Rack::Auth::Digest::MD5 implements the MD5 algorithm version of HTTP Digest Authentication, as per RFC 2617.
Initialize with the [Rack] application that you want protecting, and a block that looks up a plaintext password for a given username.
opaque
needs to be set to a constant base64/hexadecimal
string.
# File lib/rack/auth/digest/md5.rb, line 24 def initialize(*args) super @passwords_hashed = nil end
# File lib/rack/auth/digest/md5.rb, line 33 def call(env) auth = Request.new(env) unless auth.provided? return unauthorized end if !auth.digest? || !auth.correct_uri? || !valid_qop?(auth) return bad_request end if valid?(auth) if auth.nonce.stale? return unauthorized(challenge(:stale => true)) else env['REMOTE_USER'] = auth.username return @app.call(env) end end unauthorized end
# File lib/rack/auth/digest/md5.rb, line 29 def passwords_hashed? !!@passwords_hashed end