16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# File 'lib/sentiero/web/basic_auth_check.rb', line 16
def authorized?(env, creds)
return false if credentials_blank?(creds)
= env["HTTP_AUTHORIZATION"]
return false unless
scheme, encoded = .split(" ", 2)
return false unless scheme&.downcase == "basic" && encoded
begin
decoded = encoded.unpack1("m0")
rescue ArgumentError
return false
end
user, password = decoded.split(":", 2)
return false if user.nil? || password.nil?
user_ok = Rack::Utils.secure_compare(user, creds[:user].to_s)
pass_ok = Rack::Utils.secure_compare(password, creds[:password].to_s)
user_ok && pass_ok
end
|