|
Revision 5667, 1.2 kB
(checked in by david, 3 years ago)
|
Make it invitingly easy for someone to implement digest authentication -- come on, you can do it!
|
| Line | |
|---|
| 1 |
module HttpAuthentication |
|---|
| 2 |
module Digest |
|---|
| 3 |
module ControllerMethods |
|---|
| 4 |
def authenticate_with_http_digest(&login_procedure) |
|---|
| 5 |
HttpAuthentication::Digest.authenticate(self, &login_procedure) |
|---|
| 6 |
end |
|---|
| 7 |
|
|---|
| 8 |
def request_http_basic_authentication(realm = "Application") |
|---|
| 9 |
HttpAuthentication::Digest.authentication_request(self, realm) |
|---|
| 10 |
end |
|---|
| 11 |
end |
|---|
| 12 |
|
|---|
| 13 |
extend self |
|---|
| 14 |
|
|---|
| 15 |
def authenticate(controller, &login_procedure) |
|---|
| 16 |
if authorization(controller.request) |
|---|
| 17 |
login_procedure.call(*user_name_and_password(controller.request)) |
|---|
| 18 |
else |
|---|
| 19 |
false |
|---|
| 20 |
end |
|---|
| 21 |
end |
|---|
| 22 |
|
|---|
| 23 |
def user_name_and_password(request) |
|---|
| 24 |
decode_credentials(request).split(/:/, 2) |
|---|
| 25 |
end |
|---|
| 26 |
|
|---|
| 27 |
def authorization(request) |
|---|
| 28 |
request.env['HTTP_AUTHORIZATION'] || |
|---|
| 29 |
request.env['X-HTTP_AUTHORIZATION'] || |
|---|
| 30 |
request.env['X_HTTP_AUTHORIZATION'] |
|---|
| 31 |
end |
|---|
| 32 |
|
|---|
| 33 |
def decode_credentials(request) |
|---|
| 34 |
|
|---|
| 35 |
end |
|---|
| 36 |
|
|---|
| 37 |
def encode_credentials(user_name, password) |
|---|
| 38 |
|
|---|
| 39 |
end |
|---|
| 40 |
|
|---|
| 41 |
def authentication_request(controller, realm) |
|---|
| 42 |
|
|---|
| 43 |
controller.render :text => "Access denied.\n", :status => :unauthorized |
|---|
| 44 |
return false |
|---|
| 45 |
end |
|---|
| 46 |
end |
|---|
| 47 |
end |
|---|
