method

check_nonce

Ruby latest stable (v2_5_5) - 0 notes - Class: WEBrick::HTTPAuth::DigestAuth

Method deprecated or moved

This method is deprecated or moved on the latest stable version. The last existing version (v1_9_3_392) is shown here.

These similar methods exist in v2_5_5:

OpenSSL::OCSP::Request#check_nonce

check_nonce(req, auth_req) private

No documentation

This method has no description. You can help the Ruby community by adding new notes.

Hide source

# File lib/webrick/httpauth/digestauth.rb, line 304
      def check_nonce(req, auth_req)
        username = auth_req['username']
        nonce = auth_req['nonce']

        pub_time, pk = nonce.unpack("m*")[0].split(":", 2)
        if (!pub_time || !pk)
          error("%s: empty nonce is given", username)
          return false
        elsif (hexdigest(pub_time, @instance_key)[0,32] != pk)
          error("%s: invalid private-key: %s for %s",
                username, hexdigest(pub_time, @instance_key)[0,32], pk)
          return false
        end

        diff_time = req.request_time.to_i - pub_time.to_i
        if (diff_time < 0)
          error("%s: difference of time-stamp is negative.", username)
          return false
        elsif diff_time > @nonce_expire_period
          error("%s: nonce is expired.", username)
          return false
        end

        return true
      end

check_nonce

Related methods

Method deprecated or moved

No documentation

Flowdock - Team Inbox With Chat