httpclient 2.4.0 → 2.5.0

data/lib/httpclient.rb

@@ -870,8 +870,11 @@ private
 
   class KeepAliveDisconnected < StandardError # :nodoc:
     attr_reader :sess
-    def initialize(sess = nil)
+    attr_reader :cause
+    def initialize(sess = nil, cause = nil)
+      super("#{self.class.name}: #{cause ? cause.message : nil}")
       @sess = sess
+      @cause = cause
     end
   end
 

data/lib/httpclient/auth.rb

@@ -13,27 +13,9 @@ require 'mutex_m'
 
 class HTTPClient
 
-  begin
-    require 'net/ntlm'
-    NTLMEnabled = true
-  rescue LoadError
-    NTLMEnabled = false
-  end
-
-  begin
-    require 'win32/sspi'
-    SSPIEnabled = true
-  rescue LoadError
-    SSPIEnabled = false
-  end
-
-  begin
-    require 'gssapi'
-    GSSAPIEnabled = true
-  rescue LoadError
-    GSSAPIEnabled = false
-  end
-
+  NTLMEnabled = false
+  SSPIEnabled = false
+  GSSAPIEnabled = false
 
   # Common abstract class for authentication filter.
   #
@@ -239,7 +221,6 @@ class HTTPClient
     def initialize
       super
       @cred = nil
-      @set = false
       @auth = {}
       @challenge = {}
       @scheme = "Basic"
@@ -263,15 +244,12 @@ class HTTPClient
           uri = Util.uri_dirname(uri)
           @auth[uri] = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
         end
-        @set = true
       end
     end
 
     # have we marked this as set - ie that it's valid to use in this context?
     def set?
-      synchronize {
-        @set == true
-      }
+      @cred || @auth.any?
     end
 
     # Response handler: returns credential.
@@ -305,12 +283,10 @@ class HTTPClient
     def set(uri, user, passwd)
       synchronize do
         @cred = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
-        @set = true
       end
     end
 
     def get(req)
-      target_uri = req.header.request_uri
       synchronize {
         return nil unless @challenge['challenged']
         @cred
@@ -339,7 +315,6 @@ class HTTPClient
       super
       @auth = {}
       @challenge = {}
-      @set = false
       @nonce_count = 0
       @scheme = "Digest"
     end
@@ -360,15 +335,12 @@ class HTTPClient
           uri = Util.uri_dirname(uri)
           @auth[uri] = [user, passwd]
         end
-        @set = true
       end
     end
 
     # have we marked this as set - ie that it's valid to use in this context?
     def set?
-      synchronize {
-        @set == true
-      }
+      @auth.any?
     end
 
     # Response handler: returns credential.
@@ -478,7 +450,6 @@ class HTTPClient
     # overrides DigestAuth#set. sets default user name and password. uri is not used.
     def set(uri, user, passwd)
       synchronize do
-        @set = true
         @auth = [user, passwd]
       end
     end
@@ -487,7 +458,6 @@ class HTTPClient
     # regardless of target uri if the proxy has required authentication
     # before
     def get(req)
-      target_uri = req.header.request_uri
       synchronize {
         param = @challenge
         return nil unless param
@@ -531,7 +501,6 @@ class HTTPClient
       @auth_default = nil
       @challenge = {}
       @scheme = scheme
-      @set = false
       @ntlm_opt = {
         :ntlmv2 => true
       }
@@ -555,21 +524,17 @@ class HTTPClient
         else
           @auth_default = [user, passwd]
         end
-        @set = true
       end
     end
 
     # have we marked this as set - ie that it's valid to use in this context?
     def set?
-      synchronize {
-        @set == true
-      }
+      @auth_default || @auth.any?
     end
 
     # Response handler: returns credential.
     # See ruby/ntlm for negotiation state transition.
     def get(req)
-      return nil unless NTLMEnabled
       target_uri = req.header.request_uri
       synchronize {
         domain_uri, param = @challenge.find { |uri, v|
@@ -583,6 +548,7 @@ class HTTPClient
           user, passwd = @auth_default
         end
         return nil unless user
+        Util.try_require('net/ntlm') || return
         domain = nil
         domain, user = user.split("\\") if user.index("\\")
         state = param[:state]
@@ -606,7 +572,6 @@ class HTTPClient
 
     # Challenge handler: remember URL and challenge token for response.
     def challenge(uri, param_str)
-      return false unless NTLMEnabled
       synchronize {
         if param_str.nil? or @challenge[uri].nil?
           c = @challenge[uri] = {}
@@ -655,27 +620,27 @@ class HTTPClient
       # not supported
     end
 
-    # have we marked this as set - ie that it's valid to use in this context?
+    # Check always (not effective but it works)
     def set?
-      SSPIEnabled || GSSAPIEnabled
+      !@challenge.empty?
     end
 
     # Response handler: returns credential.
     # See win32/sspi for negotiation state transition.
     def get(req)
-      return nil unless SSPIEnabled || GSSAPIEnabled
       target_uri = req.header.request_uri
       synchronize {
         domain_uri, param = @challenge.find { |uri, v|
           Util.uri_part_of(target_uri, uri)
         }
         return nil unless param
+        Util.try_require('win32/sspi') || Util.try_require('gssapi') || return
         state = param[:state]
         authenticator = param[:authenticator]
         authphrase = param[:authphrase]
         case state
         when :init
-          if SSPIEnabled
+          if defined?(Win32::SSPI)
             authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new
             return authenticator.get_initial_token(@scheme)
           else # use GSSAPI
@@ -685,7 +650,7 @@ class HTTPClient
           end
         when :response
           @challenge.delete(domain_uri)
-          if SSPIEnabled
+          if defined?(Win32::SSPI)
             return authenticator.complete_authentication(authphrase)
           else # use GSSAPI
             return authenticator.init_context(authphrase.unpack('m').pop)
@@ -697,7 +662,6 @@ class HTTPClient
 
     # Challenge handler: remember URL and challenge token for response.
     def challenge(uri, param_str)
-      return false unless SSPIEnabled || GSSAPIEnabled
       synchronize {
         if param_str.nil? or @challenge[uri].nil?
           c = @challenge[uri] = {}
@@ -825,9 +789,9 @@ class HTTPClient
       # not supported
     end
 
-    # have we marked this as set - ie that it's valid to use in this context?
+    # Check always (not effective but it works)
     def set?
-      true
+      !@challenge.empty?
     end
 
     # Set authentication credential.

data/lib/httpclient/http.rb

@@ -844,11 +844,11 @@ module HTTP
         query.each { |attr, value|
           left = escape(attr.to_s) << '='
           if values = Array.try_convert(value)
-            values.each { |value|
-              if value.respond_to?(:read)
-                value = value.read
+            values.each { |v|
+              if v.respond_to?(:read)
+                v = v.read
               end
-              pairs.push(left + escape(value.to_s))
+              pairs.push(left + escape(v.to_s))
             }
           else
             if value.respond_to?(:read)

data/lib/httpclient/session.rb

@@ -619,14 +619,14 @@ class HTTPClient
       rescue Errno::ECONNABORTED, Errno::ECONNRESET, Errno::EPIPE, IOError
         # JRuby can raise IOError instead of ECONNRESET for now
         close
-        raise KeepAliveDisconnected.new(self)
+        raise KeepAliveDisconnected.new(self, $!)
       rescue HTTPClient::TimeoutError
         close
         raise
       rescue
         close
         if SSLEnabled and $!.is_a?(OpenSSL::SSL::SSLError)
-          raise KeepAliveDisconnected.new(self)
+          raise KeepAliveDisconnected.new(self, $!)
         else
           raise
         end
@@ -886,7 +886,7 @@ class HTTPClient
           rescue Errno::ECONNABORTED, Errno::ECONNRESET, Errno::EPIPE, IOError
             # JRuby can raise IOError instead of ECONNRESET for now
             close
-            raise KeepAliveDisconnected.new(self)
+            raise KeepAliveDisconnected.new(self, $!)
           end
           if StatusParseRegexp !~ initial_line
             @version = '0.9'

data/lib/httpclient/ssl_config.rb

@@ -90,7 +90,12 @@ class HTTPClient
       @dest = nil
       @timeout = nil
       @ssl_version = :auto
-      @options = defined?(SSL::OP_ALL) ? SSL::OP_ALL | SSL::OP_NO_SSLv2 : nil
+      # Follow ruby-ossl's definition
+      @options = OpenSSL::SSL::OP_ALL
+      @options &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+      @options |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+      @options |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
+      @options |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
       # OpenSSL 0.9.8 default: "ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH"
       @ciphers = "ALL:!aNULL:!eNULL:!SSLv2" # OpenSSL >1.0.0 default
       @cacerts_loaded = false

data/lib/httpclient/util.rb

@@ -164,6 +164,18 @@ class HTTPClient
     end
     module_function :hash_find_value
 
+    # Try to require a feature and returns true/false if loaded
+    #
+    # It returns 'true' for the second require in contrast of the standard
+    # require returns false if the feature is already loaded.
+    def try_require(feature)
+      require feature
+      true
+    rescue LoadError
+      false
+    end
+    module_function :try_require
+
     # Checks if the given URI is https.
     def https?(uri)
       uri.scheme && uri.scheme.downcase == 'https'

data/lib/httpclient/version.rb

@@ -1,3 +1,3 @@
 class HTTPClient
-  VERSION = '2.4.0'
+  VERSION = '2.5.0'
 end

data/sample/github.rb

@@ -0,0 +1,11 @@
+require 'httpclient'
+
+# Obtain Personal access token from https://github.com/settings/applications
+personal_access_token = '03d1c4bc880e51c06215cc77eb075a7856e6a9c7'
+
+h = HTTPClient.new
+h.set_auth(nil, personal_access_token, 'x-oauth-basic')
+h.www_auth.basic_auth.challenge('https://api.github.com/')
+h.debug_dev = STDERR
+
+puts h.get_content('https://api.github.com/user/repos?type=private')

data/test/test_auth.rb

@@ -150,6 +150,19 @@ class TestAuth < Test::Unit::TestCase
     end
   end
 
+  def test_BASIC_auth_nil_uri
+    c = HTTPClient.new
+    webrick_backup = @basic_auth.instance_eval { @auth_scheme }
+    begin
+      @basic_auth.instance_eval { @auth_scheme = "BASIC" }
+      c.www_auth.basic_auth.instance_eval { @scheme = "BASIC" }
+      c.set_auth(nil, 'admin', 'admin')
+      assert_equal('basic_auth OK', c.get_content("http://localhost:#{serverport}/basic_auth"))
+    ensure
+      @basic_auth.instance_eval { @auth_scheme = webrick_backup }
+    end
+  end
+
   # To work this test consistently on CRuby you can to add 'Thread.pass' in
   # @challenge iteration at BasicAuth#get like;
   #

data/test/test_http-access2.rb

@@ -1,3 +1,4 @@
+# -*- encoding: utf-8 -*-
 require 'http-access2'
 require File.expand_path('helper', File.dirname(__FILE__))
 
@@ -116,7 +117,7 @@ class TestClient < Test::Unit::TestCase
     setup_proxyserver
     escape_noproxy do
       begin
-       	@client.proxy = "http://"
+       	@client.proxy = "http://あ"
       rescue
         assert_match(/InvalidURIError/, $!.class.to_s)
       end

data/test/test_httpclient.rb

@@ -176,7 +176,7 @@ class TestHTTPClient < Test::Unit::TestCase
     setup_proxyserver
     escape_noproxy do
       begin
-        @client.proxy = "http://"
+        @client.proxy = "http://あ"
       rescue
         assert_match(/InvalidURIError/, $!.class.to_s)
       end

data/test/test_ssl.rb

@@ -33,7 +33,10 @@ class TestSSL < Test::Unit::TestCase
     assert_equal(OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT, cfg.verify_mode)
     assert_nil(cfg.verify_callback)
     assert_nil(cfg.timeout)
-    assert_equal(OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2, cfg.options)
+    expected_options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
+    expected_options &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
+    expected_options |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+    assert_equal(expected_options, cfg.options)
     assert_equal("ALL:!aNULL:!eNULL:!SSLv2", cfg.ciphers)
     assert_instance_of(OpenSSL::X509::Store, cfg.cert_store)
   end
@@ -166,6 +169,24 @@ end
     end
   end
 
+  def test_no_sslv3
+    teardown_server
+    setup_server_with_ssl_version(:SSLv3)
+    assert_raise(OpenSSL::SSL::SSLError) do
+      @client.ssl_config.verify_mode = nil
+      @client.get("https://localhost:#{serverport}/hello")
+    end
+  end
+
+  def test_allow_tlsv1
+    teardown_server
+    setup_server#_with_ssl_version(:TLSv1)
+    assert_nothing_raised do
+      @client.ssl_config.verify_mode = nil
+      @client.get("https://localhost:#{serverport}/hello")
+    end
+  end
+
 private
 
   def cert(filename)
@@ -207,6 +228,31 @@ private
     @server_thread = start_server_thread(@server)
   end
 
+  def setup_server_with_ssl_version(ssl_version)
+    logger = Logger.new(STDERR)
+    #logger.level = Logger::Severity::FATAL	# avoid logging SSLError (ERROR level)
+    @server = WEBrick::HTTPServer.new(
+      :BindAddress => "localhost",
+      :Logger => logger,
+      :Port => 0,
+      :AccessLog => [],
+      :DocumentRoot => DIR,
+      :SSLEnable => true,
+      :SSLCACertificateFile => File.join(DIR, 'ca.cert'),
+      :SSLCertificate => cert('server.cert'),
+      :SSLPrivateKey => key('server.key')
+    )
+    @server.ssl_context.ssl_version = ssl_version
+    @serverport = @server.config[:Port]
+    [:hello].each do |sym|
+      @server.mount(
+        "/#{sym}",
+        WEBrick::HTTPServlet::ProcHandler.new(method("do_#{sym}").to_proc)
+      )
+    end
+    @server_thread = start_server_thread(@server)
+  end
+
   def do_hello(req, res)
     res['content-type'] = 'text/html'
     res.body = "hello"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: httpclient
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.5.0
 platform: ruby
 authors:
 - Hiroshi Nakamura
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-08 00:00:00.000000000 Z
+date: 2014-10-16 00:00:00.000000000 Z
 dependencies: []
 description: 
 email: nahi@ruby-lang.org
@@ -41,6 +41,7 @@ files:
 - sample/auth.rb
 - sample/cookie.rb
 - sample/dav.rb
+- sample/github.rb
 - sample/howto.rb
 - sample/oauth_buzz.rb
 - sample/oauth_friendfeed.rb
@@ -84,7 +85,7 @@ files:
 - test/test_httpclient.rb
 - test/test_include_client.rb
 - test/test_ssl.rb
-homepage: http://github.com/nahi/httpclient
+homepage: https://github.com/nahi/httpclient
 licenses:
 - ruby
 metadata: {}
@@ -104,7 +105,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.1
 signing_key: 
 specification_version: 4
 summary: gives something like the functionality of libwww-perl (LWP) in Ruby