htauth 2.2.0 → 3.0.0

data/lib/htauth/digest_entry.rb

@@ -1,11 +1,13 @@
-require 'htauth/error'
-require 'htauth/entry'
-require 'digest/md5'
+# frozen_string_literal: true
+
+require "htauth/error"
+require "htauth/entry"
+require "htauth/algorithm"
+require "digest/md5"
 
 module HTAuth
   # Internal: Object version of a single record from an htdigest file
   class DigestEntry
-
     # Internal: The user of this entry
     attr_accessor :user
     # Internal: The realm of this entry
@@ -20,10 +22,10 @@ module HTAuth
       #
       # Returns an instance of DigestEntry
       def from_line(line)
-        parts = is_entry!(line)
+        parts = entry!(line)
         d = DigestEntry.new(parts[0], parts[1])
         d.digest = parts[2]
-        return d
+        d
       end
 
       # Internal: test if the given line is valid for this Entry class
@@ -36,30 +38,31 @@ module HTAuth
       #
       # Returns the individual parts of the line
       # Raises InvalidDigestEntry if it is not a a valid entry
-      def is_entry!(line)
-        raise InvalidDigestEntry, "line commented out" if line =~ /\A#/
+      def entry!(line)
+        raise InvalidDigestEntry, "line commented out" if line.start_with?("#")
+
         parts = line.strip.split(":")
         raise InvalidDigestEntry, "line must be of the format username:realm:md5checksum" if parts.size != 3
-        raise InvalidDigestEntry, "md5 checksum is not 32 characters long" if parts.last.size  != 32
-        raise InvalidDigestEntry, "md5 checksum has invalid characters" if parts.last !~ /\A[[:xdigit:]]{32}\Z/
-        return parts
+        raise InvalidDigestEntry, "md5 checksum is not 32 characters long" if parts.last.size != 32
+        raise InvalidDigestEntry, "md5 checksum has invalid characters" unless /\A[[:xdigit:]]{32}\Z/.match?(parts.last)
+
+        parts
       end
 
       # Internal: Returns whether or not the line is a valid entry
       #
       # Returns true or false
-      def is_entry?(line)
-        begin
-          is_entry!(line)
-          return true
-        rescue InvalidDigestEntry
-          return false
-        end
+      def entry?(line)
+        entry!(line)
+        true
+      rescue InvalidDigestEntry
+        false
       end
     end
 
     # Internal: Create a new Entry with the given user, realm and password
     def initialize(user, realm, password = "")
+      super()
       @user     = user
       @realm    = realm
       @digest   = calc_digest(password)
@@ -78,7 +81,7 @@ module HTAuth
     # Public: Check if the given password is the password of this entry.
     def authenticated?(check_password)
       check = calc_digest(check_password)
-      return Algorithm.secure_compare(check, digest)
+      Algorithm.secure_compare(check, digest)
     end
 
     # Internal: Returns the key of this entry

data/lib/htauth/digest_file.rb

@@ -1,7 +1,9 @@
-require 'stringio'
-require 'htauth/error'
-require 'htauth/file'
-require 'htauth/digest_entry'
+# frozen_string_literal: true
+
+require "stringio"
+require "htauth/error"
+require "htauth/file"
+require "htauth/digest_entry"
 
 module HTAuth
   # Public: An API for managing an 'htdigest' file
@@ -15,7 +17,6 @@ module HTAuth
   #   end
   #
   class DigestFile < HTAuth::File
-
     # Private: The class implementing a single entry in the DigestFile
     ENTRY_KLASS = HTAuth::DigestEntry
 
@@ -32,7 +33,7 @@ module HTAuth
     # Returns true or false if the username/realm combination is found.
     def has_entry?(username, realm)
       test_entry = DigestEntry.new(username, realm)
-      @entries.has_key?(test_entry.key)
+      @entries.key?(test_entry.key)
     end
 
     # Public: remove the given username / realm from the file.
@@ -48,10 +49,10 @@ module HTAuth
     #
     # Returns nothing
     def delete(username, realm)
-      if has_entry?(username, realm) then
+      if has_entry?(username, realm)
         ir = internal_record(username, realm)
-        line_index = ir['line_index']
-        @entries.delete(ir['entry'].key)
+        line_index = ir["line_index"]
+        @entries.delete(ir["entry"].key)
         @lines[line_index] = nil
         dirty!
       end
@@ -76,7 +77,7 @@ module HTAuth
     #
     # Returns nothing.
     def add_or_update(username, realm, password)
-      if has_entry?(username, realm) then
+      if has_entry?(username, realm)
         update(username, realm, password)
       else
         add(username, realm, password)
@@ -97,14 +98,16 @@ module HTAuth
     # Returns nothing.
     # Raises DigestFileError if the give username / realm already exists.
     def add(username, realm, password)
-      raise DigestFileError, "Unable to add already existing user #{username} in realm #{realm}" if has_entry?(username, realm)
+      raise DigestFileError, "Unable to add already existing user #{username} in realm #{realm}" if has_entry?(
+        username, realm
+      )
 
       new_entry = DigestEntry.new(username, realm, password)
       new_index = @lines.size
       @lines << new_entry.to_s
-      @entries[new_entry.key] = { 'entry' => new_entry, 'line_index' => new_index }
+      @entries[new_entry.key] = { "entry" => new_entry, "line_index" => new_index }
       dirty!
-      return nil
+      nil
     end
 
     # Public: Updates an existing username / relam entry with a new password
@@ -121,12 +124,15 @@ module HTAuth
     # Returns nothing
     # Raises DigestfileError if the username / realm is not found in the file
     def update(username, realm, password)
-      raise DigestFileError, "Unable to update non-existent user #{username} in realm #{realm}" unless has_entry?(username, realm)
+      raise DigestFileError, "Unable to update non-existent user #{username} in realm #{realm}" unless has_entry?(
+        username, realm
+      )
+
       ir = internal_record(username, realm)
-      ir['entry'].password = password
-      @lines[ir['line_index']] = ir['entry'].to_s
+      ir["entry"].password = password
+      @lines[ir["line_index"]] = ir["entry"].to_s
       dirty!
-      return nil
+      nil
     end
 
     # Public: Returns the given DigestEntry from the file.
@@ -145,8 +151,9 @@ module HTAuth
     # Returns nil if the entry is not found
     def fetch(username, realm)
       return nil unless has_entry?(username, realm)
+
       ir = internal_record(username, realm)
-      return ir['entry'].dup
+      ir["entry"].dup
     end
 
     # Internal: returns the class used for each entry

data/lib/htauth/entry.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 module HTAuth
   # Internal: base class from which all entries are derived
   class Entry
     # Internal: return a new instance of this entry
     def dup
-      self.class.from_line(self.to_s)
+      self.class.from_line(to_s)
     end
   end
 end

data/lib/htauth/error.rb

@@ -1,4 +1,6 @@
-#-- 
+# frozen_string_literal: true
+
+#--
 # Copyrigth (c) 2008 Jeremy Hinegardner
 # All rights reserved.  See LICENSE and/or COPYING for details
 #++
@@ -7,12 +9,11 @@ module HTAuth
   class Error < StandardError; end
 
   class ConsoleError < Error; end
-  class DigestFileError < Error ; end
+  class DigestFileError < Error; end
   class FileAccessError < Error; end
   class InvalidDigestEntry < Error; end
-  class InvalidPasswdEntry < Error ; end
+  class InvalidPasswdEntry < Error; end
   class PasswordError < Error; end
-  class PasswdFileError < Error ; end
+  class PasswdFileError < Error; end
   class TempFileError < Error; end
 end
-

data/lib/htauth/file.rb

@@ -1,5 +1,7 @@
-require 'stringio'
-require 'htauth/error'
+# frozen_string_literal: true
+
+require "stringio"
+require "htauth/error"
 
 module HTAuth
   # Internal: A base class for DigestFile and PasswordFile to inherit from.
@@ -7,22 +9,20 @@ module HTAuth
   # This class should not be instantiated directly. You must use DigestFile or
   # PasswordFile.
   class File
-
     # Public: The mode to pass to #open for updating a file
-    ALTER  = "alter".freeze
+    ALTER  = "alter"
 
     # Public: The mode to pass to #open for creating a new file
-    CREATE = "create".freeze
+    CREATE = "create"
 
     # Public: A special 'filename' that may be passed to #open for 'saving' to $stdout
-    STDOUT_FLAG = "-".freeze
+    STDOUT_FLAG = "-"
 
-    attr_reader :filename
-    attr_reader :file
+    attr_reader :filename, :file
 
     class << self
       # Public: The method to use to open a DigestFile or PasswordFile.
-      # Altering a non-existent file is an error. Creating an existing file 
+      # Altering a non-existent file is an error. Creating an existing file
       # results in a truncation and overwrite of the existing file.
       #
       # filename - The name of the file to open
@@ -50,23 +50,23 @@ module HTAuth
       # Returns the DigestFile or PasswordFile as appropriate.
       # Raises FileAccessError if an invalid mode is used.
       # Raises FileAccessError if ALTERing a non-existent file.
-      def open(filename, mode = ALTER) 
-        f = self.new(filename, mode)
+      def open(filename, mode = ALTER)
+        f = new(filename, mode)
         if block_given?
           begin
             yield f
           ensure
-            f.save! if f and f.dirty?
+            f.save! if f&.dirty?
           end
         end
-        return f
+        f
       end
     end
 
     # Public: Create a new DigestFile or PasswordFile.
     # Generally you do not need to use this method. Use #open instead.
     #
-    # Altering a non-existent file is an error. Creating an existing file 
+    # Altering a non-existent file is an error. Creating an existing file
     # results in a truncation and overwrite of the existing file.
     #
     # filename - The name of the file to open
@@ -87,17 +87,17 @@ module HTAuth
       @mode       = mode
       @dirty      = false
 
-      raise FileAccessError, "Invalid mode #{mode}" unless [ ALTER, CREATE ].include?(mode)
+      raise FileAccessError, "Invalid mode #{mode}" unless [ALTER, CREATE].include?(mode)
 
-      if (filename != STDOUT_FLAG) and (mode == ALTER) and (not ::File.exist?(filename)) then
-        raise FileAccessError, "Could not open passwd file #{filename} for reading." 
+      if (filename != STDOUT_FLAG) && (mode == ALTER) && !::File.exist?(filename)
+        raise FileAccessError, "Could not open passwd file #{filename} for reading."
       end
 
       begin
         @entries  = {}
         @lines    = []
-        load_entries if (@mode == ALTER) and (filename != STDOUT_FLAG)
-      rescue => e
+        load_entries if (@mode == ALTER) && (filename != STDOUT_FLAG)
+      rescue StandardError => e
         raise FileAccessError, e.message
       end
     end
@@ -127,19 +127,15 @@ module HTAuth
     # Returns nothing
     # Raises FileAccessError if there was a problem writing the file
     def save!
-      begin
-        case filename
-        when STDOUT_FLAG
-          $stdout.write(contents)
-        else
-          ::File.open(@filename,"w") do |f|
-            f.write(contents)
-          end
-        end
-        @dirty = false
-      rescue => e
-        raise FileAccessError, "Error saving file #{@filename} : #{e.message}"
+      case filename
+      when STDOUT_FLAG
+        $stdout.write(contents)
+      else
+        ::File.write(@filename, contents)
       end
+      @dirty = false
+    rescue StandardError => e
+      raise FileAccessError, "Error saving file #{@filename} : #{e.message}"
     end
 
     # Internal: Return the String of the entire file contents
@@ -147,7 +143,7 @@ module HTAuth
     # Returns String
     def contents
       c = StringIO.new
-      @lines.each do |l| 
+      @lines.each do |l|
         c.puts l if l
       end
       c.string
@@ -160,13 +156,13 @@ module HTAuth
     # out in the same order it was read with the appropriate entries updated or
     # deleted.
     def load_entries
-      @lines   = IO.readlines(@filename)
-      @lines.each_with_index do |line,idx|
-        if entry_klass.is_entry?(line) then
-          entry = entry_klass.from_line(line)
-          v     = { 'entry' => entry, 'line_index' => idx }
-          @entries[entry.key] = v
-        end
+      @lines = IO.readlines(@filename)
+      @lines.each_with_index do |line, idx|
+        next unless entry_klass.entry?(line)
+
+        entry = entry_klass.from_line(line)
+        v     = { "entry" => entry, "line_index" => idx }
+        @entries[entry.key] = v
       end
       nil
     end

data/lib/htauth/md5.rb

@@ -1,23 +1,24 @@
-require 'htauth/algorithm'
-require 'digest/md5'
+# frozen_string_literal: true
+
+require "htauth/algorithm"
+require "digest/md5"
 
 module HTAuth
   # Internal: an implementation of the MD5 based encoding algorithm
   # as used in the apache htpasswd -m option
   class Md5 < Algorithm
-
     DIGEST_LENGTH  = 16
     PAD_LENGTH     = 6
-    PREFIX         = "$apr1$".freeze
-    SALT_CHARS_STR = SALT_CHARS.join('')
-    ENTRY_REGEX    = %r[
+    PREFIX         = "$apr1$"
+    SALT_CHARS_STR = SALT_CHARS.join
+    ENTRY_REGEX    = /
       \A
       #{Regexp.escape(PREFIX)}
       [#{SALT_CHARS_STR}]{#{SALT_LENGTH}}
-      #{Regexp.escape("$")}
+      #{Regexp.escape('$')}
       [#{SALT_CHARS_STR}]{#{DIGEST_LENGTH + PAD_LENGTH}}
       \z
-      ]x
+      /x
 
     def self.handles?(password_entry)
       ENTRY_REGEX.match?(password_entry)
@@ -25,15 +26,16 @@ module HTAuth
 
     def self.extract_salt_from_existing_password_field(existing)
       p = existing.split("$")
-      return p[2]
+      p[2]
     end
 
     def initialize(params = {})
-      if existing = (params['existing'] || params[:existing]) then
-        @salt = self.class.extract_salt_from_existing_password_field(existing)
-      else
-        @salt = params[:salt] || params['salt'] || gen_salt
-      end
+      super()
+      @salt = if (existing = params["existing"] || params[:existing])
+                self.class.extract_salt_from_existing_password_field(existing)
+              else
+                params[:salt] || params["salt"] || gen_salt
+              end
     end
 
     # this algorigthm pulled straight from apr_md5_encode() and converted to ruby syntax
@@ -46,8 +48,8 @@ module HTAuth
       md5_t = ::Digest::MD5.digest("#{password}#{@salt}#{password}")
 
       l = password.length
-      while l > 0 do
-        slice_size = ( l > DIGEST_LENGTH ) ? DIGEST_LENGTH : l
+      while l.positive?
+        slice_size = [l, DIGEST_LENGTH].min
         primary << md5_t[0, slice_size]
         l -= DIGEST_LENGTH
       end
@@ -59,7 +61,7 @@ module HTAuth
         when 1
           primary << 0.chr
         when 0
-          primary << password[0,1]
+          primary << password[0, 1]
         end
         l >>= 1
       end
@@ -71,33 +73,32 @@ module HTAuth
       # apr_md5_encode has this comment about a 60Mhz Pentium above this loop.
       1000.times do |x|
         ctx = ::Digest::MD5.new
-        ctx << (( ( x & 1 ) == 1 ) ? password : pd[0,DIGEST_LENGTH])
-        (ctx << @salt) unless ( x % 3 ) == 0
-        (ctx << password) unless ( x % 7 ) == 0
-        ctx << (( ( x & 1 ) == 0 ) ? password : pd[0,DIGEST_LENGTH])
+        ctx << (x.allbits?(1) ? password : pd[0, DIGEST_LENGTH])
+        (ctx << @salt) unless (x % 3).zero?
+        (ctx << password) unless (x % 7).zero?
+        ctx << (x.nobits?(1) ? password : pd[0, DIGEST_LENGTH])
         pd = ctx.digest
       end
 
-
       pd = pd.bytes.to_a
 
-      l = (pd[ 0]<<16) | (pd[ 6]<<8) | pd[12]
-      encoded_password << to_64(l, 4)
+      l = (pd[0] << 16) | (pd[6] << 8) | pd[12]
+      encoded_password << to64(l, 4)
 
-      l = (pd[ 1]<<16) | (pd[ 7]<<8) | pd[13]
-      encoded_password << to_64(l, 4)
+      l = (pd[1] << 16) | (pd[7] << 8) | pd[13]
+      encoded_password << to64(l, 4)
 
-      l = (pd[ 2]<<16) | (pd[ 8]<<8) | pd[14]
-      encoded_password << to_64(l, 4)
+      l = (pd[2] << 16) | (pd[8] << 8) | pd[14]
+      encoded_password << to64(l, 4)
 
-      l = (pd[ 3]<<16) | (pd[ 9]<<8) | pd[15]
-      encoded_password << to_64(l, 4)
+      l = (pd[3] << 16) | (pd[9] << 8) | pd[15]
+      encoded_password << to64(l, 4)
 
-      l = (pd[ 4]<<16) | (pd[10]<<8) | pd[ 5]
-      encoded_password << to_64(l, 4)
-      encoded_password << to_64(pd[11],2)
+      l = (pd[4] << 16) | (pd[10] << 8) | pd[5]
+      encoded_password << to64(l, 4)
+      encoded_password << to64(pd[11], 2)
 
-      return encoded_password
+      encoded_password
     end
   end
 end

data/lib/htauth/passwd_entry.rb

@@ -1,11 +1,12 @@
-require 'htauth/error'
-require 'htauth/entry'
-require 'htauth/algorithm'
+# frozen_string_literal: true
+
+require "htauth/error"
+require "htauth/entry"
+require "htauth/algorithm"
 
 module HTAuth
   # Internal: Object version of a single entry from a htpasswd file
   class PasswdEntry < Entry
-
     # Internal: the user of this entry
     attr_accessor :user
     # Internal: the password digest of this entry
@@ -22,11 +23,11 @@ module HTAuth
       #
       # Returns an instance of PasswdEntry
       def from_line(line)
-        parts = is_entry!(line)
+        parts = entry!(line)
         d = PasswdEntry.new(parts[0])
         d.digest = parts[1]
         d.algorithm = Algorithm.algorithm_from_field(parts[1])
-        return d
+        d
       end
 
       # Internal: test if the given line is valid for this Entry class
@@ -39,37 +40,39 @@ module HTAuth
       #
       # Returns the individual parts of the line
       # Raises InvalidPasswdEntry if it is not an valid entry
-      def is_entry!(line)
-        raise InvalidPasswdEntry, "line commented out" if line =~ /\A#/
+      def entry!(line)
+        raise InvalidPasswdEntry, "line commented out" if line.start_with?("#")
+
         parts = line.strip.split(":")
         raise InvalidPasswdEntry, "line must be of the format username:password" if parts.size != 2
-        return parts
+
+        parts
       end
 
       # Internal: Returns whether or not the line is a valid entry
       #
       # Returns true or false
-      def is_entry?(line)
-        begin
-          is_entry!(line)
-          return true
-        rescue InvalidPasswdEntry
-          return false
-        end
+      def entry?(line)
+        entry!(line)
+        true
+      rescue InvalidPasswdEntry
+        false
       end
     end
 
     # Internal: Create a new Entry with the given user, password, and algorithm
-    def initialize(user, password = nil, alg = Algorithm::DEFAULT, alg_params = {} )
-      @user      = user
-      alg = Algorithm::DEFAULT if alg == Algorithm::EXISTING 
+    def initialize(user, password = nil, alg = Algorithm::DEFAULT, alg_params = {})
+      super()
+      @user = user
+      alg = Algorithm::DEFAULT if alg == Algorithm::EXISTING
       @algorithm = Algorithm.algorithm_from_name(alg, alg_params)
       @digest    = calc_digest(password)
     end
 
     # Internal: set the algorithm for the entry
     def algorithm=(alg)
-      return @algorithm if Algorithm::EXISTING == alg
+      return @algorithm if alg == Algorithm::EXISTING
+
       case alg
       when String
         @algorithm = Algorithm.algorithm_from_name(alg)
@@ -78,7 +81,7 @@ module HTAuth
       else
         raise InvalidAlgorithmError, "Unable to assign #{alg} to algorithm"
       end
-      return @algorithm
+      @algorithm
     end
 
     # Internal: set fields on the algorithm
@@ -93,38 +96,26 @@ module HTAuth
     #
     # If we have an array of algorithms, then we set it to CRYPT
     def password=(new_password)
-      if algorithm.kind_of?(HTAuth::Plaintext) then
-        @algorithm = Algorithm.algorithm_from_name(Algorithm::CRYPT)
-      end
+      @algorithm = Algorithm.algorithm_from_name(Algorithm::CRYPT) if algorithm.is_a?(HTAuth::Plaintext)
       @digest = calc_digest(new_password)
     end
 
     # Internal: calculate the new digest of the given password
     def calc_digest(password)
       return nil unless password
+
       algorithm.encode(password)
     end
 
     # Public: Check if the given password is the password of this entry
-    # check the password and make sure it works, in the case that the algorithm is unknown it
-    # tries all of the ones that it thinks it could be, and marks the algorithm if it matches
-    # when looking for a matche, we always compare all of them, no short
-    # circuiting
+    #
     def authenticated?(check_password)
-      authed = false
-      if algorithm.kind_of?(Bcrypt) then
-        bc = ::BCrypt::Password.new(digest)
-        authed = bc.is_password?(check_password)
-      else
-        encoded = algorithm.encode(check_password)
-        authed  = Algorithm.secure_compare(encoded, digest)
-      end
-      return authed
+      algorithm.verify_password?(check_password, @digest)
     end
 
     # Internal: Returns the key of this entry
     def key
-      return "#{user}"
+      user.to_s
     end
 
     # Internal: Returns the file line for this entry