httpx 0.19.6 → 0.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 832389a759da52da8b345ffa687a9704b3ec3465a936664d3cab2247586a51de
-  data.tar.gz: 16e4bda290c1631c64f263daf416aec4a4858b7404a3570f229c800da1ca8be2
+  metadata.gz: a5a31aeffa012bd1eea19c1e892c8669624de0d21c9cd8911ae025375f0b93fb
+  data.tar.gz: 285707682eb2d1451106d28bc2d4a8ceb247d4237139c9e7d83bd5a0163b5a5c
 SHA512:
-  metadata.gz: 73816d590b2990b61c4d67dbade348fe7f7ab93e4996a7a4585b4ef895f6410f785c3e85d6f73d621aa2367f0a42add8344502cafd78312f056940f339be4c34
-  data.tar.gz: 3cb533d7d796f63bc869e8213c0c03b8d290698f8ee3c07affb9b29b79e60e802baa25ca78d7ddf9e7e530ccfc970490a69029878399522c48b8f7bc43222a99
+  metadata.gz: 6f2c50aa8895c6f07ed0acbca1b1171343da2b55bc838ae7f2a0f7a44300c101ea0020938946bf630b80ad6b81bed3cb54910b0734576b6e7c000e058497128c
+  data.tar.gz: 83e19a86d841056821d9198c9a8e3e7b06ec354445289a1fd7d612d070b02b0a01aa9f45f5acdb0b35e4da413c2c3955646e5f55c5421db95879092a0a3aa377

data/doc/release_notes/0_19_7.md

@@ -0,0 +1,5 @@
+# 0.19.7
+
+## Bugfixes
+
+* fix: in `:proxy` plugin, user/pass credentials were not being used when passed as options (only when embedded in the URL). This was a regression introduced in the 0.19.x series.

data/doc/release_notes/0_19_8.md

@@ -0,0 +1,5 @@
+# 0.19.7
+
+## Bugfixes
+
+* `datadog` went v1, which broke `httpx` adapter. Now it supports both 1.0 and 0.x versions.

data/doc/release_notes/0_20_0.md

@@ -0,0 +1,36 @@
+# 0.19.0
+
+## Features
+
+### Sentry integration
+
+Documentation: https://gitlab.com/honeyryderchuck/httpx/-/wikis/Sentry-Adapter
+
+`httpx` ships with integration for `sentry-ruby` to provide HTTP request specific breadcrumbs and tracing. It can be enabled via:
+
+```ruby
+require "httpx/adapters/sentry"
+```
+
+### Proxy alternative auth schemes
+
+Besides the already previously supported (and still default) HTTP Basic Auth, the `:proxy` plugin supports HTTP Digest and NTLM auth as well. These are made available via the following APIs:
+
+```ruby
+http = HTTPX.plugin(:proxy)
+http.with_proxy_basic_auth(username: "user", password: "pass", uri: "http://proxy-uri:8126")
+http.with_proxy_digest_auth(username: "user", password: "pass", uri: "http://proxy-uri:8126")
+http.with_proxy_ntlm_auth(username: "user", password: "pass", uri: "http://proxy-uri:8126")
+
+# or alternatively
+http.with_proxy(proxy: "basic", username: "user", password: "pass", uri: "http://proxy-uri:8126")
+```
+
+## Bugfixes
+
+* HTTPS requests on an URL with an IP as a host, will now correctly not perform SNI during the TLS handshake, as per RFC;
+* `:follow_redirects` plugin will now halt redirections on 3xx responses with no `"location"` headers; this means it won't crash on 304 responses.
+    * If the `httpx` session has the `:proxy` plugin enabled, HTTP 305 responses will retry the request via the proxy exposed in the `"location"` header, as the RFC mandates.
+* `alt-svc` connection switch for HTTPS requests will be halted if the advertised alternative service "downgrades" to cleartext (example: `alt-svc` advertises `"h2c"`, but original connection was enabled via TLS).
+* A new connection to a TLS-enabled `alt-svc` advertised for a previous request, will now use that request's hostname as the SNI hostname, when performing the TLS handshake.
+* the `:response_cache` plugin will now correctly handle capitalized HTTP headers advertised in the `"vary"` header.

data/lib/httpx/adapters/datadog.rb

@@ -1,12 +1,52 @@
 # frozen_string_literal: true
 
-require "ddtrace/contrib/integration"
-require "ddtrace/contrib/rest_client/configuration/settings"
-require "ddtrace/contrib/rest_client/patcher"
+if defined?(::DDTrace) && ::DDTrace::VERSION::STRING >= "1.0.0"
+  require "datadog/tracing/contrib/integration"
+  require "datadog/tracing/contrib/configuration/settings"
+  require "datadog/tracing/contrib/patcher"
 
-module Datadog
+  TRACING_MODULE = Datadog::Tracing
+else
+
+  require "ddtrace/contrib/integration"
+  require "ddtrace/contrib/configuration/settings"
+  require "ddtrace/contrib/patcher"
+
+  TRACING_MODULE = Datadog
+end
+
+module TRACING_MODULE # rubocop:disable Naming/ClassAndModuleCamelCase
   module Contrib
     module HTTPX
+      if defined?(::DDTrace) && ::DDTrace::VERSION::STRING >= "1.0.0"
+        METADATA_MODULE = TRACING_MODULE::Metadata
+
+        TYPE_OUTBOUND = TRACING_MODULE::Metadata::Ext::HTTP::TYPE_OUTBOUND
+
+        TAG_PEER_SERVICE = TRACING_MODULE::Metadata::Ext::TAG_PEER_SERVICE
+
+        TAG_URL = TRACING_MODULE::Metadata::Ext::HTTP::TAG_URL
+        TAG_METHOD = TRACING_MODULE::Metadata::Ext::HTTP::TAG_METHOD
+        TAG_TARGET_HOST = TRACING_MODULE::Metadata::Ext::NET::TAG_TARGET_HOST
+        TAG_TARGET_PORT = TRACING_MODULE::Metadata::Ext::NET::TAG_TARGET_PORT
+
+        TAG_STATUS_CODE = TRACING_MODULE::Metadata::Ext::HTTP::TAG_STATUS_CODE
+
+      else
+
+        METADATA_MODULE = Datadog
+
+        TYPE_OUTBOUND = TRACING_MODULE::Ext::HTTP::TYPE_OUTBOUND
+        TAG_PEER_SERVICE = TRACING_MODULE::Ext::Integration::TAG_PEER_SERVICE
+        TAG_URL = TRACING_MODULE::Ext::HTTP::URL
+        TAG_METHOD = TRACING_MODULE::Ext::HTTP::METHOD
+        TAG_TARGET_HOST = TRACING_MODULE::Ext::NET::TARGET_HOST
+        TAG_TARGET_PORT = TRACING_MODULE::Ext::NET::TARGET_PORT
+        TAG_STATUS_CODE = Datadog::Ext::HTTP::STATUS_CODE
+        PROPAGATOR = TRACING_MODULE::HTTPPropagator
+
+      end
+
       # HTTPX Datadog Plugin
       #
       # Enables tracing for httpx requests. A span will be created for each individual requests,
@@ -15,6 +55,8 @@ module Datadog
       #
       module Plugin
         class RequestTracer
+          include Contrib::HttpAnnotationHelper
+
           SPAN_REQUEST = "httpx.request"
 
           def initialize(request)
@@ -22,43 +64,37 @@ module Datadog
           end
 
           def call
-            return if skip_tracing?
+            return unless tracing_enabled?
 
             @request.on(:response, &method(:finish))
 
             verb = @request.verb.to_s.upcase
             uri = @request.uri
 
-            @span = datadog_pin.tracer.trace(SPAN_REQUEST)
-            service_name = datadog_config[:split_by_domain] ? uri.host : datadog_pin.service_name
+            @span = build_span
 
-            begin
-              @span.service = service_name
-              @span.span_type = Datadog::Ext::HTTP::TYPE_OUTBOUND
-              @span.resource = verb
+            @span.resource = verb
 
-              Datadog::HTTPPropagator.inject!(@span.context, @request.headers) if datadog_pin.tracer.enabled && !skip_distributed_tracing?
+            # Add additional request specific tags to the span.
 
-              # Add additional request specific tags to the span.
+            @span.set_tag(TAG_URL, @request.path)
+            @span.set_tag(TAG_METHOD, verb)
 
-              @span.set_tag(Datadog::Ext::HTTP::URL, @request.path)
-              @span.set_tag(Datadog::Ext::HTTP::METHOD, verb)
+            @span.set_tag(TAG_TARGET_HOST, uri.host)
+            @span.set_tag(TAG_TARGET_PORT, uri.port.to_s)
 
-              @span.set_tag(Datadog::Ext::NET::TARGET_HOST, uri.host)
-              @span.set_tag(Datadog::Ext::NET::TARGET_PORT, uri.port.to_s)
+            # Tag as an external peer service
+            @span.set_tag(TAG_PEER_SERVICE, @span.service)
 
-              # Tag as an external peer service
-              @span.set_tag(Datadog::Ext::Integration::TAG_PEER_SERVICE, @span.service)
+            propagate_headers if @configuration[:distributed_tracing]
 
-              # Set analytics sample rate
-              if Contrib::Analytics.enabled?(datadog_config[:analytics_enabled])
-                Contrib::Analytics.set_sample_rate(@span, datadog_config[:analytics_sample_rate])
-              end
-            rescue StandardError => e
-              Datadog.logger.error("error preparing span for http request: #{e}")
+            # Set analytics sample rate
+            if Contrib::Analytics.enabled?(@configuration[:analytics_enabled])
+              Contrib::Analytics.set_sample_rate(@span, @configuration[:analytics_sample_rate])
             end
           rescue StandardError => e
-            Datadog.logger.debug("Failed to start span: #{e}")
+            Datadog.logger.error("error preparing span for http request: #{e}")
+            Datadog.logger.error(e.backtrace)
           end
 
           def finish(response)
@@ -67,7 +103,7 @@ module Datadog
             if response.is_a?(::HTTPX::ErrorResponse)
               @span.set_error(response.error)
             else
-              @span.set_tag(Datadog::Ext::HTTP::STATUS_CODE, response.status.to_s)
+              @span.set_tag(TAG_STATUS_CODE, response.status.to_s)
 
               @span.set_error(::HTTPX::HTTPError.new(response)) if response.status >= 400 && response.status <= 599
             end
@@ -77,40 +113,48 @@ module Datadog
 
           private
 
-          def skip_tracing?
-            return true if @request.headers.key?(Datadog::Ext::Transport::HTTP::HEADER_META_TRACER_VERSION)
-
-            return false unless @datadog_pin
-
-            span = @datadog_pin.tracer.active_span
+          if defined?(::DDTrace) && ::DDTrace::VERSION::STRING >= "1.0.0"
 
-            return true if span && (span.name == SPAN_REQUEST)
+            def build_span
+              TRACING_MODULE.trace(
+                SPAN_REQUEST,
+                service: service_name(@request.uri.host, configuration, Datadog.configuration_for(self)),
+                span_type: TYPE_OUTBOUND
+              )
+            end
 
-            false
-          end
+            def propagate_headers
+              TRACING_MODULE::Propagation::HTTP.inject!(TRACING_MODULE.active_trace, @request.headers)
+            end
 
-          def skip_distributed_tracing?
-            return !datadog_pin.config[:distributed_tracing] if datadog_pin.config && datadog_pin.config.key?(:distributed_tracing)
+            def configuration
+              @configuration ||= Datadog.configuration.tracing[:httpx, @request.uri.host]
+            end
 
-            !Datadog.configuration[:httpx][:distributed_tracing]
-          end
+            def tracing_enabled?
+              TRACING_MODULE.enabled?
+            end
+          else
+            def build_span
+              service_name = configuration[:split_by_domain] ? @request.uri.host : configuration[:service_name]
+              configuration[:tracer].trace(
+                SPAN_REQUEST,
+                service: service_name,
+                span_type: TYPE_OUTBOUND
+              )
+            end
 
-          def datadog_pin
-            @datadog_pin ||= begin
-              service = datadog_config[:service_name]
-              tracer = datadog_config[:tracer]
+            def propagate_headers
+              Datadog::HTTPPropagator.inject!(@span.context, @request.headers)
+            end
 
-              Datadog::Pin.new(
-                service,
-                app: "httpx",
-                app_type: Datadog::Ext::AppTypes::WEB,
-                tracer: -> { tracer }
-              )
+            def configuration
+              @configuration ||= Datadog.configuration[:httpx, @request.uri.host]
             end
-          end
 
-          def datadog_config
-            @datadog_config ||= Datadog.configuration[:httpx, @request.uri.host]
+            def tracing_enabled?
+              configuration[:tracer].enabled
+            end
           end
         end
 
@@ -125,7 +169,11 @@ module Datadog
       module Configuration
         # Default settings for httpx
         #
-        class Settings < Datadog::Contrib::Configuration::Settings
+        class Settings < TRACING_MODULE::Contrib::Configuration::Settings
+          DEFAULT_ERROR_HANDLER = lambda do |response|
+            Datadog::Ext::HTTP::ERROR_RANGE.cover?(response.status)
+          end
+
           option :service_name, default: "httpx"
           option :distributed_tracing, default: true
           option :split_by_domain, default: false
@@ -145,14 +193,14 @@ module Datadog
             o.lazy
           end
 
-          option :error_handler, default: Datadog::Tracer::DEFAULT_ON_ERROR
+          option :error_handler, default: DEFAULT_ERROR_HANDLER
         end
       end
 
       # Patcher enables patching of 'httpx' with datadog components.
       #
       module Patcher
-        include Datadog::Contrib::Patcher
+        include TRACING_MODULE::Contrib::Patcher
 
         module_function
 
@@ -192,8 +240,14 @@ module Datadog
           super && version >= MINIMUM_VERSION
         end
 
-        def default_configuration
-          Configuration::Settings.new
+        if defined?(::DDTrace) && ::DDTrace::VERSION::STRING >= "1.0.0"
+          def new_configuration
+            Configuration::Settings.new
+          end
+        else
+          def default_configuration
+            Configuration::Settings.new
+          end
         end
 
         def patcher

data/lib/httpx/adapters/sentry.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require "sentry-ruby"
+
+module HTTPX::Plugins
+  module Sentry
+    module Tracer
+      module_function
+
+      def call(request)
+        sentry_span = start_sentry_span
+
+        return unless sentry_span
+
+        set_sentry_trace_header(request, sentry_span)
+
+        request.on(:response, &method(:finish_sentry_span).curry(3)[sentry_span, request])
+      end
+
+      def start_sentry_span
+        return unless ::Sentry.initialized? && (span = ::Sentry.get_current_scope.get_span)
+        return if span.sampled == false
+
+        span.start_child(op: "httpx.client", start_timestamp: ::Sentry.utc_now.to_f)
+      end
+
+      def set_sentry_trace_header(request, sentry_span)
+        return unless sentry_span
+
+        trace = ::Sentry.get_current_client.generate_sentry_trace(sentry_span)
+        request.headers[::Sentry::SENTRY_TRACE_HEADER_NAME] = trace if trace
+      end
+
+      def finish_sentry_span(span, request, response)
+        return unless ::Sentry.initialized?
+
+        record_sentry_breadcrumb(request, response)
+        record_sentry_span(request, response, span)
+      end
+
+      def record_sentry_breadcrumb(req, res)
+        return unless ::Sentry.configuration.breadcrumbs_logger.include?(:http_logger)
+
+        request_info = extract_request_info(req)
+
+        data = if response.is_a?(HTTPX::ErrorResponse)
+          { error: res.message, **request_info }
+        else
+          { status: res.status, **request_info }
+        end
+
+        crumb = ::Sentry::Breadcrumb.new(
+          level: :info,
+          category: "httpx",
+          type: :info,
+          data: data
+        )
+        ::Sentry.add_breadcrumb(crumb)
+      end
+
+      def record_sentry_span(req, res, sentry_span)
+        return unless sentry_span
+
+        request_info = extract_request_info(req)
+        sentry_span.set_description("#{request_info[:method]} #{request_info[:url]}")
+        sentry_span.set_data(:status, res.status)
+        sentry_span.set_timestamp(::Sentry.utc_now.to_f)
+      end
+
+      def extract_request_info(req)
+        uri = req.uri
+
+        result = {
+          method: req.verb.to_s.upcase,
+        }
+
+        if ::Sentry.configuration.send_default_pii
+          uri += "?#{req.query}" unless req.query.empty?
+          result[:body] = req.body.to_s unless req.body.empty? || req.body.unbounded_body?
+        end
+
+        result[:url] = uri.to_s
+
+        result
+      end
+    end
+
+    module ConnectionMethods
+      def send(request)
+        Tracer.call(request)
+        super
+      end
+    end
+  end
+end
+
+Sentry.register_patch do
+  sentry_session = ::HTTPX.plugin(HTTPX::Plugins::Sentry)
+
+  HTTPX.send(:remove_const, :Session)
+  HTTPX.send(:const_set, :Session, sentry_session.class)
+end

data/lib/httpx/connection.rb

@@ -102,8 +102,8 @@ module HTTPX
           # origin came from an ORIGIN frame, we're going to verify the hostname with the
           # SSL certificate
           (@origins.size == 1 || @origin == uri.origin || (@io && @io.verify_hostname(uri.host)))
-        ) || match_altsvcs?(uri)
-      ) && @options == options
+        ) && @options == options
+      ) || (match_altsvcs?(uri) && match_altsvc_options?(uri, options))
     end
 
     def mergeable?(connection)
@@ -162,6 +162,14 @@ module HTTPX
         end
     end
 
+    def match_altsvc_options?(uri, options)
+      return @options == options unless @options.ssl[:hostname] == uri.host
+
+      dup_options = @options.merge(ssl: { hostname: nil })
+      dup_options.ssl.delete(:hostname)
+      dup_options == options
+    end
+
     def connecting?
       @state == :idle
     end

data/lib/httpx/io/ssl.rb

@@ -4,8 +4,11 @@ require "openssl"
 
 module HTTPX
   TLSError = OpenSSL::SSL::SSLError
+  IPRegex = Regexp.union(Resolv::IPv4::Regex, Resolv::IPv6::Regex)
 
   class SSL < TCP
+    using RegexpExtensions unless Regexp.method_defined?(:match?)
+
     TLS_OPTIONS = if OpenSSL::SSL::SSLContext.instance_methods.include?(:alpn_protocols)
       { alpn_protocols: %w[h2 http/1.1].freeze }.freeze
     else
@@ -19,6 +22,8 @@ module HTTPX
       @sni_hostname = ctx_options.delete(:hostname) || @hostname
       @ctx.set_params(ctx_options) unless ctx_options.empty?
       @state = :negotiated if @keep_open
+
+      @hostname_is_ip = IPRegex.match?(@sni_hostname)
     end
 
     def protocol
@@ -56,7 +61,7 @@ module HTTPX
 
       unless @io.is_a?(OpenSSL::SSL::SSLSocket)
         @io = OpenSSL::SSL::SSLSocket.new(@io, @ctx)
-        @io.hostname = @sni_hostname
+        @io.hostname = @sni_hostname unless @hostname_is_ip
         @io.sync_close = true
       end
       try_ssl_connect
@@ -66,7 +71,7 @@ module HTTPX
       # :nocov:
       def try_ssl_connect
         @io.connect_nonblock
-        @io.post_connection_check(@sni_hostname) if @ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE
+        @io.post_connection_check(@sni_hostname) if @ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE && !@hostname_is_ip
         transition(:negotiated)
         @interests = :w
       rescue ::IO::WaitReadable
@@ -98,7 +103,7 @@ module HTTPX
           @interests = :w
           return
         end
-        @io.post_connection_check(@sni_hostname) if @ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE
+        @io.post_connection_check(@sni_hostname) if @ctx.verify_mode != OpenSSL::SSL::VERIFY_NONE && !@hostname_is_ip
         transition(:negotiated)
         @interests = :w
       end

data/lib/httpx/options.rb

@@ -132,6 +132,7 @@ module HTTPX
     def freeze
       super
       @origin.freeze
+      @base_path.freeze
       @timeout.freeze
       @headers.freeze
       @addresses.freeze
@@ -141,6 +142,10 @@ module HTTPX
       URI(value)
     end
 
+    def option_base_path(value)
+      String(value)
+    end
+
     def option_headers(value)
       Headers.new(value)
     end

data/lib/httpx/plugins/authentication/basic.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require "base64"
+
+module HTTPX
+  module Plugins
+    module Authentication
+      class Basic
+        def initialize(user, password, **)
+          @user = user
+          @password = password
+        end
+
+        def can_authenticate?(authenticate)
+          authenticate && /Basic .*/.match?(authenticate)
+        end
+
+        def authenticate(*)
+          "Basic #{Base64.strict_encode64("#{@user}:#{@password}")}"
+        end
+      end
+    end
+  end
+end

data/lib/httpx/plugins/authentication/digest.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require "time"
+require "securerandom"
+require "digest"
+
+module HTTPX
+  module Plugins
+    module Authentication
+      class Digest
+        using RegexpExtensions unless Regexp.method_defined?(:match?)
+
+        def initialize(user, password, **)
+          @user = user
+          @password = password
+          @nonce = 0
+        end
+
+        def can_authenticate?(authenticate)
+          authenticate && /Digest .*/.match?(authenticate)
+        end
+
+        def authenticate(request, authenticate)
+          "Digest #{generate_header(request.verb.to_s.upcase, request.path, authenticate)}"
+        end
+
+        private
+
+        def generate_header(meth, uri, authenticate)
+          # discard first token, it's Digest
+          auth_info = authenticate[/^(\w+) (.*)/, 2]
+
+          params = Hash[auth_info.split(/ *, */)
+                                 .map { |val| val.split("=") }
+                                 .map { |k, v| [k, v.delete("\"")] }]
+          nonce = params["nonce"]
+          nc = next_nonce
+
+          # verify qop
+          qop = params["qop"]
+
+          if params["algorithm"] =~ /(.*?)(-sess)?$/
+            alg = Regexp.last_match(1)
+            algorithm = ::Digest.const_get(alg)
+            raise DigestError, "unknown algorithm \"#{alg}\"" unless algorithm
+
+            sess = Regexp.last_match(2)
+            params.delete("algorithm")
+          else
+            algorithm = ::Digest::MD5
+          end
+
+          if qop || sess
+            cnonce = make_cnonce
+            nc = format("%<nonce>08x", nonce: nc)
+          end
+
+          a1 = if sess
+            [algorithm.hexdigest("#{@user}:#{params["realm"]}:#{@password}"),
+             nonce,
+             cnonce].join ":"
+          else
+            "#{@user}:#{params["realm"]}:#{@password}"
+          end
+
+          ha1 = algorithm.hexdigest(a1)
+          ha2 = algorithm.hexdigest("#{meth}:#{uri}")
+          request_digest = [ha1, nonce]
+          request_digest.push(nc, cnonce, qop) if qop
+          request_digest << ha2
+          request_digest = request_digest.join(":")
+
+          header = [
+            %(username="#{@user}"),
+            %(nonce="#{nonce}"),
+            %(uri="#{uri}"),
+            %(response="#{algorithm.hexdigest(request_digest)}"),
+          ]
+          header << %(realm="#{params["realm"]}") if params.key?("realm")
+          header << %(algorithm=#{params["algorithm"]}") if params.key?("algorithm")
+          header << %(opaque="#{params["opaque"]}") if params.key?("opaque")
+          header << %(cnonce="#{cnonce}") if cnonce
+          header << %(nc=#{nc})
+          header << %(qop=#{qop}) if qop
+          header.join ", "
+        end
+
+        def make_cnonce
+          ::Digest::MD5.hexdigest [
+            Time.now.to_i,
+            Process.pid,
+            SecureRandom.random_number(2**32),
+          ].join ":"
+        end
+
+        def next_nonce
+          @nonce += 1
+        end
+      end
+    end
+  end
+end

data/lib/httpx/plugins/authentication/ntlm.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+require "base64"
+require "ntlm"
+
+module HTTPX
+  module Plugins
+    module Authentication
+      class Ntlm
+        using RegexpExtensions unless Regexp.method_defined?(:match?)
+
+        def initialize(user, password, domain: nil)
+          @user = user
+          @password = password
+          @domain = domain
+        end
+
+        def can_authenticate?(authenticate)
+          authenticate && /NTLM .*/.match?(authenticate)
+        end
+
+        def negotiate
+          "NTLM #{NTLM.negotiate(domain: @domain).to_base64}"
+        end
+
+        def authenticate(_req, www)
+          challenge = www[/NTLM (.*)/, 1]
+
+          challenge = Base64.decode64(challenge)
+          ntlm_challenge = NTLM.authenticate(challenge, @user, @domain, @password).to_base64
+
+          "NTLM #{ntlm_challenge}"
+        end
+      end
+    end
+  end
+end