httparty 0.7.2 → 0.7.3

data/History

@@ -1,3 +1,11 @@
+== 0.7.3 2011-01-20
+* bug fixes
+  * Fix digest auth for unspecified quality of protection (bjoernalbers, mtrudel, dwo)
+
+== 0.7.2 2011-01-20
+* bug fixes
+  * Fix gem dependencies
+
 == 0.7.1 2011-01-19
 * bug fixes
   * Fix uninitialized constant HTTParty::Response::Net in 1.9.2 (cap10morgan)

data/httparty.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{httparty}
-  s.version = "0.7.2"
+  s.version = "0.7.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["John Nunemaker", "Sandro Turriate"]
@@ -76,6 +76,7 @@ Gem::Specification.new do |s|
     "spec/fixtures/twitter.xml",
     "spec/fixtures/undefined_method_add_node_for_nil.xml",
     "spec/httparty/cookie_hash_spec.rb",
+    "spec/httparty/net_digest_auth_spec.rb",
     "spec/httparty/parser_spec.rb",
     "spec/httparty/request_spec.rb",
     "spec/httparty/response_spec.rb",
@@ -92,7 +93,7 @@ Gem::Specification.new do |s|
   s.homepage = %q{http://httparty.rubyforge.org}
   s.post_install_message = %q{When you HTTParty, you must party hard!}
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.7}
+  s.rubygems_version = %q{1.4.2}
   s.summary = %q{Makes http fun! Also, makes consuming restful web services dead easy.}
   s.test_files = [
     "examples/aaws.rb",
@@ -105,6 +106,7 @@ Gem::Specification.new do |s|
     "examples/twitter.rb",
     "examples/whoismyrep.rb",
     "spec/httparty/cookie_hash_spec.rb",
+    "spec/httparty/net_digest_auth_spec.rb",
     "spec/httparty/parser_spec.rb",
     "spec/httparty/request_spec.rb",
     "spec/httparty/response_spec.rb",
@@ -117,7 +119,6 @@ Gem::Specification.new do |s|
   ]
 
   if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then

data/lib/httparty.rb

@@ -13,7 +13,7 @@ require dir + 'httparty/net_digest_auth'
 
 # @see HTTParty::ClassMethods
 module HTTParty
-  VERSION          = "0.7.2".freeze
+  VERSION          = "0.7.3".freeze
   CRACK_DEPENDENCY = "0.1.8".freeze
 
   module AllowedFormatsDeprecation

data/lib/httparty/net_digest_auth.rb

@@ -3,33 +3,69 @@ require 'net/http'
 
 module Net
   module HTTPHeader
-    def digest_auth(user, password, response)
-      response['www-authenticate'] =~ /^(\w+) (.*)/
-
-      params = {}
-      $2.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
-      params.merge!("cnonce" => Digest::MD5.hexdigest("%x" % (Time.now.to_i + rand(65535))))
-
-      a_1 = Digest::MD5.hexdigest("#{user}:#{params['realm']}:#{password}")
-      a_2 = Digest::MD5.hexdigest("#{@method}:#{@path}")
-
-      request_digest = Digest::MD5.hexdigest(
-        [a_1, params['nonce'], "0", params['cnonce'], params['qop'], a_2].join(":")
-      )
-
-      header = [
-        %Q(Digest username="#{user}"),
-        %Q(realm="#{params['realm']}"),
-        %Q(qop="#{params['qop']}"),
-        %Q(uri="#{@path}"),
-        %Q(nonce="#{params['nonce']}"),
-        %Q(nc="0"),
-        %Q(cnonce="#{params['cnonce']}"),
-        %Q(opaque="#{params['opaque']}"),
-        %Q(response="#{request_digest}")
-      ]
-
-      @header['Authorization'] = header
+    def digest_auth(username, password, response)
+      @header['Authorization'] = DigestAuthenticator.new(username, password,
+          @method, @path, response).authorization_header
+    end
+
+
+    class DigestAuthenticator
+      def initialize(username, password, method, path, response_header)
+        @username = username
+        @password = password
+        @method   = method
+        @path     = path
+        @response = parse(response_header)
+      end
+
+      def authorization_header
+        @cnonce = md5(random)
+        header = [%Q(Digest username="#{@username}"),
+          %Q(realm="#{@response['realm']}"),
+          %Q(nonce="#{@response['nonce']}"),
+          %Q(uri="#{@path}"),
+          %Q(response="#{request_digest}")]
+        [%Q(cnonce="#{@cnonce}"),
+          %Q(opaque="#{@response['opaque']}"),
+          %Q(qop="#{@response['qop']}"),
+          %Q(nc="0")].each { |field| header << field } if qop_present?
+        header
+      end
+
+    private
+
+      def parse(response_header)
+        response_header['www-authenticate'] =~ /^(\w+) (.*)/
+        params = {}
+        $2.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
+        params
+      end
+
+      def qop_present?
+        @response.has_key?('qop') and not @response['qop'].empty?
+      end
+
+      def random
+        "%x" % (Time.now.to_i + rand(65535))
+      end
+
+      def request_digest
+        a = [md5(a1), @response['nonce'], md5(a2)]
+        a.insert(2, "0", @cnonce, @response['qop']) if qop_present?
+        md5(a.join(":"))
+      end
+
+      def md5(str)
+        Digest::MD5.hexdigest(str)
+      end
+
+      def a1
+        [@username, @response['realm'], @password].join(":")
+      end
+
+      def a2
+        [@method, @path].join(":")
+      end
     end
   end
 end

data/spec/httparty/net_digest_auth_spec.rb

@@ -0,0 +1,93 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'spec_helper'))
+
+describe Net::HTTPHeader::DigestAuthenticator do
+  def setup_digest(response)
+    digest = Net::HTTPHeader::DigestAuthenticator.new("Mufasa",
+      "Circle Of Life", "GET", "/dir/index.html", response)
+    digest.stub(:random).and_return("deadbeef")
+    Digest::MD5.stub(:hexdigest) { |str| "md5(#{str})" }
+    digest
+  end
+
+  def authorization_header
+    @digest.authorization_header.join(", ")
+  end
+
+
+  context "with specified quality of protection (qop)" do
+    before do
+      @digest = setup_digest({'www-authenticate' =>
+        'Digest realm="myhost@testrealm.com", nonce="NONCE", qop="auth"'})
+    end
+
+    it "should set prefix" do
+      authorization_header.should =~ /^Digest /
+    end
+
+    it "should set username" do
+      authorization_header.should include(%Q(username="Mufasa"))
+    end
+
+    it "should set digest-uri" do
+      authorization_header.should include(%Q(uri="/dir/index.html"))
+    end
+
+    it "should set qop" do
+      authorization_header.should include(%Q(qop="auth"))
+    end
+
+    it "should set cnonce" do
+      authorization_header.should include(%Q(cnonce="md5(deadbeef)"))
+    end
+
+    it "should set nonce-count" do
+      authorization_header.should include(%Q(nc="0"))
+    end
+
+    it "should set response" do
+      request_digest =
+        "md5(md5(Mufasa:myhost@testrealm.com:Circle Of Life)" +
+        ":NONCE:0:md5(deadbeef):auth:md5(GET:/dir/index.html))"
+      authorization_header.should include(%Q(response="#{request_digest}"))
+    end
+  end
+
+
+  context "with unspecified quality of protection (qop)" do
+    before do
+      @digest = setup_digest({'www-authenticate' =>
+        'Digest realm="myhost@testrealm.com", nonce="NONCE"'})
+    end
+
+    it "should set prefix" do
+      authorization_header.should =~ /^Digest /
+    end
+
+    it "should set username" do
+      authorization_header.should include(%Q(username="Mufasa"))
+    end
+
+    it "should set digest-uri" do
+      authorization_header.should include(%Q(uri="/dir/index.html"))
+    end
+
+    it "should not set qop" do
+      authorization_header.should_not include(%Q(qop=))
+    end
+
+    it "should not set cnonce" do
+      authorization_header.should_not include(%Q(cnonce=))
+    end
+
+    it "should not set nonce-count" do
+      authorization_header.should_not include(%Q(nc=))
+    end
+
+    it "should set response" do
+      request_digest =
+        "md5(md5(Mufasa:myhost@testrealm.com:Circle Of Life)" +
+        ":NONCE:md5(GET:/dir/index.html))"
+      authorization_header.should include(%Q(response="#{request_digest}"))
+    end
+  end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: httparty
 version: !ruby/object:Gem::Version 
-  hash: 7
-  prerelease: false
+  hash: 5
+  prerelease: 
   segments: 
   - 0
   - 7
-  - 2
-  version: 0.7.2
+  - 3
+  version: 0.7.3
 platform: ruby
 authors: 
 - John Nunemaker
@@ -118,12 +118,13 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: -1876988191
+        hash: 1923831981
         segments: 
         - 1
         - 2
         - 0
-        - pre2
+        - pre
+        - 2
         version: 1.2.0.pre2
   type: :development
   version_requirements: *id007
@@ -194,6 +195,7 @@ files:
 - spec/fixtures/twitter.xml
 - spec/fixtures/undefined_method_add_node_for_nil.xml
 - spec/httparty/cookie_hash_spec.rb
+- spec/httparty/net_digest_auth_spec.rb
 - spec/httparty/parser_spec.rb
 - spec/httparty/request_spec.rb
 - spec/httparty/response_spec.rb
@@ -236,7 +238,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.4.2
 signing_key: 
 specification_version: 3
 summary: Makes http fun! Also, makes consuming restful web services dead easy.
@@ -251,6 +253,7 @@ test_files:
 - examples/twitter.rb
 - examples/whoismyrep.rb
 - spec/httparty/cookie_hash_spec.rb
+- spec/httparty/net_digest_auth_spec.rb
 - spec/httparty/parser_spec.rb
 - spec/httparty/request_spec.rb
 - spec/httparty/response_spec.rb