Based on patch by akr [ruby-core:88477], use Tempfile.create
to avoid unnecessary unlink call. Unlike akr's original patch,
this does not change the return value of flush.
Thanks-to: Tanaka Akira <akr@fsij.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64363 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This adds a password_hash keyword argument to
WEBrick::HTTPAuth::Htpasswd#initialize. If set to :bcrypt, it
will create bcrypt hashes instead of crypt hashes, and will
raise an exception if the .htpasswd file uses crypt hashes.
If :bcrypt is used, then instead of calling
BasicAuth.make_passwd (which uses crypt),
WEBrick::HTTPAuth::Htpasswd#set_passwd will set the bcrypt
password directly. It isn't possible to change the
make_passwd API to accept the password hash format, as that
would break configurations who use Htpasswd#auth_type= to set
a custom auth_type.
This modifies WEBrick::HTTPAuth::BasicAuth to handle checking
both crypt and bcrypt hashes.
There are commented out requires for 'string/crypt', to handle
when String#crypt is deprecated and the undeprecated version is
moved to a gem.
There is also a commented out warning for the case when
the password_hash keyword is not specified and 'string/crypt'
cannot be required. I think the warning makes sense to nudge
users to using bcrypt.
I've updated the tests to test nil, :crypt, and :bcrypt values
for the password_hash keyword, skipping the bcrypt tests if the
bcrypt library cannot be required.
[ruby-core:88111] [Feature #14940]
From: Jeremy Evans <code@jeremyevans.net>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64060 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
WARNING! WARNING! WARNING! LIKELY BROKEN CHANGE
Pass a proc to WEBrick::HTTPRequest#body to avoid reading a
potentially large request body into memory during
authentication.
WARNING! this will break apps completely which want to do
something with the body besides calculating the MD5 digest
of it.
Also, keep in mind that probably nobody uses "auth-int".
Servers such as Apache, lighttpd, nginx don't seem to
support it; nor does curl when using POST/PUT bodies;
and we didn't have tests for it until now...
* lib/webrick/httpauth/digestauth.rb (_authenticate): stream req.body
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62965 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.
* lib/webrick/httpauth/htdigest.rb: use File.open
* lib/webrick/httpauth/htgroup.rb: ditto
* lib/webrick/httpauth/htpasswd.rb: ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/ruby/test_parse.rb: Fix typo in a test name.
s/allowd/allowed/
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43917 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
unintentional unlink() by the finalizer.
lib/webrick/httpauth/htdigest.rb: Ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40395 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Literal texts in HTTP ABNF is case-insensitive (RFC2616 2.1),
and a ample implementation in RFC2617 also ignores the case
of algorithms. So now this ignores those cases.
[ruby-dev:43965] [Feature #4936]
* lib/webrick/httpauth/digestauth.rb (initialize):
Because of above, opera_hack is useless and removed.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32410 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(WEBrick::HTTPAuth::Authenticator#check_scheme): auth-scheme must be
treated as a case-insensitive token according to RFC 2617 section 1.2.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@12692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
raise NotImplementedError if password is encrypted by digest
algorithms. This patch is contributed by sheepman. [ruby-list:40467]
* lib/webrick/httpauth/digestauth.rb
(WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation.
This patch is contributed by sheepman. [ruby-list:40482]
* lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use
pack/unpack-template char "m" instead of lib/base64.rb to do base64
encoding/decoding. fixed: [ruby-dev:25336]
* test/webrick/test_httpauth.rb: new file.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7708 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
lib/webrick/httpauth/{basicauth.rb,digestauth.rb}: use
pack/unpack-template char "m" instead of lib/base64.rb to do base64
encoding/decoding.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@7593 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
marcandre
normal
nobu
naruse
hsbt
a_matsuda
akr
drbrain
nagachika
nahi
matz
mame
gotoyuzo