How to use Rack::Auth::Digest::MD5
Iñaki Baz Castillo
doc I get confussed:
http://rack.rubyforge.org/doc/Rack/Auth/Digest/MD5.html
The only I've found until now is a similar question with no response:
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/313893
--
Iñaki Baz Castillo <i...@aliax.net>
Iñaki Baz Castillo
> Hi, could I get an example of Rack::Auth::Digest::MD5 usage? By reading the
> doc I get confussed:
>
> http://rack.rubyforge.org/doc/Rack/Auth/Digest/MD5.html
>
> The only I've found until now is a similar question with no response:
>
> http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/313893
Any help please? I don't get it working and I don't know exactly what to try
since there is no documentation or examples.
Thanks.
Magnus Holm
app = lambda do |env|
[200, { 'Content-Type' => "text/html" }, ['Logged in!']]
end
app = Rack::Digest::MD5.new(app) do |username, password|
username == "foo" && password == "bar"
end
run app
//Magnus Holm
Iñaki Baz Castillo
> What about something like this?
>
> app = lambda do |env|
> [200, { 'Content-Type' => "text/html" }, ['Logged in!']]
> end
>
> app = Rack::Digest::MD5.new(app) do |username, password|
> username == "foo" && password == "bar"
> end
>
> run app
Thanks, but what about if I just want to ask for authentication depending on
the URL?
For example:
I require authentication if the URL is:
http://domain.org/service1/users/al...@domain.org/index.xml
But I don't require authentication if the URL is:
http://domain.org/service1/global/index.xml
Also, there are cases in which I require Digest authentication if method is
PUT but not for GET.
Is it possible?
Thanks a lot.
Iñaki Baz Castillo
Also, I don't know which user, password and *realm* I must use to generate the
401 until I inspect the request. This is, in my previous example:
http://domain.org/service1/users/al...@domain.org/index.xml
The 401 should contain a "WWW-Authenticate" header with fields:
- realm = domain.org
- username = alice
An the password (hassed ha1) would be retrieved from a DB.
Is it possible?
Genta IHA
> Hi, could I get an example of Rack::Auth::Digest::MD5 usage? By reading the
> doc I get confussed:
: (snip)
> Thanks, but what about if I just want to ask for authentication depending
> on the URL?
Please try this example:
----
class DigestAuthApp
USERS = {
'office' => {
'alice' => 'opensesame',
},
'home' => {
'bob' => 'hello',
},
}
def call(env)
req = Rack::Request.new(env)
return view_global(env) if %r!^/service1/global/! =~ req.fullpath
_, user, realm, path = *%r!^/service1/users/(\w+)@([^/]+)/
(.*)!.match(req.fullpath)
# authentication needed for users area
env = callcc do |cont|
auth = Rack::Auth::Digest::MD5.new(cont, realm) {|u| USERS[realm]
[user] }
auth.opaque = $$.to_s # or your favorite opaque
return auth.call(env) # => returns 401 if not authenticated
end
# authenticated
req = Rack::Request.new(env)
auth_user = req.env['REMOTE_USER']
body = ''
[['user', auth_user], ['realm', realm], ['path', path]].each do |
k, v|
body += k + ': ' + v + "\n"
end
[200, {"Content-Type" => "text/plain"}, body]
end
def view_global(env)
[200, {"Content-Type" => "text/plain"}, 'Welcome to global area.
Enjoy!']
end
end
----
for /service1/users/.*@office/something:
alice is permitted. bob is not.
for /service1/users/.*@home/something:
bob is permitted. alice is not.
for /service1/global/something:
Everyone is permitted.
--
Genta IHA
i...@inetcore.com
Iñaki Baz Castillo
Great! thanksa lot, I'll try it.
Iñaki Baz Castillo
> # authentication needed for users area
> env = callcc do |cont|
> auth = Rack::Auth::Digest::MD5.new(cont, realm) {|u| USERS[realm]
> [user] }
I get an error: what is "callcc"?
Thanks a lot.
Iñaki Baz Castillo
> El Viernes, 18 de Diciembre de 2009, Genta IHA escribió:
> > # authentication needed for users area
> > env = callcc do |cont|
> > auth = Rack::Auth::Digest::MD5.new(cont, realm) {|u| USERS[realm]
> > [user] }
>
> I get an error: what is "callcc"?
Ops, 'callcc' exists in Ruby1.8, but not in 1.9 !
Iñaki Baz Castillo
Sorry, it does exist, but "continuation" library must be loaded (while in 1.8
it seems to be loaded always).