Digest auth option for ActiveResource.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
author: pivotal <pivotal@shotwell.flood.pivotallabs.com> 2009-10-02 13:57:31 -0700
committer: Michael Koziarski <michael@koziarski.com> 2009-10-15 10:37:04 +1300
commit: 945d999aadc9df41487e675fa0a863396cb54e31 (patch)
tree: aa13a8a177c9615f28430440342b4dd145804ca0 /activeresource/lib
parent: 1d01bad3cedfd690c6d125cac6d4504baa9409e5 (diff)
download: rails-945d999aadc9df41487e675fa0a863396cb54e31.tar.gz
rails-945d999aadc9df41487e675fa0a863396cb54e31.tar.bz2
rails-945d999aadc9df41487e675fa0a863396cb54e31.zip
2 files changed, 91 insertions, 11 deletions
diff --git a/activeresource/lib/active_resource/base.rb b/activeresource/lib/active_resource/base.rb
index b21d8db613..ae627c365d 100644
--- a/activeresource/lib/active_resource/base.rb
+++ b/activeresource/lib/active_resource/base.rb
@@ -326,6 +326,17 @@ module ActiveResource
         @password = password
       end
 
+      def auth_type
+        if defined?(@auth_type)
+          @auth_type
+        end
+      end
+
+      def auth_type=(auth_type)
+        @connection = nil
+        @auth_type = auth_type
+      end
+
       # Sets the format that attributes are sent and received in from a mime type reference:
       #
       #   Person.format = :json
@@ -397,6 +408,7 @@ module ActiveResource
           @connection.proxy = proxy if proxy
           @connection.user = user if user
           @connection.password = password if password
+          @connection.auth_type = auth_type if auth_type
           @connection.timeout = timeout if timeout
           @connection.ssl_options = ssl_options if ssl_options
           @connection
diff --git a/activeresource/lib/active_resource/connection.rb b/activeresource/lib/active_resource/connection.rb
index 9d551f04e7..98cb1a932b 100644
--- a/activeresource/lib/active_resource/connection.rb
+++ b/activeresource/lib/active_resource/connection.rb
@@ -17,7 +17,7 @@ module ActiveResource
       :head => 'Accept'
     }
 
-    attr_reader :site, :user, :password, :timeout, :proxy, :ssl_options
+    attr_reader :site, :user, :password, :auth_type, :timeout, :proxy, :ssl_options
     attr_accessor :format
 
     class << self
@@ -57,6 +57,11 @@ module ActiveResource
       @password = password
     end
 
+    # Sets the auth type for remote service.
+    def auth_type=(auth_type)
+      @auth_type = legitimize_auth_type(auth_type)
+    end
+
     # Sets the number of seconds after which HTTP requests to the remote service should time out.
     def timeout=(timeout)
       @timeout = timeout
@@ -70,31 +75,31 @@ module ActiveResource
     # Executes a GET request.
     # Used to get (find) resources.
     def get(path, headers = {})
-      format.decode(request(:get, path, build_request_headers(headers, :get)).body)
+      with_auth { format.decode(request(:get, path, build_request_headers(headers, :get, self.site.merge(path))).body) }
     end
 
     # Executes a DELETE request (see HTTP protocol documentation if unfamiliar).
     # Used to delete resources.
     def delete(path, headers = {})
-      request(:delete, path, build_request_headers(headers, :delete))
+      with_auth { request(:delete, path, build_request_headers(headers, :delete, self.site.merge(path))) }
     end
 
     # Executes a PUT request (see HTTP protocol documentation if unfamiliar).
     # Used to update resources.
     def put(path, body = '', headers = {})
-      request(:put, path, body.to_s, build_request_headers(headers, :put))
+      with_auth { request(:put, path, body.to_s, build_request_headers(headers, :put, self.site.merge(path))) }
     end
 
     # Executes a POST request.
     # Used to create new resources.
     def post(path, body = '', headers = {})
-      request(:post, path, body.to_s, build_request_headers(headers, :post))
+      with_auth { request(:post, path, body.to_s, build_request_headers(headers, :post, self.site.merge(path))) }
     end
 
     # Executes a HEAD request.
     # Used to obtain meta-information about resources, such as whether they exist and their size (via response headers).
     def head(path, headers = {})
-      request(:head, path, build_request_headers(headers, :head))
+      with_auth { request(:head, path, build_request_headers(headers, :head, self.site.merge(path))) }
     end
 
 
@@ -198,13 +203,70 @@ module ActiveResource
       end
 
       # Builds headers for request to remote service.
-      def build_request_headers(headers, http_method=nil)
-        authorization_header.update(default_header).update(http_format_header(http_method)).update(headers)
+      def build_request_headers(headers, http_method, uri)
+        authorization_header(http_method, uri).update(default_header).update(http_format_header(http_method)).update(headers)
+      end
+
+      def response_auth_header
+        @response_auth_header ||= ""
+      end
+
+      def with_auth
+        retried ||= false
+        yield
+      rescue UnauthorizedAccess => e
+        raise if retried || auth_type != :digest
+        @response_auth_header = e.response['WWW-Authenticate']
+        retried = true
+        retry
+      end
+
+      def authorization_header(http_method, uri)
+        if @user || @password
+          if auth_type == :digest
+            { 'Authorization' => digest_auth_header(http_method, uri) }
+          else
+            { 'Authorization' => 'Basic ' + ["#{@user}:#{@password}"].pack('m').delete("\r\n") }
+          end
+        else
+          {}
+        end
       end
 
-      # Sets authorization header
-      def authorization_header
-        (@user || @password ? { 'Authorization' => 'Basic ' + ["#{@user}:#{ @password}"].pack('m').delete("\r\n") } : {})
+      def digest_auth_header(http_method, uri)
+        params = extract_params_from_response
+
+        ha1 = Digest::MD5.hexdigest("#{@user}:#{params['realm']}:#{@password}")
+        ha2 = Digest::MD5.hexdigest("#{http_method.to_s.upcase}:#{uri.path}")
+
+        params.merge!('cnonce' => client_nonce)
+        request_digest = Digest::MD5.hexdigest([ha1, params['nonce'], "0", params['cnonce'], params['qop'], ha2].join(":"))
+        "Digest #{auth_attributes_for(uri, request_digest, params)}"
+      end
+
+      def client_nonce
+        Digest::MD5.hexdigest("%x" % (Time.now.to_i + rand(65535)))
+      end
+
+      def extract_params_from_response
+        params = {}
+        if response_auth_header =~ /^(\w+) (.*)/
+          $2.gsub(/(\w+)="(.*?)"/) { params[$1] = $2 }
+        end
+        params
+      end
+
+      def auth_attributes_for(uri, request_digest, params)
+        [
+          %Q(username="#{@user}"),
+          %Q(realm="#{params['realm']}"),
+          %Q(qop="#{params['qop']}"),
+          %Q(uri="#{uri.path}"),
+          %Q(nonce="#{params['nonce']}"),
+          %Q(nc="0"),
+          %Q(cnonce="#{params['cnonce']}"),
+          %Q(opaque="#{params['opaque']}"),
+          %Q(response="#{request_digest}")].join(", ")
       end
 
       def http_format_header(http_method)
@@ -214,5 +276,11 @@ module ActiveResource
       def logger #:nodoc:
         Base.logger
       end
+
+      def legitimize_auth_type(auth_type)
+        return :basic if auth_type.nil?
+        auth_type = auth_type.to_sym
+        [:basic, :digest].include?(auth_type) ? auth_type : :basic
+      end
   end
 end
author	pivotal <pivotal@shotwell.flood.pivotallabs.com>	2009-10-02 13:57:31 -0700
committer	Michael Koziarski <michael@koziarski.com>	2009-10-15 10:37:04 +1300
commit	945d999aadc9df41487e675fa0a863396cb54e31 (patch)
tree	aa13a8a177c9615f28430440342b4dd145804ca0 /activeresource/lib
parent	1d01bad3cedfd690c6d125cac6d4504baa9409e5 (diff)
download	rails-945d999aadc9df41487e675fa0a863396cb54e31.tar.gz rails-945d999aadc9df41487e675fa0a863396cb54e31.tar.bz2 rails-945d999aadc9df41487e675fa0a863396cb54e31.zip