diff options
Diffstat (limited to 'lib/webrick/httpauth')
-rw-r--r-- | lib/webrick/httpauth/basicauth.rb | 2 | ||||
-rw-r--r-- | lib/webrick/httpauth/digestauth.rb | 7 | ||||
-rw-r--r-- | lib/webrick/httpauth/htpasswd.rb | 10 |
3 files changed, 12 insertions, 7 deletions
diff --git a/lib/webrick/httpauth/basicauth.rb b/lib/webrick/httpauth/basicauth.rb index ca5b0e9da3..e835361dc2 100644 --- a/lib/webrick/httpauth/basicauth.rb +++ b/lib/webrick/httpauth/basicauth.rb @@ -34,7 +34,7 @@ module WEBrick unless basic_credentials = check_scheme(req) challenge(req, res) end - userid, password = decode64(basic_credentials).split(":", 2) + userid, password = basic_credentials.unpack("m*")[0].split(":", 2) password ||= "" if userid.empty? error("user id was not given.") diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb index a5177459b7..2bc3e97817 100644 --- a/lib/webrick/httpauth/digestauth.rb +++ b/lib/webrick/httpauth/digestauth.rb @@ -174,11 +174,11 @@ module WEBrick if auth_req['qop'] == "auth" || auth_req['qop'] == nil ha2 = hexdigest(req.request_method, auth_req['uri']) - ha2_res = digest("", auth_req['uri']) + ha2_res = hexdigest("", auth_req['uri']) elsif auth_req['qop'] == "auth-int" ha2 = hexdigest(req.request_method, auth_req['uri'], hexdigest(req.body)) - ha2_res = digest("", auth_req['uri'], hexdigest(req.body)) + ha2_res = hexdigest("", auth_req['uri'], hexdigest(res.body)) end if auth_req['qop'] == "auth" || auth_req['qop'] == "auth-int" @@ -331,9 +331,6 @@ module WEBrick @h.hexdigest(args.join(":")) end - def digest(*args) - @h.digest(args.join(":")) - end end class ProxyDigestAuth < DigestAuth diff --git a/lib/webrick/httpauth/htpasswd.rb b/lib/webrick/httpauth/htpasswd.rb index a4a80647d8..8a058861d3 100644 --- a/lib/webrick/httpauth/htpasswd.rb +++ b/lib/webrick/httpauth/htpasswd.rb @@ -32,7 +32,15 @@ module WEBrick open(@path){|io| while line = io.gets line.chomp! - user, pass = line.split(":") + case line + when %r!\A[^:]+:[a-zA-Z0-9./]{13}\z! + user, pass = line.split(":") + when /:\$/, /:{SHA}/ + raise NotImplementedError, + 'MD5, SHA1 .htpasswd file not supported' + else + raise StandardError, 'bad .htpasswd file' + end @passwd[user] = pass end } |