You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2011/10/29 21:38:39 UTC
git commit: Redirect on a failed login attempt.
Updated Branches:
refs/heads/master 9f53704af -> 6621c5317
Redirect on a failed login attempt.
Closes COUCHDB-846
Patch by Matt Cooley and Simon Leblanc.
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/6621c531
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/6621c531
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/6621c531
Branch: refs/heads/master
Commit: 6621c53173942c547c3e5efca2155c294ed98f77
Parents: 9f53704
Author: Jan Lehnardt <ja...@apache.org>
Authored: Sat Oct 29 21:36:12 2011 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Sat Oct 29 21:38:27 2011 +0200
----------------------------------------------------------------------
THANKS | 4 +++-
share/www/script/test/cookie_auth.js | 21 ++++++++++++---------
src/couchdb/couch_httpd_auth.erl | 8 +++++++-
3 files changed, 22 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/6621c531/THANKS
----------------------------------------------------------------------
diff --git a/THANKS b/THANKS
index 714c224..d43659d 100644
--- a/THANKS
+++ b/THANKS
@@ -90,6 +90,8 @@ suggesting improvements or submitting changes. Some of these people are:
* Christopher Bonhage <qu...@me.com>
* Christian Carter <cd...@gmail.com>
* Lukasz Mielicki <mi...@gmail.com>
- * Omar Yasin <om...@gmail.com>
+ * Omar Yasin <omarkj@gmail.com
+ * Matt Cooley <ma...@mattcooley.net>
+ * Simon Leblanc <si...@gmail.com>
For a list of authors see the `AUTHORS` file.
http://git-wip-us.apache.org/repos/asf/couchdb/blob/6621c531/share/www/script/test/cookie_auth.js
----------------------------------------------------------------------
diff --git a/share/www/script/test/cookie_auth.js b/share/www/script/test/cookie_auth.js
index 8ad993c..9d98fff 100644
--- a/share/www/script/test/cookie_auth.js
+++ b/share/www/script/test/cookie_auth.js
@@ -136,21 +136,24 @@ couchTests.cookie_auth = function(debug) {
// a failed login attempt should log you out
T(CouchDB.session().userCtx.name != 'Jason Davies');
- // test redirect
+ // test redirect on success
xhr = CouchDB.request("POST", "/_session?next=/", {
headers: {"Content-Type": "application/x-www-form-urlencoded"},
body: "name=Jason%20Davies&password="+encodeURIComponent(password)
});
- // should this be a redirect code instead of 200?
- // The cURL adapter is returning the expected 302 here.
- // I imagine this has to do with whether the client is willing
- // to follow the redirect, ie, the browser follows and does a
- // GET on the returned Location
+ // the browser should transparently follow the redirect and GET the server root (/)
+ // see http://dev.w3.org/2006/webapi/XMLHttpRequest/#infrastructure-for-the-send-method
+ if (xhr.status == 200) {
+ T(/Welcome/.test(xhr.responseText))
+ }
+
+ // test redirect on fail
+ xhr = CouchDB.request("POST", "/_session?fail=/", {
+ headers: {"Content-Type": "application/x-www-form-urlencoded"},
+ body: "name=Jason%20Davies&password=foobar"
+ });
if (xhr.status == 200) {
T(/Welcome/.test(xhr.responseText));
- } else {
- T(xhr.status == 302);
- T(xhr.getResponseHeader("Location"));
}
// test users db validations
http://git-wip-us.apache.org/repos/asf/couchdb/blob/6621c531/src/couchdb/couch_httpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 43e8378..bdfc15f 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -294,7 +294,13 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq}=Req) ->
_Else ->
% clear the session
Cookie = mochiweb_cookies:cookie("AuthSession", "", [{path, "/"}] ++ cookie_scheme(Req)),
- send_json(Req, 401, [Cookie], {[{error, <<"unauthorized">>},{reason, <<"Name or password is incorrect.">>}]})
+ {Code, Headers} = case couch_httpd:qs_value(Req, "fail", nil) of
+ nil ->
+ {401, [Cookie]};
+ Redirect ->
+ {302, [Cookie, {"Location", couch_httpd:absolute_uri(Req, Redirect)}]}
+ end,
+ send_json(Req, Code, Headers, {[{error, <<"unauthorized">>},{reason, <<"Name or password is incorrect.">>}]})
end;
% get user info
% GET /_session