RubyGems - httpauth - Versions diffs - 0.2.0 → 0.2.1 - Mend

httpauth 0.2.0 → 0.2.1

Files changed (8) hide show

checksums.yaml ADDED

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2404f2197812b252663439a4537d6a068d4e09c4
+  data.tar.gz: 71ece448d2d0370456216b90059d181f246c2131
+SHA512:
+  metadata.gz: a2e2f64693bd6e3c0ad4fa32dcd2bd01483cc8626dade2d3dde72a6de047fa29b9b9b8e05481fef81a212d317017e9990b4b4d0714f39f16134bfeef3976f8e2
+  data.tar.gz: 1d8d22a05e34731303255144c97bb29e6e7243bec8f36bec7ca6a2a651eec36b57815a413753f70f8c278469c199b468b85d6ad09dc7a09ddb051f84fe02cf28

data/README.md CHANGED

@@ -37,4 +37,4 @@ IE doesn't use the full URI for digest calculation, it chops off the query param
 ## Known server implementation issues
-Apache 2.0 sends Authorization-Info headers without a nextnonce directive.
+Apache 2.0 sends Authorization-Info headers without a nextnonce directive.

data/lib/httpauth.rb CHANGED

@@ -1,4 +1,4 @@
 require 'httpauth/constants'
 require 'httpauth/exceptions'
 require 'httpauth/basic'
-require 'httpauth/digest'
+require 'httpauth/digest'

data/lib/httpauth/basic.rb CHANGED

@@ -7,7 +7,7 @@ module HTTPAuth
   # the server sends a challenge and the client has to respond to that with the correct credentials. These
   # credentials will have to be sent with every request from that point on.
   #
-  # == On the server
+  # == On the server
   #
   # On the server you will have to check the headers for the 'Authorization' header. When you find one unpack
   # it and check it against your database of credentials. If the credentials are wrong you have to return a
@@ -53,47 +53,46 @@ module HTTPAuth
   #   end
   class Basic
     class << self
       # Unpacks the HTTP Basic 'Authorization' credential header
       #
       # * <tt>authorization</tt>: The contents of the Authorization header
       # * Returns a list with two items: the username and password
-      def unpack_authorization(authorization)
+      def unpack_authorization(authorization)
         d = authorization.split ' '
-        raise ArgumentError.new("HTTPAuth::Basic can only unpack Basic Authentication headers") unless d[0] == 'Basic'
+        fail(ArgumentError, 'HTTPAuth::Basic can only unpack Basic Authentication headers') unless d[0] == 'Basic'
         Base64.decode64(d[1]).split(':')[0..1]
       end
       # Packs HTTP Basic credentials to an 'Authorization' header
       #
       # * <tt>username</tt>: A string with the username
       # * <tt>password</tt>: A string with the password
       def pack_authorization(username, password)
-        "Basic %s" % Base64.encode64("#{username}:#{password}").gsub("\n", '')
+        format('Basic %s', Base64.encode64("#{username}:#{password}").gsub("\n", ''))
       end
       # Returns contents for the WWW-authenticate header
       #
       # * <tt>realm</tt>: A string with a recognizable title for the restricted resource
       def pack_challenge(realm)
-        "Basic realm=\"%s\"" % realm.gsub('"', '')
+        format("Basic realm=\"%s\"", realm.gsub('"', ''))
       end
       # Returns the name of the realm in a WWW-Authenticate header
       #
       # * <tt>authenticate</tt>: The contents of the WWW-Authenticate header
       def unpack_challenge(authenticate)
         if authenticate =~ /Basic\srealm=\"([^\"]*)\"/
-          return $1
+          return Regexp.last_match[1]
         else
           if authenticate =~ /^Basic/
-            raise UnwellformedHeader.new("Can't parse the WWW-Authenticate header, it's probably not well formed")
+            fail(UnwellformedHeader, "Can't parse the WWW-Authenticate header, it's probably not well formed")
           else
-            raise ArgumentError.new("HTTPAuth::Basic can only unpack Basic Authentication headers")
+            fail(ArgumentError, 'HTTPAuth::Basic can only unpack Basic Authentication headers')
           end
         end
       end
       # Finds and unpacks the authorization credentials in a hash with the CGI enviroment. Returns [nil,nil] if no
       # credentials were found. See HTTPAuth::CREDENTIAL_HEADERS for supported variable names.
       #
@@ -105,10 +104,10 @@ module HTTPAuth
       #   RewriteEngine on
       #   RewriteRule ^admin/ - [E=X-HTTP-AUTHORIZATION:%{HTTP:Authorization}]
       def get_credentials(env)
-        d = HTTPAuth::CREDENTIAL_HEADERS.inject(false) { |d,h| env[h] || d }
-        return unpack_authorization(d) unless !d or d.nil? or d.empty?
+        d = HTTPAuth::CREDENTIAL_HEADERS.inject(false) { |a, e| env[e] || a }
+        return unpack_authorization(d) unless !d || d.nil? || d.empty?
         [nil, nil]
       end
     end
   end
-end
+end

data/lib/httpauth/constants.rb CHANGED

@@ -4,11 +4,11 @@
 # For more information see RFC 2617 (http://www.ietf.org/rfc/rfc2617.txt)
 module HTTPAuth
   VERSION = '0.2'
   CREDENTIAL_HEADERS = %w{REDIRECT_X_HTTP_AUTHORIZATION X-HTTP-AUTHORIZATION X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION}
-  SUPPORTED_SCHEMES = { :basic => 'Basic', :digest => 'Digest' }
-  SUPPORTED_QOPS = ['auth', 'auth-int']
-  SUPPORTED_ALGORITHMS = ['MD5', 'MD5-sess']
+  SUPPORTED_SCHEMES = {:basic => 'Basic', :digest => 'Digest'}
+  SUPPORTED_QOPS = %w[auth auth-int]
+  SUPPORTED_ALGORITHMS = %w[MD5 MD5-sess]
   PREFERRED_QOP = 'auth'
   PREFERRED_ALGORITHM = 'MD5'
-end
+end

data/lib/httpauth/digest.rb CHANGED

@@ -60,66 +60,66 @@ module HTTPAuth
           elsif variant == :challenge
             encode.merge! :qop => :list_to_comma_quoted_string
           else
-            raise ArgumentError.new("#{variant} is not a valid value for `variant' use :auth, :credentials or :challenge")
+            fail(ArgumentError, "#{variant} is not a valid value for `variant' use :auth, :credentials or :challenge")
           end
           (variant == :auth ? '' : 'Digest ') + h.collect do |directive, value|
             '' << directive.to_s << '=' << if encode[directive]
-                begin
-                  Conversions.send encode[directive], value
-                rescue NoMethodError, ArgumentError
-                  raise ArgumentError.new("Can't encode #{directive}(#{value.inspect}) with #{encode[directive]}")
-                end
-              elsif encode[directive].nil?
-                begin
-                  Conversions.quote_string value
-                rescue NoMethodError, ArgumentError
-                  raise ArgumentError.new("Can't encode #{directive}(#{value.inspect}) with quote_string")
-                end
-              else
-                value
+              begin
+                Conversions.send encode[directive], value
+              rescue NoMethodError, ArgumentError
+                raise(ArgumentError, "Can't encode #{directive}(#{value.inspect}) with #{encode[directive]}")
               end
-          end.join(", ")
+            elsif encode[directive].nil?
+              begin
+                Conversions.quote_string value
+              rescue NoMethodError, ArgumentError
+                raise(ArgumentError, "Can't encode #{directive}(#{value.inspect}) with quote_string")
+              end
+            else
+              value
+            end
+          end.join(', ')
         end
         # Decodes digest directives from a header. Returns a hash with directives.
         #
         # * <tt>directives</tt>: The directives
         # * <tt>variant</tt>: Specifies whether the directives are for an Authorize header (:credentials),
-        #   for a WWW-Authenticate header (:challenge) or for a Authentication-Info header (:auth_info).
+        #   for a WWW-Authenticate header (:challenge) or for a Authentication-Info header (:auth_info).
         def decode_directives(directives, variant)
-          raise HTTPAuth::UnwellformedHeader.new("Can't decode directives which are nil") if directives.nil?
+          fail(HTTPAuth::UnwellformedHeader, "Can't decode directives which are nil") if directives.nil?
           decode = {:domain => :space_quoted_string_to_list, :algorithm => false, :stale => :str_to_bool, :nc => :hex_to_int}
           if [:credentials, :auth].include? variant
             decode.merge! :qop => false
           elsif variant == :challenge
             decode.merge! :qop => :comma_quoted_string_to_list
           else
-            raise ArgumentError.new("#{variant} is not a valid value for `variant' use :auth, :credentials or :challenge")
+            fail(ArgumentError, "#{variant} is not a valid value for `variant' use :auth, :credentials or :challenge")
           end
-          start = 0
-          unless variant == :auth
+          start = 0
+          unless variant == :auth
             # The first six characters are 'Digest '
             start = 6
             scheme = directives[0..6].strip
-            raise HTTPAuth::UnwellformedHeader.new("Scheme should be Digest, server responded with `#{directives}'") unless scheme == 'Digest'
+            fail(HTTPAuth::UnwellformedHeader, "Scheme should be Digest, server responded with `#{directives}'") unless scheme == 'Digest'
           end
           # The rest are the directives
           # TODO: split is ugly, I want a real parser (:
-          directives[start..-1].split(',').inject({}) do |h,part|
+          directives[start..-1].split(',').inject({}) do |h, part|
             parts = part.split('=')
             name = parts[0].strip.intern
             value = parts[1..-1].join('=').strip
             # --- HACK
             # IE and Safari qoute qop values
             # IE also quotes algorithm values
-            if variant != :challenge and [:qop, :algorithm].include?(name) and value =~ /^\"[^\"]+\"$/
+            if variant != :challenge && [:qop, :algorithm].include?(name) && value =~ /^\"[^\"]+\"$/
               value = Conversions.unquote_string(value)
             end
             # --- END HACK
             if decode[name]
               h[name] = Conversions.send decode[name], value
             elsif decode[name].nil?
@@ -130,19 +130,25 @@ module HTTPAuth
             h
           end
         end
         # Concat arguments the way it's done frequently in the Digest spec.
         #
         #   digest_concat('a', 'b') #=> "a:b"
         #   digest_concat('a', 'b', c') #=> "a:b:c"
-        def digest_concat(*args); args.join ':'; end
+        def digest_concat(*args)
+          args.join ':'
+        end
         # Calculate the MD5 hexdigest for the string data
-        def digest_h(data); ::Digest::MD5.hexdigest data; end
+        def digest_h(data)
+          ::Digest::MD5.hexdigest data
+        end
         # Calculate the KD value of a secret and data as explained in the RFC.
-        def digest_kd(secret, data); digest_h digest_concat(secret, data); end
+        def digest_kd(secret, data)
+          digest_h digest_concat(secret, data)
+        end
         # Calculate the Digest for the credentials
         def htdigest(username, realm, password)
           digest_h digest_concat(username, realm, password)
@@ -162,7 +168,7 @@ module HTTPAuth
             h[:digest] || htdigest(h[:username], h[:realm], h[:password])
           end
         end
         # Calculate the H(A2) for the Authorize header as explained in the RFC.
         def request_digest_a2(h)
           # TODO: check for known qop values (look out for the safari qop quote bug)
@@ -186,7 +192,7 @@ module HTTPAuth
         #
         # * <tt>variant</tt>: Either <tt>:request</tt> or <tt>:response</tt>, as seen from the server.
         def calculate_digest(h, s, variant)
-          raise ArgumentError.new("Variant should be either :request or :response, not #{variant}") unless [:request, :response].include?(variant)
+          fail(ArgumentError, "Variant should be either :request or :response, not #{variant}") unless [:request, :response].include?(variant)
           # Compatability with RFC 2069
           if h[:qop].nil?
             digest_kd digest_a1(h, s), digest_concat(
@@ -203,7 +209,7 @@ module HTTPAuth
             )
           end
         end
         # Return a hash with the keys in <tt>keys</tt> found in <tt>h</tt>.
         #
         # Example
@@ -211,16 +217,16 @@ module HTTPAuth
         #   filter_h_on({1=>1,2=>2}, [1]) #=> {1=>1}
         #   filter_h_on({1=>1,2=>2}, [1, 2]) #=> {1=>1,2=>2}
         def filter_h_on(h, keys)
-          h.inject({}) { |r,l| keys.include?(l[0]) ? r.merge({l[0]=>l[1]}) : r }
+          h.inject({}) { |a, e| keys.include?(e[0]) ? a.merge(e[0] => e[1]) : a }
         end
         # Create a nonce value of the time and a salt. The nonce is created in such a
         # way that the issuer can check the age of the nonce.
         #
         # * <tt>salt</tt>: A reasonably long passphrase known only to the issuer.
         def create_nonce(salt)
           now = Time.now
-          time = now.strftime("%Y-%m-%d %H:%M:%S").to_s + ':' + now.usec.to_s
+          time = now.strftime('%Y-%m-%d %H:%M:%S').to_s + ':' + now.usec.to_s
           Base64.encode64(
           digest_concat(
               time,
@@ -228,20 +234,21 @@ module HTTPAuth
             )
           ).gsub("\n", '')[0..-3]
         end
         # Create a 32 character long opaque string with a 'random' value
         def create_opaque
-          s = []; 16.times { s << rand(127).chr }
+          s = []
+          16.times { s << rand(127).chr }
           digest_h s.join
         end
       end
     end
     # Superclass for all the header container classes
     class AbstractHeader
       # holds directives and values for digest calculation
       attr_reader :h
       # Redirects attribute messages to the internal directives
       #
       # Example:
@@ -257,17 +264,16 @@ module HTTPAuth
       #   c.username = 'Mary'
       #   c.username #=> 'Mary'
       def method_missing(m, *a)
-        if ((m.to_s =~ /^(.*)=$/) == 0) and @h.keys.include?($1.intern)
-          @h[$1.intern] = a[0]
+        if ((m.to_s =~ /^(.*)=$/) == 0) && @h.keys.include?(Regexp.last_match[1].intern)
+          @h[Regexp.last_match[1].intern] = a[0]
         elsif @h.keys.include? m
           @h[m]
         else
-          raise NameError.new("undefined method `#{m}' for #{self}")
+          fail(NameError, "undefined method `#{m}' for #{self}")
         end
       end
     end
     # The Credentials class handlers the Authorize header. The Authorize header is sent by a client who wants to
     # let the server know he has the credentials needed to access a resource.
     #
@@ -275,34 +281,34 @@ module HTTPAuth
     class Credentials < AbstractHeader
       # Holds an explanation why <tt>validate</tt> returned false.
       attr_reader :reason
       # Parses the information from an Authorize header and creates a new Credentials instance with the information.
       # The options hash allows you to specify additional information.
       #
       # * <tt>authorization</tt>: The contents of the Authorize header
       # See <tt>initialize</tt> for valid options.
-      def self.from_header(authorization, options={})
+      def self.from_header(authorization, options = {})
         new Utils.decode_directives(authorization, :credentials), options
       end
       # Creates a new Credential instance based on a Challenge instance.
       #
       # * <tt>challenge</tt>: A Challenge instance
       # See <tt>initialize</tt> for valid options.
-      def self.from_challenge(challenge, options={})
+      def self.from_challenge(challenge, options = {})
         credentials = new challenge.h
         credentials.update_from_challenge! options
         credentials
       end
-      def self.load(filename, options={})
+      def self.load(filename, options = {})
         h = nil
         File.open(filename, 'r') do |f|
           h = Marshal.load f
         end
         new h, options
       end
       # Create a new instance.
       #
       # * <tt>h</tt>:  A Hash with directives, normally this is filled with the directives coming from a Challenge instance.
@@ -314,26 +320,26 @@ module HTTPAuth
       #   * <tt>:uri</tt>: Mostly set by the client to send the uri
       #   * <tt>:method</tt>: The HTTP Method used by the client to send the request, this should be an uppercase string
       #     with the name of the verb.
-      def initialize(h, options={})
+      def initialize(h, options = {})
         @h = h
         @h.merge! options
         session = Session.new h[:opaque], :tmpdir => options[:tmpdir]
         @s = session.load
         @reason = 'There has been no validation yet'
       end
       # Convenience method, basically an alias for <code>validate(options.merge(:password => password))</code>
-      def validate_password(password, options={})
+      def validate_password(password, options = {})
         options[:password] = password
         validate(options)
       end
       # Convenience method, basically an alias for <code>validate(options.merge(:digest => digest))</code>
-      def validate_digest(digest, options={})
+      def validate_digest(digest, options = {})
         options[:digest] = digest
         validate(options)
       end
       # Validates the credential information stored in the Credentials instance. Returns <tt>true</tt> or
       # <tt>false</tt>. You can read the ue
       #
@@ -346,9 +352,9 @@ module HTTPAuth
       #     provided.
       def validate(options)
         ho = @h.merge(options)
-        raise ArgumentError.new("You have to set the :request_body value if you want to use :qop => 'auth-int'") if @h[:qop] == 'auth-int' and ho[:request_body].nil?
-        raise ArgumentError.new("Please specify the request method :method (ie. GET)") if ho[:method].nil?
+        fail(ArgumentError, "You have to set the :request_body value if you want to use :qop => 'auth-int'") if @h[:qop] == 'auth-int' && ho[:request_body].nil?
+        fail(ArgumentError, 'Please specify the request method :method (ie. GET)') if ho[:method].nil?
         calculated_response = Utils.calculate_digest(ho, @s, :request)
         if ho[:response] == calculated_response
           @reason = ''
@@ -358,13 +364,13 @@ module HTTPAuth
         end
         false
       end
       # Encodeds directives and returns a string that can be used in the Authorize header
       def to_header
         Utils.encode_directives Utils.filter_h_on(@h,
-          [:username, :realm, :nonce, :uri, :response, :algorithm, :cnonce, :opaque, :qop, :nc]), :credentials
+                                                  [:username, :realm, :nonce, :uri, :response, :algorithm, :cnonce, :opaque, :qop, :nc]), :credentials
       end
       # Updates @h from options, generally called after an instance was created with <tt>from_challenge</tt>.
       def update_from_challenge!(options)
         # TODO: integrity checks
@@ -375,17 +381,17 @@ module HTTPAuth
         @h[:method] = options[:method]
         @h[:request_body] = options[:request_body]
         unless @h[:qop].nil?
-          # Determine the QOP
-          if !options[:qop].nil? and @h[:qop].include?(options[:qop])
+          # Determine the QOP
+          if !options[:qop].nil? && @h[:qop].include?(options[:qop])
             @h[:qop] = options[:qop]
           elsif @h[:qop].include?(HTTPAuth::PREFERRED_QOP)
             @h[:qop] = HTTPAuth::PREFERRED_QOP
           else
-            qop = @h[:qop].detect { |qop| HTTPAuth::SUPPORTED_QOPS.include? qop }
-            unless qop.nil?
-              @h[:qop] = qop
+            qop = @h[:qop].detect { |qop_field| HTTPAuth::SUPPORTED_QOPS.include? qop_field }
+            if qop.nil?
+              fail(UnsupportedError, "HTTPAuth doesn't support any of the proposed qop values: #{@h[:qop].inspect}")
             else
-              raise UnsupportedError.new("HTTPAuth doesn't support any of the proposed qop values: #{@h[:qop].inspect}")
+              @h[:qop] = qop
             end
           end
           @h[:cnonce] ||= Utils.create_nonce options[:salt]
@@ -399,25 +405,23 @@ module HTTPAuth
           Marshal.dump(Utils.filter_h_on(@h, [:username, :realm, :nonce, :algorithm, :cnonce, :opaque, :qop, :nc]), f)
         end
       end
     end
     # The Challenge class handlers the WWW-Authenticate header. The WWW-Authenticate header is sent by a server when
     # accessing a resource without credentials is prohibided. The header should always be sent together with a 401
     # status.
     #
     # See the Digest module for examples
     class Challenge < AbstractHeader
       # Parses the information from a WWW-Authenticate header and creates a new WWW-Authenticate instance with this
       # data.
       #
       # * <tt>challenge</tt>: The contents of a WWW-Authenticate header
       # See <tt>initialize</tt> for valid options.
-      def self.from_header(challenge, options={})
+      def self.from_header(challenge, options = {})
         new Utils.decode_directives(challenge, :challenge), options
       end
       # Create a new instance.
       #
       # * <tt>h</tt>: A Hash with directives, normally this is filled with directives coming from a Challenge instance.
@@ -425,18 +429,18 @@ module HTTPAuth
       #   * <tt>:realm</tt>: The name of the realm the client should authenticate for. The RFC suggests to use a string
       #     like 'admin@yourhost.domain.com'. Be sure to use a reasonably long string to avoid brute force attacks.
       #   * <tt>:qop</tt>: A list with supported qop values. For example: <code>['auth-int']</code>. This will default
-      #     to <code>['auth']</code>. Although this implementation supports both auth and auth-int, most
+      #     to <code>['auth']</code>. Although this implementation supports both auth and auth-int, most
       #     implementations don't. Some implementations get confused when they receive anything but 'auth'. For
       #     maximum compatibility you should leave this setting alone.
       #   * <tt>:algorithm</tt>: The preferred algorithm for calculating the digest. For
       #     example: <code>'MD5-sess'</code>. This will default to <code>'MD5'</code>. For
       #     maximum compatibility you should leave this setting alone.
       #
-      def initialize(h, options={})
+      def initialize(h, options = {})
         @h = h
         @h.merge! options
       end
       # Encodes directives and returns a string that can be used as the WWW-Authenticate header
       def to_header
         @h[:nonce] ||= Utils.create_nonce @h[:salt]
@@ -444,36 +448,35 @@ module HTTPAuth
         @h[:algorithm] ||= HTTPAuth::PREFERRED_ALGORITHM
         @h[:qop] ||= [HTTPAuth::PREFERRED_QOP]
         Utils.encode_directives Utils.filter_h_on(@h,
-          [:realm, :domain, :nonce, :opaque, :stale, :algorithm, :qop]), :challenge
+                                                  [:realm, :domain, :nonce, :opaque, :stale, :algorithm, :qop]), :challenge
       end
     end
     # The AuthenticationInfo class handles the Authentication-Info header. Sending Authentication-Info headers will
-    # allow the client to check the integrity of the response, but it isn't compulsory and will get in the way of
+    # allow the client to check the integrity of the response, but it isn't compulsory and will get in the way of
     # pipelined retrieval of resources.
     #
     # See the Digest module for examples
     class AuthenticationInfo < AbstractHeader
       # Parses the information from a Authentication-Info header and creates a new AuthenticationInfo instance with
       # this data.
       #
       # * <tt>auth_info</tt>: The contents of the Authentication-Info header
       # See <tt>initialize</tt> for valid options.
-      def self.from_header(auth_info, options={})
+      def self.from_header(auth_info, options = {})
         new Utils.decode_directives(auth_info, :auth), options
       end
       # Creates a new AuthenticationInfo instance based on the information from Credentials instance.
       #
       # * <tt>credentials</tt>: A Credentials instance
       # See <tt>initialize</tt> for valid options.
-      def self.from_credentials(credentials, options={})
+      def self.from_credentials(credentials, options = {})
         auth_info = new credentials.h
         auth_info.update_from_credentials! options
         auth_info
       end
       # Create a new instance.
       #
       # * <tt>h</tt>: A Hash with directives, normally this is filled with the directives coming from a
@@ -482,17 +485,17 @@ module HTTPAuth
       #   * <tt>:digest</tt>: The digest for the specified username and realm.
       #   * <tt>:response_body</tt> The body of the response that's going to be sent to the client. This is a
       #     compulsory option if the qop directive is 'auth-int'.
-      def initialize(h, options={})
+      def initialize(h, options = {})
         @h = h
         @h.merge! options
       end
       # Encodes directives and returns a string that can be used as the AuthorizationInfo header
       def to_header
         Utils.encode_directives Utils.filter_h_on(@h,
-          [:nextnonce, :qop, :rspauth, :cnonce, :nc]), :auth
+                                                  [:nextnonce, :qop, :rspauth, :cnonce, :nc]), :auth
       end
       # Updates @h from options, generally called after an instance was created with <tt>from_credentials</tt>.
       def update_from_credentials!(options)
         # TODO: update @h after nonce invalidation
@@ -512,16 +515,14 @@ module HTTPAuth
       #   * <tt>:nonce</tt>:nonce
       def validate(options)
         ho = @h.merge(options)
-        return @h[:rspauth] == Utils.calculate_digest(ho, @s, :response)
+        @h[:rspauth] == Utils.calculate_digest(ho, @s, :response)
       end
     end
     # Conversion for a number of internal data structures to and from directives in the headers. Implementations
     # shouldn't have to call any methods on Conversions.
     class Conversions
       class << self
         # Adds quotes around the string
         def quote_string(str)
           "\"#{str.gsub(/\"/, '')}\""
@@ -529,7 +530,7 @@ module HTTPAuth
         # Removes quotes from around a string
         def unquote_string(str)
-          str =~ /^\"([^\"]*)\"$/ ? $1 : str
+          str =~ /^\"([^\"]*)\"$/ ? Regexp.last_match[1] : str
         end
         # Creates an int value from hex values
@@ -546,7 +547,7 @@ module HTTPAuth
         def str_to_bool(str)
           str == 'true'
         end
         # Creates a string value from a boolean => 'true' or 'false'
         def bool_to_str(bool)
           bool ? 'true' : 'false'
@@ -578,41 +579,39 @@ module HTTPAuth
     class Session
       attr_accessor :opaque
       attr_accessor :options
       # Initializes the new Session object.
       #
       # * <tt>opaque</tt> - A string to identify the session. This would normally be the <tt>opaque</tt> sent by the
       #   client, but it could also be an identifier sent through a different mechanism.
       # * <tt>options</tt> - Additional options
       #   * <tt>:tmpdir</tt> A tempory directory for storing the session data. Dir::tmpdir is the default.
-      def initialize(opaque, options={})
+      def initialize(opaque, options = {})
         self.opaque = opaque
         self.options = options
       end
       # Associates the new data to the session and removes the old
       def save(data)
         File.open(filename, 'w') do |f|
           f.write Marshal.dump(data)
         end
       end
       # Returns the data from this session
       def load
-        begin
-          File.open(filename, 'r') do |f|
-            Marshal.load f.read
-          end
-        rescue Errno::ENOENT
-          {}
+        File.open(filename, 'r') do |f|
+          Marshal.load f.read
         end
+      rescue Errno::ENOENT
+        {}
       end
-      protected
+    protected
       # The filename from which the session will be saved and read from
       def filename
-        "#{options[:tmpdir] || Dir::tmpdir}/ruby_digest_cache.#{self.opaque}"
+        "#{options[:tmpdir] || Dir.tmpdir}/ruby_digest_cache.#{opaque}"
       end
     end
   end

data/lib/httpauth/exceptions.rb CHANGED

@@ -5,4 +5,4 @@ module HTTPAuth
   class UnsupportedError < ArgumentError; end
   # Raise when validation on the request failed, most of the times this means that someone is trying to do replay attacks.
   class ValidationError < ArgumentError; end
-end
+end

metadata CHANGED

@@ -1,72 +1,68 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: httpauth
-version: !ruby/object:Gem::Version
-  hash: 23
-  prerelease:
-  segments:
-  - 0
-  - 2
-  - 0
-  version: 0.2.0
+version: !ruby/object:Gem::Version
+  version: 0.2.1
 platform: ruby
-authors:
+authors:
 - Manfred Stienstra
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-09-25 00:00:00 Z
-dependencies: []
+date: 2014-01-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: Library for the HTTP Authentication protocol (RFC 2617)
 email: manfred@fngtpspec.com
 executables: []
 extensions: []
-extra_rdoc_files:
+extra_rdoc_files:
 - README.md
 - LICENSE
-files:
-- README.md
+files:
 - LICENSE
+- README.md
+- lib/httpauth.rb
 - lib/httpauth/basic.rb
 - lib/httpauth/constants.rb
 - lib/httpauth/digest.rb
 - lib/httpauth/exceptions.rb
-- lib/httpauth.rb
 homepage: https://github.com/Manfred/HTTPauth
-licenses: []
+licenses:
+- MIT
+metadata: {}
 post_install_message:
-rdoc_options:
-- --charset=utf-8
-require_paths:
+rdoc_options:
+- "--charset=utf-8"
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
-  requirements:
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version
-      hash: 3
-      segments:
-      - 0
-      version: "0"
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.18
+rubygems_version: 2.2.0
 signing_key:
-specification_version: 3
-summary: HTTPauth is a library supporting the full HTTP Authentication protocol as specified in RFC 2617; both Digest Authentication and Basic Authentication.
+specification_version: 4
+summary: HTTPauth is a library supporting the full HTTP Authentication protocol as
+  specified in RFC 2617; both Digest Authentication and Basic Authentication.
 test_files: []