* lib/webrick/httpauth/htpasswd.rb (WEBrick::Htpasswd#reload):

  raise NotImplementedError if password is encrypted by digest
  algorithms. This patch is contributed by sheepman. [ruby-list:40467]

* lib/webrick/httpauth/digestauth.rb
  (WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation.
  This patch is contributed by sheepman. [ruby-list:40482]

* lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use
  pack/unpack-template char "m" instead of lib/base64.rb to do base64
  encoding/decoding. fixed: [ruby-dev:25336]

* test/webrick/test_httpauth.rb: new file.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7708 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

6 files changed, 134 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index 1efe767afe..9f83c395dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+Mon Jan  3 07:27:46 2005  GOTOU Yuuzou  <gotoyuzo@notwork.org>
+
+	* lib/webrick/httpauth/htpasswd.rb (WEBrick::Htpasswd#reload):
+	  raise NotImplementedError if password is encrypted by digest
+	  algorithms. This patch is contributed by sheepman. [ruby-list:40467]
+
+	* lib/webrick/httpauth/digestauth.rb
+	  (WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation.
+	  This patch is contributed by sheepman. [ruby-list:40482]
+
+	* lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use
+	  pack/unpack-template char "m" instead of lib/base64.rb to do base64
+	  encoding/decoding. fixed: [ruby-dev:25336]
+
+	* test/webrick/test_httpauth.rb: new file.
+
 Sun Jan  2 15:42:10 2005  Masatoshi SEKI  <m_seki@mva.biglobe.ne.jp>
 
 	* lib/drb/drb.rb: add lazy stop_service.
diff --git a/lib/webrick/httpauth.rb b/lib/webrick/httpauth.rb
index b78c40fd04..147c04021c 100644
--- a/lib/webrick/httpauth.rb
+++ b/lib/webrick/httpauth.rb
@@ -22,7 +22,7 @@ module WEBrick
       user = pass = nil
       if /^Basic\s+(.*)/o =~ req[req_field]
         userpass = $1
-        user, pass = decode64(userpass).split(":", 2)
+        user, pass = userpass.unpack("m*")[0].split(":", 2)
       end
       if block.call(user, pass)
         req.user = user
diff --git a/lib/webrick/httpauth/basicauth.rb b/lib/webrick/httpauth/basicauth.rb
index ca5b0e9da3..e835361dc2 100644
--- a/lib/webrick/httpauth/basicauth.rb
+++ b/lib/webrick/httpauth/basicauth.rb
@@ -34,7 +34,7 @@ module WEBrick
         unless basic_credentials = check_scheme(req)
           challenge(req, res)
         end
-        userid, password = decode64(basic_credentials).split(":", 2) 
+        userid, password = basic_credentials.unpack("m*")[0].split(":", 2) 
         password ||= ""
         if userid.empty?
           error("user id was not given.")
diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb
index a5177459b7..2bc3e97817 100644
--- a/lib/webrick/httpauth/digestauth.rb
+++ b/lib/webrick/httpauth/digestauth.rb
@@ -174,11 +174,11 @@ module WEBrick
 
         if auth_req['qop'] == "auth" || auth_req['qop'] == nil
           ha2 = hexdigest(req.request_method, auth_req['uri'])
-          ha2_res = digest("", auth_req['uri'])
+          ha2_res = hexdigest("", auth_req['uri'])
         elsif auth_req['qop'] == "auth-int"
           ha2 = hexdigest(req.request_method, auth_req['uri'],
                           hexdigest(req.body))
-          ha2_res = digest("", auth_req['uri'], hexdigest(req.body))
+          ha2_res = hexdigest("", auth_req['uri'], hexdigest(res.body))
         end
 
         if auth_req['qop'] == "auth" || auth_req['qop'] == "auth-int"
@@ -331,9 +331,6 @@ module WEBrick
         @h.hexdigest(args.join(":"))
       end
 
-      def digest(*args)
-        @h.digest(args.join(":"))
-      end
     end
 
     class ProxyDigestAuth < DigestAuth
diff --git a/lib/webrick/httpauth/htpasswd.rb b/lib/webrick/httpauth/htpasswd.rb
index a4a80647d8..8a058861d3 100644
--- a/lib/webrick/httpauth/htpasswd.rb
+++ b/lib/webrick/httpauth/htpasswd.rb
@@ -32,7 +32,15 @@ module WEBrick
           open(@path){|io|
             while line = io.gets
               line.chomp!
-              user, pass = line.split(":")
+              case line
+              when %r!\A[^:]+:[a-zA-Z0-9./]{13}\z!
+                user, pass = line.split(":")
+              when /:\$/, /:{SHA}/
+                raise NotImplementedError,
+                      'MD5, SHA1 .htpasswd file not supported'
+              else
+                raise StandardError, 'bad .htpasswd file'
+              end
               @passwd[user] = pass
             end
           }
diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb
new file mode 100644
index 0000000000..7109ebc2cb
--- /dev/null
+++ b/test/webrick/test_httpauth.rb
@@ -0,0 +1,105 @@
+require "test/unit"
+require "net/http"
+require "tempfile"
+require "webrick"
+require "webrick/httpauth/basicauth"
+
+class TestWEBrickHTTPAuth < Test::Unit::TestCase
+  class NullWriter
+    def NullWriter.<<(msg)
+      puts msg if $DEBUG
+      return self
+    end
+  end
+
+  def start_httpserver
+    server = WEBrick::HTTPServer.new(
+      :BindAddress => "0.0.0.0", :Port => 0,
+      :Logger => WEBrick::Log.new(NullWriter),
+      :AccessLog => [[NullWriter, ""]]
+    )
+    thread = nil
+    begin
+      thread = Thread.start{ server.start }
+      addr = server.listeners[0].addr
+      yield([server, addr[3], addr[1]])
+    ensure
+      server.stop
+      thread.join
+    end
+  end
+
+  def test_basic_auth
+    start_httpserver{|server, addr, port|
+      realm = "WEBrick's realm"
+      path = "/basic_auth"
+
+      server.mount_proc(path){|req, res|
+        WEBrick::HTTPAuth.basic_auth(req, res, realm){|user, pass|
+          user == "webrick" && pass == "supersecretpassword"
+        }     
+        res.body = "hoge"
+      }
+      http = Net::HTTP.new(addr, port)
+      g = Net::HTTP::Get.new(path)
+      g.basic_auth("webrick", "supersecretpassword")
+      http.request(g){|res| assert_equal("hoge", res.body)}  
+      g.basic_auth("webrick", "not super")
+      http.request(g){|res| assert_not_equal("hoge", res.body)}
+    }
+  end
+
+  def test_basic_auth2
+    start_httpserver{|server, addr, port|
+      realm = "WEBrick's realm"
+      path = "/basic_auth2"
+
+      tmpfile = Tempfile.new("test_webrick_auth")
+      tmpfile.close
+      tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path)
+      tmp_pass.set_passwd(realm, "webrick", "supersecretpassword")
+      tmp_pass.set_passwd(realm, "foo", "supersecretpassword")
+      tmp_pass.flush
+
+      htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path)
+      users = []
+      htpasswd.each{|user, pass| users << user }
+      assert_equal(2, users.size)
+      assert(users.member?("webrick"))
+      assert(users.member?("foo"))
+
+      server.mount_proc(path){|req, res|
+        auth = WEBrick::HTTPAuth::BasicAuth.new(
+          :Realm => realm, :UserDB => htpasswd,
+          :Logger => server.logger
+        )
+        auth.authenticate(req, res)
+        res.body = "hoge"
+      }
+      http = Net::HTTP.new(addr, port)
+      g = Net::HTTP::Get.new(path)
+      g.basic_auth("webrick", "supersecretpassword")
+      http.request(g){|res| assert_equal("hoge", res.body)}  
+      g.basic_auth("webrick", "not super")
+      http.request(g){|res| assert_not_equal("hoge", res.body)}
+    }
+  end
+
+  def test_basic_auth3
+    tmpfile = Tempfile.new("test_webrick_auth")
+    tmpfile.puts("webrick:{SHA}GJYFRpBbdchp595jlh3Bhfmgp8k=")
+    tmpfile.flush
+    assert_raises(NotImplementedError){
+      WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path)
+    }
+    tmpfile.close(true)
+
+    tmpfile = Tempfile.new("test_webrick_auth")
+    tmpfile.puts("webrick:$apr1$IOVMD/..$rmnOSPXr0.wwrLPZHBQZy0")
+    tmpfile.flush
+    assert_raises(NotImplementedError){
+      WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path)
+    }
+    tmpfile.close(true)
+  end
+end