You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by to...@apache.org on 2018/06/19 07:13:12 UTC

[couchdb] branch retain_user_ctx_after_auth updated (1068fe0 -> 18fb58b)

This is an automated email from the ASF dual-hosted git repository.

tonysun83 pushed a change to branch retain_user_ctx_after_auth
in repository https://gitbox.apache.org/repos/asf/couchdb.git.


    omit 1068fe0  Merge branch 'master' into retain_user_ctx_after_auth
    omit 475f1d6  Merge branch 'master' into retain_user_ctx_after_auth
    omit 5d3ea58  add eunit test
    omit 67d5d7a  refactor process_request to not drop req
     new 18fb58b  refactor process_request to not drop req

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (1068fe0)
            \
             N -- N -- N   refs/heads/retain_user_ctx_after_auth (18fb58b)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:

[couchdb] 01/01: refactor process_request to not drop req

Posted by to...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

tonysun83 pushed a commit to branch retain_user_ctx_after_auth
in repository https://gitbox.apache.org/repos/asf/couchdb.git

commit 18fb58b453dfe909fe0dde81c251377394b72bd4
Author: Tony Sun <to...@gmail.com>
AuthorDate: Tue Jun 5 22:57:03 2018 -0700

    refactor process_request to not drop req
    
    Previously, when we fail authorization but pass authentication, we use
    the old HttpReq which drops user_ctx. This change leaves user_ctx.
---
 src/chttpd/src/chttpd.erl | 51 ++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 46 insertions(+), 5 deletions(-)

diff --git a/src/chttpd/src/chttpd.erl b/src/chttpd/src/chttpd.erl
index 6be0d18..ae94ae6 100644
--- a/src/chttpd/src/chttpd.erl
+++ b/src/chttpd/src/chttpd.erl
@@ -288,11 +288,7 @@ process_request(#httpd{mochi_req = MochiReq} = HttpReq) ->
         not_preflight ->
             case chttpd_auth:authenticate(HttpReq, fun authenticate_request/1) of
             #httpd{} = Req ->
-                HandlerFun = chttpd_handlers:url_handler(
-                    HandlerKey, fun chttpd_db:handle_request/1),
-                AuthorizedReq = chttpd_auth:authorize(possibly_hack(Req),
-                    fun chttpd_auth_request:authorize_request/1),
-                {AuthorizedReq, HandlerFun(AuthorizedReq)};
+                handle_req_after_auth(HandlerKey, Req);
             Response ->
                 {HttpReq, Response}
             end;
@@ -303,6 +299,17 @@ process_request(#httpd{mochi_req = MochiReq} = HttpReq) ->
         {HttpReq, catch_error(HttpReq, Tag, Error)}
     end.
 
+handle_req_after_auth(HandlerKey, HttpReq) ->
+    try
+        HandlerFun = chttpd_handlers:url_handler(HandlerKey,
+            fun chttpd_db:handle_request/1),
+        AuthorizedReq = chttpd_auth:authorize(possibly_hack(HttpReq),
+            fun chttpd_auth_request:authorize_request/1),
+        {AuthorizedReq, HandlerFun(AuthorizedReq)}
+    catch Tag:Error ->
+        {HttpReq, catch_error(HttpReq, Tag, Error)}
+    end.
+
 catch_error(_HttpReq, throw, {http_head_abort, Resp}) ->
     {ok, Resp};
 catch_error(_HttpReq, throw, {http_abort, Resp, Reason}) ->
@@ -1238,4 +1245,38 @@ test_log_request(RawPath, UserCtx) ->
     ok = meck:unload(couch_log),
     Message.
 
+handle_req_after_auth_test() ->
+    Headers = mochiweb_headers:make([{"HOST", "127.0.0.1:15984"}]),
+    MochiReq = mochiweb_request:new(socket, [], 'PUT', "/newdb", version,
+        Headers),
+    UserCtx = #user_ctx{name = <<"retain_user">>},
+    Roles = [<<"_reader">>],
+    AuthorizedCtx = #user_ctx{name = <<"retain_user">>, roles = Roles},
+    Req = #httpd{
+        mochi_req = MochiReq,
+        begin_ts = {1458,588713,124003},
+        original_method = 'PUT',
+        peer = "127.0.0.1",
+        nonce = "nonce",
+        user_ctx = UserCtx
+    },
+    AuthorizedReq = Req#httpd{user_ctx = AuthorizedCtx},
+    ok = meck:new(chttpd_handlers, [passthrough]),
+    ok = meck:new(chttpd_auth, [passthrough]),
+    ok = meck:expect(chttpd_handlers, url_handler, fun(_Key, _Fun) ->
+         fun(_Req) -> handled_authorized_req end
+    end),
+    ok = meck:expect(chttpd_auth, authorize, fun(_Req, _Fun) ->
+        AuthorizedReq
+    end),
+    ?assertEqual({AuthorizedReq, handled_authorized_req},
+        handle_req_after_auth(foo_key, Req)),
+    ok = meck:expect(chttpd_auth, authorize, fun(_Req, _Fun) ->
+        meck:exception(throw, {http_abort, resp, some_reason})
+    end),
+    ?assertEqual({Req, {aborted, resp, some_reason}},
+        handle_req_after_auth(foo_key, Req)),
+    ok = meck:unload(chttpd_handlers),
+    ok = meck:unload(chttpd_auth).
+
 -endif.