method

check_nonce

v1_9_3_125 - Show latest stable - 0 notes - Class: WEBrick::HTTPAuth::DigestAuth

check_nonce(req, auth_req) private

No documentation

This method has no description. You can help the Ruby community by adding new notes.

# File lib/webrick/httpauth/digestauth.rb, line 304
      def check_nonce(req, auth_req)
        username = auth_req['username']
        nonce = auth_req['nonce']

        pub_time, pk = nonce.unpack("m*")[0].split(":", 2)
        if (!pub_time || !pk)
          error("%s: empty nonce is given", username)
          return false
        elsif (hexdigest(pub_time, @instance_key)[0,32] != pk)
          error("%s: invalid private-key: %s for %s",
                username, hexdigest(pub_time, @instance_key)[0,32], pk)
          return false
        end

        diff_time = req.request_time.to_i - pub_time.to_i
        if (diff_time < 0)
          error("%s: difference of time-stamp is negative.", username)
          return false
        elsif diff_time > @nonce_expire_period
          error("%s: nonce is expired.", username)
          return false
        end

        return true
      end

check_nonce

Related methods

No documentation

Flowdock - Team Inbox With Chat for Software Developers