Feature #11365 ยป 0003-Change-Webrick-to-support-SHA-htpasswd-files.patch
lib/webrick/httpauth/basicauth.rb | ||
---|---|---|
require 'webrick/config'
|
||
require 'webrick/httpstatus'
|
||
require 'webrick/httpauth/authenticator'
|
||
require 'digest/sha1'
|
||
module WEBrick
|
||
module HTTPAuth
|
||
... | ... | |
def self.make_passwd(realm, user, pass)
|
||
pass ||= ""
|
||
pass.crypt(Utils::random_string(2))
|
||
encpass = Digest::SHA1.new.update(pass).base64digest
|
||
"{SHA}#{encpass}"
|
||
end
|
||
attr_reader :realm, :userdb, :logger
|
||
... | ... | |
error("%s: the user is not allowed.", userid)
|
||
challenge(req, res)
|
||
end
|
||
if password.crypt(encpass) != encpass
|
||
if (encpass.length == 13 ? password.crypt(encpass) != encpass : Digest::SHA1.new.update(password).base64digest != encpass)
|
||
error("%s: password unmatch.", userid)
|
||
challenge(req, res)
|
||
end
|
lib/webrick/httpauth/htpasswd.rb | ||
---|---|---|
while line = io.gets
|
||
line.chomp!
|
||
case line
|
||
when %r!\A[^:]+:[a-zA-Z0-9./]{13}\z!
|
||
when %r!\A[^:]+:\{SHA\}(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)?\z!
|
||
user, pass = line.split(":")
|
||
when /:\$/, /:{SHA}/
|
||
pass = pass[5..-1]
|
||
when /:[a-zA-Z0-9.\/]{13}\z/
|
||
user, pass = line.split(":")
|
||
when /:\$/
|
||
raise NotImplementedError,
|
||
'MD5, SHA1 .htpasswd file not supported'
|
||
'MD5 .htpasswd file not supported'
|
||
else
|
||
raise StandardError, 'bad .htpasswd file'
|
||
end
|
test/webrick/test_httpauth.rb | ||
---|---|---|
def test_basic_auth3
|
||
Tempfile.create("test_webrick_auth") {|tmpfile|
|
||
tmpfile.puts("webrick:{SHA}GJYFRpBbdchp595jlh3Bhfmgp8k=")
|
||
tmpfile.flush
|
||
assert_raise(NotImplementedError){
|
||
WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path)
|
||
}
|
||
}
|
||
Tempfile.create("test_webrick_auth") {|tmpfile|
|
||
tmpfile.puts("webrick:$apr1$IOVMD/..$rmnOSPXr0.wwrLPZHBQZy0")
|
||
tmpfile.flush
|
||
assert_raise(NotImplementedError){
|
test/xmlrpc/htpasswd | ||
---|---|---|
admin:Qg266hq/YYKe2
|
||
01234567890123456789012345678901234567890123456789012345678901234567890123456789:Yl.SJmoFETpS2
|
||
admin:{SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc=
|
||
01234567890123456789012345678901234567890123456789012345678901234567890123456789:{SHA}NWdeaPS1r3uZXZIFrQ/EOELxZFA=
|