authentication_request(controller, realm, message = nil) Instance Public methods

decode_credentials(header) Instance Public methods

decode_credentials_header(request) Instance Public methods

encode_credentials(http_method, credentials, password, password_is_ha1) Instance Public methods

expected_response(http_method, uri, credentials, password, password_is_ha1=true) Instance Public methods Returns the expected response for a request of http_method to uri with the decoded credentials and the expected password Optional parameter password_is_ha1 is set to true by default, since best practice is to store ha1 digest instead of a plain-text password.

ha1(credentials, password) Instance Public methods

nonce(secret_key, time = Time.now) Instance Public methods Uses an MD5 digest based on time to generate a value to be used only once. A server-specified data string which should be uniquely generated each time a 401 response is made. It is recommended that this string be base64 or hexadecimal data. Specifically, since the string is passed in the header lines as a quoted string, the double-quote character is not allowed. The contents of the nonce are implementation dependent. The qu

opaque(secret_key) Instance Public methods Opaque based on random generation - but changing each request?

secret_token(request) Instance Public methods

validate_digest_response(request, realm, &password_procedure) Instance Public methods Returns false unless the request credentials response value matches the expected value. First try the password as a ha1 digest password. If this fails, then try it as a plain text password.