lib/httpclient/auth.rb in httpclient-2.4.0 vs lib/httpclient/auth.rb in httpclient-2.5.0
- old
+ new
@@ -11,32 +11,14 @@
require 'mutex_m'
class HTTPClient
- begin
- require 'net/ntlm'
- NTLMEnabled = true
- rescue LoadError
- NTLMEnabled = false
- end
+ NTLMEnabled = false
+ SSPIEnabled = false
+ GSSAPIEnabled = false
- begin
- require 'win32/sspi'
- SSPIEnabled = true
- rescue LoadError
- SSPIEnabled = false
- end
-
- begin
- require 'gssapi'
- GSSAPIEnabled = true
- rescue LoadError
- GSSAPIEnabled = false
- end
-
-
# Common abstract class for authentication filter.
#
# There are 2 authentication filters.
# WWWAuth:: Authentication filter for handling authentication negotiation
# between Web server. Parses 'WWW-Authentication' header in
@@ -237,11 +219,10 @@
# Creates new BasicAuth filter.
def initialize
super
@cred = nil
- @set = false
@auth = {}
@challenge = {}
@scheme = "Basic"
end
@@ -261,19 +242,16 @@
@cred = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
else
uri = Util.uri_dirname(uri)
@auth[uri] = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
end
- @set = true
end
end
# have we marked this as set - ie that it's valid to use in this context?
def set?
- synchronize {
- @set == true
- }
+ @cred || @auth.any?
end
# Response handler: returns credential.
# It sends cred only when a given uri is;
# * child page of challengeable(got *Authenticate before) uri and,
@@ -303,16 +281,14 @@
class ProxyBasicAuth < BasicAuth
def set(uri, user, passwd)
synchronize do
@cred = ["#{user}:#{passwd}"].pack('m').tr("\n", '')
- @set = true
end
end
def get(req)
- target_uri = req.header.request_uri
synchronize {
return nil unless @challenge['challenged']
@cred
}
end
@@ -337,11 +313,10 @@
# Creates new DigestAuth filter.
def initialize
super
@auth = {}
@challenge = {}
- @set = false
@nonce_count = 0
@scheme = "Digest"
end
# Resets challenge state. Do not send '*Authorization' header until the
@@ -358,19 +333,16 @@
synchronize do
if uri
uri = Util.uri_dirname(uri)
@auth[uri] = [user, passwd]
end
- @set = true
end
end
# have we marked this as set - ie that it's valid to use in this context?
def set?
- synchronize {
- @set == true
- }
+ @auth.any?
end
# Response handler: returns credential.
# It sends cred only when a given uri is;
# * child page of challengeable(got *Authenticate before) uri and,
@@ -476,20 +448,18 @@
class ProxyDigestAuth < DigestAuth
# overrides DigestAuth#set. sets default user name and password. uri is not used.
def set(uri, user, passwd)
synchronize do
- @set = true
@auth = [user, passwd]
end
end
# overrides DigestAuth#get. Uses default user name and password
# regardless of target uri if the proxy has required authentication
# before
def get(req)
- target_uri = req.header.request_uri
synchronize {
param = @challenge
return nil unless param
user, passwd = @auth
return nil unless user
@@ -529,11 +499,10 @@
super()
@auth = {}
@auth_default = nil
@challenge = {}
@scheme = scheme
- @set = false
@ntlm_opt = {
:ntlmv2 => true
}
end
@@ -553,25 +522,21 @@
uri = Util.uri_dirname(uri)
@auth[uri] = [user, passwd]
else
@auth_default = [user, passwd]
end
- @set = true
end
end
# have we marked this as set - ie that it's valid to use in this context?
def set?
- synchronize {
- @set == true
- }
+ @auth_default || @auth.any?
end
# Response handler: returns credential.
# See ruby/ntlm for negotiation state transition.
def get(req)
- return nil unless NTLMEnabled
target_uri = req.header.request_uri
synchronize {
domain_uri, param = @challenge.find { |uri, v|
Util.uri_part_of(target_uri, uri)
}
@@ -581,10 +546,11 @@
}
unless user
user, passwd = @auth_default
end
return nil unless user
+ Util.try_require('net/ntlm') || return
domain = nil
domain, user = user.split("\\") if user.index("\\")
state = param[:state]
authphrase = param[:authphrase]
case state
@@ -604,11 +570,10 @@
}
end
# Challenge handler: remember URL and challenge token for response.
def challenge(uri, param_str)
- return false unless NTLMEnabled
synchronize {
if param_str.nil? or @challenge[uri].nil?
c = @challenge[uri] = {}
c[:state] = :init
c[:authphrase] = ""
@@ -653,41 +618,41 @@
# See win32/sspi for more details.
def set(*args)
# not supported
end
- # have we marked this as set - ie that it's valid to use in this context?
+ # Check always (not effective but it works)
def set?
- SSPIEnabled || GSSAPIEnabled
+ !@challenge.empty?
end
# Response handler: returns credential.
# See win32/sspi for negotiation state transition.
def get(req)
- return nil unless SSPIEnabled || GSSAPIEnabled
target_uri = req.header.request_uri
synchronize {
domain_uri, param = @challenge.find { |uri, v|
Util.uri_part_of(target_uri, uri)
}
return nil unless param
+ Util.try_require('win32/sspi') || Util.try_require('gssapi') || return
state = param[:state]
authenticator = param[:authenticator]
authphrase = param[:authphrase]
case state
when :init
- if SSPIEnabled
+ if defined?(Win32::SSPI)
authenticator = param[:authenticator] = Win32::SSPI::NegotiateAuth.new
return authenticator.get_initial_token(@scheme)
else # use GSSAPI
authenticator = param[:authenticator] = GSSAPI::Simple.new(domain_uri.host, 'HTTP')
# Base64 encode the context token
return [authenticator.init_context].pack('m').gsub(/\n/,'')
end
when :response
@challenge.delete(domain_uri)
- if SSPIEnabled
+ if defined?(Win32::SSPI)
return authenticator.complete_authentication(authphrase)
else # use GSSAPI
return authenticator.init_context(authphrase.unpack('m').pop)
end
end
@@ -695,11 +660,10 @@
}
end
# Challenge handler: remember URL and challenge token for response.
def challenge(uri, param_str)
- return false unless SSPIEnabled || GSSAPIEnabled
synchronize {
if param_str.nil? or @challenge[uri].nil?
c = @challenge[uri] = {}
c[:state] = :init
c[:authenticator] = nil
@@ -823,12 +787,12 @@
# You cannot set OAuth config via WWWAuth#set_auth. Use OAuth#config=
def set(*args)
# not supported
end
- # have we marked this as set - ie that it's valid to use in this context?
+ # Check always (not effective but it works)
def set?
- true
+ !@challenge.empty?
end
# Set authentication credential.
def set_config(uri, config)
synchronize do