You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by va...@apache.org on 2018/01/26 16:06:17 UTC
[couchdb] branch master updated: Hide Auth information in
replication document for reader - don't display credential information for
user who just wants to check replication status. In basic authentication,
the credential information is available in header field of doc
This is an automated email from the ASF dual-hosted git repository.
vatamane pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/couchdb.git
The following commit(s) were added to refs/heads/master by this push:
new 4e35b36 Hide Auth information in replication document for reader - don't display credential information for user who just wants to check replication status. In basic authentication, the credential information is available in header field of doc
4e35b36 is described below
commit 4e35b36f5d089f8dd567033f3b1db1cc846c7b14
Author: jiangphcn <ji...@cn.ibm.com>
AuthorDate: Thu Jan 25 13:49:46 2018 +0800
Hide Auth information in replication document for reader
- don't display credential information for user who
just wants to check replication status. In basic authentication,
the credential information is available in header field of doc
---
src/couch_replicator/src/couch_replicator_docs.erl | 32 +++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git a/src/couch_replicator/src/couch_replicator_docs.erl b/src/couch_replicator/src/couch_replicator_docs.erl
index 6666cba..1fe91ec 100644
--- a/src/couch_replicator/src/couch_replicator_docs.erl
+++ b/src/couch_replicator/src/couch_replicator_docs.erl
@@ -695,7 +695,8 @@ strip_credentials(Url) when is_binary(Url) ->
"http\\1://\\2",
[{return, binary}]);
strip_credentials({Props}) ->
- {lists:keydelete(<<"oauth">>, 1, Props)}.
+ Props1 = lists:keydelete(<<"oauth">>, 1, Props),
+ {lists:keydelete(<<"headers">>, 1, Props1)}.
error_reason({shutdown, Error}) ->
@@ -761,4 +762,33 @@ check_convert_options_fail_test() ->
?assertThrow({bad_request, _},
convert_options([{<<"selector">>, [{key, value}]}])).
+check_strip_credentials_test() ->
+ [?assertEqual(Expected, strip_credentials(Body)) || {Expected, Body} <- [
+ {
+ undefined,
+ undefined
+ },
+ {
+ <<"https://remote_server/database">>,
+ <<"https://foo:bar@remote_server/database">>
+ },
+ {
+ {[{<<"_id">>, <<"foo">>}]},
+ {[{<<"_id">>, <<"foo">>}, {<<"oauth">>, <<"bar">>}]}
+ },
+ {
+ {[{<<"_id">>, <<"foo">>}]},
+ {[{<<"_id">>, <<"foo">>}, {<<"headers">>, <<"bar">>}]}
+ },
+ {
+ {[{<<"_id">>, <<"foo">>}, {<<"other">>, <<"bar">>}]},
+ {[{<<"_id">>, <<"foo">>}, {<<"other">>, <<"bar">>}]}
+ },
+ {
+ {[{<<"_id">>, <<"foo">>}]},
+ {[{<<"_id">>, <<"foo">>}, {<<"oauth">>, <<"bar">>},
+ {<<"headers">>, <<"baz">>}]}
+ }
+ ]].
+
-endif.
--
To stop receiving notification emails like this one, please contact
vatamane@apache.org.