ruby.git/lib/webrick/httpauth, branch ruby_2_7 The Ruby Programming Language Loop with String#scan without creating substrings 2019-10-01T10:19:56+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2019-08-13T03:14:28+00:00 36e057e26ef2104bc2349799d6c52d22bb1c7d03 Create the substrings necessary parts only, instead of cutting the rest of the buffer. Also removed a useless, probable typo, regexp. 
Create the substrings necessary parts only, instead of cutting the
rest of the buffer.  Also removed a useless, probable typo, regexp.
lib/*: Prefer require_relative over require. 2018-11-02T17:52:33+00:00 marcandre marcandre@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-11-02T17:52:33+00:00 e859e668d2eb59f34ad18edb7458ce90076617e9 [#15206] [Fix GH-1976] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
[#15206] [Fix GH-1976]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httpauth/htgroup.rb (flush): avoid unnecessary unlink 2018-08-14T23:00:02+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-08-14T23:00:02+00:00 ab7e34e4db6a1fd7cc83367b2646405a109fa7d8 Based on patch by akr [ruby-core:88477], use Tempfile.create to avoid unnecessary unlink call. Unlike akr's original patch, this does not change the return value of flush. Thanks-to: Tanaka Akira <akr@fsij.org> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64363 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Based on patch by akr [ruby-core:88477], use Tempfile.create
to avoid unnecessary unlink call.  Unlike akr's original patch,
this does not change the return value of flush.

Thanks-to: Tanaka Akira <akr@fsij.org>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64363 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick: Support bcrypt password hashing 2018-07-26T03:21:52+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-07-26T03:21:52+00:00 9749bfbf735f8dca3361f2ea16bb97027bd1ab61 This adds a password_hash keyword argument to WEBrick::HTTPAuth::Htpasswd#initialize. If set to :bcrypt, it will create bcrypt hashes instead of crypt hashes, and will raise an exception if the .htpasswd file uses crypt hashes. If :bcrypt is used, then instead of calling BasicAuth.make_passwd (which uses crypt), WEBrick::HTTPAuth::Htpasswd#set_passwd will set the bcrypt password directly. It isn't possible to change the make_passwd API to accept the password hash format, as that would break configurations who use Htpasswd#auth_type= to set a custom auth_type. This modifies WEBrick::HTTPAuth::BasicAuth to handle checking both crypt and bcrypt hashes. There are commented out requires for 'string/crypt', to handle when String#crypt is deprecated and the undeprecated version is moved to a gem. There is also a commented out warning for the case when the password_hash keyword is not specified and 'string/crypt' cannot be required. I think the warning makes sense to nudge users to using bcrypt. I've updated the tests to test nil, :crypt, and :bcrypt values for the password_hash keyword, skipping the bcrypt tests if the bcrypt library cannot be required. [ruby-core:88111] [Feature #14940] From: Jeremy Evans <code@jeremyevans.net> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
This adds a password_hash keyword argument to
WEBrick::HTTPAuth::Htpasswd#initialize.  If set to :bcrypt, it
will create bcrypt hashes instead of crypt hashes, and will
raise an exception if the .htpasswd file uses crypt hashes.

If :bcrypt is used, then instead of calling
BasicAuth.make_passwd (which uses crypt),
WEBrick::HTTPAuth::Htpasswd#set_passwd will set the bcrypt
password directly.  It isn't possible to change the
make_passwd API to accept the password hash format, as that
would break configurations who use Htpasswd#auth_type= to set
a custom auth_type.

This modifies WEBrick::HTTPAuth::BasicAuth to handle checking
both crypt and bcrypt hashes.

There are commented out requires for 'string/crypt', to handle
when String#crypt is deprecated and the undeprecated version is
moved to a gem.

There is also a commented out warning for the case when
the password_hash keyword is not specified and 'string/crypt'
cannot be required.  I think the warning makes sense to nudge
users to using bcrypt.

I've updated the tests to test nil, :crypt, and :bcrypt values
for the password_hash keyword, skipping the bcrypt tests if the
bcrypt library cannot be required.

[ruby-core:88111] [Feature #14940]

From: Jeremy Evans <code@jeremyevans.net>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick/httpauth/digestauth: stream req.body 2018-03-28T08:06:49+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-03-28T08:06:49+00:00 32e277acbf35de454befc1573aff1063a55403cf WARNING! WARNING! WARNING! LIKELY BROKEN CHANGE Pass a proc to WEBrick::HTTPRequest#body to avoid reading a potentially large request body into memory during authentication. WARNING! this will break apps completely which want to do something with the body besides calculating the MD5 digest of it. Also, keep in mind that probably nobody uses "auth-int". Servers such as Apache, lighttpd, nginx don't seem to support it; nor does curl when using POST/PUT bodies; and we didn't have tests for it until now... * lib/webrick/httpauth/digestauth.rb (_authenticate): stream req.body git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62965 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
WARNING! WARNING! WARNING!  LIKELY BROKEN CHANGE

Pass a proc to WEBrick::HTTPRequest#body to avoid reading a
potentially large request body into memory during
authentication.

WARNING! this will break apps completely which want to do
something with the body besides calculating the MD5 digest
of it.

Also, keep in mind that probably nobody uses "auth-int".
Servers such as Apache, lighttpd, nginx don't seem to
support it; nor does curl when using POST/PUT bodies;
and we didn't have tests for it until now...

* lib/webrick/httpauth/digestauth.rb (_authenticate): stream req.body

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62965 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick: httpauth requires regular files 2017-12-22T01:07:39+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2017-12-22T01:07:39+00:00 edddc28f6255364a4acfcaab3e2c0834f174f734 Be sure we do not try to open a pipe to read from, since we care about mtime in all cases. * lib/webrick/httpauth/htdigest.rb: use File.open * lib/webrick/httpauth/htgroup.rb: ditto * lib/webrick/httpauth/htpasswd.rb: ditto [Misc #14216] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.

* lib/webrick/httpauth/htdigest.rb: use File.open
* lib/webrick/httpauth/htgroup.rb: ditto
* lib/webrick/httpauth/htpasswd.rb: ditto
  [Misc #14216]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
lib/*: remove closed checks 2016-11-21T23:05:41+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-11-21T23:05:41+00:00 f845a9ef76c0195254ded79c85c24332534f4057 Follow r56795. Since Ruby 2.2, calling #close on a closed socket no longer raises exceptions. * lib/cgi/session.rb (update): remove closed? check * lib/net/http.rb (finish, transport_request): ditto * lib/net/imap.rb (disconnect): ditto * lib/net/pop.rb (do_start, do_finish): ditto * lib/net/smtp.rb (do_start, do_finish): ditto * lib/open3.rb (popen_run, pipeline_run): ditto * lib/pstore.rb (transaction): ditto * lib/shell/process-controller.rb (sfork): * lib/tempfile (_close, call, Tempfile.create): ditto * lib/webrick/httpauth/htdigest.rb (flush): ditto * lib/webrick/httpauth/htpasswd.rb (flush): ditto * lib/webrick/server.rb (start_thread, cleanup_shutdown_pipe): ditto git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56865 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Follow r56795.  Since Ruby 2.2, calling #close on a closed
socket no longer raises exceptions.

* lib/cgi/session.rb (update): remove closed? check
* lib/net/http.rb (finish, transport_request): ditto
* lib/net/imap.rb (disconnect): ditto
* lib/net/pop.rb (do_start, do_finish): ditto
* lib/net/smtp.rb (do_start, do_finish): ditto
* lib/open3.rb (popen_run, pipeline_run): ditto
* lib/pstore.rb (transaction): ditto
* lib/shell/process-controller.rb (sfork):
* lib/tempfile (_close, call, Tempfile.create): ditto
* lib/webrick/httpauth/htdigest.rb (flush): ditto
* lib/webrick/httpauth/htpasswd.rb (flush): ditto
* lib/webrick/server.rb (start_thread, cleanup_shutdown_pipe): ditto

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56865 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Use qualified names 2016-08-30T06:22:30+00:00 nobu nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-08-30T06:22:30+00:00 4b298ad77a8388f0aae62daeca66659a8effeade git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56037 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56037 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
stdlib: avoid extra calls to eliminate "\n" from Base64 2016-01-10T00:35:43+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2016-01-10T00:35:43+00:00 778bbac8ac2ae50f0987c4888f7158296ee5bbdd We may use the '0' (zero) to avoid adding the line feed. Furthermore, the '*' (asterisk) modifier is not needed for a single-element arrays. * ext/psych/lib/psych/visitors/yaml_tree.rb (visit_String): eliminate chomp * lib/net/http.rb (connect): eliminate delete * lib/net/http/header.rb (basic_encode): ditto * lib/net/imap.rb (authenticate): eliminate gsub (self.encode_utf7): shorten delete arg * lib/net/smtp.rb (base64_encode): eliminate gsub * lib/open-uri.rb (OpenURI.open_http): eliminate delete * lib/rss/rss.rb: ditto * lib/securerandom.rb (base64): ditto (urlsafe_base64): eliminate delete! * lib/webrick/httpauth/digestauth.rb (split_param_value): eliminate chop * lib/webrick/httpproxy.rb (do_CONNECT): eliminate delete (setup_upstream_proxy_authentication): ditto [ruby-core:72666] [Feature #11938] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
We may use the '0' (zero) to avoid adding the line feed.
Furthermore, the '*' (asterisk) modifier is not needed for
a single-element arrays.

* ext/psych/lib/psych/visitors/yaml_tree.rb (visit_String):
  eliminate chomp
* lib/net/http.rb (connect): eliminate delete
* lib/net/http/header.rb (basic_encode): ditto
* lib/net/imap.rb (authenticate): eliminate gsub
  (self.encode_utf7): shorten delete arg
* lib/net/smtp.rb (base64_encode): eliminate gsub
* lib/open-uri.rb (OpenURI.open_http): eliminate delete
* lib/rss/rss.rb: ditto
* lib/securerandom.rb (base64): ditto
  (urlsafe_base64): eliminate delete!
* lib/webrick/httpauth/digestauth.rb (split_param_value):
  eliminate chop
* lib/webrick/httpproxy.rb (do_CONNECT): eliminate delete
  (setup_upstream_proxy_authentication): ditto
  [ruby-core:72666] [Feature #11938]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add frozen_string_literal: false for all files 2015-12-16T05:07:31+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2015-12-16T05:07:31+00:00 3e92b635fb5422207b7bbdc924e292e51e21f040 When you change this to true, you may need to add more tests. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
When you change this to true, you may need to add more tests.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e