net-http-digest_auth 1.0 → 1.1

data/History.txt

@@ -1,3 +1,12 @@
+=== 1.1
+
+* Minor enhancements
+  * Add support for SHA1, SHA2, SHA256, SHA384, SHA512, RMD160 algorithms
+* Bug fixes
+  * Support opaque per RFC 2617 3.2.1
+  * Support MD5-sess per RFC 2617 3.2.2.2
+  * Support unspecified qop for RFC 2069 compatibility per RFC 2617 3.2.2.1
+
 === 1.0 / 2010-09-10
 
 * Major enhancements

data/Manifest.txt

@@ -4,4 +4,6 @@ Manifest.txt
 README.txt
 Rakefile
 lib/net/http/digest_auth.rb
+sample/auth_server.rb
+sample/net_http_example.rb
 test/test_net_http_digest_auth.rb

data/Rakefile

@@ -3,12 +3,13 @@
 require 'rubygems'
 require 'hoe'
 
+Hoe.plugin :git
+Hoe.plugin :minitest
+
 Hoe.spec 'net-http-digest_auth' do
   self.rubyforge_name = 'seattlerb'
   developer 'Eric Hodel', 'drbrain@segment7.net'
 
-  self.testlib = :minitest
-
   spec_extras['homepage'] =
     'http://seattlerb.rubyforge.org/net-http-digest_auth'
 end

data/lib/net/http/digest_auth.rb

@@ -33,10 +33,15 @@ require 'cgi'
 
 class Net::HTTP::DigestAuth
 
+  ##
+  # DigestAuth error class
+
+  class Error < RuntimeError; end
+
   ##
   # Version of Net::HTTP::DigestAuth you are using
 
-  VERSION = '1.0'
+  VERSION = '1.1'
 
   ##
   # Creates a new DigestAuth header creator.
@@ -74,32 +79,60 @@ class Net::HTTP::DigestAuth
     params = {}
     $2.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
 
-    a_1 = Digest::MD5.hexdigest "#{user}:#{params['realm']}:#{password}"
-    a_2 = Digest::MD5.hexdigest "#{method}:#{uri.request_uri}"
-
-    request_digest = [
-      a_1,
-      params['nonce'],
-      ('%08x' % @nonce_count),
-      @cnonce,
-      params['qop'],
-      a_2
-    ].join ':'
+    qop = params['qop']
+
+    if params['algorithm'] =~ /(.*?)(-sess)?$/
+      algorithm = case $1
+                  when 'MD5'    then Digest::MD5
+                  when 'SHA1'   then Digest::SHA1
+                  when 'SHA2'   then Digest::SHA2
+                  when 'SHA256' then Digest::SHA256
+                  when 'SHA384' then Digest::SHA384
+                  when 'SHA512' then Digest::SHA512
+                  when 'RMD160' then Digest::RMD160
+                  else raise Error, "unknown algorithm \"#{$1}\""
+                  end
+      sess = $2
+    else
+      algorithm = Digest::MD5
+      sess = false
+    end
+
+    a1 = if sess then
+           [ algorithm.hexdigest("#{user}:#{params['realm']}:#{password}"),
+             params['nonce'],
+             params['cnonce']
+           ].join ':'
+         else
+           "#{user}:#{params['realm']}:#{password}"
+         end
+
+    ha1 = algorithm.hexdigest a1
+    ha2 = algorithm.hexdigest "#{method}:#{uri.request_uri}"
+
+    request_digest = [ha1, params['nonce']]
+    request_digest.push ('%08x' % @nonce_count), @cnonce, qop if qop
+    request_digest << ha2
+    request_digest = request_digest.join ':'
 
     header = [
       "Digest username=\"#{user}\"",
       "realm=\"#{params['realm']}\"",
-      if iis then
-        "qop=\"#{params['qop']}\""
+      if qop.nil? then
+      elsif iis then
+        "qop=\"#{qop}\""
       else
-        "qop=#{params['qop']}"
+        "qop=#{qop}"
       end,
       "uri=\"#{uri.request_uri}\"",
       "nonce=\"#{params['nonce']}\"",
       "nc=#{'%08x' % @nonce_count}",
       "cnonce=\"#{@cnonce}\"",
-      "response=\"#{Digest::MD5.hexdigest request_digest}\""
-    ]
+      "response=\"#{algorithm.hexdigest(request_digest)[0, 32]}\"",
+      if params.key? 'opaque' then
+        "opaque=\"#{params['opaque']}\""
+      end
+    ].compact
 
     header.join ', '
   end

data/sample/auth_server.rb

@@ -0,0 +1,48 @@
+require 'webrick'
+require 'tempfile'
+
+class AuthServlet < WEBrick::HTTPServlet::AbstractServlet
+
+  @instance = nil
+
+  def self.get_instance server, *options
+    @instance ||= new(server, *options)
+  end
+
+  def initialize server
+    super server
+
+    config = {}
+    config[:Realm] = 'net-http-digest_auth'
+    config[:UseOpaque] = false
+    config[:AutoReloadUserDB] = false
+    config[:Algorithm] = 'MD5'
+
+    passwd_file = Tempfile.new 'net-http-digest_auth'
+    passwd_file.close
+
+    htpasswd = WEBrick::HTTPAuth::Htpasswd.new passwd_file.path
+    htpasswd.auth_type = WEBrick::HTTPAuth::DigestAuth
+    htpasswd.set_passwd config[:Realm], 'username', 'password'
+    htpasswd.flush
+
+    config[:UserDB] = htpasswd
+
+    @digest_auth = WEBrick::HTTPAuth::DigestAuth.new config
+  end
+
+  def do_GET req, res
+    @digest_auth.authenticate req, res
+
+    res.body = 'worked!'
+  end
+
+end
+
+s = WEBrick::HTTPServer.new :Port => 8000
+s.mount '/', AuthServlet
+
+trap 'INT' do s.shutdown end
+
+s.start
+

data/sample/net_http_example.rb

@@ -0,0 +1,27 @@
+require 'uri'
+require 'net/http'
+require 'net/http/digest_auth'
+
+uri = URI.parse 'http://localhost:8000/'
+uri.user = 'username'
+uri.password = 'password'
+
+h = Net::HTTP.new uri.host, uri.port
+h.set_debug_output $stderr
+
+req = Net::HTTP::Get.new uri.request_uri
+
+res = h.request req
+
+digest_auth = Net::HTTP::DigestAuth.new
+auth = digest_auth.auth_header uri, res['www-authenticate'], 'GET'
+
+req = Net::HTTP::Get.new uri.request_uri
+req.add_field 'Authorization', auth
+
+res = h.request req
+
+puts
+puts "passed" if res.code == '200'
+puts "failed" if res.code != '200'
+

data/test/test_net_http_digest_auth.rb

@@ -16,11 +16,7 @@ class TestNetHttpDigestAuth < MiniTest::Unit::TestCase
       'nonce="4107baa081a592a6021660200000cd6c5686ff5f579324402b374d83e2c9"'
     ].join ', '
 
-    @da = Net::HTTP::DigestAuth.new @cnonce
-  end
-
-  def test_auth_header
-    expected = [
+    @expected = [
       'Digest username="user"',
       'realm="www.example.com"',
       'qop=auth',
@@ -29,41 +25,78 @@ class TestNetHttpDigestAuth < MiniTest::Unit::TestCase
       'nc=00000000',
       'cnonce="9ea5ff3bd34554a4165bbdc1df91dcff"',
       'response="67be92a5e7b38d08679957db04f5da04"'
-    ].join ', '
+    ]
+
+    @da = Net::HTTP::DigestAuth.new @cnonce
+  end
+
+  def expected
+    @expected.join ', '
+  end
+
+  def test_auth_header
+    assert_equal expected, @da.auth_header(@uri, @header, 'GET')
+
+    @expected[5] = 'nc=00000001'
+    @expected[7] = 'response="1f5f0cd1588690c1303737f081c0b9bb"'
 
     assert_equal expected, @da.auth_header(@uri, @header, 'GET')
   end
 
   def test_auth_header_iis
-    expected = [
-      'Digest username="user"',
-      'realm="www.example.com"',
-      'qop="auth"',
-      'uri="/"',
-      'nonce="4107baa081a592a6021660200000cd6c5686ff5f579324402b374d83e2c9"',
-      'nc=00000000',
-      'cnonce="9ea5ff3bd34554a4165bbdc1df91dcff"',
-      'response="67be92a5e7b38d08679957db04f5da04"'
-    ].join ', '
+    @expected[2] = 'qop="auth"'
 
     assert_equal expected, @da.auth_header(@uri, @header, 'GET', true)
   end
 
+  def test_auth_header_no_qop
+    @header.sub! ' qop="auth",', ''
+
+    @expected[7] = 'response="32f6ca1631ccf7c42a8075deff44e470"'
+    @expected.slice! 2
+
+    assert_equal expected, @da.auth_header(@uri, @header, 'GET')
+  end
+
+  def test_auth_header_opaque
+    @expected << 'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
+    @header   << 'opaque="5ccc069c403ebaf9f0171e9517f40e41"'
+
+    assert_equal expected, @da.auth_header(@uri, @header, 'GET')
+  end
+
   def test_auth_header_post
-    expected = [
-      'Digest username="user"',
-      'realm="www.example.com"',
-      'qop=auth',
-      'uri="/"',
-      'nonce="4107baa081a592a6021660200000cd6c5686ff5f579324402b374d83e2c9"',
-      'nc=00000000',
-      'cnonce="9ea5ff3bd34554a4165bbdc1df91dcff"',
-      'response="d82219e1e5430b136bbae1670fa51d48"'
-    ].join ', '
+    @expected[7] = 'response="d82219e1e5430b136bbae1670fa51d48"'
 
     assert_equal expected, @da.auth_header(@uri, @header, 'POST')
   end
 
+  def test_auth_header_sess
+    @header << 'algorithm="MD5-sess"'
+
+    @expected[7] = 'response="76d3ff10007496cee26c61f9d04c72a8"'
+
+    assert_equal expected, @da.auth_header(@uri, @header, 'GET')
+  end
+
+  def test_auth_header_sha1
+    @expected[7] = 'response="2cb62fc18f7b0ebdc34543f896bb7768"'
+
+    @header << 'algorithm="SHA1"'
+
+    assert_equal expected, @da.auth_header(@uri, @header, 'GET')
+  end
+
+  def test_auth_header_unknown_algorithm
+    @header << 'algorithm="bogus"'
+
+    e = assert_raises Net::HTTP::DigestAuth::Error do
+      @da.auth_header @uri, @header, 'GET'
+    end
+    
+    assert_equal 'unknown algorithm "bogus"', e.message
+  end
+
   def test_make_cnonce
     assert_match %r%\A[a-f\d]{32}\z%, @da.make_cnonce
   end

metadata

@@ -1,12 +1,12 @@
 --- !ruby/object:Gem::Specification 
 name: net-http-digest_auth
 version: !ruby/object:Gem::Version 
-  hash: 15
-  prerelease: false
+  hash: 13
+  prerelease: 
   segments: 
   - 1
-  - 0
-  version: "1.0"
+  - 1
+  version: "1.1"
 platform: ruby
 authors: 
 - Eric Hodel
@@ -35,23 +35,23 @@ cert_chain:
   x52qPcexcYZR7w==
   -----END CERTIFICATE-----
 
-date: 2010-09-10 00:00:00 -07:00
+date: 2011-03-29 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  name: rubyforge
+  name: minitest
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 7
+        hash: 11
         segments: 
         - 2
         - 0
-        - 4
-        version: 2.0.4
+        - 2
+        version: 2.0.2
   type: :development
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -62,12 +62,12 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 21
+        hash: 41
         segments: 
         - 2
-        - 6
+        - 9
         - 1
-        version: 2.6.1
+        version: 2.9.1
   type: :development
   version_requirements: *id002
 description: |-
@@ -91,7 +91,10 @@ files:
 - README.txt
 - Rakefile
 - lib/net/http/digest_auth.rb
+- sample/auth_server.rb
+- sample/net_http_example.rb
 - test/test_net_http_digest_auth.rb
+- .gemtest
 has_rdoc: true
 homepage: http://seattlerb.rubyforge.org/net-http-digest_auth
 licenses: []
@@ -123,7 +126,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: seattlerb
-rubygems_version: 1.3.7
+rubygems_version: 1.6.2
 signing_key: 
 specification_version: 3
 summary: An implementation of RFC 2617 - Digest Access Authentication

metadata.gz.sig

@@ -1 +1,2 @@
-&��a����>�E]F��'�ؕ�A�Z��֗p��%#3�$ײ�����+�(��д~���B�_�i�p����]O@Z�h��_�?�~��P�����h���8��6���hڐ~H���s6�~3Ub�
+uP���$��6�Z�5IƎj��c�f��pgQ(�^`8q/i�+�;xv�߄����k��qGA2���zC��CLD�j�Ī�s.�Z��&n�q�T֢��k�*�u=~o��lς�?��h �����yj����bo�x]Z��y/�BXV.פz�: x-)����%��rghr�
+�n	3�,2!D):ڣ;��Eۙ�~���t�YWo�&�]�T����f������/<Z!��(~Г!DŽ$$+��x