ruby.git/lib/webrick/httpauth/htpasswd.rb, branch v2_7_8 The Ruby Programming Language lib/*: Prefer require_relative over require. 2018-11-02T17:52:33+00:00 marcandre marcandre@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-11-02T17:52:33+00:00 e859e668d2eb59f34ad18edb7458ce90076617e9 [#15206] [Fix GH-1976] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
[#15206] [Fix GH-1976]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick: Support bcrypt password hashing 2018-07-26T03:21:52+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-07-26T03:21:52+00:00 9749bfbf735f8dca3361f2ea16bb97027bd1ab61 This adds a password_hash keyword argument to WEBrick::HTTPAuth::Htpasswd#initialize. If set to :bcrypt, it will create bcrypt hashes instead of crypt hashes, and will raise an exception if the .htpasswd file uses crypt hashes. If :bcrypt is used, then instead of calling BasicAuth.make_passwd (which uses crypt), WEBrick::HTTPAuth::Htpasswd#set_passwd will set the bcrypt password directly. It isn't possible to change the make_passwd API to accept the password hash format, as that would break configurations who use Htpasswd#auth_type= to set a custom auth_type. This modifies WEBrick::HTTPAuth::BasicAuth to handle checking both crypt and bcrypt hashes. There are commented out requires for 'string/crypt', to handle when String#crypt is deprecated and the undeprecated version is moved to a gem. There is also a commented out warning for the case when the password_hash keyword is not specified and 'string/crypt' cannot be required. I think the warning makes sense to nudge users to using bcrypt. I've updated the tests to test nil, :crypt, and :bcrypt values for the password_hash keyword, skipping the bcrypt tests if the bcrypt library cannot be required. [ruby-core:88111] [Feature #14940] From: Jeremy Evans <code@jeremyevans.net> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
This adds a password_hash keyword argument to
WEBrick::HTTPAuth::Htpasswd#initialize.  If set to :bcrypt, it
will create bcrypt hashes instead of crypt hashes, and will
raise an exception if the .htpasswd file uses crypt hashes.

If :bcrypt is used, then instead of calling
BasicAuth.make_passwd (which uses crypt),
WEBrick::HTTPAuth::Htpasswd#set_passwd will set the bcrypt
password directly.  It isn't possible to change the
make_passwd API to accept the password hash format, as that
would break configurations who use Htpasswd#auth_type= to set
a custom auth_type.

This modifies WEBrick::HTTPAuth::BasicAuth to handle checking
both crypt and bcrypt hashes.

There are commented out requires for 'string/crypt', to handle
when String#crypt is deprecated and the undeprecated version is
moved to a gem.

There is also a commented out warning for the case when
the password_hash keyword is not specified and 'string/crypt'
cannot be required.  I think the warning makes sense to nudge
users to using bcrypt.

I've updated the tests to test nil, :crypt, and :bcrypt values
for the password_hash keyword, skipping the bcrypt tests if the
bcrypt library cannot be required.

[ruby-core:88111] [Feature #14940]

From: Jeremy Evans <code@jeremyevans.net>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick: httpauth requires regular files 2017-12-22T01:07:39+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-12-22T01:07:39+00:00 edddc28f6255364a4acfcaab3e2c0834f174f734 Be sure we do not try to open a pipe to read from, since we care about mtime in all cases. * lib/webrick/httpauth/htdigest.rb: use File.open * lib/webrick/httpauth/htgroup.rb: ditto * lib/webrick/httpauth/htpasswd.rb: ditto [Misc #14216] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.

* lib/webrick/httpauth/htdigest.rb: use File.open
* lib/webrick/httpauth/htgroup.rb: ditto
* lib/webrick/httpauth/htpasswd.rb: ditto
  [Misc #14216]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
lib/*: remove closed checks 2016-11-21T23:05:41+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-11-21T23:05:41+00:00 f845a9ef76c0195254ded79c85c24332534f4057 Follow r56795. Since Ruby 2.2, calling #close on a closed socket no longer raises exceptions. * lib/cgi/session.rb (update): remove closed? check * lib/net/http.rb (finish, transport_request): ditto * lib/net/imap.rb (disconnect): ditto * lib/net/pop.rb (do_start, do_finish): ditto * lib/net/smtp.rb (do_start, do_finish): ditto * lib/open3.rb (popen_run, pipeline_run): ditto * lib/pstore.rb (transaction): ditto * lib/shell/process-controller.rb (sfork): * lib/tempfile (_close, call, Tempfile.create): ditto * lib/webrick/httpauth/htdigest.rb (flush): ditto * lib/webrick/httpauth/htpasswd.rb (flush): ditto * lib/webrick/server.rb (start_thread, cleanup_shutdown_pipe): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56865 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Follow r56795.  Since Ruby 2.2, calling #close on a closed
socket no longer raises exceptions.

* lib/cgi/session.rb (update): remove closed? check
* lib/net/http.rb (finish, transport_request): ditto
* lib/net/imap.rb (disconnect): ditto
* lib/net/pop.rb (do_start, do_finish): ditto
* lib/net/smtp.rb (do_start, do_finish): ditto
* lib/open3.rb (popen_run, pipeline_run): ditto
* lib/pstore.rb (transaction): ditto
* lib/shell/process-controller.rb (sfork):
* lib/tempfile (_close, call, Tempfile.create): ditto
* lib/webrick/httpauth/htdigest.rb (flush): ditto
* lib/webrick/httpauth/htpasswd.rb (flush): ditto
* lib/webrick/server.rb (start_thread, cleanup_shutdown_pipe): ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56865 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add frozen_string_literal: false for all files 2015-12-16T05:07:31+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-12-16T05:07:31+00:00 3e92b635fb5422207b7bbdc924e292e51e21f040 When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
When you change this to true, you may need to add more tests.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpauth/htpasswd.rb: Use Tempfile.create to avoid 2013-04-20T15:10:29+00:00 akr akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2013-04-20T15:10:29+00:00 5fb8bb16e6ee98b1e5c7c657c0d0fe8b16e6dada unintentional unlink() by the finalizer. lib/webrick/httpauth/htdigest.rb: Ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40395 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  unintentional unlink() by the finalizer.
  lib/webrick/httpauth/htdigest.rb: Ditto.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40395 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick: Add documentation for WEBrick::HTTPAuth 2011-05-10T23:37:43+00:00 drbrain drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2011-05-10T23:37:43+00:00 8c2a52937f3b71efa7bcb48e7b8b00bc6b616ab4 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/httpauth/htpasswd.rb (WEBrick::Htpasswd#reload): 2005-01-02T22:31:13+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2005-01-02T22:31:13+00:00 97102f6596e490ea98f0300e34c47061f1e97f85 raise NotImplementedError if password is encrypted by digest algorithms. This patch is contributed by sheepman. [ruby-list:40467] * lib/webrick/httpauth/digestauth.rb (WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation. This patch is contributed by sheepman. [ruby-list:40482] * lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use pack/unpack-template char "m" instead of lib/base64.rb to do base64 encoding/decoding. fixed: [ruby-dev:25336] * test/webrick/test_httpauth.rb: new file. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7708 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  raise NotImplementedError if password is encrypted by digest
  algorithms. This patch is contributed by sheepman. [ruby-list:40467]

* lib/webrick/httpauth/digestauth.rb
  (WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation.
  This patch is contributed by sheepman. [ruby-list:40482]

* lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use
  pack/unpack-template char "m" instead of lib/base64.rb to do base64
  encoding/decoding. fixed: [ruby-dev:25336]

* test/webrick/test_httpauth.rb: new file.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7708 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick: imported. 2003-07-23T16:51:36+00:00 gotoyuzo gotoyuzo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2003-07-23T16:51:36+00:00 01eba908adcd150a7b816af0dbe167c4c4912a90 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4130 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4130 b2dd03c8-39d4-4d8f-98ff-823fe69b080e