You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by va...@apache.org on 2019/09/12 16:56:45 UTC

[couchdb] branch mask-auth-field-on-non-owner-read created (now 24b8c3b)

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a change to branch mask-auth-field-on-non-owner-read
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


      at 24b8c3b  Improve credential stripping for replication document reads

This branch includes the following new commits:

     new 24b8c3b  Improve credential stripping for replication document reads

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb] 01/01: Improve credential stripping for replication document reads

Posted by va...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a commit to branch mask-auth-field-on-non-owner-read
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 24b8c3bc81aeb2fad1a6734bde118a6ecd3b544f
Author: Nick Vatamaniuc <va...@apache.org>
AuthorDate: Thu Sep 12 12:53:30 2019 -0400

    Improve credential stripping for replication document reads
    
    Allow a special field for plugin writers to stash endpoint credentials, which
    gets the same treatment as headers and user:pass combinations for already
    existing plugins (session, noop aka basic auth).
    
    Instead of complicating the plugin API, use a simpler convenction of just
    calling it "auth" for now.
---
 src/couch_replicator/src/couch_replicator_auth.erl |  6 ++++++
 src/couch_replicator/src/couch_replicator_docs.erl | 12 ++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/couch_replicator/src/couch_replicator_auth.erl b/src/couch_replicator/src/couch_replicator_auth.erl
index 7f51cdd..272e10a 100644
--- a/src/couch_replicator/src/couch_replicator_auth.erl
+++ b/src/couch_replicator/src/couch_replicator_auth.erl
@@ -33,6 +33,12 @@
 
 % Behavior API
 
+% Note for plugin developers: consider using the "auth" field in the source and
+% target objects to store credentials. In that case non-owner and non-admin
+% users will have those credentials stripped when they read the replication
+% document, which mimicks the behavior for "headers" and user and pass fields
+% in endpoint URLs".
+
 -callback initialize(#httpdb{}) ->
     {ok, #httpdb{}, term()} | {error, term()} | ignore.
 
diff --git a/src/couch_replicator/src/couch_replicator_docs.erl b/src/couch_replicator/src/couch_replicator_docs.erl
index 2d6db1b..81685cd 100644
--- a/src/couch_replicator/src/couch_replicator_docs.erl
+++ b/src/couch_replicator/src/couch_replicator_docs.erl
@@ -683,8 +683,12 @@ strip_credentials(Url) when is_binary(Url) ->
         "http(s)?://(?:[^:]+):[^@]+@(.*)$",
         "http\\1://\\2",
         [{return, binary}]);
-strip_credentials({Props}) ->
-    {lists:keydelete(<<"headers">>, 1, Props)}.
+strip_credentials({Props0}) ->
+    Props1 = lists:keydelete(<<"headers">>, 1, Props0),
+    % Strip "auth" just like headers, for replication plugins it can be a place
+    % to stash credential that are not necessarily in headers
+    Props2 = lists:keydelete(<<"auth">>, 1, Props1),
+    {Props2}.
 
 
 error_reason({shutdown, Error}) ->
@@ -773,6 +777,10 @@ check_strip_credentials_test() ->
         {
             {[{<<"_id">>, <<"foo">>}]},
             {[{<<"_id">>, <<"foo">>}, {<<"headers">>, <<"baz">>}]}
+        },
+        {
+            {[{<<"_id">>, <<"foo">>}]},
+            {[{<<"_id">>, <<"foo">>}, {<<"auth">>, <<"pluginsecret">>}]}
         }
     ]].