htauth 2.3.0 → 3.0.0

data/lib/htauth/cli/passwd.rb

@@ -1,13 +1,14 @@
-require 'htauth/cli'
+# frozen_string_literal: true
 
-require 'ostruct'
-require 'optparse'
+require "htauth/cli"
+
+require "ostruct"
+require "optparse"
 
 module HTAuth
   module CLI
     # Internal: Implemenation of the commandline htpasswd-ruby
     class Passwd
-
       MAX_PASSWD_LENGTH = 255
 
       attr_accessor :passwd_file
@@ -19,14 +20,14 @@ module HTAuth
       end
 
       def options
-        if @options.nil? then
+        if @options.nil?
           @options                = ::OpenStruct.new
           @options.batch_mode     = false
           @options.file_mode      = File::ALTER
           @options.passwdfile     = nil
           @options.algorithm      = Algorithm::EXISTING
           @options.algorithm_args = {}
-          @options.read_stdin_once= false
+          @options.read_stdin_once = false
           @options.send_to_stdout = false
           @options.show_version   = false
           @options.show_help      = false
@@ -38,96 +39,94 @@ module HTAuth
       end
 
       def option_parser
-        if not @option_parser then
-          @option_parser = OptionParser.new(nil, 16) do |op|
-            op.banner = <<-EOB
-Usage:
-        #{op.program_name} [-acimBdpsD] [--verify] [-C cost] passwordfile username
-        #{op.program_name} -b[acmBdpsD] [--verify] [-C cost] passwordfile username password
+        @option_parser ||= OptionParser.new(nil, 16) do |op|
+          op.banner = <<~BANNER
+            Usage:
+                    #{op.program_name} [-acimBdpsD] [--verify] [-C cost] passwordfile username
+                    #{op.program_name} -b[acmBdpsD] [--verify] [-C cost] passwordfile username password
 
-        #{op.program_name} -n[imBdps] [-C cost] username
-        #{op.program_name} -nb[mBdps] [-C cost] username password
-            EOB
+                    #{op.program_name} -n[imBdps] [-C cost] username
+                    #{op.program_name} -nb[mBdps] [-C cost] username password
+          BANNER
 
-            op.separator ""
+          op.separator ""
 
-            op.on("--argon2", "Force argon2 encryption of the password.") do |a|
-              options.algorithm = Algorithm::ARGON2
-            end
+          op.on("--argon2", "Force argon2 encryption of the password.") do |_a|
+            options.algorithm = Algorithm::ARGON2
+          end
 
-            op.on("-b", "--batch", "Batch mode, get the password from the command line, rather than prompt.") do |b|
-              options.batch_mode = b
-            end
+          op.on("-b", "--batch", "Batch mode, get the password from the command line, rather than prompt.") do |b|
+            options.batch_mode = b
+          end
 
-            op.on("-B", "--bcrypt", "Force bcrypt encryption of the password.") do |b|
-              options.algorithm = Algorithm::BCRYPT
-            end
+          op.on("-B", "--bcrypt", "Force bcrypt encryption of the password.") do |_b|
+            options.algorithm = Algorithm::BCRYPT
+          end
 
-            op.on("-CCOST", "--cost COST", "Set the computing time used for the bcrypt algorithm",
-                                           "(higher is more secure but slower, default: 5, valid: 4 to 31).") do |c|
-              if c !~ /\A\d+\z/ then
-                  raise ::OptionParser::ParseError, "the bcrypt cost must be an integer from 4 to 31, `#{c}` is invalid"
-              end
-
-              cost = c.to_i
-              if (4..31).include?(cost)
-                options.algorithm_args = { :cost => cost }
-              else
-                raise ::OptionParser::ParseError, "the bcrypt cost must be an integer from 4 to 31, `#{c}` is invalid"
-              end
+          op.on("-CCOST", "--cost COST", "Set the computing time used for the bcrypt algorithm",
+                "(higher is more secure but slower, default: 5, valid: 4 to 31).") do |c|
+            unless /\A\d+\z/.match?(c)
+              raise ::OptionParser::ParseError, "the bcrypt cost must be an integer from 4 to 31, `#{c}` is invalid"
             end
 
-            op.on("-c", "--create", "Create a new file; this overwrites an existing file.") do |c|
-              options.file_mode = HTAuth::File::CREATE
-              options.operation << :add_or_update
+            cost = c.to_i
+            unless (4..31).cover?(cost)
+              raise ::OptionParser::ParseError, "the bcrypt cost must be an integer from 4 to 31, `#{c}` is invalid"
             end
 
-            op.on("-d", "--crypt", "Force CRYPT encryption of the password.") do |c|
-              options.algorithm = Algorithm::CRYPT
-            end
+            options.algorithm_args = { cost: cost }
+          end
 
-            op.on("-D", "--delete", "Delete the specified user.") do |d|
-              options.operation << :delete
-            end
+          op.on("-c", "--create", "Create a new file; this overwrites an existing file.") do |_c|
+            options.file_mode = HTAuth::File::CREATE
+            options.operation << :add_or_update
+          end
 
-            op.on("-h", "--help", "Display this help.") do |h|
-              options.show_help = h
-            end
+          op.on("-d", "--crypt", "Force CRYPT encryption of the password.") do |_c|
+            options.algorithm = Algorithm::CRYPT
+          end
 
-            op.on("-i", "--stdin", "Read the passwod from stdin without verivication (for script usage).") do |i|
-              options.read_stdin_once = true
-            end
+          op.on("-D", "--delete", "Delete the specified user.") do |_d|
+            options.operation << :delete
+          end
 
-            op.on("-m", "--md5", "Force MD5 encryption of the password (default).") do |m|
-              options.algorithm = Algorithm::MD5
-            end
+          op.on("-h", "--help", "Display this help.") do |h|
+            options.show_help = h
+          end
 
-            op.on("-n", "--stdout", "Do not update the file; Display the results on stdout instead.") do |n|
-              options.send_to_stdout = true
-              options.passwdfile     = HTAuth::File::STDOUT_FLAG
-              options.operation     << :stdout
-            end
+          op.on("-i", "--stdin", "Read the passwod from stdin without verivication (for script usage).") do |_i|
+            options.read_stdin_once = true
+          end
 
-            op.on("-p", "--plaintext", "Do not encrypt the password (plaintext).") do |p|
-              options.algorithm = Algorithm::PLAINTEXT
-            end
+          op.on("-m", "--md5", "Force MD5 encryption of the password (default).") do |_m|
+            options.algorithm = Algorithm::MD5
+          end
 
-            op.on("-s", "--sha1", "Force SHA encryption of the password.") do |s|
-              options.algorithm = Algorithm::SHA1
-            end
+          op.on("-n", "--stdout", "Do not update the file; Display the results on stdout instead.") do |_n|
+            options.send_to_stdout = true
+            options.passwdfile     = HTAuth::File::STDOUT_FLAG
+            options.operation     << :stdout
+          end
 
-            op.on("-v", "--version", "Show version info.") do |v|
-              options.show_version = v
-            end
+          op.on("-p", "--plaintext", "Do not encrypt the password (plaintext).") do |_p|
+            options.algorithm = Algorithm::PLAINTEXT
+          end
 
-            op.on("--verify", "Verify password for the specified user.") do |v|
-              options.operation << :verify
-            end
+          op.on("-s", "--sha1", "Force SHA encryption of the password.") do |_s|
+            options.algorithm = Algorithm::SHA1
+          end
 
-            op.separator ""
+          op.on("-v", "--version", "Show version info.") do |v|
+            options.show_version = v
+          end
 
-            op.separator "The SHA algorihtm does not use a salt and is less secure than the MD5 algorithm."
+          op.on("--verify", "Verify password for the specified user.") do |_v|
+            options.operation << :verify
           end
+
+          op.separator ""
+
+          op.separator "The SHA algorihtm does not use a salt and is less secure than the MD5 algorithm."
         end
         @option_parser
       end
@@ -143,35 +142,48 @@ Usage:
       end
 
       def parse_options(argv)
-        begin
-          option_parser.parse!(argv)
-          show_version if options.show_version
-          show_help if options.show_help
-
-          raise ::OptionParser::ParseError, "only one of --create, --stdout, --verify, --delete may be specified" if options.operation.size > 1
-          raise ::OptionParser::ParseError, "Unable to send to stdout AND create a new file" if options.send_to_stdout and (options.file_mode == File::CREATE)
-          raise ::OptionParser::ParseError, "a username is needed" if options.send_to_stdout and argv.size < 1
-          raise ::OptionParser::ParseError, "a username and password are needed" if options.send_to_stdout and options.batch_mode  and ( argv.size < 2 ) 
-          raise ::OptionParser::ParseError, "a passwordfile, username and password are needed " if not options.send_to_stdout and options.batch_mode and ( argv.size < 3 )
-          raise ::OptionParser::ParseError, "a passwordfile and username are needed" if argv.size < 2
-          raise ::OptionParser::ParseError, "options -i and -b are mutually exclusive" if options.batch_mode && options.read_stdin_once
-
-          options.operation  = options.operation.shift || :add_or_update
-          options.passwdfile = argv.shift unless options.send_to_stdout
-          options.username   = argv.shift
-          options.password   = argv.shift if options.batch_mode
-
-        rescue ::OptionParser::ParseError => pe
-          $stderr.puts "ERROR: #{option_parser.program_name} - #{pe}"
-          show_help
-          exit 1
+        option_parser.parse!(argv)
+        show_version if options.show_version
+        show_help if options.show_help
+
+        if options.operation.size > 1
+          raise ::OptionParser::ParseError,
+                "only one of --create, --stdout, --verify, --delete may be specified"
+        end
+        if options.send_to_stdout && (options.file_mode == File::CREATE)
+          raise ::OptionParser::ParseError,
+                "Unable to send to stdout AND create a new file"
+        end
+        raise ::OptionParser::ParseError, "a username is needed" if options.send_to_stdout && argv.empty?
+        if options.send_to_stdout && options.batch_mode && (argv.size < 2)
+          raise ::OptionParser::ParseError,
+                "a username and password are needed"
         end
+        if !options.send_to_stdout && options.batch_mode && (argv.size < 3)
+          raise ::OptionParser::ParseError,
+                "a passwordfile, username and password are needed "
+        end
+        raise ::OptionParser::ParseError, "a passwordfile and username are needed" if argv.size < 2
+        if options.batch_mode && options.read_stdin_once
+          raise ::OptionParser::ParseError,
+                "options -i and -b are mutually exclusive"
+        end
+
+        options.operation  = options.operation.shift || :add_or_update
+        options.passwdfile = argv.shift unless options.send_to_stdout
+        options.username   = argv.shift
+        options.password   = argv.shift if options.batch_mode
+      rescue ::OptionParser::ParseError => e
+        warn "ERROR: #{option_parser.program_name} - #{e}"
+        show_help
+        exit 1
       end
 
-      def fetch_password(width=20)
+      def fetch_password(width = 20)
         return options.password if options.batch_mode
+
         console = Console.new
-        if options.read_stdin_once then
+        if options.read_stdin_once
           pw_in = console.read_answer
           return pw_in
         end
@@ -188,10 +200,10 @@ Usage:
           raise PasswordError, "They don't match, sorry." unless pw_in == pw_validate
         end
 
-        return pw_in
+        pw_in
       end
 
-      def run(argv, env = ENV)
+      def run(argv, _env = ENV)
         begin
           parse_options(argv)
           console = Console.new
@@ -201,16 +213,15 @@ Usage:
             passwd_file.delete(options.username)
             passwd_file.save!
           when :verify
-            if passwd_file.has_entry?(options.username) then
-              pw_in = fetch_password
-              if passwd_file.authenticated?(options.username, pw_in) then
-                $stderr.puts "Password for user #{options.username} correct."
-              else
-                raise HTAuth::Error, "Password verification for user #{options.username} failed."
-              end
-            else
-              raise HTAuth::Error, "User #{options.username} not found"
+            raise HTAuth::Error, "User #{options.username} not found" unless passwd_file.has_entry?(options.username)
+
+            pw_in = fetch_password
+            unless passwd_file.authenticated?(options.username, pw_in)
+              raise HTAuth::Error, "Password verification for user #{options.username} failed."
             end
+
+            warn "Password for user #{options.username} correct."
+
           when :add_or_update
             options.password = fetch_password
             action = passwd_file.has_entry?(options.username) ? "Changing" : "Adding"
@@ -222,16 +233,16 @@ Usage:
             passwd_file.add_or_update(options.username, options.password, options.algorithm, options.algorithm_args)
             passwd_file.save!
           end
-        rescue HTAuth::FileAccessError => fae
+        rescue HTAuth::FileAccessError => e
           msg = "Password file failure (#{options.passwdfile}) "
-          $stderr.puts "#{msg}: #{fae.message}"
+          warn "#{msg}: #{e.message}"
           exit 1
-        rescue HTAuth::Error => pe
-          $stderr.puts "#{pe.message}"
+        rescue HTAuth::Error => e
+          warn e.message
           exit 1
-        rescue SignalException => se
+        rescue SignalException => e
           $stderr.puts
-          $stderr.puts "Interrupted #{se}"
+          warn "Interrupted #{e}"
           exit 1
         end
         exit 0

data/lib/htauth/cli.rb

@@ -1,7 +1,9 @@
-require 'htauth'
-require 'htauth/console'
+# frozen_string_literal: true
+
+require "htauth"
+require "htauth/console"
 module HTAuth
+  # Internal: Commande Line Module
   module CLI
-
   end
 end

data/lib/htauth/console.rb

@@ -1,13 +1,14 @@
-require 'io/console'
-require 'htauth/error'
+# frozen_string_literal: true
+
+require "io/console"
+require "htauth/error"
 
 # With many thanks to JEG2 - http://graysoftinc.com/terminal-tricks/random-access-terminal
 #
 module HTAuth
   # Internal: Utility class for managing console input/output
   class Console
-    attr_reader :input
-    attr_reader :output
+    attr_reader :input, :output
 
     def initialize(input = $stdin, output = $stdout)
       @input = input
@@ -23,9 +24,11 @@ module HTAuth
       answer = read_answer
       output.puts
       raise ConsoleError, "No input given" if answer.nil?
+
       answer.strip!
-      raise ConsoleError, "No input given" if answer.length == 0
-      return answer
+      raise ConsoleError, "No input given" if answer.empty?
+
+      answer
     end
 
     def read_answer

data/lib/htauth/crypt.rb

@@ -1,26 +1,28 @@
-require 'htauth/algorithm'
+# frozen_string_literal: true
+
+require "htauth/algorithm"
 
 module HTAuth
   # Internal: The basic crypt algorithm
   class Crypt < Algorithm
-
     ENTRY_LENGTH = 13
-    ENTRY_REGEX = %r{\A[^$:\s]{#{ENTRY_LENGTH}}\z}
+    ENTRY_REGEX = /\A[^$:\s]{#{ENTRY_LENGTH}}\z/
 
     def self.handles?(password_entry)
       ENTRY_REGEX.match?(password_entry)
     end
 
     def self.extract_salt_from_existing_password_field(existing)
-      existing[0,2]
+      existing[0, 2]
     end
 
     def initialize(params = {})
-      if existing = (params['existing'] || params[:existing]) then
-        @salt = self.class.extract_salt_from_existing_password_field(existing)
-      else
-        @salt = params[:salt] || params['salt'] || gen_salt
-      end
+      super()
+      @salt = if (existing = params["existing"] || params[:existing])
+                self.class.extract_salt_from_existing_password_field(existing)
+              else
+                params[:salt] || params["salt"] || gen_salt
+              end
     end
 
     def encode(password)

data/lib/htauth/descendant_tracker.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module HTAuth
   #
   # Use by either
@@ -18,28 +20,28 @@ module HTAuth
   # them in a Set that is available via the 'children' method.
   #
   module DescendantTracker
-    def inherited( klass )
-      return unless klass.instance_of?( Class )
-      self.children << klass
+    def inherited(klass)
+      super
+      return unless klass.instance_of?(Class)
+
+      children << klass
     end
 
     #
     # The list of children that are registered
     #
     def children
-      unless defined? @children
-        @children = Array.new
-      end
-      return @children
+      @children = [] unless defined? @children
+      @children
     end
 
     #
     # find the child that returns truthy for then given method and
     # parameters
     #
-    def find_child( method, *args )
+    def find_child(method, *args)
       children.find do |child|
-        child.send( method, *args )
+        child.send(method, *args)
       end
     end
   end

data/lib/htauth/digest_entry.rb

@@ -1,12 +1,13 @@
-require 'htauth/error'
-require 'htauth/entry'
-require 'htauth/algorithm'
-require 'digest/md5'
+# frozen_string_literal: true
+
+require "htauth/error"
+require "htauth/entry"
+require "htauth/algorithm"
+require "digest/md5"
 
 module HTAuth
   # Internal: Object version of a single record from an htdigest file
   class DigestEntry
-
     # Internal: The user of this entry
     attr_accessor :user
     # Internal: The realm of this entry
@@ -21,10 +22,10 @@ module HTAuth
       #
       # Returns an instance of DigestEntry
       def from_line(line)
-        parts = is_entry!(line)
+        parts = entry!(line)
         d = DigestEntry.new(parts[0], parts[1])
         d.digest = parts[2]
-        return d
+        d
       end
 
       # Internal: test if the given line is valid for this Entry class
@@ -37,30 +38,31 @@ module HTAuth
       #
       # Returns the individual parts of the line
       # Raises InvalidDigestEntry if it is not a a valid entry
-      def is_entry!(line)
-        raise InvalidDigestEntry, "line commented out" if line =~ /\A#/
+      def entry!(line)
+        raise InvalidDigestEntry, "line commented out" if line.start_with?("#")
+
         parts = line.strip.split(":")
         raise InvalidDigestEntry, "line must be of the format username:realm:md5checksum" if parts.size != 3
-        raise InvalidDigestEntry, "md5 checksum is not 32 characters long" if parts.last.size  != 32
-        raise InvalidDigestEntry, "md5 checksum has invalid characters" if parts.last !~ /\A[[:xdigit:]]{32}\Z/
-        return parts
+        raise InvalidDigestEntry, "md5 checksum is not 32 characters long" if parts.last.size != 32
+        raise InvalidDigestEntry, "md5 checksum has invalid characters" unless /\A[[:xdigit:]]{32}\Z/.match?(parts.last)
+
+        parts
       end
 
       # Internal: Returns whether or not the line is a valid entry
       #
       # Returns true or false
-      def is_entry?(line)
-        begin
-          is_entry!(line)
-          return true
-        rescue InvalidDigestEntry
-          return false
-        end
+      def entry?(line)
+        entry!(line)
+        true
+      rescue InvalidDigestEntry
+        false
       end
     end
 
     # Internal: Create a new Entry with the given user, realm and password
     def initialize(user, realm, password = "")
+      super()
       @user     = user
       @realm    = realm
       @digest   = calc_digest(password)
@@ -79,7 +81,7 @@ module HTAuth
     # Public: Check if the given password is the password of this entry.
     def authenticated?(check_password)
       check = calc_digest(check_password)
-      return Algorithm.secure_compare(check, digest)
+      Algorithm.secure_compare(check, digest)
     end
 
     # Internal: Returns the key of this entry

data/lib/htauth/digest_file.rb

@@ -1,7 +1,9 @@
-require 'stringio'
-require 'htauth/error'
-require 'htauth/file'
-require 'htauth/digest_entry'
+# frozen_string_literal: true
+
+require "stringio"
+require "htauth/error"
+require "htauth/file"
+require "htauth/digest_entry"
 
 module HTAuth
   # Public: An API for managing an 'htdigest' file
@@ -15,7 +17,6 @@ module HTAuth
   #   end
   #
   class DigestFile < HTAuth::File
-
     # Private: The class implementing a single entry in the DigestFile
     ENTRY_KLASS = HTAuth::DigestEntry
 
@@ -32,7 +33,7 @@ module HTAuth
     # Returns true or false if the username/realm combination is found.
     def has_entry?(username, realm)
       test_entry = DigestEntry.new(username, realm)
-      @entries.has_key?(test_entry.key)
+      @entries.key?(test_entry.key)
     end
 
     # Public: remove the given username / realm from the file.
@@ -48,10 +49,10 @@ module HTAuth
     #
     # Returns nothing
     def delete(username, realm)
-      if has_entry?(username, realm) then
+      if has_entry?(username, realm)
         ir = internal_record(username, realm)
-        line_index = ir['line_index']
-        @entries.delete(ir['entry'].key)
+        line_index = ir["line_index"]
+        @entries.delete(ir["entry"].key)
         @lines[line_index] = nil
         dirty!
       end
@@ -76,7 +77,7 @@ module HTAuth
     #
     # Returns nothing.
     def add_or_update(username, realm, password)
-      if has_entry?(username, realm) then
+      if has_entry?(username, realm)
         update(username, realm, password)
       else
         add(username, realm, password)
@@ -97,14 +98,16 @@ module HTAuth
     # Returns nothing.
     # Raises DigestFileError if the give username / realm already exists.
     def add(username, realm, password)
-      raise DigestFileError, "Unable to add already existing user #{username} in realm #{realm}" if has_entry?(username, realm)
+      raise DigestFileError, "Unable to add already existing user #{username} in realm #{realm}" if has_entry?(
+        username, realm
+      )
 
       new_entry = DigestEntry.new(username, realm, password)
       new_index = @lines.size
       @lines << new_entry.to_s
-      @entries[new_entry.key] = { 'entry' => new_entry, 'line_index' => new_index }
+      @entries[new_entry.key] = { "entry" => new_entry, "line_index" => new_index }
       dirty!
-      return nil
+      nil
     end
 
     # Public: Updates an existing username / relam entry with a new password
@@ -121,12 +124,15 @@ module HTAuth
     # Returns nothing
     # Raises DigestfileError if the username / realm is not found in the file
     def update(username, realm, password)
-      raise DigestFileError, "Unable to update non-existent user #{username} in realm #{realm}" unless has_entry?(username, realm)
+      raise DigestFileError, "Unable to update non-existent user #{username} in realm #{realm}" unless has_entry?(
+        username, realm
+      )
+
       ir = internal_record(username, realm)
-      ir['entry'].password = password
-      @lines[ir['line_index']] = ir['entry'].to_s
+      ir["entry"].password = password
+      @lines[ir["line_index"]] = ir["entry"].to_s
       dirty!
-      return nil
+      nil
     end
 
     # Public: Returns the given DigestEntry from the file.
@@ -145,8 +151,9 @@ module HTAuth
     # Returns nil if the entry is not found
     def fetch(username, realm)
       return nil unless has_entry?(username, realm)
+
       ir = internal_record(username, realm)
-      return ir['entry'].dup
+      ir["entry"].dup
     end
 
     # Internal: returns the class used for each entry

data/lib/htauth/entry.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 module HTAuth
   # Internal: base class from which all entries are derived
   class Entry
     # Internal: return a new instance of this entry
     def dup
-      self.class.from_line(self.to_s)
+      self.class.from_line(to_s)
     end
   end
 end