eddanger (owner)

Revisions

gist: 62856 Download_button fork
public
Description:
Merb Digest Auth Strategy - Using Rack::Auth::Digest::MD5
Public Clone URL: git://gist.github.com/62856.git
Embed All Files: show embed
digest.rb #
raw 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

# This strategy is used with digest authentication in Merb.
#
# == Requirements
#
# == Methods
#   <User>.authenticate(login_field, password_field)
#
class Merb::Authentication
  module Strategies
    class Digest < Merb::Authentication::Strategy
      
      def run!
        result = @auth.call(request.env)
 
        Merb.logger.info("Digest Auth: " + result.to_a.join(', '))
        
        if result.is_a?(Array) and result[0] = 401
          self.status = result[0]
          self.headers['WWW-Authenticate'] = result[1]['WWW-Authenticate']
          self.body = self.class.failure_message + result[1]['WWW-Authenticate']
          halt!
        end
 
      end
      
      def self.realm
        @realm ||= "Application"
      end
      
      cattr_writer :realm
      def realm
        @realm ||= self.class.realm
      end
 
      cattr_accessor :failure_message
      @@failure_message = "Digest Login Required"
      
      
      private
      def initialize(request, params)
        Merb.logger.info(request.inspect)
        super
        #@auth = Rack::Auth::Digest::MD5.new(request.env)
        
        @auth = Rack::Auth::Digest::MD5.new(request.env) do |username|
          Merb.logger.info("what the hell is going on " + username)
          user = user_class.first(:login=>username)
 
          # password is encrypted, damnit!
          #Merb.logger.info("what the hell is going on " + user.crypted_password.to_s + " " + user.salt.to_s )
          { user.login => user.crypted_password }[username]
        end
        @auth.realm = realm
        
        Merb.logger.info("Digest Auth API Key is ... " + params.inspect.to_s)
        @auth.opaque = params['api_key']#'this-should-be-secret123'
        @auth
      end
 
    end # Digest
  end # Strategies
end # Merb::Authentication
init.rb #
raw 
1
2
3
4
5
6
7
8
9
10
11

# ...
 
Merb::BootLoader.before_app_loads do
  # This will get executed after dependencies have been loaded but before your app's classes have loaded.
 
  Merb::Authentication.register :digest, "lib/auth/strategies/digest.rb"
  Merb::Authentication.activate! :digest
end
 
# ...