(password)

data/lib/htauth/descendant_tracker.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HTAuth
   #
   # Use by either
@@ -18,28 +20,28 @@ module HTAuth
   # them in a Set that is available via the 'children' method.
   #
   module DescendantTracker
-    def inherited( klass )
-      return unless klass.instance_of?( Class )
-      self.children << klass
+    def inherited(klass)
+      super
+      return unless klass.instance_of?(Class)
+
+      children << klass
     end
 
     #
     # The list of children that are registered
     #
     def children
-      unless defined? @children
-        @children = Array.new
-      end
-      return @children
+      @children = [] unless defined? @children
+      @children
     end
 
     #
     # find the child that returns truthy for then given method and
     # parameters
     #
-    def find_child( method, *args )
+    def find_child(method, *args)
       children.find do |child|
-        child.send( method, *args )
+        child.send(method, *args)
       end
     end
   end