From 97102f6596e490ea98f0300e34c47061f1e97f85 Mon Sep 17 00:00:00 2001 From: gotoyuzo Date: Sun, 2 Jan 2005 22:31:13 +0000 Subject: * lib/webrick/httpauth/htpasswd.rb (WEBrick::Htpasswd#reload): raise NotImplementedError if password is encrypted by digest algorithms. This patch is contributed by sheepman. [ruby-list:40467] * lib/webrick/httpauth/digestauth.rb (WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation. This patch is contributed by sheepman. [ruby-list:40482] * lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use pack/unpack-template char "m" instead of lib/base64.rb to do base64 encoding/decoding. fixed: [ruby-dev:25336] * test/webrick/test_httpauth.rb: new file. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7708 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 16 ++++++ lib/webrick/httpauth.rb | 2 +- lib/webrick/httpauth/basicauth.rb | 2 +- lib/webrick/httpauth/digestauth.rb | 7 +-- lib/webrick/httpauth/htpasswd.rb | 10 +++- test/webrick/test_httpauth.rb | 105 +++++++++++++++++++++++++++++++++++++ 6 files changed, 134 insertions(+), 8 deletions(-) create mode 100644 test/webrick/test_httpauth.rb diff --git a/ChangeLog b/ChangeLog index 1efe767afe..9f83c395dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,19 @@ +Mon Jan 3 07:27:46 2005 GOTOU Yuuzou + + * lib/webrick/httpauth/htpasswd.rb (WEBrick::Htpasswd#reload): + raise NotImplementedError if password is encrypted by digest + algorithms. This patch is contributed by sheepman. [ruby-list:40467] + + * lib/webrick/httpauth/digestauth.rb + (WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation. + This patch is contributed by sheepman. [ruby-list:40482] + + * lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use + pack/unpack-template char "m" instead of lib/base64.rb to do base64 + encoding/decoding. fixed: [ruby-dev:25336] + + * test/webrick/test_httpauth.rb: new file. + Sun Jan 2 15:42:10 2005 Masatoshi SEKI * lib/drb/drb.rb: add lazy stop_service. diff --git a/lib/webrick/httpauth.rb b/lib/webrick/httpauth.rb index b78c40fd04..147c04021c 100644 --- a/lib/webrick/httpauth.rb +++ b/lib/webrick/httpauth.rb @@ -22,7 +22,7 @@ module WEBrick user = pass = nil if /^Basic\s+(.*)/o =~ req[req_field] userpass = $1 - user, pass = decode64(userpass).split(":", 2) + user, pass = userpass.unpack("m*")[0].split(":", 2) end if block.call(user, pass) req.user = user diff --git a/lib/webrick/httpauth/basicauth.rb b/lib/webrick/httpauth/basicauth.rb index ca5b0e9da3..e835361dc2 100644 --- a/lib/webrick/httpauth/basicauth.rb +++ b/lib/webrick/httpauth/basicauth.rb @@ -34,7 +34,7 @@ module WEBrick unless basic_credentials = check_scheme(req) challenge(req, res) end - userid, password = decode64(basic_credentials).split(":", 2) + userid, password = basic_credentials.unpack("m*")[0].split(":", 2) password ||= "" if userid.empty? error("user id was not given.") diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb index a5177459b7..2bc3e97817 100644 --- a/lib/webrick/httpauth/digestauth.rb +++ b/lib/webrick/httpauth/digestauth.rb @@ -174,11 +174,11 @@ module WEBrick if auth_req['qop'] == "auth" || auth_req['qop'] == nil ha2 = hexdigest(req.request_method, auth_req['uri']) - ha2_res = digest("", auth_req['uri']) + ha2_res = hexdigest("", auth_req['uri']) elsif auth_req['qop'] == "auth-int" ha2 = hexdigest(req.request_method, auth_req['uri'], hexdigest(req.body)) - ha2_res = digest("", auth_req['uri'], hexdigest(req.body)) + ha2_res = hexdigest("", auth_req['uri'], hexdigest(res.body)) end if auth_req['qop'] == "auth" || auth_req['qop'] == "auth-int" @@ -331,9 +331,6 @@ module WEBrick @h.hexdigest(args.join(":")) end - def digest(*args) - @h.digest(args.join(":")) - end end class ProxyDigestAuth < DigestAuth diff --git a/lib/webrick/httpauth/htpasswd.rb b/lib/webrick/httpauth/htpasswd.rb index a4a80647d8..8a058861d3 100644 --- a/lib/webrick/httpauth/htpasswd.rb +++ b/lib/webrick/httpauth/htpasswd.rb @@ -32,7 +32,15 @@ module WEBrick open(@path){|io| while line = io.gets line.chomp! - user, pass = line.split(":") + case line + when %r!\A[^:]+:[a-zA-Z0-9./]{13}\z! + user, pass = line.split(":") + when /:\$/, /:{SHA}/ + raise NotImplementedError, + 'MD5, SHA1 .htpasswd file not supported' + else + raise StandardError, 'bad .htpasswd file' + end @passwd[user] = pass end } diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb new file mode 100644 index 0000000000..7109ebc2cb --- /dev/null +++ b/test/webrick/test_httpauth.rb @@ -0,0 +1,105 @@ +require "test/unit" +require "net/http" +require "tempfile" +require "webrick" +require "webrick/httpauth/basicauth" + +class TestWEBrickHTTPAuth < Test::Unit::TestCase + class NullWriter + def NullWriter.<<(msg) + puts msg if $DEBUG + return self + end + end + + def start_httpserver + server = WEBrick::HTTPServer.new( + :BindAddress => "0.0.0.0", :Port => 0, + :Logger => WEBrick::Log.new(NullWriter), + :AccessLog => [[NullWriter, ""]] + ) + thread = nil + begin + thread = Thread.start{ server.start } + addr = server.listeners[0].addr + yield([server, addr[3], addr[1]]) + ensure + server.stop + thread.join + end + end + + def test_basic_auth + start_httpserver{|server, addr, port| + realm = "WEBrick's realm" + path = "/basic_auth" + + server.mount_proc(path){|req, res| + WEBrick::HTTPAuth.basic_auth(req, res, realm){|user, pass| + user == "webrick" && pass == "supersecretpassword" + } + res.body = "hoge" + } + http = Net::HTTP.new(addr, port) + g = Net::HTTP::Get.new(path) + g.basic_auth("webrick", "supersecretpassword") + http.request(g){|res| assert_equal("hoge", res.body)} + g.basic_auth("webrick", "not super") + http.request(g){|res| assert_not_equal("hoge", res.body)} + } + end + + def test_basic_auth2 + start_httpserver{|server, addr, port| + realm = "WEBrick's realm" + path = "/basic_auth2" + + tmpfile = Tempfile.new("test_webrick_auth") + tmpfile.close + tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) + tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") + tmp_pass.set_passwd(realm, "foo", "supersecretpassword") + tmp_pass.flush + + htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) + users = [] + htpasswd.each{|user, pass| users << user } + assert_equal(2, users.size) + assert(users.member?("webrick")) + assert(users.member?("foo")) + + server.mount_proc(path){|req, res| + auth = WEBrick::HTTPAuth::BasicAuth.new( + :Realm => realm, :UserDB => htpasswd, + :Logger => server.logger + ) + auth.authenticate(req, res) + res.body = "hoge" + } + http = Net::HTTP.new(addr, port) + g = Net::HTTP::Get.new(path) + g.basic_auth("webrick", "supersecretpassword") + http.request(g){|res| assert_equal("hoge", res.body)} + g.basic_auth("webrick", "not super") + http.request(g){|res| assert_not_equal("hoge", res.body)} + } + end + + def test_basic_auth3 + tmpfile = Tempfile.new("test_webrick_auth") + tmpfile.puts("webrick:{SHA}GJYFRpBbdchp595jlh3Bhfmgp8k=") + tmpfile.flush + assert_raises(NotImplementedError){ + WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) + } + tmpfile.close(true) + + tmpfile = Tempfile.new("test_webrick_auth") + tmpfile.puts("webrick:$apr1$IOVMD/..$rmnOSPXr0.wwrLPZHBQZy0") + tmpfile.flush + assert_raises(NotImplementedError){ + WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) + } + tmpfile.close(true) + end +end -- cgit v1.2.3