You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2016/04/25 12:15:30 UTC

chttpd commit: updated refs/heads/fix-users-doc-in-conflict to 4eb9e1e [Forced Update!]

Repository: couchdb-chttpd
Updated Branches:
  refs/heads/fix-users-doc-in-conflict 562e2b670 -> 4eb9e1ed7 (forced update)


restore 1.x behaviour: user docs in conflict cannot login

Adds config option chttpd_auth/allow_conflicted_user_docs to toggle
this behaviour. The default is to not allow conflicted user docs to
log in successfully.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/4eb9e1ed
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/4eb9e1ed
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/4eb9e1ed

Branch: refs/heads/fix-users-doc-in-conflict
Commit: 4eb9e1ed7fe6aa948569b82c5788f4aa8b8ca106
Parents: 1ca8642
Author: Jan Lehnardt <ja...@apache.org>
Authored: Sun Apr 24 01:28:32 2016 +0200
Committer: Jan Lehnardt <ja...@apache.org>
Committed: Mon Apr 25 12:14:19 2016 +0200

----------------------------------------------------------------------
 src/chttpd_auth_cache.erl | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/4eb9e1ed/src/chttpd_auth_cache.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_auth_cache.erl b/src/chttpd_auth_cache.erl
index 8a64ae7..d20fa76 100644
--- a/src/chttpd_auth_cache.erl
+++ b/src/chttpd_auth_cache.erl
@@ -48,10 +48,7 @@ get_user_creds(_Req, UserName) when is_binary(UserName) ->
 	        couch_util:get_value(<<"roles">>, UserProps))
         end
     end,
-    case Resp of
-        nil -> nil;
-        _ -> {ok, Resp, nil}
-    end.
+    maybe_validate_user_creds(Resp).
 
 update_user_creds(_Req, UserDoc, _Ctx) ->
     {_, Ref} = spawn_monitor(fun() ->
@@ -163,7 +160,7 @@ changes_callback({error, _}, EndSeq) ->
     exit({seq, EndSeq}).
 
 load_user_from_db(UserName) ->
-    try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body]) of
+    try fabric:open_doc(dbname(), docid(UserName), [?ADMIN_CTX, ejson_body, conflicts]) of
 	{ok, Doc} ->
 	    {Props} = couch_doc:to_json_obj(Doc, []),
 	    Props;
@@ -209,3 +206,28 @@ update_doc_ignoring_conflict(DbName, Doc, Options) ->
         throw:conflict ->
             ok
     end.
+
+maybe_validate_user_creds(nil) ->
+    nil;
+maybe_validate_user_creds(UserCreds) ->
+    AllowConflictedUserDocs = config:get("chttpd_auth", "allow_conflicted_user_docs", "false"),
+    maybe_validate_user_creds(UserCreds, AllowConflictedUserDocs).
+
+maybe_validate_user_creds(UserCreds, "false") ->
+    UserCreds;
+maybe_validate_user_creds(UserCreds, "true") ->
+    validate_user_creds(UserCreds).
+
+validate_user_creds(nil) ->
+    nil;
+validate_user_creds(UserCreds) ->
+    case couch_util:get_value(<<"_conflicts">>, UserCreds) of
+    undefined ->
+        ok;
+    _ConflictList ->
+        throw({unauthorized,
+            <<"User document conflicts must be resolved before the document",
+              " is used for authentication purposes.">>
+        })
+    end,
+    {ok, UserCreds, nil}.