Class: WEBrick::HTTPAuth::Htdigest

Inherits:
Object
  • Object
show all
Includes:
UserDB
Defined in:
lib/webrick/httpauth/htdigest.rb

Overview

Htdigest accesses apache-compatible digest password files. Passwords are matched to a realm where they are valid. For security, the path for a digest password database should be stored outside of the paths available to the HTTP server.

Htdigest is intended for use with WEBrick::HTTPAuth::DigestAuth and stores passwords using cryptographic hashes.

htpasswd = WEBrick::HTTPAuth::Htdigest.new 'my_password_file'
htpasswd.set_passwd 'my realm', 'username', 'password'
htpasswd.flush

Instance Attribute Summary

Attributes included from UserDB

#auth_type

Instance Method Summary collapse

Methods included from UserDB

#make_passwd

Constructor Details

#initialize(path) ⇒ Htdigest

Open a digest password database at path


36
37
38
39
40
41
42
43
44
# File 'lib/webrick/httpauth/htdigest.rb', line 36

def initialize(path)
  @path = path
  @mtime = Time.at(0)
  @digest = Hash.new
  @mutex = Mutex::new
  @auth_type = DigestAuth
  open(@path,"a").close unless File::exist?(@path)
  reload
end

Instance Method Details

#delete_passwd(realm, user) ⇒ Object

Removes a password from the database for user in realm.


112
113
114
115
116
# File 'lib/webrick/httpauth/htdigest.rb', line 112

def delete_passwd(realm, user)
  if hash = @digest[realm]
    hash.delete(user)
  end
end

#eachObject

Iterate passwords in the database.


121
122
123
124
125
126
127
128
# File 'lib/webrick/httpauth/htdigest.rb', line 121

def each # :yields: [user, realm, password_hash]
  @digest.keys.sort.each{|realm|
    hash = @digest[realm]
    hash.keys.sort.each{|user|
      yield([user, realm, hash[user]])
    }
  }
end

#flush(output = nil) ⇒ Object

Flush the password database. If output is given the database will be written there instead of to the original path.


71
72
73
74
75
76
77
78
79
80
81
82
83
84
# File 'lib/webrick/httpauth/htdigest.rb', line 71

def flush(output=nil)
  output ||= @path
  tmp = Tempfile.create("htpasswd", File::dirname(output))
  renamed = false
  begin
    each{|item| tmp.puts(item.join(":")) }
    tmp.close
    File::rename(tmp.path, output)
    renamed = true
  ensure
    tmp.close if !tmp.closed?
    File.unlink(tmp.path) if !renamed
  end
end

#get_passwd(realm, user, reload_db) ⇒ Object

Retrieves a password from the database for user in realm. If reload_db is true the database will be reloaded first.


90
91
92
93
94
95
# File 'lib/webrick/httpauth/htdigest.rb', line 90

def get_passwd(realm, user, reload_db)
  reload() if reload_db
  if hash = @digest[realm]
    hash[user]
  end
end

#reloadObject

Reloads passwords from the database


49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# File 'lib/webrick/httpauth/htdigest.rb', line 49

def reload
  mtime = File::mtime(@path)
  if mtime > @mtime
    @digest.clear
    open(@path){|io|
      while line = io.gets
        line.chomp!
        user, realm, pass = line.split(/:/, 3)
        unless @digest[realm]
          @digest[realm] = Hash.new
        end
        @digest[realm][user] = pass
      end
    }
    @mtime = mtime
  end
end

#set_passwd(realm, user, pass) ⇒ Object

Sets a password in the database for user in realm to pass.


100
101
102
103
104
105
106
107
# File 'lib/webrick/httpauth/htdigest.rb', line 100

def set_passwd(realm, user, pass)
  @mutex.synchronize{
    unless @digest[realm]
      @digest[realm] = Hash.new
    end
    @digest[realm][user] = make_passwd(realm, user, pass)
  }
end