4 files changed, 270 insertions, 0 deletions

diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/md5.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/md5.rb
new file mode 100644
index 0000000000..e579dc9632
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/md5.rb
@@ -0,0 +1,124 @@
+require 'rack/auth/abstract/handler'
+require 'rack/auth/digest/request'
+require 'rack/auth/digest/params'
+require 'rack/auth/digest/nonce'
+require 'digest/md5'
+
+module Rack
+  module Auth
+    module Digest
+      # Rack::Auth::Digest::MD5 implements the MD5 algorithm version of
+      # HTTP Digest Authentication, as per RFC 2617.
+      #
+      # Initialize with the [Rack] application that you want protecting,
+      # and a block that looks up a plaintext password for a given username.
+      #
+      # +opaque+ needs to be set to a constant base64/hexadecimal string.
+      #
+      class MD5 < AbstractHandler
+
+        attr_accessor :opaque
+
+        attr_writer :passwords_hashed
+
+        def initialize(*args)
+          super
+          @passwords_hashed = nil
+        end
+
+        def passwords_hashed?
+          !!@passwords_hashed
+        end
+
+        def call(env)
+          auth = Request.new(env)
+
+          unless auth.provided?
+            return unauthorized
+          end
+
+          if !auth.digest? || !auth.correct_uri? || !valid_qop?(auth)
+            return bad_request
+          end
+
+          if valid?(auth)
+            if auth.nonce.stale?
+              return unauthorized(challenge(:stale => true))
+            else
+              env['REMOTE_USER'] = auth.username
+
+              return @app.call(env)
+            end
+          end
+
+          unauthorized
+        end
+
+
+        private
+
+        QOP = 'auth'.freeze
+
+        def params(hash = {})
+          Params.new do |params|
+            params['realm'] = realm
+            params['nonce'] = Nonce.new.to_s
+            params['opaque'] = H(opaque)
+            params['qop'] = QOP
+
+            hash.each { |k, v| params[k] = v }
+          end
+        end
+
+        def challenge(hash = {})
+          "Digest #{params(hash)}"
+        end
+
+        def valid?(auth)
+          valid_opaque?(auth) && valid_nonce?(auth) && valid_digest?(auth)
+        end
+
+        def valid_qop?(auth)
+          QOP == auth.qop
+        end
+
+        def valid_opaque?(auth)
+          H(opaque) == auth.opaque
+        end
+
+        def valid_nonce?(auth)
+          auth.nonce.valid?
+        end
+
+        def valid_digest?(auth)
+          digest(auth, @authenticator.call(auth.username)) == auth.response
+        end
+
+        def md5(data)
+          ::Digest::MD5.hexdigest(data)
+        end
+
+        alias :H :md5
+
+        def KD(secret, data)
+          H([secret, data] * ':')
+        end
+
+        def A1(auth, password)
+          [ auth.username, auth.realm, password ] * ':'
+        end
+
+        def A2(auth)
+          [ auth.method, auth.uri ] * ':'
+        end
+
+        def digest(auth, password)
+          password_hash = passwords_hashed? ? password : H(A1(auth, password))
+
+          KD(password_hash, [ auth.nonce, auth.nc, auth.cnonce, QOP, H(A2(auth)) ] * ':')
+        end
+
+      end
+    end
+  end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/nonce.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/nonce.rb
new file mode 100644
index 0000000000..dbe109f29a
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/nonce.rb
@@ -0,0 +1,51 @@
+require 'digest/md5'
+
+module Rack
+  module Auth
+    module Digest
+      # Rack::Auth::Digest::Nonce is the default nonce generator for the
+      # Rack::Auth::Digest::MD5 authentication handler.
+      #
+      # +private_key+ needs to set to a constant string.
+      #
+      # +time_limit+ can be optionally set to an integer (number of seconds),
+      # to limit the validity of the generated nonces.
+
+      class Nonce
+
+        class << self
+          attr_accessor :private_key, :time_limit
+        end
+
+        def self.parse(string)
+          new(*string.unpack("m*").first.split(' ', 2))
+        end
+
+        def initialize(timestamp = Time.now, given_digest = nil)
+          @timestamp, @given_digest = timestamp.to_i, given_digest
+        end
+
+        def to_s
+          [([ @timestamp, digest ] * ' ')].pack("m*").strip
+        end
+
+        def digest
+          ::Digest::MD5.hexdigest([ @timestamp, self.class.private_key ] * ':')
+        end
+
+        def valid?
+          digest == @given_digest
+        end
+
+        def stale?
+          !self.class.time_limit.nil? && (@timestamp - Time.now.to_i) < self.class.time_limit
+        end
+
+        def fresh?
+          !stale?
+        end
+
+      end
+    end
+  end
+end
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/params.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/params.rb
new file mode 100644
index 0000000000..730e2efdc8
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/params.rb
@@ -0,0 +1,55 @@
+module Rack
+  module Auth
+    module Digest
+      class Params < Hash
+
+        def self.parse(str)
+          split_header_value(str).inject(new) do |header, param|
+            k, v = param.split('=', 2)
+            header[k] = dequote(v)
+            header
+          end
+        end
+
+        def self.dequote(str) # From WEBrick::HTTPUtils
+          ret = (/\A"(.*)"\Z/ =~ str) ? $1 : str.dup
+          ret.gsub!(/\\(.)/, "\\1")
+          ret
+        end
+
+        def self.split_header_value(str)
+          str.scan( /(\w+\=(?:"[^\"]+"|[^,]+))/n ).collect{ |v| v[0] }
+        end
+
+        def initialize
+          super
+
+          yield self if block_given?
+        end
+
+        def [](k)
+          super k.to_s
+        end
+
+        def []=(k, v)
+          super k.to_s, v.to_s
+        end
+
+        UNQUOTED = ['qop', 'nc', 'stale']
+
+        def to_s
+          inject([]) do |parts, (k, v)|
+            parts << "#{k}=" + (UNQUOTED.include?(k) ? v.to_s : quote(v))
+            parts
+          end.join(', ')
+        end
+
+        def quote(str) # From WEBrick::HTTPUtils
+          '"' << str.gsub(/[\\\"]/o, "\\\1") << '"'
+        end
+
+      end
+    end
+  end
+end
+
diff --git a/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/request.rb b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/request.rb
new file mode 100644
index 0000000000..a8aa3bf996
--- /dev/null
+++ b/actionpack/lib/action_dispatch/vendor/rack-1.0/rack/auth/digest/request.rb
@@ -0,0 +1,40 @@
+require 'rack/auth/abstract/request'
+require 'rack/auth/digest/params'
+require 'rack/auth/digest/nonce'
+
+module Rack
+  module Auth
+    module Digest
+      class Request < Auth::AbstractRequest
+
+        def method
+          @env['rack.methodoverride.original_method'] || @env['REQUEST_METHOD']
+        end
+
+        def digest?
+          :digest == scheme
+        end
+
+        def correct_uri?
+          (@env['SCRIPT_NAME'].to_s + @env['PATH_INFO'].to_s) == uri
+        end
+
+        def nonce
+          @nonce ||= Nonce.parse(params['nonce'])
+        end
+
+        def params
+          @params ||= Params.parse(parts.last)
+        end
+
+        def method_missing(sym)
+          if params.has_key? key = sym.to_s
+            return params[key]
+          end
+          super
+        end
+
+      end
+    end
+  end
+end