class WEBrick::HTTPAuth::BasicAuth

Basic Authentication for WEBrick

Use this class to add basic authentication to a WEBrick servlet.

Here is an example of how to set up a BasicAuth:

config = { :Realm => 'BasicAuth example realm' }

htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file', password_hash: :bcrypt
htpasswd.set_passwd config[:Realm], 'username', 'password'
htpasswd.flush

config[:UserDB] = htpasswd

basic_auth = WEBrick::HTTPAuth::BasicAuth.new config

Attributes

logger[R]
realm[R]
userdb[R]

Public Class Methods

make_passwd(realm, user, pass) click to toggle source

Used by UserDB to create a basic password entry

# File webrick/httpauth/basicauth.rb, line 43
def self.make_passwd(realm, user, pass)
  pass ||= ""
  pass.crypt(Utils::random_string(2))
end
new(config, default=Config::BasicAuth) click to toggle source

Creates a new BasicAuth instance.

See WEBrick::Config::BasicAuth for default configuration entries

You must supply the following configuration entries:

:Realm

The name of the realm being protected.

:UserDB

A database of usernames and passwords. A WEBrick::HTTPAuth::Htpasswd instance should be used.

# File webrick/httpauth/basicauth.rb, line 61
def initialize(config, default=Config::BasicAuth)
  check_init(config)
  @config = default.dup.update(config)
end

Public Instance Methods

authenticate(req, res) click to toggle source

Authenticates a req and returns a 401 Unauthorized using res if the authentication was not correct.

# File webrick/httpauth/basicauth.rb, line 70
def authenticate(req, res)
  unless basic_credentials = check_scheme(req)
    challenge(req, res)
  end
  userid, password = basic_credentials.unpack("m*")[0].split(":", 2)
  password ||= ""
  if userid.empty?
    error("user id was not given.")
    challenge(req, res)
  end
  unless encpass = @userdb.get_passwd(@realm, userid, @reload_db)
    error("%s: the user is not allowed.", userid)
    challenge(req, res)
  end

  case encpass
  when /\A\$2[aby]\$/
    password_matches = BCrypt::Password.new(encpass.sub(/\A\$2[aby]\$/, '$2a$')) == password
  else
    password_matches = password.crypt(encpass) == encpass
  end

  unless password_matches
    error("%s: password unmatch.", userid)
    challenge(req, res)
  end
  info("%s: authentication succeeded.", userid)
  req.user = userid
end
challenge(req, res) click to toggle source

Returns a challenge response which asks for authentication information

# File webrick/httpauth/basicauth.rb, line 103
def challenge(req, res)
  res[@response_field] = "#{@auth_scheme} realm=\"#{@realm}\""
  raise @auth_exception
end