net-http-digest_auth 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: eb621ddbf77aa8455c2add5687d6ffb11ff5f3c6
4
+ data.tar.gz: 2a16c18f3591cb78ce5eb3a89f0bcda0ad5aa7d7
5
+ SHA512:
6
+ metadata.gz: 1704fdbc76c94904ca541529d36d815f31b63cd5ffb2d5467661444d00aef0aef6d048510d6eec1f7d6dd4e6967dfb0e34d861cf9e33603fe2a2a58d5fc2095e
7
+ data.tar.gz: 71e3216a92033e862ff0f71dc3d85eca7119203fd29c402cf1fee5845df9d0902f4f5b2eb61b0317e0cf58b2a836d0d9fcbba0014f96ef5a3aaa71fa1a27d46d
Binary file
data.tar.gz.sig CHANGED
Binary file
@@ -1,4 +1,13 @@
1
- === 1.2.1
1
+ === 1.3 / 2012-03-28
2
+
3
+ * Minor enhancements
4
+ * The cnonce is regenerated for every request to improve security.
5
+ * SecureRandom is used to generate the cnonce instead of Kernel#rand
6
+ * Bug fix
7
+ * cnonce and nonce-count are no longer sent when qop was not provided per
8
+ RFC 2617 section 3.2.2.
9
+
10
+ === 1.2.1 / 2012-05-18
2
11
 
3
12
  * Bug fix
4
13
  * Fixed -sess authentication. This also fixes pull request #4 by joe81
data/Rakefile CHANGED
@@ -14,6 +14,8 @@ Hoe.spec 'net-http-digest_auth' do
14
14
  'docs.seattlerb.org:/data/www/docs.seattlerb.org/net-http-digest_auth/'
15
15
  rdoc_locations <<
16
16
  'rubyforge.org:/var/www/gforge-projects/seattlerb/net-http-digest_auth/'
17
+
18
+ self.spec_extras[:required_ruby_version] = '>= 1.8.7'
17
19
  end
18
20
 
19
21
  # vim: syntax=Ruby
@@ -1,7 +1,8 @@
1
1
  require 'cgi'
2
2
  require 'digest'
3
- require 'net/http'
4
3
  require 'monitor'
4
+ require 'net/http'
5
+ require 'securerandom'
5
6
 
6
7
  ##
7
8
  # An implementation of RFC 2617 Digest Access Authentication.
@@ -48,18 +49,14 @@ class Net::HTTP::DigestAuth
48
49
  ##
49
50
  # Version of Net::HTTP::DigestAuth you are using
50
51
 
51
- VERSION = '1.2.1'
52
+ VERSION = '1.3'
52
53
 
53
54
  ##
54
55
  # Creates a new DigestAuth header creator.
55
- #
56
- # +cnonce+ is the client nonce value. This should be an MD5 hexdigest of a
57
- # secret value.
58
56
 
59
- def initialize cnonce = make_cnonce
57
+ def initialize ignored = :ignored
60
58
  mon_initialize
61
59
  @nonce_count = -1
62
- @cnonce = cnonce
63
60
  end
64
61
 
65
62
  ##
@@ -107,22 +104,23 @@ class Net::HTTP::DigestAuth
107
104
  sess = $2
108
105
  end
109
106
 
107
+ qop = params['qop']
108
+ cnonce = make_cnonce if qop or sess
109
+
110
110
  a1 = if sess then
111
111
  [ algorithm.hexdigest("#{user}:#{params['realm']}:#{password}"),
112
112
  params['nonce'],
113
- @cnonce,
113
+ cnonce,
114
114
  ].join ':'
115
115
  else
116
116
  "#{user}:#{params['realm']}:#{password}"
117
117
  end
118
118
 
119
- qop = params['qop']
120
-
121
119
  ha1 = algorithm.hexdigest a1
122
120
  ha2 = algorithm.hexdigest "#{method}:#{uri.request_uri}"
123
121
 
124
122
  request_digest = [ha1, params['nonce']]
125
- request_digest.push(('%08x' % nonce_count), @cnonce, qop) if qop
123
+ request_digest.push(('%08x' % nonce_count), cnonce, qop) if qop
126
124
  request_digest << ha2
127
125
  request_digest = request_digest.join ':'
128
126
 
@@ -138,8 +136,12 @@ class Net::HTTP::DigestAuth
138
136
  end,
139
137
  "uri=\"#{uri.request_uri}\"",
140
138
  "nonce=\"#{params['nonce']}\"",
141
- "nc=#{'%08x' % @nonce_count}",
142
- "cnonce=\"#{@cnonce}\"",
139
+ if qop then
140
+ [
141
+ "nc=#{'%08x' % @nonce_count}",
142
+ "cnonce=\"#{cnonce}\"",
143
+ ]
144
+ end,
143
145
  "response=\"#{algorithm.hexdigest(request_digest)[0, 32]}\"",
144
146
  if params.key? 'opaque' then
145
147
  "opaque=\"#{params['opaque']}\""
@@ -151,10 +153,14 @@ class Net::HTTP::DigestAuth
151
153
 
152
154
  ##
153
155
  # Creates a client nonce value that is used across all requests based on the
154
- # current time.
156
+ # current time, process id and a random number
155
157
 
156
158
  def make_cnonce
157
- Digest::MD5.hexdigest "%x" % (Time.now.to_i + rand(65535))
159
+ Digest::MD5.hexdigest [
160
+ Time.now.to_i,
161
+ $$,
162
+ SecureRandom.random_number(2**32),
163
+ ].join ':'
158
164
  end
159
165
 
160
166
  def next_nonce
@@ -28,7 +28,11 @@ class TestNetHttpDigestAuth < MiniTest::Unit::TestCase
28
28
  'response="67be92a5e7b38d08679957db04f5da04"'
29
29
  ]
30
30
 
31
- @da = Net::HTTP::DigestAuth.new @cnonce
31
+ @da = Net::HTTP::DigestAuth.new
32
+
33
+ def @da.make_cnonce
34
+ '9ea5ff3bd34554a4165bbdc1df91dcff'
35
+ end
32
36
  end
33
37
 
34
38
  def expected
@@ -54,7 +58,9 @@ class TestNetHttpDigestAuth < MiniTest::Unit::TestCase
54
58
  @header.sub! ' qop="auth",', ''
55
59
 
56
60
  @expected[8] = 'response="32f6ca1631ccf7c42a8075deff44e470"'
57
- @expected.slice! 3
61
+ @expected.delete 'qop=auth'
62
+ @expected.delete 'cnonce="9ea5ff3bd34554a4165bbdc1df91dcff"'
63
+ @expected.delete 'nc=00000000'
58
64
 
59
65
  assert_equal expected, @da.auth_header(@uri, @header, 'GET')
60
66
  end
@@ -101,7 +107,11 @@ class TestNetHttpDigestAuth < MiniTest::Unit::TestCase
101
107
  end
102
108
 
103
109
  def test_make_cnonce
104
- assert_match %r%\A[a-f\d]{32}\z%, @da.make_cnonce
110
+ da = Net::HTTP::DigestAuth.new
111
+
112
+ cnonce = da.make_cnonce
113
+ assert_match %r%\A[a-f\d]{32}\z%, cnonce
114
+ refute_equal cnonce, da.make_cnonce
105
115
  end
106
116
 
107
117
  def test_next_nonce
metadata CHANGED
@@ -1,24 +1,18 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: net-http-digest_auth
3
- version: !ruby/object:Gem::Version
4
- hash: 29
5
- prerelease:
6
- segments:
7
- - 1
8
- - 2
9
- - 1
10
- version: 1.2.1
3
+ version: !ruby/object:Gem::Version
4
+ version: '1.3'
11
5
  platform: ruby
12
- authors:
6
+ authors:
13
7
  - Eric Hodel
14
8
  autorequire:
15
9
  bindir: bin
16
- cert_chain:
10
+ cert_chain:
17
11
  - |
18
12
  -----BEGIN CERTIFICATE-----
19
13
  MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMRAwDgYDVQQDDAdkcmJy
20
14
  YWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZFgNu
21
- ZXQwHhcNMTIwMjI4MTc1NDI1WhcNMTMwMjI3MTc1NDI1WjBBMRAwDgYDVQQDDAdk
15
+ ZXQwHhcNMTMwMjI4MDUyMjA4WhcNMTQwMjI4MDUyMjA4WjBBMRAwDgYDVQQDDAdk
22
16
  cmJyYWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZ
23
17
  FgNuZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbbgLrGLGIDE76
24
18
  LV/cvxdEzCuYuS3oG9PrSZnuDweySUfdp/so0cDq+j8bqy6OzZSw07gdjwFMSd6J
@@ -29,80 +23,74 @@ cert_chain:
29
23
  sCANiQ8BAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
30
24
  BBS5k4Z75VSpdM0AclG2UvzFA/VW5DAfBgNVHREEGDAWgRRkcmJyYWluQHNlZ21l
31
25
  bnQ3Lm5ldDAfBgNVHRIEGDAWgRRkcmJyYWluQHNlZ21lbnQ3Lm5ldDANBgkqhkiG
32
- 9w0BAQUFAAOCAQEAPeWzFnrcvC6eVzdlhmjUub2s6qieBkongKRDHQz5MEeQv4LS
33
- SARnoHY+uCAVL/1xGAhmpzqQ3fJGWK9eBacW/e8E5GF9xQcV3mE1bA0WNaiDlX5j
34
- U2aI+ZGSblqvHUCxKBHR1s7UMHsbz1saOmgdRTyPx0juJs68ocbUTeYBLWu9V4KP
35
- zdGAG2JXO2gONg3b4tYDvpBLbry+KOX27iAJulUaH9TiTOULL4ITJVFsK0mYVqmR
36
- Q8Tno9S3e4XGGP1ZWfLrTWEJbavFfhGHut2iMRwfC7s/YILAHNATopaJdH9DNpd1
37
- U81zGHMUBOvz/VGT6wJwYJ3emS2nfA2NOHFfgA==
26
+ 9w0BAQUFAAOCAQEAOflo4Md5aJF//EetzXIGZ2EI5PzKWX/mMpp7cxFyDcVPtTv0
27
+ js/6zWrWSbd60W9Kn4ch3nYiATFKhisgeYotDDz2/pb/x1ivJn4vEvs9kYKVvbF8
28
+ V7MV/O5HDW8Q0pA1SljI6GzcOgejtUMxZCyyyDdbUpyAMdt9UpqTZkZ5z1sicgQk
29
+ 5o2XJ+OhceOIUVqVh1r6DNY5tLVaGJabtBmJAYFVznDcHiSFybGKBa5n25Egql1t
30
+ KDyY1VIazVgoC8XvR4h/95/iScPiuglzA+DBG1hip1xScAtw05BrXyUNrc9CEMYU
31
+ wgF94UVoHRp6ywo8I7NP3HcwFQDFNEZPNGXsng==
38
32
  -----END CERTIFICATE-----
39
-
40
- date: 2012-05-18 00:00:00 Z
41
- dependencies:
42
- - !ruby/object:Gem::Dependency
33
+ date: 2013-03-29 00:00:00.000000000 Z
34
+ dependencies:
35
+ - !ruby/object:Gem::Dependency
43
36
  name: minitest
44
- prerelease: false
45
- requirement: &id001 !ruby/object:Gem::Requirement
46
- none: false
47
- requirements:
37
+ requirement: !ruby/object:Gem::Requirement
38
+ requirements:
48
39
  - - ~>
49
- - !ruby/object:Gem::Version
50
- hash: 21
51
- segments:
52
- - 2
53
- - 11
54
- version: "2.11"
40
+ - !ruby/object:Gem::Version
41
+ version: '4.6'
55
42
  type: :development
56
- version_requirements: *id001
57
- - !ruby/object:Gem::Dependency
58
- name: rdoc
59
43
  prerelease: false
60
- requirement: &id002 !ruby/object:Gem::Requirement
61
- none: false
62
- requirements:
44
+ version_requirements: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - ~>
47
+ - !ruby/object:Gem::Version
48
+ version: '4.6'
49
+ - !ruby/object:Gem::Dependency
50
+ name: rdoc
51
+ requirement: !ruby/object:Gem::Requirement
52
+ requirements:
63
53
  - - ~>
64
- - !ruby/object:Gem::Version
65
- hash: 19
66
- segments:
67
- - 3
68
- - 10
69
- version: "3.10"
54
+ - !ruby/object:Gem::Version
55
+ version: '3.10'
70
56
  type: :development
71
- version_requirements: *id002
72
- - !ruby/object:Gem::Dependency
73
- name: hoe
74
57
  prerelease: false
75
- requirement: &id003 !ruby/object:Gem::Requirement
76
- none: false
77
- requirements:
58
+ version_requirements: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - ~>
61
+ - !ruby/object:Gem::Version
62
+ version: '3.10'
63
+ - !ruby/object:Gem::Dependency
64
+ name: hoe
65
+ requirement: !ruby/object:Gem::Requirement
66
+ requirements:
78
67
  - - ~>
79
- - !ruby/object:Gem::Version
80
- hash: 7
81
- segments:
82
- - 3
83
- - 0
84
- version: "3.0"
68
+ - !ruby/object:Gem::Version
69
+ version: '3.5'
85
70
  type: :development
86
- version_requirements: *id003
71
+ prerelease: false
72
+ version_requirements: !ruby/object:Gem::Requirement
73
+ requirements:
74
+ - - ~>
75
+ - !ruby/object:Gem::Version
76
+ version: '3.5'
87
77
  description: |-
88
78
  An implementation of RFC 2617 - Digest Access Authentication. At this time
89
79
  the gem does not drop in to Net::HTTP and can be used for with other HTTP
90
80
  clients.
91
-
81
+
92
82
  In order to use net-http-digest_auth you'll need to perform some request
93
83
  wrangling on your own. See the class documentation at Net::HTTP::DigestAuth
94
84
  for an example.
95
- email:
85
+ email:
96
86
  - drbrain@segment7.net
97
87
  executables: []
98
-
99
88
  extensions: []
100
-
101
- extra_rdoc_files:
89
+ extra_rdoc_files:
102
90
  - History.txt
103
91
  - Manifest.txt
104
92
  - README.txt
105
- files:
93
+ files:
106
94
  - .autotest
107
95
  - History.txt
108
96
  - Manifest.txt
@@ -113,39 +101,30 @@ files:
113
101
  - sample/net_http_example.rb
114
102
  - test/test_net_http_digest_auth.rb
115
103
  - .gemtest
116
- homepage: http://docs.seattlerb.org/net-http-digest_auth
104
+ homepage: http://github.com/drbrain/net-http-digest_auth
117
105
  licenses: []
118
-
106
+ metadata: {}
119
107
  post_install_message:
120
- rdoc_options:
108
+ rdoc_options:
121
109
  - --main
122
110
  - README.txt
123
- require_paths:
111
+ require_paths:
124
112
  - lib
125
- required_ruby_version: !ruby/object:Gem::Requirement
126
- none: false
127
- requirements:
128
- - - ">="
129
- - !ruby/object:Gem::Version
130
- hash: 3
131
- segments:
132
- - 0
133
- version: "0"
134
- required_rubygems_version: !ruby/object:Gem::Requirement
135
- none: false
136
- requirements:
137
- - - ">="
138
- - !ruby/object:Gem::Version
139
- hash: 3
140
- segments:
141
- - 0
142
- version: "0"
113
+ required_ruby_version: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - '>='
116
+ - !ruby/object:Gem::Version
117
+ version: 1.8.7
118
+ required_rubygems_version: !ruby/object:Gem::Requirement
119
+ requirements:
120
+ - - '>='
121
+ - !ruby/object:Gem::Version
122
+ version: '0'
143
123
  requirements: []
144
-
145
124
  rubyforge_project: net-http-digest_auth
146
- rubygems_version: 1.8.21
125
+ rubygems_version: 2.0.3
147
126
  signing_key:
148
- specification_version: 3
127
+ specification_version: 4
149
128
  summary: An implementation of RFC 2617 - Digest Access Authentication
150
- test_files:
129
+ test_files:
151
130
  - test/test_net_http_digest_auth.rb
metadata.gz.sig CHANGED
@@ -1 +1,4 @@
1
- 3l��)�s0�{p���*6�j��e�f?�<4m9�WE��%(�7�[߽���Pj/�\��)��_�v�dTϳeeIY�I�&����t�Pek���U��T��hN�36���W�ے��zt�2�ߞL���I#��ÈA�mtY{dH����V�s��0��ŌN�IwfX�=PS�>�b�O\����S.2����?)������_�J���ˆ޺�%�zH4�6�T)��&�El}+��_�7�A�;��Q5G�N歷�����ߕ
1
+ Zi:��X��bb��
2
+ �6��S�lְ�뒠��)?��)���4&@�l�Bg!Z�w!phwzb����&{
3
+ �Q���W7�C�0m|Od��$�+M�_�9*�#�x���9~�Ӿz˽�4?�[�^;
4
+ 5h�!L���Gi�/Z]�d��7���V�9럂L�k�8�k�pT-�7L��+���=�YR���Iq�"r��4Ns��\N]�jL�*��[O�,ϋv ��{%��Y�ƍ.O�T_�