You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2010/01/12 20:29:24 UTC
svn commit: r898477 - in /couchdb/trunk: src/couchdb/couch_httpd_auth.erl
src/couchdb/couch_util.erl src/erlang-oauth/oauth_hmac_sha1.erl
src/erlang-oauth/oauth_plaintext.erl test/etap/040-util.t
Author: jasondavies
Date: Tue Jan 12 19:29:23 2010
New Revision: 898477
URL: http://svn.apache.org/viewvc?rev=898477&view=rev
Log:
Add utility for verifying hashes.
Modified:
couchdb/trunk/src/couchdb/couch_httpd_auth.erl
couchdb/trunk/src/couchdb/couch_util.erl
couchdb/trunk/src/erlang-oauth/oauth_hmac_sha1.erl
couchdb/trunk/src/erlang-oauth/oauth_plaintext.erl
couchdb/trunk/test/etap/040-util.t
Modified: couchdb/trunk/src/couchdb/couch_httpd_auth.erl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_httpd_auth.erl?rev=898477&r1=898476&r2=898477&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_httpd_auth.erl (original)
+++ couchdb/trunk/src/couchdb/couch_httpd_auth.erl Tue Jan 12 19:29:23 2010
@@ -71,8 +71,9 @@
UserProps ->
UserSalt = proplists:get_value(<<"salt">>, UserProps, <<>>),
PasswordHash = hash_password(?l2b(Pass), UserSalt),
- case proplists:get_value(<<"password_sha">>, UserProps, nil) of
- ExpectedHash when ExpectedHash == PasswordHash ->
+ ExpectedHash = proplists:get_value(<<"password_sha">>, UserProps, nil),
+ case couch_util:verify(ExpectedHash, PasswordHash) of
+ true ->
Req#httpd{user_ctx=#user_ctx{
name=?l2b(User),
roles=proplists:get_value(<<"roles">>, UserProps, []),
@@ -268,15 +269,19 @@
Timeout = to_int(couch_config:get("couch_httpd_auth", "timeout", 600)),
?LOG_DEBUG("timeout ~p", [Timeout]),
case (catch erlang:list_to_integer(TimeStr, 16)) of
- TimeStamp when CurrentTime < TimeStamp + Timeout
- andalso ExpectedHash == Hash ->
- TimeLeft = TimeStamp + Timeout - CurrentTime,
- ?LOG_DEBUG("Successful cookie auth as: ~p", [User]),
- Req#httpd{user_ctx=#user_ctx{
- name=?l2b(User),
- roles=proplists:get_value(<<"roles">>, UserProps, []),
- user_doc=proplists:get_value(<<"user_doc">>, UserProps, null)
- }, auth={FullSecret, TimeLeft < Timeout*0.9}};
+ TimeStamp when CurrentTime < TimeStamp + Timeout ->
+ case couch_util:verify(ExpectedHash, Hash) of
+ true ->
+ TimeLeft = TimeStamp + Timeout - CurrentTime,
+ ?LOG_DEBUG("Successful cookie auth as: ~p", [User]),
+ Req#httpd{user_ctx=#user_ctx{
+ name=?l2b(User),
+ roles=proplists:get_value(<<"roles">>, UserProps, []),
+ user_doc=proplists:get_value(<<"user_doc">>, UserProps, null)
+ }, auth={FullSecret, TimeLeft < Timeout*0.9}};
+ _Else ->
+ Req
+ end;
_Else ->
Req
end
@@ -344,8 +349,9 @@
end,
UserSalt = proplists:get_value(<<"salt">>, User, <<>>),
PasswordHash = hash_password(Password, UserSalt),
- case proplists:get_value(<<"password_sha">>, User, nil) of
- ExpectedHash when ExpectedHash == PasswordHash ->
+ ExpectedHash = proplists:get_value(<<"password_sha">>, User, nil),
+ case couch_util:verify(ExpectedHash, PasswordHash) of
+ true ->
% setup the session cookie
Secret = ?l2b(ensure_cookie_auth_secret()),
{NowMS, NowS, _} = erlang:now(),
Modified: couchdb/trunk/src/couchdb/couch_util.erl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/couchdb/couch_util.erl?rev=898477&r1=898476&r2=898477&view=diff
==============================================================================
--- couchdb/trunk/src/couchdb/couch_util.erl (original)
+++ couchdb/trunk/src/couchdb/couch_util.erl Tue Jan 12 19:29:23 2010
@@ -21,6 +21,7 @@
-export([file_read_size/1, get_nested_json_value/2, json_user_ctx/1]).
-export([to_binary/1, to_integer/1, to_list/1, url_encode/1]).
-export([json_encode/1, json_decode/1]).
+-export([verify/2]).
-include("couch_db.hrl").
-include_lib("kernel/include/file.hrl").
@@ -423,3 +424,19 @@
_Type:_Error ->
throw({invalid_json,V})
end.
+
+verify([X|RestX], [Y|RestY], Result) ->
+ verify(RestX, RestY, (X bxor Y) bor Result);
+verify([], [], Result) ->
+ Result == 0.
+
+verify(<<X/binary>>, <<Y/binary>>) ->
+ verify(?b2l(X), ?b2l(Y));
+verify(X, Y) when is_list(X) and is_list(Y) ->
+ case length(X) == length(Y) of
+ true ->
+ verify(X, Y, 0);
+ false ->
+ false
+ end;
+verify(_X, _Y) -> false.
Modified: couchdb/trunk/src/erlang-oauth/oauth_hmac_sha1.erl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/erlang-oauth/oauth_hmac_sha1.erl?rev=898477&r1=898476&r2=898477&view=diff
==============================================================================
--- couchdb/trunk/src/erlang-oauth/oauth_hmac_sha1.erl (original)
+++ couchdb/trunk/src/erlang-oauth/oauth_hmac_sha1.erl Tue Jan 12 19:29:23 2010
@@ -8,4 +8,4 @@
base64:encode_to_string(crypto:sha_mac(Key, BaseString)).
verify(Signature, BaseString, CS, TS) ->
- Signature =:= signature(BaseString, CS, TS).
+ couch_util:verify(signature(BaseString, CS, TS), Signature).
Modified: couchdb/trunk/src/erlang-oauth/oauth_plaintext.erl
URL: http://svn.apache.org/viewvc/couchdb/trunk/src/erlang-oauth/oauth_plaintext.erl?rev=898477&r1=898476&r2=898477&view=diff
==============================================================================
--- couchdb/trunk/src/erlang-oauth/oauth_plaintext.erl (original)
+++ couchdb/trunk/src/erlang-oauth/oauth_plaintext.erl Tue Jan 12 19:29:23 2010
@@ -7,4 +7,4 @@
oauth_uri:calate("&", [CS, TS]).
verify(Signature, CS, TS) ->
- Signature =:= signature(CS, TS).
+ couch_util:verify(signature(CS, TS), Signature).
Modified: couchdb/trunk/test/etap/040-util.t
URL: http://svn.apache.org/viewvc/couchdb/trunk/test/etap/040-util.t?rev=898477&r1=898476&r2=898477&view=diff
==============================================================================
--- couchdb/trunk/test/etap/040-util.t (original)
+++ couchdb/trunk/test/etap/040-util.t Tue Jan 12 19:29:23 2010
@@ -17,7 +17,7 @@
test_util:init_code_path(),
application:start(crypto),
- etap:plan(11),
+ etap:plan(16),
case (catch test()) of
ok ->
etap:end_tests();
@@ -88,4 +88,16 @@
etap:ok(not couch_util:should_flush(),
"Checking to flush invokes GC."),
+ % verify
+ etap:is(true, couch_util:verify("It4Vooya", "It4Vooya"),
+ "String comparison."),
+ etap:is(false, couch_util:verify("It4VooyaX", "It4Vooya"),
+ "String comparison (unequal lengths)."),
+ etap:is(true, couch_util:verify(<<"ahBase3r">>, <<"ahBase3r">>),
+ "Binary comparison."),
+ etap:is(false, couch_util:verify(<<"ahBase3rX">>, <<"ahBase3r">>),
+ "Binary comparison (unequal lengths)."),
+ etap:is(false, couch_util:verify(nil, <<"ahBase3r">>),
+ "Binary comparison with atom."),
+
ok.