You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2011/10/29 21:38:39 UTC

git commit: Redirect on a failed login attempt.

Updated Branches:
  refs/heads/master 9f53704af -> 6621c5317


Redirect on a failed login attempt.

Closes COUCHDB-846

Patch by Matt Cooley and Simon Leblanc.


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6621c531
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6621c531
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6621c531

Branch: refs/heads/master
Commit: 6621c53173942c547c3e5efca2155c294ed98f77
Parents: 9f53704
Author: Jan Lehnardt <ja...@apache.org>
Authored: Sat Oct 29 21:36:12 2011 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Sat Oct 29 21:38:27 2011 +0200

----------------------------------------------------------------------
 THANKS                               |    4 +++-
 share/www/script/test/cookie_auth.js |   21 ++++++++++++---------
 src/couchdb/couch_httpd_auth.erl     |    8 +++++++-
 3 files changed, 22 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/6621c531/THANKS
----------------------------------------------------------------------
diff --git a/THANKS b/THANKS
index 714c224..d43659d 100644
--- a/THANKS
+++ b/THANKS
@@ -90,6 +90,8 @@ suggesting improvements or submitting changes. Some of these people are:
  * Christopher Bonhage <qu...@me.com>
  * Christian Carter <cd...@gmail.com>
  * Lukasz Mielicki <mi...@gmail.com>
- * Omar Yasin <om...@gmail.com>
+ * Omar Yasin <omarkj@gmail.com
+ * Matt Cooley <ma...@mattcooley.net>
+ * Simon Leblanc <si...@gmail.com>
 
 For a list of authors see the `AUTHORS` file.

http://git-wip-us.apache.org/repos/asf/couchdb/blob/6621c531/share/www/script/test/cookie_auth.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/cookie_auth.js b/share/www/script/test/cookie_auth.js
index 8ad993c..9d98fff 100644
--- a/share/www/script/test/cookie_auth.js
+++ b/share/www/script/test/cookie_auth.js
@@ -136,21 +136,24 @@ couchTests.cookie_auth = function(debug) {
        // a failed login attempt should log you out
        T(CouchDB.session().userCtx.name != 'Jason Davies');
 
-       // test redirect
+       // test redirect on success
        xhr = CouchDB.request("POST", "/_session?next=/", {
          headers: {"Content-Type": "application/x-www-form-urlencoded"},
          body: "name=Jason%20Davies&password="+encodeURIComponent(password)
        });
-       // should this be a redirect code instead of 200?
-       // The cURL adapter is returning the expected 302 here.
-       // I imagine this has to do with whether the client is willing
-       // to follow the redirect, ie, the browser follows and does a
-       // GET on the returned Location
+       // the browser should transparently follow the redirect and GET the server root (/)
+       // see http://dev.w3.org/2006/webapi/XMLHttpRequest/#infrastructure-for-the-send-method
+       if (xhr.status == 200) {
+         T(/Welcome/.test(xhr.responseText))
+       }
+
+       // test redirect on fail
+       xhr = CouchDB.request("POST", "/_session?fail=/", {
+         headers: {"Content-Type": "application/x-www-form-urlencoded"},
+         body: "name=Jason%20Davies&password=foobar"
+       });
        if (xhr.status == 200) {
          T(/Welcome/.test(xhr.responseText));
-       } else {
-         T(xhr.status == 302);
-         T(xhr.getResponseHeader("Location"));
        }
 
       // test users db validations

http://git-wip-us.apache.org/repos/asf/couchdb/blob/6621c531/src/couchdb/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 43e8378..bdfc15f 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -294,7 +294,13 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq}=Req) ->
         _Else ->
             % clear the session
             Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)),
-            send_json(Req, 401, [Cookie], {[{error, <<"unauthorized">>},{reason, <<"Name or password is incorrect.">>}]})
+            {Code, Headers} = case couch_httpd:qs_value(Req, "fail", nil) of
+                nil ->
+                    {401, [Cookie]};
+                Redirect ->
+                    {302, [Cookie, {"Location", couch_httpd:absolute_uri(Req, Redirect)}]}
+            end,
+            send_json(Req, Code, Headers, {[{error, <<"unauthorized">>},{reason, <<"Name or password is incorrect.">>}]})
     end;
 % get user info
 % GET /_session