You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2009/09/02 11:39:20 UTC
svn commit: r810436 - in /couchdb/branches/0.10.x: ./ etc/default/couchdb
share/www/script/test/cookie_auth.js src/couchdb/couch_httpd_auth.erl
Author: jan
Date: Wed Sep 2 09:39:20 2009
New Revision: 810436
URL: http://svn.apache.org/viewvc?rev=810436&view=rev
Log:
merge r810435: use the same password hash calculation for user creation via ini file and user db, patch by Benoit Chesneau, closes COUCHDB-492
Modified:
couchdb/branches/0.10.x/ (props changed)
couchdb/branches/0.10.x/etc/default/couchdb (props changed)
couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js
couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl
Propchange: couchdb/branches/0.10.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Sep 2 09:39:20 2009
@@ -3,4 +3,4 @@
/couchdb/branches/form:729440-730015
/couchdb/branches/list-iterator:782292-784593
/couchdb/branches/tail_header:775760-778477
-/couchdb/trunk:806983,807208-807478,807771,808574,808632,808716,808876,809134,810350,810358
+/couchdb/trunk:806983,807208-807478,807771,808574,808632,808716,808876,809134,809977,810015,810028,810350,810358,810435
Propchange: couchdb/branches/0.10.x/etc/default/couchdb
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Sep 2 09:39:20 2009
@@ -3,5 +3,5 @@
/couchdb/branches/form/etc/default/couchdb:729440-730015
/couchdb/branches/list-iterator/etc/default/couchdb:782292-784593
/couchdb/branches/tail_header/etc/default/couchdb:775760-778477
-/couchdb/trunk/etc/default/couchdb:806983,807208-807478,807771,808574,808632,808716,808876,809134,810350,810358
+/couchdb/trunk/etc/default/couchdb:806983,807208-807478,807771,808574,808632,808716,808876,809134,809977,810015,810028,810350,810358,810435
/incubator/couchdb/trunk/etc/default/couchdb:642419-694440
Modified: couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js
URL: http://svn.apache.org/viewvc/couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js?rev=810436&r1=810435&r2=810436&view=diff
==============================================================================
--- couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js (original)
+++ couchdb/branches/0.10.x/share/www/script/test/cookie_auth.js Wed Sep 2 09:39:20 2009
@@ -40,7 +40,7 @@
T(usersDb.save({
_id: "a1",
salt: "123",
- password_sha: "8da1CtkFvb58LWrnup5chgdZVUs=",
+ password_sha: hex_sha1(password + "123"),
username: "Jason Davies",
author: "Jason Davies",
type: "user",
Modified: couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl
URL: http://svn.apache.org/viewvc/couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl?rev=810436&r1=810435&r2=810436&view=diff
==============================================================================
--- couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl (original)
+++ couchdb/branches/0.10.x/src/couchdb/couch_httpd_auth.erl Wed Sep 2 09:39:20 2009
@@ -48,7 +48,6 @@
AuthorizationHeader = header_value(Req, "Authorization"),
case AuthorizationHeader of
"Basic " ++ Base64Value ->
- io:format("~n~nBase64Value: '~p'~n~n", [Base64Value]),
case string:tokens(?b2l(couch_util:decodeBase64(Base64Value)),":") of
[User, Pass] ->
{User, Pass};
@@ -285,6 +284,9 @@
couch_util:encodeBase64Url(SessionData ++ ":" ++ ?b2l(Hash)),
[{path, "/"}, {http_only, true}]). % TODO add {secure, true} when SSL is detected
+hash_password(Password, Salt) ->
+ ?l2b(couch_util:to_hex(crypto:sha(<<Password/binary, Salt/binary>>))).
+
% Login handler with user db
handle_login_req(#httpd{method='POST', mochi_req=MochiReq}=Req, #db{}=Db) ->
ReqBody = MochiReq:recv_body(),
@@ -301,7 +303,7 @@
Result -> Result
end,
UserSalt = proplists:get_value(<<"salt">>, User, <<>>),
- PasswordHash = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+ PasswordHash = hash_password(Password, UserSalt),
case proplists:get_value(<<"password_sha">>, User, nil) of
ExpectedHash when ExpectedHash == PasswordHash ->
Secret = ?l2b(couch_config:get("couch_httpd_auth", "secret", nil)),
@@ -380,7 +382,7 @@
end,
UserSalt = couch_util:new_uuid(),
- PasswordHash = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+ PasswordHash = hash_password(Password, UserSalt),
DocId = couch_util:new_uuid(),
{ok, UserDoc} = user_doc(DocId, UserName, UserSalt, PasswordHash, Email, Active, Roles1),
{ok, _Rev} = couch_db:update_doc(Db, UserDoc, []),
@@ -435,7 +437,7 @@
Hash = case Password of
<<>> -> CurrentPasswordHash;
_Else ->
- H = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+ H = hash_password(Password, UserSalt),
H
end,
Hash;
@@ -447,11 +449,11 @@
_P when length(OldPassword) == 0 ->
throw({forbidden, <<"Old password is incorrect.">>});
_Else ->
- OldPasswordHash = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, OldPassword1/binary>>)),
+ OldPasswordHash = hash_password(OldPassword1, UserSalt),
?LOG_DEBUG("~p == ~p", [CurrentPasswordHash, OldPasswordHash]),
Hash1 = case CurrentPasswordHash of
ExpectedHash when ExpectedHash == OldPasswordHash ->
- H = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+ H = hash_password(Password, UserSalt),
H;
_ ->
throw({forbidden, <<"Old password is incorrect.">>})