maiha-htpasswd 0.1

data/README

@@ -0,0 +1,117 @@
+Htpasswd
+========
+This plugin allows controllers to use HTTP Basic and Digest access authentication.
+You can specify user passwords like this.
+
+ * inline plain password
+ * inline crypted password
+ * external password file
+
+
+Syntax
+======
+
+  htpasswd *options*
+  htdigest *options*
+
+
+Options
+=======
+
+ * user   : user name                               # default: nil
+ * pass   : password (format depends on :type)      # default: nil
+ * type   : one of ( :plain | :crypted )            # default: :plain
+ * file   : external file path                      # default: nil
+ * realm  : realm value                             # default: "Authorization"
+ * class  : specify ActiveRecord class for account  # default: nil
+ * scheme : auth scheme                             # default: automatically set by method name
+
+
+Usage
+=====
+
+(1) Basic Access Authentication
+
+class AdminController < ApplicationController
+  htpasswd :user=>"maiha", :pass=>"berryz"
+  htpasswd :user=>"maiha", :pass=>"7Et1Y7tCawx32", :type=>:crypted
+  htpasswd :user=>"maiha", :pass=>"berryz", :realm=>"Member Only"
+  htpasswd :file=>"/usr/local/apache/passwd/.htpasswd"
+  htpasswd :class=>"Account"                                    # authorize user with Account#username and Account#password
+  htpasswd :class=>"Account", :user=>"login", :pass=>"secret"   # use "login" and "secret" columns
+end
+
+
+(2) Digest Access Authentication
+
+class AdminController < ApplicationController
+  htdigest :user=>"maiha", :pass=>"berryz"
+  htdigest :user=>"maiha", :pass=>"812b1d067e9ce1e44f09215339e3cd69", :type=>:crypted
+  htdigest :file=>"/usr/local/apache/passwd/.htdigest"
+  htdigest :class=>"Account"                                    # Account#password should be realm-considered value.
+end
+
+
+(3) Multiple Access Authentications
+
+class AdminController < ApplicationController
+  htpasswd :user=>"maiha", :pass=>"berryz"
+  htdigest :user=>"airi" , :pass=>"cute"
+end
+
+Although user 'maiha' is authorized by Basic auth,
+user 'airi' is authorized by Digest auth in this case.
+And this controller returns Digest one as a 401 response
+because it is strongest auth-scheme in above schemes.
+
+
+(4) Authorized User Name
+
+class AdminController < ApplicationController
+  htpasswd :user=>"maiha", :pass=>"berryz"
+  def index
+    render :text=>"current_user: #{@htpasswd_authorized_username}"
+  end
+end
+
+Authorized user name is set in @htpasswd_authorized_username.
+
+
+(0) Creating a htdigest file
+
+>> Htpasswd::Auths::Digest.new(:user=>"maiha", :pass=>"berryz").entry
+=> "maiha:Authorization:812b1d067e9ce1e44f09215339e3cd69"
+
+This acts same as following unix command.
+
+% htdigest -c filename maiha
+
+
+Restrictions
+============
+
+* 'realm' value should not contain any commas and semicolons.
+
+
+Rails
+=====
+
+1.2 : OK
+2.1 : OK
+2.2 : OK
+
+
+Test
+====
+
+Just type.
+
+% ruby vendor/plugins/htpasswd/test/htpasswd_test.rb
+% ruby vendor/plugins/htpasswd/test/htdigest_test.rb
+
+
+Author
+======
+The original author is Kawamura.
+Composed by maiha@wota.jp
+

data/Rakefile

@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the htpasswd plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the htpasswd plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Htpasswd'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/init.rb

@@ -0,0 +1,15 @@
+require 'htpasswd/class_methods'
+
+require 'htpasswd/acls/base'
+require 'htpasswd/acls/plain'
+require 'htpasswd/acls/crypted'
+require 'htpasswd/acls/digest'
+require 'htpasswd/acls/htpasswd'
+require 'htpasswd/acls/htdigest'
+require 'htpasswd/acls/active_record'
+
+require 'htpasswd/auths/base'
+require 'htpasswd/auths/basic'
+require 'htpasswd/auths/digest'
+
+ActionController::Base.send(:include, Htpasswd)

data/install.rb

@@ -0,0 +1 @@
+# Install hook code here

data/lib/htpasswd/acls/active_record.rb

@@ -0,0 +1,25 @@
+module Htpasswd
+  module Acls
+    class ActiveRecord < Base
+      def authorize_user(scheme)
+        active_record.send("find_by_%s" % (@options[:user] || :username), scheme.user)
+      end
+
+      def authorize_pass(scheme)
+        obj = active_record.send("find_by_%s" % (@options[:user] || :username), scheme.user)
+        scheme.authorize_pass(obj[@options[:pass] || :password])
+      rescue
+        raise IncorrectPassword
+      end
+
+      protected
+      def active_record
+        @active_record ||= @options[:class].to_s.classify.constantize
+      rescue
+        raise ConfigurationError, "invalid active_record class name: '%s'" % @options[:class].to_s
+      end
+
+      register self
+    end
+  end
+end

data/lib/htpasswd/acls/base.rb

@@ -0,0 +1,76 @@
+module Htpasswd
+  module Acls
+    class Base
+      delegate :logger, :to=>"ActionController::Base"
+
+      @@entries = {}
+
+      class << self
+        def [](name)
+          name = name.to_s.classify
+          @@entries[name] or raise UnknownAccessControl, name
+        end
+
+        def register(klass)
+          @@entries[klass.name.demodulize.classify] = klass
+        end
+      end
+
+      def initialize(options)
+        @options = options
+      end
+
+      def user
+        @options[:user]
+      end
+
+      def pass
+        @options[:pass]
+      end
+
+      def type
+        @options[:type]
+      end
+
+      def authorized?(scheme)
+        authorize_type(scheme) && authorize_user(scheme) && authorize_pass(scheme) && scheme.user
+      end
+
+      def authorize_type(scheme)
+        scheme.authorize_type(type)
+      end
+
+      def authorize_user(scheme)
+        scheme.authorize_user(user)
+      end
+
+      def authorize_pass(scheme)
+        scheme.authorize_pass(pass)
+      end
+
+      register self
+    end
+
+    class CompositeBase < Base
+      delegate :each, :<<, :to=>"@entries"
+
+      def initialize(*args)
+        @entries = []
+        initialize_composite(*args)
+      end
+
+      def initialize_composite(*args)
+        raise NotImplementedError
+      end
+
+      def authorized?(scheme)
+        each do |entry|
+          if user = entry.authorized?(scheme)
+            return user
+          end
+        end
+        return false
+      end
+    end
+  end
+end

data/lib/htpasswd/acls/crypted.rb

@@ -0,0 +1,11 @@
+module Htpasswd
+  module Acls
+    class Crypted < Base
+      def authorize_pass(scheme)
+        pass == scheme.pass.crypt(pass) or
+          raise IncorrectPassword
+      end
+      register self
+    end
+  end
+end

data/lib/htpasswd/acls/digest.rb

@@ -0,0 +1,10 @@
+module Htpasswd
+  module Acls
+    class Digest < Base
+      def authorize_type(scheme)
+        scheme.is_a?(Auths::Digest)
+      end
+      register self
+    end
+  end
+end

data/lib/htpasswd/acls/htdigest.rb

@@ -0,0 +1,17 @@
+module Htpasswd
+  module Acls
+    class Htdigest < CompositeBase
+      def initialize_composite(options)
+        IO.foreach(options[:file]) do |line|
+          user, realm, pass = line.chomp.split(':', 3)
+          self << Acls::Digest.new(:user=>user, :realm=>realm, :pass=>pass)
+        end
+      rescue => err
+        logger.debug("%s: [%s]%s" % [self.class, err.class, err])
+        raise ConfigurationError, "Cannot read password file. '#{options[:file]}'"
+      end
+
+      register self
+    end
+  end
+end

data/lib/htpasswd/acls/htpasswd.rb

@@ -0,0 +1,17 @@
+module Htpasswd
+  module Acls
+    class Htpasswd < CompositeBase
+      def initialize_composite(options)
+        IO.foreach(options[:file]) do |line|
+          user, pass = line.chomp.split(':', 2)
+          self << Crypted.new(:type=>:crypted, :user=>user, :pass=>pass)
+        end
+      rescue => err
+        logger.debug("%s: [%s]%s" % [self.class, err.class, err])
+        raise ConfigurationError, "Cannot read password file. '#{options[:file]}'"
+      end
+
+      register self
+    end
+  end
+end

data/lib/htpasswd/acls/plain.rb

@@ -0,0 +1,11 @@
+module Htpasswd
+  module Acls
+    class Plain < Base
+      def authorize_pass(scheme)
+        pass == scheme.pass or
+          raise IncorrectPassword
+      end
+      register self
+    end
+  end
+end

data/lib/htpasswd/auths/base.rb

@@ -0,0 +1,108 @@
+module Htpasswd
+  module Auths
+    @@schemas = {}
+
+    module_function
+    def [](auth_scheme)
+      @@schemas[auth_scheme.to_s.classify]
+    end
+
+    def scheme(controller)
+      case controller
+      when ActionController::Base
+        returning authorization = instantiate(extract_header(controller.request.env)) do
+          authorization.set_controller(controller)
+        end
+      else
+        instantiate(controller.to_s)
+      end
+    end
+
+    def instantiate(header)
+      raise HeaderNotFound if header.blank?
+      ActionController::Base.logger.debug "Htpasswd accepts authorization header: '#{header}'"
+      type, data = header.to_s.split(' ', 2)
+      klass = self[type] or raise UnknownSchemeError, type
+      klass.parse(data)
+    end
+
+    def extract_header(hash)
+      [
+       'X-HTTP_AUTHORIZATION',          # for Apache/mod_rewrite
+       'REDIRECT_X_HTTP_AUTHORIZATION', # for Apache2/mod_rewrite
+       'Authorization',                 # for Apace/mod_fastcgi with -pass-header Authorization 
+       'HTTP_AUTHORIZATION',            # this is the regular location 
+      ].map{|name| hash[name]}.compact.first
+    end
+
+    def default_realm
+      "Authorization"
+    end
+
+    class Base
+      delegate :logger, :to=>"ActionController::Base"
+      
+      class << self
+        def parse(data)
+          raise NotImplementedError, "subclass responsibility"
+        end
+
+        def <=> (other)
+          strength <=> other.strength
+        end
+      end
+
+      attr_accessor :options
+      def initialize(options = {})
+        @options = options.with_indifferent_access
+      end
+
+      # return authorized username or raise exception
+      def authorize(entries)
+        entries.each do |entry|
+          if user = entry.authorized?(self)
+            return user
+          end
+        end
+        raise UnknownUserAccount
+      end
+
+      def authorize_type(type)
+        true
+      end
+
+      def authorize_user(user)
+        options[:user] == user
+      end
+
+      def authorize_pass(pass)
+        options[:pass] == pass or raise IncorrectPassword
+      end
+
+      def set_controller(controller)
+        # nop
+      end
+
+      def realm
+        options[:realm] || Auths.default_realm
+      end
+
+      def scheme
+        self.class.name.demodulize
+      end
+
+      def user
+        options[:user]
+      end
+
+      def pass
+        options[:pass]
+      end
+
+      def random(size = 16, array = nil)
+        array ||= (0..9).to_a + ('a'..'f').to_a
+        (0...size).map{array[rand(array.size)]}.join
+      end
+    end
+  end
+end

data/lib/htpasswd/auths/basic.rb

@@ -0,0 +1,21 @@
+module Htpasswd
+  module Auths
+    class Basic < Base
+      class << self
+        def parse(data)
+          user, pass = Base64.decode64(data.to_s).split(':', 2)
+          new(:user=>user, :pass=>pass)
+        end
+
+        def strength
+          10
+        end
+      end
+
+      def server_header
+        %Q|Basic realm="%s"| % realm
+      end
+    end
+    @@schemas["Basic"] = Basic
+  end
+end

data/lib/htpasswd/auths/digest.rb

@@ -0,0 +1,152 @@
+module Htpasswd
+  module Auths
+    class Digest < Base
+      class << self
+        PARAMETER_VALID_KEY_MAPPINGS = {
+          :username  => :user,
+          :realm     => :realm,
+          :qop       => :qop,
+          :algorithm => :algorithm,
+          :uri       => :uri,
+          :nonce     => :nonce,
+          :nc        => :nc,
+          :cnonce    => :cnonce,
+          :response  => :response,
+        }
+
+        def parse(data, forced_options = {})
+          options = HashWithIndifferentAccess.new
+          data.to_s.split(/,\s*/).each do |query|
+            key, val = query.split('=', 2)
+            if valid_key_name = PARAMETER_VALID_KEY_MAPPINGS[key.to_s.intern]
+              options[valid_key_name] = val ? val.to_s.delete('"') : nil
+#              ActionController::Base.logger.debug("parse: %s => %s" % [valid_key_name,options[valid_key_name]])
+            end
+          end
+          new(options.merge(forced_options))
+        end
+
+        def strength
+          100
+        end
+      end
+
+      def set_controller(controller)
+        options[:uri]    = controller.request.path
+        options[:method] = controller.request.method.to_s.upcase
+      end
+
+      def nonce
+        value = options[:nonce]
+        unless value
+          time  = Time.now.to_i
+          etag  = options[:session_key] || random(16)
+          pkey  = options[:private_key] || random(16)
+          value = Base64.encode64("%s:%s:%s" % [time, etag, pkey]).chomp
+        end
+        return value
+      end
+
+      def algorithm
+        options[:algorithm] ||= "MD5"
+      end
+
+      def qop
+        options[:qop] ||= "auth"
+      end
+
+      def uri
+        options[:uri] ||= '/'
+      end
+
+      def nc
+        options[:nc] ||= '00000001'
+      end
+
+      def cnonce
+        options[:cnonce] ||= random(32)
+      end
+
+      def method
+        options[:method] ||= "GET"
+      end
+
+      def response
+        options[:response]
+      end
+
+      def digest_algorithm
+        klass_name = algorithm.to_s.upcase
+        if klass_name == "SHA1"
+          ::Digest::SHA1
+        else
+          ::Digest::MD5
+        end
+      end
+
+      # A1 = unq(username-value) ":" unq(realm-value) ":" passwd
+      def a1
+        digest_algorithm.hexdigest([user, realm, pass] * ":")
+      end
+
+      # A2 = Method ":" digest-uri-value
+      def a2
+#        debug_digest("a2", %w( method uri))
+        digest_algorithm.hexdigest([method, uri] * ":")
+      end
+
+      #request-digest  = <"> < KD ( H(A1),     unq(nonce-value)
+      #                                ":" nc-value
+      #                                ":" unq(cnonce-value)
+      #                                ":" unq(qop-value)
+      #                                ":" H(A2)
+      #                        ) <">
+      def request_digest
+#        debug_digest("request_digest", %w( a1 nonce nc cnonce qop a2 ))
+        digest_algorithm.hexdigest([a1, nonce, nc, cnonce, qop, a2] * ":")
+      end
+
+      def response_digest(htdigest)
+#        debug_digest("response_digest", %w( htdigest nonce nc cnonce qop a2 ), :htdigest=>htdigest)
+        digest_algorithm.hexdigest([htdigest, nonce, nc, cnonce, qop, a2] * ":")
+      end
+
+      def server_header
+        %Q|Digest realm="%s", nonce="%s", algorithm=%s, qop=%s| % [realm, nonce, algorithm, qop]
+      end
+
+      def client_header
+        %Q|Digest username="%s", realm="%s", qop=%s, algorithm=%s, uri="%s", nonce="%s", nc=%s, cnonce="%s", response="%s"| %
+          [user, realm, qop, algorithm, uri, nonce, nc, cnonce, request_digest]
+      end
+
+      ######################################################################
+      ### Debug
+      def debug_digest(name, element_names, values = {})
+        sources = []
+        max = element_names.map(&:size).max
+        element_names.each do |method|
+          value = values[method.intern] || self.send(method)
+          logger.debug("[DIGEST] %s#%-*s : %s" % [name, max, method, value])
+          sources << value
+        end
+        digest = digest_algorithm.hexdigest(sources * ':')
+        logger.debug("[DIGEST] %s => : %s" % [name, digest])
+        return digest
+      end        
+
+      ######################################################################
+      ### Aliases
+      def entry
+        [user, realm, a1] * ':'
+      end
+
+      ######################################################################
+      ### Authorization
+      def authorize_pass(pass)
+        response_digest(pass) == response or raise IncorrectPassword
+      end
+    end
+    @@schemas["Digest"] = Digest
+  end
+end

data/lib/htpasswd/class_methods.rb

@@ -0,0 +1,80 @@
+module Htpasswd
+  def self.included(base)
+    base.extend(ClassMethods)
+  end
+
+  class Error              < StandardError; end
+  class HeaderNotFound     < Error; end
+  class UnknownSchemeError < Error; end
+  class NotAuthorizedError < Error; end
+  class ConfigurationError < Error; end
+
+  class UnknownAccessControl  < ConfigurationError; end
+  class AuthSchemesNotDefined < ConfigurationError; end
+  class IncorrectPassword     < NotAuthorizedError; end
+  class UnknownUserAccount    < NotAuthorizedError; end
+
+  module ClassMethods
+    def htpasswd(options={})
+      options = options.dup
+      options[:user] ||= options[:username]
+      options[:pass] ||= options[:password]
+      options[:acl]  ||= options[:type]
+
+      if options[:exclusive]
+        write_inheritable_array(:htpasswd_acls, [])
+        write_inheritable_hash(:htpasswd_options, {})
+      end
+
+      (htpasswd_options[:schemes] ||= Set.new) << (options[:scheme] || :basic)
+
+      options[:acl] ||= (options[:class] && :active_record)
+      options[:acl] ||= (options[:file]  && :htpasswd)
+      options[:acl] ||= (options[:user]  && options[:pass] && :plain)
+
+      htpasswd_acls << Acls::Base[options[:acl]].new(options) if options[:acl]
+      htpasswd_options.merge!(:realm=>options[:realm])        if options[:realm]
+
+      skip_before_filter :htpasswd_authorize rescue nil
+      delegate :htpasswd_options, :htpasswd_acls, :to=>"self.class" unless instance_methods.include?("htpasswd_options")
+      before_filter :htpasswd_authorize
+    end
+
+    def htdigest(options={})
+      options = options.dup
+      if options[:user] && options[:pass] && (options[:acl] || options[:type]) != :crypted && options[:class].blank?
+        options[:pass] = Auths::Digest.new(options).a1
+      end
+      options[:scheme] = :digest
+      options[:acl] ||= (options[:class] && :active_record)
+      options[:acl] ||= (options[:file] ? :htdigest : :digest)
+
+      htpasswd(options)
+    end
+
+    def htpasswd_options
+      read_inheritable_attribute(:htpasswd_options) or write_inheritable_hash(:htpasswd_options, {})
+    end
+
+    def htpasswd_acls
+      read_inheritable_attribute(:htpasswd_acls) or write_inheritable_array(:htpasswd_acls, [])
+    end
+  end
+
+  protected
+  def htpasswd_authorize
+    logger.debug "Htpasswd is enabled with %s" % htpasswd_options.inspect
+    username = Auths.scheme(self).authorize(htpasswd_acls)
+    logger.debug "Htpasswd authorize user '%s'" % username
+    @htpasswd_authorized_username = username
+    return true
+  rescue Htpasswd::Error => error
+    logger.debug "Htpasswd error(%s): %s" % [error.class, error.message]
+    strongest_auth = htpasswd_options[:schemes].map{|scheme| Auths[scheme]}.sort.last or raise AuthSchemesNotDefined
+    response.headers['WWW-Authenticate'] = strongest_auth.new(htpasswd_options).server_header
+    logger.debug "Htpasswd sending authenticate header: '%s'"% response.headers['WWW-Authenticate']
+
+    render :nothing => true, :status => 401
+    return false
+  end
+end

data/tasks/htpasswd_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :htpasswd do
+#   # Task goes here
+# end

data/test/digest_test.rb

@@ -0,0 +1,38 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class DigestTestCase < Test::Unit::TestCase
+  def test_calculate_request_digest
+    options = {
+      :username  => "maiha",
+      :password  => "berryz",
+      :realm     => "Authorization",
+      :nonce     => "MTE0ODYxODUxNDozNGJhZDVhMzQ2YjBiM2QzOmQwMTVhYjdlNGJkZjkzMjk=",
+      :uri       => "/test",
+      :algorithm => "MD5",
+      :cnonce    => "cnonce",
+      :qop       => "auth",
+      :nc        => "00000001",
+    }
+    expected = "4d7849b4faab53fd3eff731c24cc24d1"
+    digest   = Htpasswd::Authorization::Digest.new(options)
+    assert_equal expected, digest.request_digest
+  end
+
+  def test_calculate_response_digest
+    options = {
+      :username  => "maiha",
+      :password  => "berryz",
+      :realm     => "Authorization",
+      :nonce     => "MTE0ODYxODUxNDozNGJhZDVhMzQ2YjBiM2QzOmQwMTVhYjdlNGJkZjkzMjk=",
+      :uri       => "/test",
+      :algorithm => "MD5",
+      :cnonce    => "cnonce",
+      :qop       => "auth",
+      :nc        => "00000001",
+    }
+    expected = "4d7849b4faab53fd3eff731c24cc24d1"
+    htdigest = "812b1d067e9ce1e44f09215339e3cd69"
+    digest   = Htpasswd::Authorization::Digest.new(options)
+    assert_equal expected, digest.response_digest(htdigest)
+  end
+end

data/test/fixtures/htdigest.berryz

@@ -0,0 +1,2 @@
+maiha:Authorization:812b1d067e9ce1e44f09215339e3cd69
+saki:Authorization:6dbfe8844106740d4b5d23a1553b3d90

data/test/fixtures/htdigest.cute

@@ -0,0 +1,3 @@
+airi:Authorization:553ff400cba5d59d47bb2601cbc2c09e
+
+maimi:Authorization:15357bf5d26f0c6046729d8d03e0b320

data/test/fixtures/htpasswd.berryz

@@ -0,0 +1,2 @@
+maiha:7Et1Y7tCawx32
+saki:pqebMmYD7swcM

data/test/fixtures/htpasswd.cute

@@ -0,0 +1,2 @@
+airi:FKy4zBgGsUMpc
+maimi:3A.pVZRrenahQ

data/test/htdigest_test.rb

@@ -0,0 +1,211 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class TestController <  ActionController::Base
+  def self.external_password_path(file)
+    File.dirname(__FILE__) + '/fixtures/' + file
+  end
+
+  def index
+    render :nothing=>true
+  end
+end
+
+class HtdigestTestCase < Test::Unit::TestCase
+  class Controller <  TestController; end
+
+  def setup
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    @controller = self.class::Controller.new
+  end
+
+  def digest_authorization(username, password, method = :get)
+    send(method, :index)
+    digest = Htpasswd::Auths::Digest.parse(@response.headers['WWW-Authenticate'])
+    digest.set_controller(@controller)
+    digest.options[:user] = username
+    digest.options[:pass] = password
+
+    setup
+    @request.env["HTTP_AUTHORIZATION"] = digest.client_header
+  end
+
+  def test_dummy
+  end
+end
+
+
+class InlineEntryTest < HtdigestTestCase
+  class Controller <  TestController
+    htdigest :user=>"maiha", :pass=>"berryz", :realm=>"Authorization"
+  end
+
+  def test_content_should_be_authorized
+    get :index
+    assert_response 401
+    assert /\ADigest / === @response.headers["WWW-Authenticate"].to_s
+  end
+
+  def test_authorize_valid_request
+    digest_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_valid_request
+    digest_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+  end
+end
+
+
+class InlineMultiEntriesTest < HtdigestTestCase
+  class Controller <  TestController
+    htdigest :user=>"maiha", :pass=>"berryz"
+    htdigest :user=>"airi",  :pass=>"cute"
+  end
+
+  def test_content_should_be_authorized
+    get :index
+    assert_response 401
+  end
+
+  def test_authorize_valid_request_written_in_first_entry
+    digest_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_valid_request_written_in_second_entry
+    digest_authorization('airi', 'cute')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_invalid_request
+    digest_authorization('maiha', 'xxx')
+    get :index
+    assert_response 401
+  end
+end
+
+
+class InlineCryptedEntryTest < HtdigestTestCase
+  class Controller <  TestController
+    htdigest :user=>"maiha", :pass=>"812b1d067e9ce1e44f09215339e3cd69", :realm=>"Authorization", :type=>:crypted
+  end
+
+  def test_authorize_valid_request
+    digest_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_invalid_request
+    digest_authorization('maiha', 'xxx')
+    get :index
+    assert_response 401
+  end
+end
+
+
+class ExternalFileTest < HtdigestTestCase
+  class Controller <  TestController
+    htdigest :file=>external_password_path('htdigest.berryz')
+  end
+
+  def test_content_should_be_authorized
+    get :index
+    assert_response 401
+  end
+
+  def test_authorize_valid_request_written_in_first_entry
+    digest_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_valid_request_written_in_second_entry
+    digest_authorization('saki', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_invalid_request
+    digest_authorization('airi', 'cute')
+    get :index
+    assert_response 401
+  end
+end
+
+
+class CompositeTest < HtdigestTestCase
+  class Controller <  TestController
+    htdigest :user=>"risako" , :pass=>"berryz"
+    htdigest :user=>"yurina" , :pass=>"f278b3900164e31fcf005a79a8b2da2e", :type=>:crypted
+    htdigest :file=>external_password_path('htdigest.berryz')
+    htdigest :file=>external_password_path('htdigest.cute')
+  end
+
+  def test_content_should_be_authorized
+    get :index
+    assert_response 401
+  end
+
+  def test_authorize_inline_entry
+    digest_authorization('risako', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_inline_crypted_entry
+    digest_authorization('yurina', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_external_first_file
+    # first entry
+    digest_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+
+    # second entry
+    setup
+    digest_authorization('saki', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_external_second_file
+    # first entry
+    digest_authorization('airi', 'cute')
+    get :index
+    assert_response :success
+
+    # second entry
+    setup
+    digest_authorization('maimi', 'cute')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_invalid_request
+    digest_authorization('maiha', 'cute')
+    get :index
+    assert_response 401
+  end
+end
+
+class InlineEntryTest < HtdigestTestCase
+  class Controller <  TestController
+    htdigest :user=>"maiha" , :pass=>"berryz"
+  end
+
+  def test_authorize_with_post
+    digest_authorization('maiha', 'berryz', :post)
+    post :index
+    assert_response :success
+  end
+end

data/test/htpasswd_test.rb

@@ -0,0 +1,210 @@
+require File.dirname(__FILE__) + '/test_helper'
+
+class TestController <  ActionController::Base
+  def self.external_password_path(file)
+    File.dirname(__FILE__) + '/fixtures/' + file
+  end
+
+  def index
+    render :nothing=>true
+  end
+end
+
+class HtpasswdTestCase < Test::Unit::TestCase
+  class Controller <  TestController; end
+
+  def setup
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+    @controller = self.class::Controller.new
+  end
+
+  def basic_authorization(user, pass)
+    @request.env["HTTP_AUTHORIZATION"] = "Basic %s" % Base64.encode64("#{user}:#{pass}")
+  end
+
+  def test_dummy
+  end
+end
+
+
+class InlineEntryTest < HtpasswdTestCase
+  class Controller <  TestController
+    htpasswd :user=>"maiha", :pass=>"berryz"
+  end
+
+  def test_content_should_be_authorized
+    get :index
+    assert_response 401
+    assert_equal 'Basic realm="Authorization"', @response.headers["WWW-Authenticate"].to_s
+  end
+
+  def test_authorize_valid_request
+    basic_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_invalid_request
+    basic_authorization('maiha', 'xxx')
+    get :index
+    assert_response 401
+  end
+end
+
+
+class InlineMultiEntriesTest < HtpasswdTestCase
+  class Controller <  TestController
+    htpasswd :user=>"maiha", :pass=>"berryz"
+    htpasswd :user=>"airi",  :pass=>"cute"
+  end
+
+  def test_content_should_be_authorized
+    get :index
+    assert_response 401
+  end
+
+  def test_authorize_valid_request_written_in_first_entry
+    basic_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_valid_request_written_in_second_entry
+    basic_authorization('airi', 'cute')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_invalid_request
+    basic_authorization('maiha', 'xxx')
+    get :index
+    assert_response 401
+  end
+end
+
+
+class InlineCryptedEntryTest < HtpasswdTestCase
+  class Controller <  TestController
+    htpasswd :user=>"maiha", :pass=>"7Et1Y7tCawx32", :type=>:crypted
+  end
+
+  def test_content_should_be_authorized
+    get :index
+    assert_response 401
+  end
+
+  def test_authorize_valid_request
+    basic_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_invalid_request
+    basic_authorization('maiha', 'xxx')
+    get :index
+    assert_response 401
+  end
+end
+
+
+class ExternalFileTest < HtpasswdTestCase
+  class Controller <  TestController
+    htpasswd :file=>external_password_path('htpasswd.berryz')
+  end
+
+  def test_content_should_be_authorized
+    get :index
+    assert_response 401
+  end
+
+  def test_authorize_valid_request_written_in_first_entry
+    basic_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_valid_request_written_in_second_entry
+    basic_authorization('saki', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_invalid_request
+    basic_authorization('airi', 'cute')
+    get :index
+    assert_response 401
+  end
+end
+
+
+class CompositeTest < HtpasswdTestCase
+  class Controller <  TestController
+    htpasswd :user=>"risako" , :pass=>"berryz"
+    htpasswd :user=>"yurina" , :pass=>"7Et1Y7tCawx32", :type=>:crypted
+    htpasswd :file=>external_password_path('htpasswd.berryz')
+    htpasswd :file=>external_password_path('htpasswd.cute')
+  end
+
+  def test_content_should_be_authorized
+    get :index
+    assert_response 401
+  end
+
+  def test_authorize_inline_entry
+    basic_authorization('risako', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_inline_crypted_entry
+    basic_authorization('yurina', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_external_first_file
+    # first entry
+    basic_authorization('maiha', 'berryz')
+    get :index
+    assert_response :success
+
+    # second entry
+    setup
+    basic_authorization('saki', 'berryz')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_external_second_file
+    # first entry
+    basic_authorization('airi', 'cute')
+    get :index
+    assert_response :success
+
+    # second entry
+    setup
+    basic_authorization('maimi', 'cute')
+    get :index
+    assert_response :success
+  end
+
+  def test_authorize_invalid_request
+    basic_authorization('maiha', 'cute')
+    get :index
+    assert_response 401
+  end
+end
+
+
+class RealmTest < HtpasswdTestCase
+  class Controller <  TestController
+    htpasswd :user=>"maiha", :pass=>"berryz", :realm=>"Member Only"
+  end
+
+  def test_set_realm
+    get :index
+    assert_equal 'Basic realm="Member Only"', @response.headers["WWW-Authenticate"].to_s
+  end
+end
+

data/test/test_helper.rb

@@ -0,0 +1,25 @@
+def __DIR__; File.dirname(__FILE__); end
+
+require 'test/unit'
+$:.unshift(__DIR__ + '/../lib')
+begin
+  require 'rubygems'
+rescue LoadError
+  $:.unshift(__DIR__ + '/../../../rails/activesupport/lib')
+  $:.unshift(__DIR__ + '/../../../rails/actionpack/lib')
+end
+
+require 'active_support'
+require 'action_controller'
+require 'action_controller/test_process'
+
+ActionController::Routing::Routes.reload rescue nil
+class ActionController::Base; def rescue_action(e) raise e end; end
+
+logfile      = __DIR__ + '/debug.log'
+File.unlink(logfile) if File.exists?(logfile)
+logger       = Logger.new(logfile)
+logger.level = Logger::DEBUG
+ActionController::Base.logger = logger
+
+require __DIR__ + '/../init'

metadata

@@ -0,0 +1,76 @@
+--- !ruby/object:Gem::Specification 
+name: maiha-htpasswd
+version: !ruby/object:Gem::Version 
+  version: "0.1"
+platform: ruby
+authors: 
+- maiha
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2008-11-08 00:00:00 -08:00
+default_executable: 
+dependencies: []
+
+description: ""
+email: maiha@wota.jp
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- README
+- Rakefile
+- init.rb
+- install.rb
+- lib/htpasswd/acls/active_record.rb
+- lib/htpasswd/acls/base.rb
+- lib/htpasswd/acls/crypted.rb
+- lib/htpasswd/acls/digest.rb
+- lib/htpasswd/acls/htdigest.rb
+- lib/htpasswd/acls/htpasswd.rb
+- lib/htpasswd/acls/plain.rb
+- lib/htpasswd/auths/base.rb
+- lib/htpasswd/auths/basic.rb
+- lib/htpasswd/auths/digest.rb
+- lib/htpasswd/class_methods.rb
+- tasks/htpasswd_tasks.rake
+- test/digest_test.rb
+- test/fixtures/htdigest.berryz
+- test/fixtures/htdigest.cute
+- test/fixtures/htpasswd.berryz
+- test/fixtures/htpasswd.cute
+- test/htdigest_test.rb
+- test/htpasswd_test.rb
+- test/test_helper.rb
+has_rdoc: true
+homepage: http://github.com/maiha/htpasswd
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: ""
+test_files: []
+