Remove Rack::Auth::Digest (#2361)

ninoseki · web-flow · commit 4753f67bd342 · 2023-10-25T14:29:42.000-04:00
* Remove Rack::Auth::Digest

* Update README.md to remove digest auth

* Update UPGRADING and CHANGELOG

* Fix typo

* Bump the version up to 2.0.0

* Quote the class name

* Update Stable Release version
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,10 +1,11 @@
-### 1.9.0 (Next)
+### 2.0.0 (Next)
 
 #### Features
 
 * [#2353](https://github.com/ruby-grape/grape/pull/2353): Added Rails 7.1 support - [@ericproulx](https://github.com/ericproulx).
 * [#2355](https://github.com/ruby-grape/grape/pull/2355): Set response headers based on Rack version - [@schinery](https://github.com/schinery).
 * [#2360](https://github.com/ruby-grape/grape/pull/2360): Reduce gem size by removing specs - [@ericproulx](https://github.com/ericproulx).
+* [#2361](https://github.com/ruby-grape/grape/pull/2361): Remove `Rack::Auth::Digest` - [@ninoseki](https://github.com/ninoseki).
 * Your contribution here.
   
 #### Fixes
diff --git a/README.md b/README.md
@@ -115,7 +115,7 @@
   - [Active Model Serializers](#active-model-serializers)
 - [Sending Raw or No Data](#sending-raw-or-no-data)
 - [Authentication](#authentication)
-  - [Basic and Digest Auth](#basic-and-digest-auth)
+  - [Basic Auth](#basic-auth)
   - [Register custom middleware for authentication](#register-custom-middleware-for-authentication)
 - [Describing and Inspecting an API](#describing-and-inspecting-an-api)
 - [Current Route and Endpoint](#current-route-and-endpoint)
@@ -160,7 +160,7 @@ content negotiation, versioning and much more.
 
 ## Stable Release
 
-You're reading the documentation for the next release of Grape, which should be **1.9.0**.
+You're reading the documentation for the next release of Grape, which should be **2.0.0**.
 Please read [UPGRADING](UPGRADING.md) when upgrading from a previous version.
 The current stable release is [1.8.0](https://github.com/ruby-grape/grape/blob/v1.8.0/README.md).
 
@@ -3422,9 +3422,9 @@ end
 
 ## Authentication
 
-### Basic and Digest Auth
+### Basic Auth
 
-Grape has built-in Basic and Digest authentication (the given `block`
+Grape has built-in Basic authentication (the given `block`
 is executed in the context of the current `Endpoint`).  Authentication
 applies to the current namespace and any children, but not parents.
 
@@ -3435,20 +3435,6 @@ http_basic do |username, password|
 end
 ```
 
-Digest auth supports clear-text passwords and password hashes.
-
-```ruby
-http_digest({ realm: 'Test Api', opaque: 'app secret' }) do |username|
-  # lookup the user's password here
-end
-```
-
-```ruby
-http_digest(realm: { realm: 'Test Api', opaque: 'app secret', passwords_hashed: true }) do |username|
-  # lookup the user's password hash here
-end
-```
-
 ### Register custom middleware for authentication
 
 Grape can use custom Middleware for authentication. How to implement these
diff --git a/UPGRADING.md b/UPGRADING.md
@@ -1,7 +1,7 @@
 Upgrading Grape
 ===============
 
-### Upgrading to >= 1.9.0
+### Upgrading to >= 2.0.0
 
 #### Headers
 
@@ -30,6 +30,12 @@ end
 
 See [#2355](https://github.com/ruby-grape/grape/pull/2355) for more information.
 
+#### Digest auth deprecation
+
+Digest auth has been removed along with the deprecation of `Rack::Auth::Digest` in Rack 3.
+
+See [#2294](https://github.com/ruby-grape/grape/issues/2294) for more information.
+
 ### Upgrading to >= 1.7.0
 
 #### Exceptions renaming
diff --git a/lib/grape.rb b/lib/grape.rb
@@ -5,7 +5,6 @@
 require 'rack/builder'
 require 'rack/accept'
 require 'rack/auth/basic'
-require 'rack/auth/digest/md5'
 require 'set'
 require 'bigdecimal'
 require 'date'
diff --git a/lib/grape/middleware/auth/strategies.rb b/lib/grape/middleware/auth/strategies.rb
@@ -12,8 +12,7 @@ def add(label, strategy, option_fetcher = ->(_) { [] })
 
         def auth_strategies
           @auth_strategies ||= {
-            http_basic: StrategyInfo.new(Rack::Auth::Basic, ->(settings) { [settings[:realm]] }),
-            http_digest: StrategyInfo.new(Rack::Auth::Digest::MD5, ->(settings) { [settings[:realm], settings[:opaque]] })
+            http_basic: StrategyInfo.new(Rack::Auth::Basic, ->(settings) { [settings[:realm]] })
           }
         end
 
diff --git a/lib/grape/version.rb b/lib/grape/version.rb
@@ -2,5 +2,5 @@
 
 module Grape
   # The current version of Grape.
-  VERSION = '1.9.0'
+  VERSION = '2.0.0'
 end
diff --git a/spec/grape/middleware/auth/strategies_spec.rb b/spec/grape/middleware/auth/strategies_spec.rb
@@ -29,92 +29,4 @@ def app
       expect(last_response.status).to eq(401)
     end
   end
-
-  context 'Digest MD5 Auth' do
-    RSpec::Matchers.define :be_challenge do
-      match do |actual_response|
-        actual_response.status == 401 &&
-          actual_response['WWW-Authenticate'].start_with?('Digest ') &&
-          actual_response.body.empty?
-      end
-    end
-
-    module StrategiesSpec
-      class PasswordHashed < Grape::API
-        http_digest(realm: { realm: 'Test Api', opaque: 'secret', passwords_hashed: true }) do |username|
-          { 'foo' => Digest::MD5.hexdigest(['foo', 'Test Api', 'bar'].join(':')) }[username]
-        end
-
-        get '/test' do
-          [{ hey: 'you' }, { there: 'bar' }, { foo: 'baz' }]
-        end
-      end
-
-      class PasswordIsNotHashed < Grape::API
-        http_digest(realm: 'Test Api', opaque: 'secret') do |username|
-          { 'foo' => 'bar' }[username]
-        end
-
-        get '/test' do
-          [{ hey: 'you' }, { there: 'bar' }, { foo: 'baz' }]
-        end
-      end
-    end
-
-    context 'when password is hashed' do
-      def app
-        StrategiesSpec::PasswordHashed
-      end
-
-      it 'is a digest authentication challenge' do
-        get '/test'
-        expect(last_response).to be_challenge
-      end
-
-      it 'throws a 401 if no auth is given' do
-        get '/test'
-        expect(last_response.status).to eq(401)
-      end
-
-      it 'authenticates if given valid creds' do
-        digest_authorize 'foo', 'bar'
-        get '/test'
-        expect(last_response.status).to eq(200)
-      end
-
-      it 'throws a 401 if given invalid creds' do
-        digest_authorize 'bar', 'foo'
-        get '/test'
-        expect(last_response.status).to eq(401)
-      end
-    end
-
-    context 'when password is not hashed' do
-      def app
-        StrategiesSpec::PasswordIsNotHashed
-      end
-
-      it 'is a digest authentication challenge' do
-        get '/test'
-        expect(last_response).to be_challenge
-      end
-
-      it 'throws a 401 if no auth is given' do
-        get '/test'
-        expect(last_response.status).to eq(401)
-      end
-
-      it 'authenticates if given valid creds' do
-        digest_authorize 'foo', 'bar'
-        get '/test'
-        expect(last_response.status).to eq(200)
-      end
-
-      it 'throws a 401 if given invalid creds' do
-        digest_authorize 'bar', 'foo'
-        get '/test'
-        expect(last_response.status).to eq(401)
-      end
-    end
-  end
 end

Original file line number	Diff line number	Diff line change
`@@ -12,8 +12,7 @@ def add(label, strategy, option_fetcher = ->(_) { [] })`
`12`	`12`
`13`	`13`	`def auth_strategies`
`14`	`14`	`@auth_strategies \|\|= {`
`15`		`- http_basic: StrategyInfo.new(Rack::Auth::Basic, ->(settings) { [settings[:realm]] }),`
`16`		`- http_digest: StrategyInfo.new(Rack::Auth::Digest::MD5, ->(settings) { [settings[:realm], settings[:opaque]] })`
	`15`	`+ http_basic: StrategyInfo.new(Rack::Auth::Basic, ->(settings) { [settings[:realm]] })`
`17`	`16`	`}`
`18`	`17`	`end`
`19`	`18`