1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# frozen_string_literal: true
require_relative 'abstract/handler'
require_relative 'abstract/request'
module Rack
module Auth
# Rack::Auth::Basic implements HTTP Basic Authentication, as per RFC 2617.
#
# Initialize with the Rack application that you want protecting,
# and a block that checks if a username and password pair are valid.
#
# See also: <tt>example/protectedlobster.rb</tt>
class Basic < AbstractHandler
def call(env)
auth = Basic::Request.new(env)
return unauthorized unless auth.provided?
return bad_request unless auth.basic?
if valid?(auth)
env['REMOTE_USER'] = auth.username
return @app.call(env)
end
unauthorized
end
private
def challenge
'Basic realm="%s"' % realm
end
def valid?(auth)
@authenticator.call(*auth.credentials)
end
class Request < Auth::AbstractRequest
def basic?
"basic" == scheme && credentials.length == 2
end
def credentials
@credentials ||= params.unpack("m").first.split(':', 2)
end
def username
credentials.first
end
end
end
end
end
|
