OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	05/09/2024 07:14:11 AM	rwxr-xr-x
📄 accesslog.rb	4.34 KB	12/16/2015 05:07:31 AM	rw-r--r--
📄 cgi.rb	8.06 KB	03/28/2018 12:50:56 PM	rw-r--r--
📄 compat.rb	943 bytes	12/16/2015 05:07:31 AM	rw-r--r--
📄 config.rb	5.69 KB	12/07/2016 12:59:48 PM	rw-r--r--
📄 cookie.rb	3.91 KB	09/27/2016 03:17:47 AM	rw-r--r--
📄 htmlutils.rb	711 bytes	12/16/2015 05:07:31 AM	rw-r--r--
📁 httpauth	-	05/09/2024 07:14:11 AM	rwxr-xr-x
📄 httpauth.rb	3.36 KB	12/16/2015 05:07:31 AM	rw-r--r--
📄 httpproxy.rb	9.6 KB	03/28/2018 04:44:33 PM	rw-r--r--
📄 httprequest.rb	14.89 KB	05/15/2023 11:41:43 AM	rw-r--r--
📄 httpresponse.rb	11.8 KB	05/15/2023 11:41:43 AM	rw-r--r--
📄 https.rb	3.07 KB	07/18/2017 01:59:28 AM	rw-r--r--
📄 httpserver.rb	7.75 KB	12/13/2017 12:38:08 AM	rw-r--r--
📁 httpservlet	-	05/09/2024 07:14:11 AM	rwxr-xr-x
📄 httpservlet.rb	700 bytes	12/16/2015 05:07:31 AM	rw-r--r--
📄 httpstatus.rb	5.24 KB	09/14/2017 11:16:23 AM	rw-r--r--
📄 httputils.rb	12.91 KB	12/22/2017 01:08:05 AM	rw-r--r--
📄 httpversion.rb	1.6 KB	12/16/2015 05:07:31 AM	rw-r--r--
📄 log.rb	3.99 KB	12/22/2017 01:07:55 AM	rw-r--r--
📄 server.rb	10.04 KB	12/12/2017 11:56:25 AM	rw-r--r--
📄 ssl.rb	7.27 KB	07/18/2017 01:59:28 AM	rw-r--r--
📄 utils.rb	6.94 KB	12/12/2017 11:56:25 AM	rw-r--r--
📄 version.rb	415 bytes	12/24/2017 08:38:43 AM	rw-r--r--

Editing: httpauth.rb

# frozen_string_literal: false
#
# httpauth.rb -- HTTP access authentication
#
# Author: IPR -- Internet Programming with Ruby -- writers
# Copyright (c) 2000, 2001 TAKAHASHI Masayoshi, GOTOU Yuuzou
# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
# reserved.
#
# $IPR: httpauth.rb,v 1.14 2003/07/22 19:20:42 gotoyuzo Exp $

require 'webrick/httpauth/basicauth'
require 'webrick/httpauth/digestauth'
require 'webrick/httpauth/htpasswd'
require 'webrick/httpauth/htdigest'
require 'webrick/httpauth/htgroup'

module WEBrick

##
  # HTTPAuth provides both basic and digest authentication.
  #
  # To enable authentication for requests in WEBrick you will need a user
  # database and an authenticator.  To start, here's an Htpasswd database for
  # use with a DigestAuth authenticator:
  #
  #   config = { :Realm => 'DigestAuth example realm' }
  #
  #   htpasswd = WEBrick::HTTPAuth::Htpasswd.new 'my_password_file'
  #   htpasswd.auth_type = WEBrick::HTTPAuth::DigestAuth
  #   htpasswd.set_passwd config[:Realm], 'username', 'password'
  #   htpasswd.flush
  #
  # The +:Realm+ is used to provide different access to different groups
  # across several resources on a server.  Typically you'll need only one
  # realm for a server.
  #
  # This database can be used to create an authenticator:
  #
  #   config[:UserDB] = htpasswd
  #
  #   digest_auth = WEBrick::HTTPAuth::DigestAuth.new config
  #
  # To authenticate a request call #authenticate with a request and response
  # object in a servlet:
  #
  #   def do_GET req, res
  #     @authenticator.authenticate req, res
  #   end
  #
  # For digest authentication the authenticator must not be created every
  # request, it must be passed in as an option via WEBrick::HTTPServer#mount.

module HTTPAuth
    module_function

def _basic_auth(req, res, realm, req_field, res_field, err_type,
                    block) # :nodoc:
      user = pass = nil
      if /^Basic\s+(.*)/o =~ req[req_field]
        userpass = $1
        user, pass = userpass.unpack("m*")[0].split(":", 2)
      end
      if block.call(user, pass)
        req.user = user
        return
      end
      res[res_field] = "Basic realm=\"#{realm}\""
      raise err_type
    end

##
    # Simple wrapper for providing basic authentication for a request.  When
    # called with a request +req+, response +res+, authentication +realm+ and
    # +block+ the block will be called with a +username+ and +password+.  If
    # the block returns true the request is allowed to continue, otherwise an
    # HTTPStatus::Unauthorized error is raised.

def basic_auth(req, res, realm, &block) # :yield: username, password
      _basic_auth(req, res, realm, "Authorization", "WWW-Authenticate",
                  HTTPStatus::Unauthorized, block)
    end

##
    # Simple wrapper for providing basic authentication for a proxied request.
    # When called with a request +req+, response +res+, authentication +realm+
    # and +block+ the block will be called with a +username+ and +password+.
    # If the block returns true the request is allowed to continue, otherwise
    # an HTTPStatus::ProxyAuthenticationRequired error is raised.

def proxy_basic_auth(req, res, realm, &block) # :yield: username, password
      _basic_auth(req, res, realm, "Proxy-Authorization", "Proxy-Authenticate",
                  HTTPStatus::ProxyAuthenticationRequired, block)
    end
  end
end