You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2020/01/07 11:57:20 UTC
[couchdb] branch 823-bypass-authn-_up updated (6b32bd5 -> 61ff520)
This is an automated email from the ASF dual-hosted git repository.
jan pushed a change to branch 823-bypass-authn-_up
in repository https://gitbox.apache.org/repos/asf/couchdb.git.
omit 6b32bd5 Bypass authentication check for /_up
new 61ff520 Bypass authentication check for /_up
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (6b32bd5)
\
N -- N -- N refs/heads/823-bypass-authn-_up (61ff520)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
rel/overlay/etc/default.ini | 1 +
src/couch/src/couch_httpd_auth.erl | 7 +++++--
2 files changed, 6 insertions(+), 2 deletions(-)
[couchdb] 01/01: Bypass authentication check for /_up
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch 823-bypass-authn-_up
in repository https://gitbox.apache.org/repos/asf/couchdb.git
commit 61ff5207edcd886ff10b419e8c4bc30fb1f6f789
Author: Joan Touzet <jo...@atypical.net>
AuthorDate: Sun Oct 1 17:53:56 2017 -0400
Bypass authentication check for /_up
Add config variable chttpd.require_valid_user_except_for_up defaulting
to false.
This will allow various automated health check systems to hit /_up
without having to provide a username/password pair when the
chttpd.require_valid_user config setting is true. Apparently, many
of these health check providers do not even allow supplying creds
for such a purpose...
Closes #823
---
.gitignore | 1 +
rel/overlay/etc/default.ini | 1 +
src/couch/src/couch_httpd_auth.erl | 5 +++++
3 files changed, 7 insertions(+)
diff --git a/.gitignore b/.gitignore
index 3e22192..0188b6c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
*.pyc
*.snap
*.so
+*.swp
.DS_Store
.rebar/
.eunit/
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 1228535..b37e995 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -66,6 +66,7 @@ backlog = 512
docroot = {{fauxton_root}}
socket_options = [{recbuf, 262144}, {sndbuf, 262144}, {nodelay, true}]
require_valid_user = false
+; require_valid_user_except_for_up = false
; List of headers that will be kept when the header Prefer: return=minimal is included in a request.
; If Server header is left out, Mochiweb will add its own one in.
prefer_minimal = Cache-Control, Content-Length, Content-Range, Content-Type, ETag, Server, Transfer-Encoding, Vary
diff --git a/src/couch/src/couch_httpd_auth.erl b/src/couch/src/couch_httpd_auth.erl
index 6ac7b75..833bcdb 100644
--- a/src/couch/src/couch_httpd_auth.erl
+++ b/src/couch/src/couch_httpd_auth.erl
@@ -85,6 +85,11 @@ basic_name_pw(Req) ->
default_authentication_handler(Req) ->
default_authentication_handler(Req, couch_auth_cache).
+default_authentication_handler(#httpd{path_parts=[<<"_up">>]}=Req, AuthModule) ->
+ case config:get_boolean("chttpd", "require_valid_user_except_for_up", false) of
+ true -> Req#httpd{user_ctx=?ADMIN_USER};
+ _False -> default_authentication_handler(Req, AuthModule)
+ end;
default_authentication_handler(Req, AuthModule) ->
case basic_name_pw(Req) of
{User, Pass} ->