You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by rn...@apache.org on 2013/04/23 15:43:09 UTC
[4/5] git commit: updated refs/heads/1.3.x to 9d41ea8
Make cardinality of result explicit, remove join hacks
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/9d41ea8a
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/9d41ea8a
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/9d41ea8a
Branch: refs/heads/1.3.x
Commit: 9d41ea8a474668f3d3f0c5d1fcdb13a77881c2b8
Parents: bd0342d
Author: Robert Newson <rn...@apache.org>
Authored: Mon Nov 19 10:55:57 2012 +0000
Committer: Robert Newson <rn...@apache.org>
Committed: Tue Apr 23 14:34:55 2013 +0100
----------------------------------------------------------------------
share/www/script/test/users_db.js | 18 ++++++++++++++++++
src/couchdb/couch_httpd_auth.erl | 14 +++++++-------
2 files changed, 25 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/9d41ea8a/share/www/script/test/users_db.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/users_db.js b/share/www/script/test/users_db.js
index 44e6c88..6c57cb0 100644
--- a/share/www/script/test/users_db.js
+++ b/share/www/script/test/users_db.js
@@ -132,6 +132,24 @@ couchTests.users_db = function(debug) {
} catch(e) {
TEquals("Character `:` is not allowed in usernames.", e.reason);
}
+
+ // test that you can login as a user with a password starting with :
+ var doc = CouchDB.prepareUserDoc({
+ name: "foo@example.org"
+ }, ":bar");
+ T(usersDb.save(doc).ok);
+
+ T(CouchDB.session().userCtx.name == null);
+
+ // test that you can use basic auth aginst the users db
+ var s = CouchDB.session({
+ headers : {
+ // base64_encode("foo@example.org::bar")
+ "Authorization" : "Basic Zm9vQGV4YW1wbGUub3JnOjpiYXI="
+ }
+ });
+ T(s.userCtx.name == "foo@example.org");
+
};
usersDb.deleteDb();
http://git-wip-us.apache.org/repos/asf/couchdb/blob/9d41ea8a/src/couchdb/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 5226a56..a967e09 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -26,7 +26,7 @@ special_test_authentication_handler(Req) ->
case header_value(Req, "WWW-Authenticate") of
"X-Couch-Test-Auth " ++ NamePass ->
% NamePass is a colon separated string: "joe schmoe:a password".
- [Name, Pass] = re:split(NamePass, ":", [{return, list}]),
+ [Name, Pass] = re:split(NamePass, ":", [{return, list}, {parts, 2}]),
case {Name, Pass} of
{"Jan Lehnardt", "apple"} -> ok;
{"Christopher Lenz", "dog food"} -> ok;
@@ -47,14 +47,13 @@ basic_name_pw(Req) ->
AuthorizationHeader = header_value(Req, "Authorization"),
case AuthorizationHeader of
"Basic " ++ Base64Value ->
- case string:tokens(?b2l(base64:decode(Base64Value)),":") of
+ case re:split(base64:decode(Base64Value), ":",
+ [{return, list}, {parts, 2}]) of
["_", "_"] ->
% special name and pass to be logged out
nil;
[User, Pass] ->
{User, Pass};
- [User | Pass] ->
- {User, string:join(Pass, ":")};
_ ->
nil
end;
@@ -158,9 +157,10 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
undefined -> Req;
[] -> Req;
Cookie ->
- [User, TimeStr | HashParts] = try
+ [User, TimeStr, HashStr] = try
AuthSession = couch_util:decodeBase64Url(Cookie),
- [_A, _B | _Cs] = re:split(?b2l(AuthSession), ":", [{return, list}])
+ [_A, _B, _Cs] = re:split(?b2l(AuthSession), ":",
+ [{return, list}, {parts, 3}])
catch
_:_Error ->
Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>,
@@ -180,7 +180,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) ->
UserSalt = couch_util:get_value(<<"salt">>, UserProps, <<"">>),
FullSecret = <<Secret/binary, UserSalt/binary>>,
ExpectedHash = crypto:sha_mac(FullSecret, User ++ ":" ++ TimeStr),
- Hash = ?l2b(string:join(HashParts, ":")),
+ Hash = ?l2b(HashStr),
Timeout = list_to_integer(
couch_config:get("couch_httpd_auth", "timeout", "600")),
?LOG_DEBUG("timeout ~p", [Timeout]),