You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by va...@apache.org on 2018/01/26 16:06:17 UTC

[couchdb] branch master updated: Hide Auth information in replication document for reader - don't display credential information for user who just wants to check replication status. In basic authentication, the credential information is available in header field of doc

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb.git


The following commit(s) were added to refs/heads/master by this push:
     new 4e35b36  Hide Auth information in replication document for reader   - don't display credential information for user who   just wants to check replication status. In basic authentication,   the credential information is available in header field of doc
4e35b36 is described below

commit 4e35b36f5d089f8dd567033f3b1db1cc846c7b14
Author: jiangphcn <ji...@cn.ibm.com>
AuthorDate: Thu Jan 25 13:49:46 2018 +0800

    Hide Auth information in replication document for reader
      - don't display credential information for user who
      just wants to check replication status. In basic authentication,
      the credential information is available in header field of doc
---
 src/couch_replicator/src/couch_replicator_docs.erl | 32 +++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/couch_replicator/src/couch_replicator_docs.erl b/src/couch_replicator/src/couch_replicator_docs.erl
index 6666cba..1fe91ec 100644
--- a/src/couch_replicator/src/couch_replicator_docs.erl
+++ b/src/couch_replicator/src/couch_replicator_docs.erl
@@ -695,7 +695,8 @@ strip_credentials(Url) when is_binary(Url) ->
         "http\\1://\\2",
         [{return, binary}]);
 strip_credentials({Props}) ->
-    {lists:keydelete(<<"oauth">>, 1, Props)}.
+    Props1 = lists:keydelete(<<"oauth">>, 1, Props),
+    {lists:keydelete(<<"headers">>, 1, Props1)}.
 
 
 error_reason({shutdown, Error}) ->
@@ -761,4 +762,33 @@ check_convert_options_fail_test() ->
     ?assertThrow({bad_request, _},
         convert_options([{<<"selector">>, [{key, value}]}])).
 
+check_strip_credentials_test() ->
+    [?assertEqual(Expected, strip_credentials(Body)) || {Expected, Body} <- [
+        {
+            undefined,
+            undefined
+        },
+        {
+            <<"https://remote_server/database">>,
+            <<"https://foo:bar@remote_server/database">>
+        },
+        {
+            {[{<<"_id">>, <<"foo">>}]},
+            {[{<<"_id">>, <<"foo">>}, {<<"oauth">>, <<"bar">>}]}
+        },
+        {
+            {[{<<"_id">>, <<"foo">>}]},
+            {[{<<"_id">>, <<"foo">>}, {<<"headers">>, <<"bar">>}]}
+        },
+        {
+            {[{<<"_id">>, <<"foo">>}, {<<"other">>, <<"bar">>}]},
+            {[{<<"_id">>, <<"foo">>}, {<<"other">>, <<"bar">>}]}
+        },
+        {
+            {[{<<"_id">>, <<"foo">>}]},
+            {[{<<"_id">>, <<"foo">>}, {<<"oauth">>, <<"bar">>},
+                {<<"headers">>, <<"baz">>}]}
+        }
+    ]].
+
 -endif.

-- 
To stop receiving notification emails like this one, please contact
vatamane@apache.org.