You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by ja...@apache.org on 2016/04/25 21:26:01 UTC

[1/3] chttpd commit: updated refs/heads/master to 0a3abea

Repository: couchdb-chttpd
Updated Branches:
  refs/heads/master be1e95950 -> 0a3abeaa6


restore 1.x behaviour: user docs in conflict cannot login

Adds config option chttpd_auth/allow_conflicted_user_docs to toggle
this behaviour. The default is to not allow conflicted user docs to
log in successfully.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/9100e321
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/9100e321
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/9100e321

Branch: refs/heads/master
Commit: 9100e321d43690f448895371af83971358793a1a
Parents: 1ca8642
Author: Jan Lehnardt <ja...@apache.org>
Authored: Sun Apr 24 01:28:32 2016 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Mon Apr 25 18:29:07 2016 +0200

----------------------------------------------------------------------
 src/chttpd_auth_cache.erl | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/9100e321/src/chttpd_auth_cache.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_auth_cache.erl b/src/chttpd_auth_cache.erl
index 8a64ae7..8f0c576 100644
--- a/src/chttpd_auth_cache.erl
+++ b/src/chttpd_auth_cache.erl
@@ -48,10 +48,7 @@ get_user_creds(_Req, UserName) when is_binary(UserName) ->
 	        couch_util:get_value(<<"roles">>, UserProps))
         end
     end,
-    case Resp of
-        nil -> nil;
-        _ -> {ok, Resp, nil}
-    end.
+    maybe_validate_user_creds(Resp).
 
 update_user_creds(_Req, UserDoc, _Ctx) ->
     {_, Ref} = spawn_monitor(fun() ->
@@ -163,7 +160,7 @@ changes_callback({error, _}, EndSeq) ->
     exit({seq, EndSeq}).
 
 load_user_from_db(UserName) ->
-    try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body]) of
+    try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body, conflicts]) of
 	{ok, Doc} ->
 	    {Props} = couch_doc:to_json_obj(Doc, []),
 	    Props;
@@ -209,3 +206,28 @@ update_doc_ignoring_conflict(DbName, Doc, Options) ->
         throw:conflict ->
             ok
     end.
+
+maybe_validate_user_creds(nil) ->
+    nil;
+maybe_validate_user_creds(UserCreds) ->
+    AllowConflictedUserDocs = config:get_boolean("chttpd_auth", "allow_conflicted_user_docs", false),
+    maybe_validate_user_creds(UserCreds, AllowConflictedUserDocs).
+
+maybe_validate_user_creds(UserCreds, false) ->
+    {ok, UserCreds, nil};
+maybe_validate_user_creds(UserCreds, true) ->
+    validate_user_creds(UserCreds).
+
+% throws if UserCreds includes a _conflicts member
+% returns UserCreds otherwise
+validate_user_creds(UserCreds) ->
+    case couch_util:get_value(<<"_conflicts">>, UserCreds) of
+        undefined ->
+            ok;
+        _ConflictList ->
+            throw({unauthorized,
+                <<"User document conflicts must be resolved before the document",
+                  " is used for authentication purposes.">>
+            })
+    end,
+    {ok, UserCreds, nil}.

[3/3] chttpd commit: updated refs/heads/master to 0a3abea

Posted by ja...@apache.org.

Merge branch 'fix-users-doc-in-conflict'

* fix-users-doc-in-conflict:
  restore 1.x behaviour: user docs in conflict cannot login


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/0a3abeaa
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/0a3abeaa
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/0a3abeaa

Branch: refs/heads/master
Commit: 0a3abeaa60e1df4d0e168ea63b054114c500dd1a
Parents: 7ebddaf 9100e32
Author: Jan Lehnardt <ja...@apache.org>
Authored: Mon Apr 25 21:25:41 2016 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Mon Apr 25 21:25:41 2016 +0200

----------------------------------------------------------------------

----------------------------------------------------------------------

[2/3] chttpd commit: updated refs/heads/master to 0a3abea

Posted by ja...@apache.org.

restore 1.x behaviour: user docs in conflict cannot login

Adds config option chttpd_auth/allow_conflicted_user_docs to toggle
this behaviour. The default is to not allow conflicted user docs to
log in successfully.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/7ebddaf1
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/7ebddaf1
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/7ebddaf1

Branch: refs/heads/master
Commit: 7ebddaf1a4cd946934cc21ef891a77dcd042cdec
Parents: be1e959
Author: Jan Lehnardt <ja...@apache.org>
Authored: Mon Apr 25 21:24:58 2016 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Mon Apr 25 21:25:34 2016 +0200

----------------------------------------------------------------------
 src/chttpd_auth_cache.erl | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/7ebddaf1/src/chttpd_auth_cache.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_auth_cache.erl b/src/chttpd_auth_cache.erl
index c83a3c0..3f07adb 100644
--- a/src/chttpd_auth_cache.erl
+++ b/src/chttpd_auth_cache.erl
@@ -48,10 +48,7 @@ get_user_creds(_Req, UserName) when is_binary(UserName) ->
 	        couch_util:get_value(<<"roles">>, UserProps))
         end
     end,
-    case Resp of
-        nil -> nil;
-        _ -> {ok, Resp, nil}
-    end.
+    maybe_validate_user_creds(Resp).
 
 update_user_creds(_Req, UserDoc, _Ctx) ->
     {_, Ref} = spawn_monitor(fun() ->
@@ -163,7 +160,7 @@ changes_callback({error, _}, EndSeq) ->
     exit({seq, EndSeq}).
 
 load_user_from_db(UserName) ->
-    try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body]) of
+    try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body, conflicts]) of
 	{ok, Doc} ->
 	    {Props} = couch_doc:to_json_obj(Doc, []),
 	    Props;
@@ -212,3 +209,28 @@ update_doc_ignoring_conflict(DbName, Doc, Options) ->
         throw:conflict ->
             ok
     end.
+
+maybe_validate_user_creds(nil) ->
+    nil;
+maybe_validate_user_creds(UserCreds) ->
+    AllowConflictedUserDocs = config:get_boolean("chttpd_auth", "allow_conflicted_user_docs", false),
+    maybe_validate_user_creds(UserCreds, AllowConflictedUserDocs).
+
+maybe_validate_user_creds(UserCreds, false) ->
+    {ok, UserCreds, nil};
+maybe_validate_user_creds(UserCreds, true) ->
+    validate_user_creds(UserCreds).
+
+% throws if UserCreds includes a _conflicts member
+% returns UserCreds otherwise
+validate_user_creds(UserCreds) ->
+    case couch_util:get_value(<<"_conflicts">>, UserCreds) of
+        undefined ->
+            ok;
+        _ConflictList ->
+            throw({unauthorized,
+                <<"User document conflicts must be resolved before the document",
+                  " is used for authentication purposes.">>
+            })
+    end,
+    {ok, UserCreds, nil}.